abuse.rfc-ignorant.org zone based on
the following criteria:
RFC2142 is the first RFC to formally codify the longstanding <abuse@domain.tld> concept which had long existed mainly as a rule of thumb.
It says, in part:
Most organizations do not need to support the full set of mailbox names defined here, since not every organization will implement the all of the associated services. However, if a given service is offerred, then the associated mailbox name(es) must be supported, resulting in delivery to a recipient appropriate for the referenced service or role.
Section 4 of RFC2142 specifies the purpose of the abuse (and other) local-parts:
Operations addresses are intended to provide recourse for customers, providers and others who are experiencing difficulties with the organization's Internet service.
It is, therefore, a widely-held misconception that <abuse@domain> only needs to work for Internet Service Providers. Instead, it should work for any "organization" for which e-mail (or other abusable Internet) service exists, whether that service is provided to one user or one million.
It is also widely believed, but again inaccurately so, that the <abuse@domain> requirement is a suggestion and nothing more. Section 1 of RFC2142 explains very clearly that it is a must requirement:
However, if a given service is offerred, then the associated mailbox name(es) must be supported, resulting in delivery to a recipient appropriate for the referenced service or role.
Given that, the listing criterium is that any domain for which abuse@domain is rejected, times-out, or for any other reason cannot be delivered, that shall be considered grounds for listing, excepting as such that if the rejection is obviously based on some criteria which reject the sender. (Unlike the rules regarding "postmaster" (for which only something like an ongoing mailbomb is an exemption - see RFC2821), nothing requires the abuse address to accept from everyone, so if someone has blocked a particular host from sending mail to that server, that could conceivably include blocking mail destined for the abuse address. However, if this exemption is (no pun intended) abused (e.g., a site claiming that "abuse" has elected to receive mail from only two other places), that site will no longer be allowed to partake of that exemption.)
Also, based on the "resulting in delivery to a recipient appropriate for the referenced service or role." criterion in section 1, there is an added condition for listing, which is any domain which, upon receiving a report to abuse@domain, refers the user to another address or a web form, indicating that they MUST use that other method to report the complaint. Certainly sites are welcome to suggest "better/optimized" methods of communication, but they must acknowledge that the complaint will be acted upon, as submitted to the main abuse@domain address.
So, for example, BIGISP.COM could include an autoresponse that says:
Thanks for reporting abuse; in the future you might get faster service if you send the complaint to mail-abuse@bigisp.com for mail issues, im-abuse@bigisp.com for instant-messenger abuse, or chat-abuse@bigisp.com for chat-room abuse.They could not say:
Thank you for contacting bigisp.com. Please resend your complaint to one of the following addresses, based on the specific nature of the complaint.
In the case of "temporary failures", in which the MX returns a 4xx series response to e-mails under consideration, it shall be considered a "fatal error" if, after the default sendmail queue-return time (5 days), the recipient MX fails to accept the mail. In the case of a fatal error, the domain shall be considered to meet the listing criteria.
Also, if it is provable that the abuse address is being dropped in the
bit bucket automatically (e.g:
>>> EXPN abuse@somewhere.tld
<<< 250 2.1.5 </dev/null>
That would also be considered a violation of the RFC, and
cause for listing. Note that this must be clear-cut. Simply
being unresponsive is not (sufficient) evidence of the
messages being bitbucketed.
Domains are listed, as well as a wildcard under them, so that if mail is received from <foo@local.bigdomain.com>, it will match if <abuse@bigdomain.com> fails, as only the "root domain" abuse address is required to work, according to the RFC. As a rule of thumb, this would mean that the domain-level that would/should be listed in a domain-name WHOIS registry is the level that must be capable of handling abuse complaints.