Re: [anti-abuse-wg] working in new version of 2019-04 (Validation of "abuse-mailbox")
Hi, I obviously don't speak for the incident handling community, but i think this (making it optional) would be a serious step back. The current situation is already very bad when in some cases we know from the start that we are sending (automated) messages/notices to blackholes. To an extreme, there should always be a known contact responsible for any network infrastructure. If this is not the case, what's the purpose of a registry then? Regards, Carlos On Tue, 14 Jan 2020, Leo Vegoda wrote: On Tue, Jan 14, 2020 at 1:48 AM Gert Doering wrote: [...] A much simpler approach would be to make abuse-c: an optional attribute (basically, unrolling the "mandatory" part of the policy proposal that introduced it in the first place) This seems like a simple approach for letting network operators indicate whether or not they will act on abuse reports. If there's no way of reporting abuse then the operators clearly has no processes for evaluating reports, or acting on them. This helps everyone save time. Regards, Leo Vegoda
Re: [anti-abuse-wg] working in new version of 2019-04 (Validation of "abuse-mailbox")
In message , Hans-Martin Mosner wrote: >While this would probably paint a pretty solid picture of which network o= >perators can be trusted and which can't, >there's another point besides your valid concern about abusers gaming the= > system: Whoever publishes the results of such >user ratings would most likely expose themselves to litigious lawsuits, w= >hich neither you nor me nor RIPE NCC really >wants to do. That comment, and that concern, certainly does not seem to apply in any country in which either eBay or TripAdvisor operate. Do you folks on your side of the pond not receive eBay? Are you not able to view Tripadvisor.Com? Here in this country (U.S.) there are actually -three- separate and clearly discrenable legal protections that would cover and that do cover circumstances like this. In no particular order, they are: (*) The First Amendment. (*) 47 USC 230(c)(1) (*) 47 USC 230(c)(2)(B) Ref: https://www.law.cornell.edu/uscode/text/47/230 The middle one is actually the first-order go-to provision for situations like this, and provides for quick dismissal for any silly cases brought against *me* for something that *you* have said on some discussion or review web site that I just happen to provide electricity, connectivity, and CPU cycles for. One would hope that european law might have some counterpart for that, but I confess that I really have no idea about that, one way or the other. So, um, is the european continent utterly devoid of any and all web sites where reviews can or do appear? Does europe have its own GDPR mandated Great Firewall to keep the evil likes of eBay and TripAdvisor out? Or were you, Hans-Martin, just saying that in europe, free speech is reserved only for those who can afford it, and who conveniently have hoards of corporate lawyers covering their backsides? Asking seriously, because I don't know the answer. I'm just puzzled by this whole thing, and this concern about lawsuits. Regards, rfg
Re: [anti-abuse-wg] working in new version of 2019-04 (Validation of "abuse-mailbox")
Am 14.01.20 um 13:10 schrieb Ronald F. Guilmette:
> [...]
> So, my solution is just don't. Let the whole planet vote on whether
> they think this provider or that provider are ***heads, and let the
> chips fall where they may.
>
> I'm not saying that even this idea would neessarily be piece-of-cake easy.
> The first problem would be working out a way to prevent the system from
> being gamed by bad actors for malicious purposes, or for positive "PR"
> purposes. (Don't get me started about the fake positive review over on
> TripAdvisor.) But I am not persuaded that these are in any sense
> insoluable problems.
>
>
> Regards,
> rfg
>
While this would probably paint a pretty solid picture of which network
operators can be trusted and which can't,
there's another point besides your valid concern about abusers gaming the
system: Whoever publishes the results of such
user ratings would most likely expose themselves to litigious lawsuits, which
neither you nor me nor RIPE NCC really
wants to do.
Remember that some DSNBLs had a hard time due to this, some preferred to stay
anonymous for that very reason. An
"abuser-friendliness" rating system targeting network operators who may be
"RIPE NCC members in good standing" would
probably not live long, even if it published just clear facts ("this network
operator does not want to receive and
handle abuse reports") because these facts might be used to block access from
these networks and hurt their business.
I've been running mail systems since when "postmas...@domain.tld" was still the
first point of contact you would go to
when something bad emanated from a mailserver. Then spammers operated their own
domains, and you would need to address
abuse@ for the IP range. Then network operators decided to look the other way
when their well-paying customers spammed,
and reporting to abuse mailbox addresses became hopeless. I just don't do that
anymore. IP-level blocking of whole
network address ranges works for me. If network operators don't want to get
blocked, they need to clean up their act,
with or without abuse mailbox.
Cheers,
Hans-Martin
Re: [anti-abuse-wg] working in new version of 2019-04 (Validation of "abuse-mailbox")
On Tue, Jan 14, 2020 at 1:48 AM Gert Doering wrote: [...] > A much simpler approach would be to make abuse-c: an optional attribute > (basically, unrolling the "mandatory" part of the policy proposal that > introduced it in the first place) This seems like a simple approach for letting network operators indicate whether or not they will act on abuse reports. If there's no way of reporting abuse then the operators clearly has no processes for evaluating reports, or acting on them. This helps everyone save time. Regards, Leo Vegoda
Re: [anti-abuse-wg] working in new version of 2019-04 (Validation of "abuse-mailbox")
In message <30174d32-225f-467e-937a-5bc42650f...@consulintel.es>, JORDI PALET MARTINEZ via anti-abuse-wg wrote: >I think if we try to agree on those ratings, we will never reach consensus Right, and that was a part of my point about eBay-like feedback ratings for resource holders, i.e. "Let's not even try." Instead, let the people decide. Let anyone register a feedback point, positive or negative, against any resource holder, with the proviso that if they are registering a negative feedback point, they should assert exactly *why* they are unhappy (e.g. "mail to abuse address bounced as undeliverable", "no response for eight days" etc.) and if possible, provide some context also, e.g. a copy of the spam, a copy of some logs showing hack attempts, etc. >So it is not just easier to ask the abuse-c mailboxes that don't want to >process to setup an autoresponder with an specific (standard) text about that, for example:... In the "eBay feedback" model I am proposing there is no need for *RIPE NCC* to ask anybody about anything. People will register negative points against any resource holder with an undeliverable abuse address. (I know I will!) I'm sorry Jordi, if this idea sounds like it is undermining everything you have been trying to do, which is all very very admirable. But I have only just realized what you said above, i.e. if we really start to try to design a system where RIPE NCC will do 100% of the work of "reviewing" all one zillion RIPE resource holders, the size of the task will almost be the least of the worries. The first order problem, as you already know since you have been doing yeoman's work on this for awhile now, is just getting people in the various RIRs to agree on the numerous fine details. (Hell! You can't even get *me* to agree that a 15 day turn- around is in any sense "reasonable", and apparently I'm not alone in that regard.) So, my solution is just don't. Let the whole planet vote on whether they think this provider or that provider are ***heads, and let the chips fall where they may. I'm not saying that even this idea would neessarily be piece-of-cake easy. The first problem would be working out a way to prevent the system from being gamed by bad actors for malicious purposes, or for positive "PR" purposes. (Don't get me started about the fake positive review over on TripAdvisor.) But I am not persuaded that these are in any sense insoluable problems. Regards, rfg
Re: [anti-abuse-wg] working in new version of 2019-04 (Validation of "abuse-mailbox")
In message <671286eb-7fad-4d70-addd-efa0a680b...@consulintel.es>, JORDI PALET MARTINEZ via anti-abuse-wg wrote: >>Section 3.0 part 3. Why on earth should it take 15 days for >>anyone to respond to an email?? Things on the Internet happen >>in millseconds. If a provider is unable to respond to an issue >>within 72 hours then they might as well be dead, because they >>have abandoned all social responsibility. >> >>I fully agree! My original proposal was only 3 working days, but the >>community told me "no way". This was the same input I got in APNIC >>and LACNIC (in both regions it reached consensus with 15 days). >> >>So, I will keep 15 days ... > >I think this is provable, and also transparently obvious and colossal >bullshit, but that's just my opinion. > >And mine!, but as a proposal author, I need to try to match as much as poss= >ible the wishes of the community. You are hereby officially absolved from all guilt in the matter. In nomine patri et fili spiritu sancte. Go in peace my son, and do what you have to do. Regards, rfg
