Tips from the Abuse Department: Part 1 - Reporting Abuse

June 18, 2012

SoftLayer has a dedicated team working around the clock to address complaints of abuse on our network. We receive these complaints via feedback loops from other providers, spam blacklisting services such as Spamcop and Spamhaus, various industry contacts and mailing lists. Some of the most valuable complaints we receive are from our users, though. We appreciate people taking the time to let us know about problems on our network, and we find these complaints particularly valuable as they are non-automated and direct from the source.

It stands to reason that the more efficient people are at reporting abuse, the more efficient we can be at shutting down the activity, so I've compiled some tips and resources to make this process easier. Enjoy!

Review our Legal Page

Not only does this page contain our contact details, there's a wealth of information on our policies including what we consider abuse and how we handle reported issues. For starters, you may want to review our AUP (Acceptable Use Policy) to get a feel for our stance on abuse and how we mitigate it.

Follow Proper Guidelines

In addition to our own policies, there are legal aspects we must consider. For example, a claim of copyright infringement must be submitted in the form of a properly formatted DMCA, pursuant to the Digital Millennium Copyright Act. Our legal page contains crucial information on what is required to make a copyright claim, as well as information on how to submit a subpoena or court order. We take abuse very seriously, but we must adhere to the law as well as our privacy policy in order to protect our customers' businesses and our company from liability.

Include Evidence

Evidence can take the form of any number of things. A few common examples:

  • A copy of the alleged spam message with full headers intact.
  • A snippet from your log file showing malicious activity.
  • The full URL of a phishing page.

Without evidence that clearly ties abusive activity to a server on our network, we are unable to relay a complaint to our customer. Keep in mind that the complaint must be in a format that allows us to verify it and pass it along, which typically means an email or hard copy. While our website does have contact numbers and addresses, email is your best bet for most types of complaints.

Use Keywords

We use a mail client specifically developed for abuse desks, and it is configured with a host of rules used for filtering and prioritization. Descriptive subject lines with keywords indicating the issue type are very useful. Including the words "Spam," "Phishing" or "Copyright" in your subject line helps make sure your email is sent to the correct queue and, if applicable, receives expedited processing. Including the domain name and IP address in the body of the email is also helpful.

Follow Up

We work hard to investigate and resolve all complaints received however, due to volume, we typically do not respond to complaining parties. That said, we often rely on user complaints to determine if an issue has resumed or is ongoing so feel free to send a new complaint if activity persists.

Be Respectful

The only portion of your complaint we are likely to relay to our customer is the evidence itself along with any useful notes, which means that paragraph of profanity is read only by hardworking SoftLayer employees. We understand the frustration of being on the receiving end of spam or a DDOS, but please be professional and try to understand our position. We are on your side!

Hopefully you've found some of this information useful. When in doubt, submit your complaint to abuse@softlayer.com and we can offer further guidance. Stay tuned for Part 2, where I'll offer suggestions for SoftLayer customers about how to facilitate better communication with our Abuse department to avoid service interruption if an abuse complaint is filed against you.

-Jennifer

Comments

June 18th, 2012 at 2:21pm

Good day, Jennifer:

Thank you for sharing.

I strongly agree with the respect phrase.

On any given day - per http://www.dynamicnet.net/2011/08/security-snitching/ - we submit 200 to 300 abuse reports to various ISP and data center providers.

The type ranges from brute force (i.e. SSH, FTP, email) to URL injection (i.e. SQL, RFI, etc.).

On a strict percentage basis, it is less common for me to send any reports to abuse@softlayer.com

Do you have suggestions for how to best format those types of abuse reports along with what keyword(s) to use, and what information to include?

Should you have any recent ones I sent, feel free to use that as example except I would ask you change any target domains or servers or target IP's to protect the privacy of our clients should you share such information in an article outside of SoftLayer.

Thank you.

June 18th, 2012 at 3:44pm

We don't require a specific format for most types of complaints, but putting the issue-type as a "keyword" in the subject line (for example Phishing, Brute Force Attempts, whatever the issue may be) helps with filtering and prioritizing. For the body of the email, please include the offending domain and/or IP address, any evidence you have available and (if applicable) a brief description of the issue. Typically you can expect for us to contact you if we need any further information. Thanks!

April 12th, 2013 at 7:02pm

I am being harrased by this false information on website
Am not on nys sexofenders register why am i on website.
This is not legal. please remove and let me know when.

April 15th, 2013 at 11:21am

Hello Manuel, As you see in this blog post, the abuse team handles legal issues in a very specific way. Please report any activity you feel violates our Acceptable Use Policy to the abuse team via email: abuse@softlayer.com. They'll be able to investigate and take action accordingly.

April 15th, 2013 at 12:11pm

I have emailed my same complaint and still on website when is your legal team going to take action?

Leave a Reply

Filtered HTML

  • Web page addresses and e-mail addresses turn into links automatically.
  • You can enable syntax highlighting of source code with the following tags: <pre>, <blockcode>, <bash>, <c>, <cpp>, <drupal5>, <drupal6>, <java>, <javascript>, <php>, <python>, <ruby>. The supported tag styles are: <foo>, [foo].
  • Allowed HTML tags: <a> <em> <strong> <cite> <blockquote> <code> <ul> <ol> <li> <dl> <dt> <dd>
  • Lines and paragraphs break automatically.

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.

Comments

June 18th, 2012 at 2:21pm

Good day, Jennifer:

Thank you for sharing.

I strongly agree with the respect phrase.

On any given day - per http://www.dynamicnet.net/2011/08/security-snitching/ - we submit 200 to 300 abuse reports to various ISP and data center providers.

The type ranges from brute force (i.e. SSH, FTP, email) to URL injection (i.e. SQL, RFI, etc.).

On a strict percentage basis, it is less common for me to send any reports to abuse@softlayer.com

Do you have suggestions for how to best format those types of abuse reports along with what keyword(s) to use, and what information to include?

Should you have any recent ones I sent, feel free to use that as example except I would ask you change any target domains or servers or target IP's to protect the privacy of our clients should you share such information in an article outside of SoftLayer.

Thank you.

June 18th, 2012 at 3:44pm

We don't require a specific format for most types of complaints, but putting the issue-type as a "keyword" in the subject line (for example Phishing, Brute Force Attempts, whatever the issue may be) helps with filtering and prioritizing. For the body of the email, please include the offending domain and/or IP address, any evidence you have available and (if applicable) a brief description of the issue. Typically you can expect for us to contact you if we need any further information. Thanks!

April 12th, 2013 at 7:02pm

I am being harrased by this false information on website
Am not on nys sexofenders register why am i on website.
This is not legal. please remove and let me know when.

April 15th, 2013 at 11:21am

Hello Manuel, As you see in this blog post, the abuse team handles legal issues in a very specific way. Please report any activity you feel violates our Acceptable Use Policy to the abuse team via email: abuse@softlayer.com. They'll be able to investigate and take action accordingly.

April 15th, 2013 at 12:11pm

I have emailed my same complaint and still on website when is your legal team going to take action?

Leave a Reply

Filtered HTML

  • Web page addresses and e-mail addresses turn into links automatically.
  • You can enable syntax highlighting of source code with the following tags: <pre>, <blockcode>, <bash>, <c>, <cpp>, <drupal5>, <drupal6>, <java>, <javascript>, <php>, <python>, <ruby>. The supported tag styles are: <foo>, [foo].
  • Allowed HTML tags: <a> <em> <strong> <cite> <blockquote> <code> <ul> <ol> <li> <dl> <dt> <dd>
  • Lines and paragraphs break automatically.

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.