AI companies spamming abuse email addresses


I work for a cloud infrastructure provider, and host sites for friends and non-profits. I investigate each and every report sent to our abuse lines; not just out of professional duty, but because I don’t want our IP ranges or hostnames to be listed in spam databases.

A spate of new AI security companies are making this more difficult. I receive dozens of emails a week claiming to have found fraudulent material, such as phishing sites. I spend time checking each one, and they’re always benign.

That’s a false-positive rate of 100%!

Here are some other things that happen 100% of the time:

  • I mention something pointless on a blog post
  • I take a breath at least once a day

These range from trivial or critical. I’d consider the behaviour of these services somewhere in the realm of counterproductive. Worse than being additional, annoying work I didn’t ask for, notification fatigue reduces the effectiveness of other alerts that we do need to pay attention to. They’re a net negative to security.

Now I know what you’re thinking: Ruben, I don’t receive these notices, or Ruben, I get them sometimes, and they’re legitimate. That’s great, I hope it continues being so for you! Because they’ve been nothing but a monumental waste of my time.

This is another example of how AI companies externalise their costs. If you didn’t take economics at uni, these sites explain the concept:

International Monetary Fund

For now, I have to live with it. I’m not going to put a blanket ban on security notices coming from domains ending in ai, because that would still be irresponsible. But they’ll have to start proving their worth pretty soon.

Author bio and support


Ruben Schade is a technical writer and infrastructure architect in Sydney, Australia who refers to himself in the third person. Hi!

The site is powered by Hugo, FreeBSD, and OpenZFS on OrionVM, everyone’s favourite bespoke cloud infrastructure provider.

If you found this post helpful or entertaining, you can shout me a coffee or send a comment. Thanks ☺️.