I can answer that question well, and I can also leverage common outside perspective on the issue. We take abuse reports very seriously, and we have humans reviewing every single one of them. We take a heavy hand to intentional abuse, and a firm but forgiving hand to unintentional abuse (compromised servers from legitimate customers performing outbound attacks, for example).
With that said, many people do feel that we do not take abuse reports seriously, and I want to get ahead of that by outlining some of the reasons:
- They do not often hear back from us on the action that was taken.
- From their perception, the abuse continues without apparent effort to stop it.
- We do not take down servers on request, only if we deem it necessary.
The reasons for these are not easily seen from the outside. Customer privacy, for example, would prevent us from sharing our communications with the customer about what they’ve done to prevent outbound abuse from a server that was not intentionally created to do that (but had been compromised due to vulnerable software). Shutting down abuse can also be a complex task, often involving more than one account or user, and sometimes we need multiple reports to identify the common variables of a trend. Finally, we do look out for our customers and try to give them the benefit of the doubt when we are able to do so, which means that we will not let an abuse complaint be used as an avenue for shutting down a customer simply because someone wanted them to be shut down. We review each case and make a decision based on it’s individual context.
I hope that helps to explain our take on abuse complaints. Please do send them in here: