Re: Constant Abuse Reports / Borderline Spamming from RiskIQ

[Suresh Ramasubramanian <ops.lists () gmail com>]

RiskIQ reports phish URLs for large brands

The life cycle of a typical phish campaign is in hours but I guess people can live with 24. If you handle the complaint 
only after two business days, that’s closing the barn door after the horse has bolted and crossed a state line.

--srs
________________________________
From: NANOG <nanog-bounces () nanog org> on behalf of Tom Beecher <beecher () beecher cc>
Sent: Tuesday, April 14, 2020 12:11:18 AM
To: Kushal R. <kushal.r () h4g co>
Cc: Nanog <nanog () nanog org>; Rich Kulawiec <rsk () gsp org>
Subject: Re: Constant Abuse Reports / Borderline Spamming from RiskIQ

I would agree that Twitter is not a primary place for abuse reporting.

If they are reporting things via your correct abuse channel and you are indeed handling them within 48 business hours, 
then I would also agree this much extra spray and pray is excessive. However RiskIQ is known to be pretty responsible, 
so if they are doing this they likely feel like they are NOT getting appropriate responses from you and are resorting 
to scorched earth. Have you attempted to reach out to them and make sure they have the proper direct channel for abuse 
reporting?

On Mon, Apr 13, 2020 at 1:45 PM Kushal R. <kushal.r () h4g co<mailto:kushal.r () h4g co>> wrote:
All abuse reports that we receive are dealt within 48 business hours. As far as that tweet is concerned, it’s pending 
for 16 days because they have been blocked from sending us any emails due to the sheer amount of emails they started 
sending and then our live support chats.

We send our abuse reports to, but we don’t spam them to every publicly available email address for an organisation, it 
isn’t difficult to lookup the Abuse POC for an IP or network and just because you do not get a response in 24 hours 
does not mean you forward the same report to 10 other email addresses. Similarly twitter isn’t a place to report abuse 
either.


On Apr 13, 2020 at 9:37 PM, <Rich Kulawiec<mailto:rsk () gsp org>> wrote:


       On Mon, Apr 13, 2020 at 07:55:37PM +0530, Kushal R. wrote:  >  We understand these reports and deal with them as 
per our policies and timelines but this constant spamming by them from various channels is not appreciated. Quoting 
from: https://twitter.com/RiskIQ_IRT/status/1249696689985740800 which is dated 9:15 AM 4/13/2020: 5 #phishing URLs on 
admin12.find-textbook[.]com were reported to @Host4Geeks (Walnut, CA) from as far back as 16 days ago, and they are all 
STILL active 16 days is unacceptable. If you can't do better than that -- MUCH better -- then shut down your entire 
operation today as it's unworthy of being any part of the Internet community. ---rsk