Rants

The Abuse@ Email Address

Possibly the Most Important Part of Setting Up a Mail Server

January 7, 2007

Just about everyone acknowledges the problem of spam. The notable exception being spammers, who think that spamming is great. a notion that is reinforced by the people who fall prey to their scams and purchase their snake oil or buy into their scheme.

The Abuse@ Address Is Required

The abuse@ address is required by RFC 2142 (this annotated copy of the RFC is provided courtesy of rfc-ignorant.org). The purpose of the abuse@ address is to receive complaints about inappropriate behavior on that network or in that IP range.

Messages to the Abuse@ Address Are Often Blocked

Unfortunately, many mail servers are configured with antivirus, anti-spyware, and anti-spam software that blocks certain kinds of messages to all addresses to those servers. This filtering appears to be a violation of the RFC.

Blocking Messages to Abuse@ Is a Problem

The problem with this filter of the abuse@ address is that this will prevent many complaints from getting through to the system administrators. This results in the system administrators and network administrators either deliberately or inadvertently, supporting the spammers and phishers on their networks.

Blocking Complaints Promotes Spam and Phishing

How does this support the spammers and phishers? Very clearly, actually. If spam comes from a network, or if spam that 'spamvertizes' a domain hosted on that network results in a complaint to that network's administrators, the spam filter may see the complaint itself as spam and block it. This results in the administrator not seeing the complaint. If the administrator has no information on abusive behavior taking place on his or her network, the administrator will not investigate the case and will not take action against the abuser. This encourages the abuser to commit the act of abuse again, or to expand the abuses he or she is committing. In addition, this allows the network administrators to live under the delusion that their network is clean and safe, meanwhile developing a bad reputation for themselves and their network.

Filtering Email to the Abuse@ Address Is Bad

Not only does filtering complaints to the abuse@ address support spammers and tarnish the reputation of the network thus filtered, it would also appear to violate the RFC, because when this mailbox is filtered, it is no longer "valid and supported" from the viewpoint of the end user trying to communicate with the organization.

Can Network Administrators Protect System Addresses from Spam?

This, however, does not require that network and system administrators open their standard or system-level mailboxes to all incoming messages. Basic protection methods, such as greylisting should not interfere with the delivery of legitimate complaints about spam or phishing (or other forms of network abuse), but should protect these mailboxes from the majority of spam. This is because techniques like greylisting do not interfere with the delivery of email by legitimate servers.