The Definition of Network Abuse (Part 1 of 2) cover


The Definition of Network Abuse (Part 1 of 2)

The definition of network abuse has become a hot subject again lately. People are wondering why there's no clear definition of what network abuse actually is. At first glance, it seems easy enough to list out abusive behaviors and say that this defines abuse. But the real issue shows that it's not that simple.

Most of us could agree on the big issues that network abuse covers, like child exploitation material, spam, phishing, and DDoS attacks. But when it comes to other stuff, like breaking copyright rules or port scans, not everyone is on the same page.

Challenges of Creating a Global Definition of Network Abuse

Laws are different all over the world, and the internet is global. Making a list that defines all types of abuse is tough. Some bad activities, like child exploitation or making fake money, are considered illegal everywhere. But other things might be illegal in one country and not in another.

For example, copyright infringement is illegal in some countries but not in others. In some cases, spam is illegal, while in other countries, there are no or feeble laws against it. This makes it challenging to even come up with a rough consensus on a global scale of what constitutes network abuse.

Since the internet is designed to be self-regulating, maybe we should shift our focus. Instead of trying to define network abuse through a set list that everyone agrees on, we could look at how to make the reporting of abuse more effective. This approach keeps the internet self-managed and helps us steer clear of too much control by official organizations, something we've seen cause issues in the past.

The definition of network abuse

How Perceptions of Network Abuse Vary

As an Internet Service Provider or Hosting Provider, you have a legal obligation to take reports of illegal activities seriously and act upon them accordingly. There is no discussion around that, although some companies try to avoid even that work regularly.

But how are we looking at network abuse?

Let me give you an example: For a small hosting provider with a few thousand customers, a DDoS attack can be a catastrophic event and might even jeopardize the company's survival. However, the same attack directed toward companies like Cloudflare or Amazon might not even lead to an alarm and might not even be visible in their traffic graphs. This means the small Hosting Provider obviously has a very different definition of network abuse than the SOC (Security Operation Center) or NOC (Network Operations Center) of Cloudflare or Amazon.

This vast difference in perspective (legal and technical) will never allow for a commonly agreed-upon definition. Therefore, we have to go back to the idea of listening to each other and agree that the small Hosting Provider has absolutely the right to send an abuse notification to the network owners of the attack's origins. At the same time, the Cloudflares and Amazons of the world in the same situation would simply go for lunch.

The definition of Network Abuse is first and foremost defined by the abused!

The Role of Abuse Notifications in Network Regulation

Now, let's look into the receiver side of the abuse notification and its role in all of this. We already agreed that in case of criminality, the receiver has a legal obligation to act upon the report, especially if the report comes from an official entity. In the case of "simple" abuse notifications, it's a bit different.

It's important to remember that if you're a hosting provider who decides not to act on specific reports of abuse, you have to live with the consequences in the network world. Your outbound traffic is somebody else's inbound traffic, and vice versa. If you don't want to play by someone else's rules, you may be unable to access their network.


In conclusion, while it may be difficult to define precisely what constitutes network abuse, it's essential to take reports of illegal activity seriously and act upon them accordingly. The definition of abuse can vary depending on the perspective and priorities of those involved. It's up to individuals and organizations to make the decision about what is abusive and report it accordingly.

Read More


In a few decades, how we live, work, play, and learn has all changed. Without a network that allows data...


When looking at your mail server configuration or blocklist tools like...


Email can be the lifeline of a business – a way to communicate with your customers and advertise your products...