Norman,

Thanks for your email. Policies can be proposed by anyone and they are considered on merit, not on the occupation of the proposer.


However such a policy must actually be written and put to the working group. If you are not able to do this, who is? The WG Chairs and the RIPE NCC are able to help with the drafting of a policy.

However I must warn you that historically such policies have not been met with great acceptance by the community. Things are always changing, of course, so who knows?

Thanks,

Brian
Co-Chair, RIPE Anti-Abuse WG

Brian Nisbet, Network Operations Manager
HEAnet Limited, Ireland's Education and Research Network
1st Floor, 5 George's Dock, IFSC, Dublin 1
Registered in Ireland, no 275301  tel: +35316609040
web: http://www.heanet.ie/

Norman Diamond wrote on 18/09/2016 01:42:
Several ISPs put useless abuse contact addresses in their RIPE registrations.

I am told that RIPE only requires an ISP to register an address for the 
supposed purpose of reporting abuse, but RIPE doesn't require the ISP to 
actually accept abuse reports at the registered address.  Therefore a change in 
policy is required.

Some examples are that an abuse address inspects a report for indications of 
spam.  If a spamming ISP observes that a victim's report includes a quotation 
of the ISP's spam, containing headers and contents to prove that the spam is 
spam and which IP address sent the spam, then the ISP bounces the victim's 
report back to the victim, because the ISP's spam really was spam and it's 
included in the victim's report.

Some examples are that an abuse address inspects the mail server of the 
victim's ISP.  If a spamming ISP observes that their victim is a customer of a 
different ISP which formerly used to be an equally bad spamming ISP, then the 
ISP bounces the victim's report back to the victim.  The spamming ISP might 
reject the report even before seeing the contents of the report, terminating 
the mail connection early.  Or it might wait and bounce later.

An improved RIPE policy would require an ISP to register an address where the 
ISP will actually accept reports of the ISP's spam.

(Now, I am just an ordinary customer of an ISP, coincidentally one which 
formerly used to send a lot of spam, and I used to be more vicious in reporting 
my ISP's spam to its administrators than in reporting to most other ISPs.  In 
fact Yahoo US and Yahoo Japan often block each other because they know that 
they're both famous for spamming.  However, it seems they've cleaned up to the 
extent where they accept reports from each other's customers.  Anyway, I am 
just an ordinary customer, not an administrator, and this is not my job, so I 
intend to unsubscribe from this list in a few days.  Please kindly consider the 
foregoing suggestion on its own merits not on the suggester's occupation.)

Yours sincerely,
Norman Diamond



Reply via email to