Re: [anti-abuse-wg] working in new version of 2019-04 (Validation of "abuse-mailbox")
On Tue, 14 Jan 2020, Nick Hilliard wrote: Gert Doering wrote on 14/01/2020 10:19: And if it's not going to have the desired effect, do not waste time on it. More to the point, the RIPE number registry should not be used as a stick for threatening to beat people up if they don't comply with our current favourite ideas about how to manage social policy on the internet. It is a registry, not a police truncheon. Hello, (Going perhaps a bit off-topic...) If people are not able to follow the rules of the registry, maybe they shouldn't be allowed inside the system... :-) [Fact 1] If someone provides falsified documents to the registry, that someone goes off the wagon. [Fact 2] If someone doesn't pay the registry in due time (after several warnings), that someone goes off the wagon. the "registry wagon"...> I would also feel comfortable if someone who indicates a 3rd party e-mail address as the abuse-mailbox for their _OWN_ address space, goes off the wagon (after some warnings, of course...). BTW, some years ago our physical address was added in whois to someone else's address space in a different RIR and that was _NOT_ a nice experience... Regards, Carlos Nick
Re: [anti-abuse-wg] working in new version of 2019-04 (Validation of "abuse-mailbox")
Gert Doering wrote on 14/01/2020 10:19: And if it's not going to have the desired effect, do not waste time on it. More to the point, the RIPE number registry should not be used as a stick for threatening to beat people up if they don't comply with our current favourite ideas about how to manage social policy on the internet. It is a registry, not a police truncheon. Nick
Re: [anti-abuse-wg] working in new version of 2019-04 (Validation of "abuse-mailbox")
Hi, On Tue, Jan 14, 2020 at 03:10:53AM -0700, Fi Shing wrote: > weak imbeciles such as those on this list. Wow. That's a new one on my list of things I've been called. So thankful. Gert Doering -- NetMaster -- have you enabled IPv6 on something today...? SpaceNet AG Vorstand: Sebastian v. Bomhard, Michael Emmer Joseph-Dollinger-Bogen 14Aufsichtsratsvors.: A. Grundner-Culemann D-80807 Muenchen HRB: 136055 (AG Muenchen) Tel: +49 (0)89/32356-444 USt-IdNr.: DE813185279 signature.asc Description: PGP signature
Re: [anti-abuse-wg] working in new version of 2019-04 (Validation of "abuse-mailbox")
Hi, On Tue, Jan 14, 2020 at 10:50:58AM +0100, JORDI PALET MARTINEZ via anti-abuse-wg wrote: > Looks fine to me. > > If we really think that the operators should be free from taking abuse > reports, then let's make it optional. > > As said, I personally think that an operator responsibility is to deal with > abuse cases, but happy to follow what we all decide. I do think that an operator should handle abuse reports (and we do), but *this* is not a suitable vehicle to *make him*. And if it's not going to have the desired effect, do not waste time on it. Gert Doering -- NetMaster -- have you enabled IPv6 on something today...? SpaceNet AG Vorstand: Sebastian v. Bomhard, Michael Emmer Joseph-Dollinger-Bogen 14Aufsichtsratsvors.: A. Grundner-Culemann D-80807 Muenchen HRB: 136055 (AG Muenchen) Tel: +49 (0)89/32356-444 USt-IdNr.: DE813185279 signature.asc Description: PGP signature
Re: [anti-abuse-wg] working in new version of 2019-04 (Validation of "abuse-mailbox")
Well the operators are already free to decide if and when they respond to abuse reports. But this farcical system should not be legitimised by weak imbeciles such as those on this list. - Original Message - Subject: Re: [anti-abuse-wg] working in new version of 2019-04 (Validation of "abuse-mailbox") From: "JORDI PALET MARTINEZ via anti-abuse-wg" Date: 1/14/20 8:50 pm To: "anti-abuse-wg" Looks fine to me. If we really think that the operators should be free from taking abuse reports, then let's make it optional. As said, I personally think that an operator responsibility is to deal with abuse cases, but happy to follow what we all decide. Regards, Jordi @jordipalet El 14/1/20 10:47, "Gert Doering" escribi: Hi, On Tue, Jan 14, 2020 at 10:38:28AM +0100, Gert Doering wrote: > On Tue, Jan 14, 2020 at 10:36:10AM +0100, JORDI PALET MARTINEZ via > anti-abuse-wg wrote: > > So it is not just easier to ask the abuse-c mailboxes that don't want to > > process to setup an autoresponder with an specific (standard) text about > > that, for example: > > > > "This is an automated convirmation that you reached the correct abuse-c > > mailbox, but we don't process abuse cases, so your reports will be > > discarded." > > I would support that. ... but it's actually way too complicated to implement. A much simpler approach would be to make abuse-c: an optional attribute (basically, unrolling the "mandatory" part of the policy proposal that introduced it in the first place) - If you want to handle abuse reports, put something working in. - If you do not want to handle abuse reports, don't. The ARC could be extended with a question "are you aware that you are signalling 'we do not not care about abuse coming from our network'?" and if this is what LIRs *want* to signal, the message is clear. The NCC could still verify (as they do today) that an e-mail address, *if given*, is not bouncing (or coming back with a human bounce "you have reached the wrong person, stop sending me mail" if someone puts in the e-mail address of someone else). MUCH less effort. Gert Doering -- NetMaster -- have you enabled IPv6 on something today...? SpaceNet AG Vorstand: Sebastian v. Bomhard, Michael Emmer Joseph-Dollinger-Bogen 14 Aufsichtsratsvors.: A. Grundner-Culemann D-80807 Muenchen HRB: 136055 (AG Muenchen) Tel: +49 (0)89/32356-444 USt-IdNr.: DE813185279 ** IPv4 is over Are you ready for the new Internet ? http://www.theipv6company.com The IPv6 Company This electronic message contains information which may be privileged or confidential. The information is intended to be for the exclusive use of the individual(s) named above and further non-explicilty authorized disclosure, copying, distribution or use of the contents of this information, even if partially, including attached files, is strictly prohibited and will be considered a criminal offense. If you are not the intended recipient be aware that any disclosure, copying, distribution or use of the contents of this information, even if partially, including attached files, is strictly prohibited, will be considered a criminal offense, so you must reply to the original sender to inform about this communication and delete it.
Re: [anti-abuse-wg] working in new version of 2019-04 (Validation of "abuse-mailbox")
Looks fine to me. If we really think that the operators should be free from taking abuse reports, then let's make it optional. As said, I personally think that an operator responsibility is to deal with abuse cases, but happy to follow what we all decide. Regards, Jordi @jordipalet El 14/1/20 10:47, "Gert Doering" escribió: Hi, On Tue, Jan 14, 2020 at 10:38:28AM +0100, Gert Doering wrote: > On Tue, Jan 14, 2020 at 10:36:10AM +0100, JORDI PALET MARTINEZ via anti-abuse-wg wrote: > > So it is not just easier to ask the abuse-c mailboxes that don't want to process to setup an autoresponder with an specific (standard) text about that, for example: > > > > "This is an automated convirmation that you reached the correct abuse-c mailbox, but we don't process abuse cases, so your reports will be discarded." > > I would support that. ... but it's actually way too complicated to implement. A much simpler approach would be to make abuse-c: an optional attribute (basically, unrolling the "mandatory" part of the policy proposal that introduced it in the first place) - If you want to handle abuse reports, put something working in. - If you do not want to handle abuse reports, don't. The ARC could be extended with a question "are you aware that you are signalling 'we do not not care about abuse coming from our network'?" and if this is what LIRs *want* to signal, the message is clear. The NCC could still verify (as they do today) that an e-mail address, *if given*, is not bouncing (or coming back with a human bounce "you have reached the wrong person, stop sending me mail" if someone puts in the e-mail address of someone else). MUCH less effort. Gert Doering -- NetMaster -- have you enabled IPv6 on something today...? SpaceNet AG Vorstand: Sebastian v. Bomhard, Michael Emmer Joseph-Dollinger-Bogen 14Aufsichtsratsvors.: A. Grundner-Culemann D-80807 Muenchen HRB: 136055 (AG Muenchen) Tel: +49 (0)89/32356-444 USt-IdNr.: DE813185279 ** IPv4 is over Are you ready for the new Internet ? http://www.theipv6company.com The IPv6 Company This electronic message contains information which may be privileged or confidential. The information is intended to be for the exclusive use of the individual(s) named above and further non-explicilty authorized disclosure, copying, distribution or use of the contents of this information, even if partially, including attached files, is strictly prohibited and will be considered a criminal offense. If you are not the intended recipient be aware that any disclosure, copying, distribution or use of the contents of this information, even if partially, including attached files, is strictly prohibited, will be considered a criminal offense, so you must reply to the original sender to inform about this communication and delete it.
