Each month, Deutsche Telekom's abuse team receives more than two million indications of suspected abuse of Internet services.
Relevant abuse is occurring, for example, when a customer's malware-infected computer is attacking other computers, or sending spam, via a Deutsche Telekom Internet access.
The abuse team's methods
The most important sources of tips regarding abuse include security organizations, Internet service providers and Deutsche Telekom's own "honeypots." The abuse team checks tips for relevance, identifies affected customers and then sends them a guide, via both e-mail and regular mail, that explains how to remove the malware from their computers. When a customer's computer continues to launch attacks, in spite of such measures, the abuse teams takes additional steps. For example, it might temporarily block certain services, such as e-mail, in order to protect other users.
Responding within seven days
In each case, the abuse team has a seven-day period in which to follow up on external indications and identify affected customers. At the end of the seven days, pertinent stored IP addresses are deleted. This practice conforms to the German Telecommunications Act, and it has been upheld – most recently, on July 3, 2014 – by the Bundesgerichtshof (Germany's Federal Court of Justice) in Karlsruhe.