On Wed, 15 Jan 2020, JORDI PALET MARTINEZ via anti-abuse-wg wrote:

In my opinion, the actual situation is the worst. We are validating over "nothing". We 
don't know how many of the "validated" mailboxes are real, or even read, full, etc.

I will prefer a mandatory abuse-c which is validated in the way I'm proposing, 
as it is being done in ARIN and APNIC and soon in LACNIC.

This detail is interesting...

If this can't reach consensus, I prefer to know in advance "this operator doesn't handle abuses" that wasting time in reporting them. I will have the choice to just block their network and when several folks block them and their customers complain, then they may change their mind.

I was wondering if this "block" would mean blocking all prefixes announced by the same ASN, or just the prefix where the abuse originated from.

Better 50% of good and *real* validated abuse contacts than 100% from which I 
don't know how may are for real.

As i already stated, i'm more worried about someone using real e-mail addresses of real unrelated people than the /dev/null or unattended mailboxes.

When someone uses a 3rd party address without authorization+knowledge, i think it's reasonable to allow for a fix, instead of directly running to ripe-716.


El 15/1/20 8:24, "anti-abuse-wg en nombre de Carlos Friaças via anti-abuse-wg" 
<anti-abuse-wg-boun...@ripe.net en nombre de anti-abuse-wg@ripe.net> escribió:


   I obviously don't speak for the incident handling community, but i think
   this (making it optional) would be a serious step back. The current
   situation is already very bad when in some cases we know from the start
   that we are sending (automated) messages/notices to blackholes.

   To an extreme, there should always be a known contact responsible for
   any network infrastructure. If this is not the case, what's the purpose
   of a registry then?


   On Tue, 14 Jan 2020, Leo Vegoda wrote:

   > On Tue, Jan 14, 2020 at 1:48 AM Gert Doering <g...@space.net> wrote:
   > [...]
   >> A much simpler approach would be to make abuse-c: an optional attribute
   >> (basically, unrolling the "mandatory" part of the policy proposal that
   >> introduced it in the first place)
   > This seems like a simple approach for letting network operators
   > indicate whether or not they will act on abuse reports. If there's no
   > way of reporting abuse then the operators clearly has no processes for
   > evaluating reports, or acting on them. This helps everyone save time.
   > Regards,
   > Leo Vegoda

IPv4 is over
Are you ready for the new Internet ?
The IPv6 Company

This electronic message contains information which may be privileged or 
confidential. The information is intended to be for the exclusive use of the 
individual(s) named above and further non-explicilty authorized disclosure, 
copying, distribution or use of the contents of this information, even if 
partially, including attached files, is strictly prohibited and will be 
considered a criminal offense. If you are not the intended recipient be aware 
that any disclosure, copying, distribution or use of the contents of this 
information, even if partially, including attached files, is strictly 
prohibited, will be considered a criminal offense, so you must reply to the 
original sender to inform about this communication and delete it.

Reply via email to