Re: [anti-abuse-wg] working in new version of 2019-04 (Validation of "abuse-mailbox")
Hi, On Tue, Jan 14, 2020 at 10:38:28AM +0100, Gert Doering wrote: > On Tue, Jan 14, 2020 at 10:36:10AM +0100, JORDI PALET MARTINEZ via > anti-abuse-wg wrote: > > So it is not just easier to ask the abuse-c mailboxes that don't want to > > process to setup an autoresponder with an specific (standard) text about > > that, for example: > > > > "This is an automated convirmation that you reached the correct abuse-c > > mailbox, but we don't process abuse cases, so your reports will be > > discarded." > > I would support that. ... but it's actually way too complicated to implement. A much simpler approach would be to make abuse-c: an optional attribute (basically, unrolling the "mandatory" part of the policy proposal that introduced it in the first place) - If you want to handle abuse reports, put something working in. - If you do not want to handle abuse reports, don't. The ARC could be extended with a question "are you aware that you are signalling 'we do not not care about abuse coming from our network'?" and if this is what LIRs *want* to signal, the message is clear. The NCC could still verify (as they do today) that an e-mail address, *if given*, is not bouncing (or coming back with a human bounce "you have reached the wrong person, stop sending me mail" if someone puts in the e-mail address of someone else). MUCH less effort. Gert Doering -- NetMaster -- have you enabled IPv6 on something today...? SpaceNet AG Vorstand: Sebastian v. Bomhard, Michael Emmer Joseph-Dollinger-Bogen 14Aufsichtsratsvors.: A. Grundner-Culemann D-80807 Muenchen HRB: 136055 (AG Muenchen) Tel: +49 (0)89/32356-444 USt-IdNr.: DE813185279 signature.asc Description: PGP signature
Re: [anti-abuse-wg] working in new version of 2019-04 (Validation of "abuse-mailbox")
Hi, On Tue, Jan 14, 2020 at 10:36:10AM +0100, JORDI PALET MARTINEZ via anti-abuse-wg wrote: > So it is not just easier to ask the abuse-c mailboxes that don't want to > process to setup an autoresponder with an specific (standard) text about > that, for example: > > "This is an automated convirmation that you reached the correct abuse-c > mailbox, but we don't process abuse cases, so your reports will be discarded." I would support that. Gert Doering -- NetMaster -- have you enabled IPv6 on something today...? SpaceNet AG Vorstand: Sebastian v. Bomhard, Michael Emmer Joseph-Dollinger-Bogen 14Aufsichtsratsvors.: A. Grundner-Culemann D-80807 Muenchen HRB: 136055 (AG Muenchen) Tel: +49 (0)89/32356-444 USt-IdNr.: DE813185279 signature.asc Description: PGP signature
Re: [anti-abuse-wg] working in new version of 2019-04 (Validation of "abuse-mailbox")
I think if we try to agree on those ratings, we will never reach consensus ... So it is not just easier to ask the abuse-c mailboxes that don't want to process to setup an autoresponder with an specific (standard) text about that, for example: "This is an automated convirmation that you reached the correct abuse-c mailbox, but we don't process abuse cases, so your reports will be discarded." This will be still in line with the actual policy (and the proposal modifications) and will allow the operators to decide if they want to be good netcitizens or not, and the victims to decide if they want to block them. Regards, Jordi @jordipalet El 14/1/20 2:46, "anti-abuse-wg en nombre de Ronald F. Guilmette" escribió: In message , =?utf-8?B?w4FuZ2VsIEdvbnrDoWxleiBCZXJkYXNjbw==?= wrote: >Well, I do see the value of an option (a magic email value?) meaning "this >entity supports the use of its network for abusive purposes and will take no >action on any abuse report". > >That would save time for everyone involved, and would allow to easily block >those networks from accesing ours! These are pretty much my sentiments exactly. The only questions remaining are: 1) Should there just be a simple yes/no one-bit flag published for each resource holder, or would a scale and a range of possible "rating" values be more useful? 2) How shall the "ratings" be computed and by whom? I have provided my personal opinions on both of these points in my prior posting. Regards, rfg ** IPv4 is over Are you ready for the new Internet ? http://www.theipv6company.com The IPv6 Company This electronic message contains information which may be privileged or confidential. The information is intended to be for the exclusive use of the individual(s) named above and further non-explicilty authorized disclosure, copying, distribution or use of the contents of this information, even if partially, including attached files, is strictly prohibited and will be considered a criminal offense. If you are not the intended recipient be aware that any disclosure, copying, distribution or use of the contents of this information, even if partially, including attached files, is strictly prohibited, will be considered a criminal offense, so you must reply to the original sender to inform about this communication and delete it.
