-
Notifications
You must be signed in to change notification settings - Fork 19
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
You mention email, do you suggest 1 email per incident #25
Comments
As stated in our README, if you want to use email/smtp to transport xarf, then the email looks like described in this section: https://github.com/abusix/xarf#xarf-via-smtp Currently you'll need to send one email per xarf report. I gave some of the reasons for the decision in the other issue #23 Still, we are open to any discussion regarding requirements for abuse reporting and want to make sure that organizations can start using xarf for reporting abuse whereever it makes sense. |
I'm not sure whether to ask my question here or in a newly created issue. I'm just going to ask it here, as it is also about e-mail. My question: Does requiring a Content-Type header of "multipart/report; report-type=feedback-report" mean that XARF reports cannot be generated using a standard end-user e-mail client (e.g. Gmail)? |
I guess so, for now most users of xarf report automatically and not via an email client, but it's actually a pretty good point. The reason for the header is that people who are receiving tons of abuse reports in different formats need a quick way of finding out whether something contains an xarf report or not. In the best case this is possible without looking into the attachment itself. Side note: At abusix we also have plans to provide user friendly reporting tools that take care of generating xarf and sending it to the responsible abuse contact automatically. |
Do I have an idea... Well, off the top of my head, instead of requiring custom headers, you could require that the subject line starts with a signal word like "[XARF-REPORT] "... Thanks for your quick response, and I am looking forward to seeing your new ideas for making abuse reports easier (and not just for SSH, but for e.g. web server probing as well). |
I'm using fail2ban with an elevated (I say that to pretend to be responsible) fail threshold, with the builtin (Now |
Hi,
The items are per incident, how would one send the email?
You have samples?
The text was updated successfully, but these errors were encountered: