Automated Abuse Reports

[Matt Corallo <nanog () as397444 net>]

How do people view the automated generation of abuse reports? I’ve seen lots of (understandable) moaning about large 
providers not handling abuse reports, and lots of (understandable) suggestions that ARIN test for the reachability of 
abuse contacts.

On the flip side, I run a Tor exit node (as well as bridge nodes, which appear to be used exclusively by Chinese, 
Russian, and Iranian IPs, indicating Tor is, contrary to popular belief, used in large part for its intended purpose). 
Because people seem to include “you tried three to log in three times and got the password wrong” in their definition 
of abuse, I’ve had to provide bogus abuse contacts (and include actual abuse comments in the comments section). I’ve 
tried reaching out to other operators suggesting that they cut it out, as they are the reason many operators do not 
provide functional abuse contacts, usually with a response of “so stop attacking my serverz!!!1one”.

Is it time to have ARIN add a “abuse contact available only after captcha” option?

Matt