Re: [anti-abuse-wg] working in new version of 2019-04 (Validation of "abuse-mailbox")
Hi Ronald, El 14/1/20 0:17, "anti-abuse-wg en nombre de Ronald F. Guilmette" escribió: In message <55d65bf8-a430-4bdc-ae58-63ff3dca4...@consulintel.es>, JORDI PALET MARTINEZ wrote: >Section 2.0 bullet point #2. What's wrong with web forms? > >If I need to use a web form, which is not standard, for every abuse report... OHHH! Your proposal did not make it at all clear that the web forms you were making reference to were ones that the resource holder might put in place in order to provide a way for abuse victims to file a report. I agree completely that those things are intolerable, and I will go further and say that any resoirce holder who puts such a form online should properly be consigned to the fifth ring of hell. Sorry! I had misconstrued. When your proposal mentioned web forms I had assumed that you were making reference to some form that the RIPE NCC might put online and that the resources holders would need to type something into (e.g. a unique magic cookei) in order to fully confirm that they are in fact receiving emails to their documented abuse reporting email addresses. No worries. I will tidy up the text to make it clearer! Thanks! I think that the verification email messages that RIPE NCC sends out resource holders should indeed contain a link to web form, on the RIPE web site, where the recipient resource holder should be required to make at least some minimal demonstration that it has at least one actual conscious and sentient human being looking at the inbound emails that are sent to its abuse address. Please clarify in your proposal what exactly your use of the term "web form" was intended to convey. TYhank you. >Section 3.0 part 3. Why on earth should it take 15 days for >anyone to respond to an email?? Things on the Internet happen >in millseconds. If a provider is unable to respond to an issue >within 72 hours then they might as well be dead, because they >have abandoned all social responsibility. > >I fully agree! My original proposal was only 3 working days, but the >community told me "no way". This was the same input I got in APNIC >and LACNIC (in both regions it reached consensus with 15 days). > >So, I will keep 15 days ... I think this is provable, and also transparently obvious and colossal bullshit, but that's just my opinion. And mine!, but as a proposal author, I need to try to match as much as possible the wishes of the community. I say again. Things happen on the Internet in milliseconds. Any service provider that can't react to an email within 72 hours should be removed from the Internet of Responsible Adults and relegated to the agricultural industry, or to the study of geology, or at any rate to some profession where things are calm and leisurely, perhaps including the delivery of regular postal mail. If anyone wants to make his fortune by being an absentee landlord, just gathering in revenue and not taking any day to day responsibility for anything, let them get into the vacation rentals business and get the off the Internet. Regards, rfg ** IPv4 is over Are you ready for the new Internet ? http://www.theipv6company.com The IPv6 Company This electronic message contains information which may be privileged or confidential. The information is intended to be for the exclusive use of the individual(s) named above and further non-explicilty authorized disclosure, copying, distribution or use of the contents of this information, even if partially, including attached files, is strictly prohibited and will be considered a criminal offense. If you are not the intended recipient be aware that any disclosure, copying, distribution or use of the contents of this information, even if partially, including attached files, is strictly prohibited, will be considered a criminal offense, so you must reply to the original sender to inform about this communication and delete it.
