Norman,
Thanks for your email. Policies can be proposed by anyone and they are
considered on merit, not on the occupation of the proposer.
However such a policy must actually be written and put to the working
group. If you are not able to do this, who is? The WG Chairs and the
RIPE NCC are able to help with the drafting of a policy.
However I must warn you that historically such policies have not been
met with great acceptance by the community. Things are always changing,
of course, so who knows?
Thanks,
Brian
Co-Chair, RIPE Anti-Abuse WG
Brian Nisbet, Network Operations Manager
HEAnet Limited, Ireland's Education and Research Network
1st Floor, 5 George's Dock, IFSC, Dublin 1
Registered in Ireland, no 275301 tel: +35316609040
web: http://www.heanet.ie/
Norman Diamond wrote on 18/09/2016 01:42:
Several ISPs put useless abuse contact addresses in their RIPE registrations.
I am told that RIPE only requires an ISP to register an address for the
supposed purpose of reporting abuse, but RIPE doesn't require the ISP to
actually accept abuse reports at the registered address. Therefore a change in
policy is required.
Some examples are that an abuse address inspects a report for indications of
spam. If a spamming ISP observes that a victim's report includes a quotation
of the ISP's spam, containing headers and contents to prove that the spam is
spam and which IP address sent the spam, then the ISP bounces the victim's
report back to the victim, because the ISP's spam really was spam and it's
included in the victim's report.
Some examples are that an abuse address inspects the mail server of the
victim's ISP. If a spamming ISP observes that their victim is a customer of a
different ISP which formerly used to be an equally bad spamming ISP, then the
ISP bounces the victim's report back to the victim. The spamming ISP might
reject the report even before seeing the contents of the report, terminating
the mail connection early. Or it might wait and bounce later.
An improved RIPE policy would require an ISP to register an address where the
ISP will actually accept reports of the ISP's spam.
(Now, I am just an ordinary customer of an ISP, coincidentally one which
formerly used to send a lot of spam, and I used to be more vicious in reporting
my ISP's spam to its administrators than in reporting to most other ISPs. In
fact Yahoo US and Yahoo Japan often block each other because they know that
they're both famous for spamming. However, it seems they've cleaned up to the
extent where they accept reports from each other's customers. Anyway, I am
just an ordinary customer, not an administrator, and this is not my job, so I
intend to unsubscribe from this list in a few days. Please kindly consider the
foregoing suggestion on its own merits not on the suggester's occupation.)
Yours sincerely,
Norman Diamond