Ask HN: Website owners, how do you ensure abuse complaints are directed to you?
Some of these websites allow people to submit content, much like a plain old discussion forum. It's rare to have a day when no undesired users post spam, or even worse, links to malware, phishing sites, and the like. Such content is obviously against the rules of my websites and of the server companies and domain registrars I buy from. But automated filters only go so far, and I can't stand looking at everything that is posted 24 hours a day.
On the websites I always mention that, to report abuse, one should send a complaint to abuse@...the respective domain, as is common practice. Complaints rarely arrive in these inboxes... but in the last year alone, I already had to deal with getting one domain name almost taken away from me and one server momentarily suspended.
Apparently, complainers like to direct abuse complaints to the owners of the IP addresses (i.e. hosting companies) and to domain registrars, ignoring the abuse reporting tools I have set up. The latter then suspend the services in question right away, sometimes without checking that the complaint is still valid (in one case, the infringing content had already been deleted when the service was suspended!).
Maybe I'm missing out on some best practice for receiving abuse reports (searched and found nothing). I suppose that bigger sites avoid these issues by having more people monitoring for abuse, or better filters, and that simply by being better known their hosts give them a different treatment - otherwise, just about every big website with user-contributed content would be going down every three days because some security company caught a malware link before they did!
So, dear web service owners, how do you make sure abuse and ToS breaches are reported to you before they are passed "upstream"?
2 comments
[ 2.8 ms ] story [ 20.1 ms ] threadAllow for posts to be flagged and taken out of public view automatically via enough reports. Then you can let the moderators sweep up anything that gets reported. This may involve custom programming but is probably worth it.
Have a form on your website for general contact, abuse and DMCA.
Investigate linking in your content to an anti-spam system for filtration. What sort of filter do you use now?
Are you using captcha / other tools to prevent bots?
Anything you doing to offer a URL whitelist/blacklist?
Some URL shortening services (you can link up to your posts) may also offer malware checks, such as http://safe.mn/. Also, consider piping your links in posts through Google Safe Browsing API (https://developers.google.com/safe-browsing/).