Develop an Acceptable Use Policy (AUP) Top Offenders List cover


Develop an Acceptable Use Policy (AUP) Top Offenders List

Companies depend on having a clean brand & IP network reputation to get new customers and retain legacy customers. An acceptable use policy is crucial to this. As these customers grow and become more successful doing what they do, your company also grows. It’s a win/win!

On the flip side, when customers can freely operate outside of the acceptable use policy, your company’s IP network, and brand reputation feel the impact in many ways such as:

  • Inability to offer a consistent level of services to existing customers
  • Churn rates start to rise
  • Prospective customers are not interested in giving you their business
  • Support/Account Rep employees start to feel demotivated
  • You get listed in security industry published bad list
  • You get listed on block/black list
  • You get mentioned negatively in security blogs or social media posts
  • You get called out in front of your peers and potential customers at conferences

One of the key ways to avoid many “if not all” of the above is to keep track of who’s doing the most bad on your network in a “Top Offenders” list.

How Do I Create an Acceptable Use Policy (AUP) Top Offenders List?

To create a meaningful list of acceptable use policy offenders, you will need to define your objectives and also a way of scoring those incidents.


  • Identify key aspects that lead to a customer landing on the “Top Offenders” list, including currently collected metrics.
  • Using those aspects, derive a formula that can be applied across your customer base (Risk Score)
  • Collect and apply the formula across the customer base to populate the “Top Offenders” list
  • Examine each customer on a case-by-case basis, and determine the best approach to remediation and removal from the list

Incident Score

Individual issues are given specific weight, depending on the severity of the issue like in the example below.

acceptable use policy offenders list severity scoring

You can then use this example, along with other scores you’ve defined based on your objectives, to create a formula that will shine a light on the most active ticket contributors in regard to abuse reports and abuse ticket creation.

Keep in mind that there are many factors that will need your consideration when creating your formula(s). For example, the number of IP’s customers are assigned usually are not the same, and depending on the size of the customer and their business type “reseller for example” there may be sub-levels or sub-tiers of users that you may need to consider.

At the end of the day, having these statistics and using the data in a way that improves your business also improves your customers’ business and success!

Read More


A clean public network is essential for ISPs and hosting companies to protect their services from threats and maintain a...


AbuseHQ displays numbers, dates, and times, which all have different display formats in different regions. AbuseHQ Localization settings allow you...


Who should use an email blocklist? Generally, anyone who runs an...