Blog

New best practices for reporting badware URLs

Posted on October 7, 2011 - 10:25 by ccondon

We’re happy to announce today the public release of our second best practices document: Best Practices for Reporting Badware URLs. These best practices lay out steps that individuals and organizations can follow to effectively report badware URLs to the parties best able to address them. 

The seeds for our new set of best practices were sown during the development of our Best Practices for Web Hosting Providers earlier this year. A common question during our Web Hosting Working Group’s tenure was, “What about best practices for reporting?” The reasoning behind the question was simple: after spending several months determining the most responsible and effective ways for web hosting providers to respond to badware reports, it seemed eminently sensible to develop a complementary set of best practices for reporters so as to shape a clear path all the way from badware detection to resolution. 

After a summer full of discussion with another brilliant and distinguished cross-industry working group, we have a new set of Practices that we feel we can confidently say are “best” when it comes to reporting badware URLs. Our best practices divide the reporting process into four main stages: determining report targets, identifying contact information, assembling contents, and delivering the report. Best practices are laid out for each stage, along with specific steps for report escalation should initial reports fail to receive a satisfactory response. It’s our intention and our hope that the final document will promote reporting in a way that’s useful to hosting providers and other report recipients while offering reporters both clear instruction and flexibility.

Last month, we wrote that “a full 67% of the URLs we reported [in accordance with the reporting best practices] were cleaned up, many within a short time.” Happily, that statistic is holding steady as our sample size (and our reporting experience) increases; moreover, when the report recipient acknowledged receipt of the report, the badware URL cleanup rate jumped to 75%. Our Best Practices for Reporting Badware URLs take a different approach than the Best Practices for Web Hosting Providers, but the goal, of course, is the same: to get badware URLs noticed, acknowledged, and either cleaned up or taken down—quickly and responsibly.

You can download a copy of StopBadware’s Best Practices for Reporting Badware URLs here. Today’s press release is available here.

1 response to

New best practices for reporting badware URLs

Jim Walker says:

I love the new diagram!
Quality work as usual.

Enjoy!
Jim Walker
The Hack Repair Guy

Add new comment

Filtered HTML

  • Web page addresses and e-mail addresses turn into links automatically.
  • Allowed HTML tags: <a> <em> <strong> <cite> <blockquote> <code> <ul> <ol> <li> <dl> <dt> <dd>
  • Lines and paragraphs break automatically.

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.