Re: [anti-abuse-wg] working in new version of 2019-04 (Validation of "abuse-mailbox")
Hi Leo El 14/1/20 0:11, "Leo Vegoda" escribió: On Mon, Jan 13, 2020 at 1:50 PM JORDI PALET MARTINEZ via anti-abuse-wg wrote: [...] > I will love to have in the policy that they must be investigated and acted upon, but what I heard from the inputs in previous versions is that having that in policy is too much and no way to reach consensus … I don't understand the value of requiring organizations who do not intend to investigate abuse reports to spend resources publishing an address from which they can acknowledge the reports - only to then delete those reports without doing anything. This is not handled by this proposal. The existing policy already mandates that: https://www.ripe.net/participate/policies/proposals/2017-02 It creates hope for reporters and wastes the RIPE NCC's and the reporters' resources by forcing unwilling organizations to spend cycles on unproductive activity. Why not give networks two options? 1. Publish a reliable method for people to submit abuse reports - and act on it 2. Publish a statement to the effect that the network operator does not act on abuse reports This would save lots of wasted effort and give everyone more reliable information about the proportion of networks/operators who will and won't act on abuse reports. Even if I think that the operators MUST process abuse cases, if the community thinks otherwise, I'm happy to support those two options in the proposal. For example, an autoresponder in the abuse-c mailbox for those that don't intend to process the abuse cases to option 2 above? There might be some value in having the RIPE NCC cooperate with networks who want help checking that their abuse-c is working. But this proposal seems to move the RIPE NCC from the role of a helpful coordinator towards that of an investigator and judge. No, I don't think so, but I'm happy to modify the text if it looks like that. ** IPv4 is over Are you ready for the new Internet ? http://www.theipv6company.com The IPv6 Company This electronic message contains information which may be privileged or confidential. The information is intended to be for the exclusive use of the individual(s) named above and further non-explicilty authorized disclosure, copying, distribution or use of the contents of this information, even if partially, including attached files, is strictly prohibited and will be considered a criminal offense. If you are not the intended recipient be aware that any disclosure, copying, distribution or use of the contents of this information, even if partially, including attached files, is strictly prohibited, will be considered a criminal offense, so you must reply to the original sender to inform about this communication and delete it.
Re: [anti-abuse-wg] working in new version of 2019-04 (Validation of "abuse-mailbox")
Hi, On Mon, Jan 13, 2020 at 03:11:23PM -0800, Leo Vegoda wrote: > On Mon, Jan 13, 2020 at 1:50 PM JORDI PALET MARTINEZ via anti-abuse-wg > wrote: > > [...] > > > I will love to have in the policy that they must be investigated and acted > > upon, but what I heard from the inputs in previous versions is that having > > that in policy is too much and no way to reach consensus ??? > > I don't understand the value of requiring organizations who do not > intend to investigate abuse reports to spend resources publishing an > address from which they can acknowledge the reports - only to then > delete those reports without doing anything. > > It creates hope for reporters and wastes the RIPE NCC's and the > reporters' resources by forcing unwilling organizations to spend > cycles on unproductive activity. This. Gert Doering -- NetMaster -- have you enabled IPv6 on something today...? SpaceNet AG Vorstand: Sebastian v. Bomhard, Michael Emmer Joseph-Dollinger-Bogen 14Aufsichtsratsvors.: A. Grundner-Culemann D-80807 Muenchen HRB: 136055 (AG Muenchen) Tel: +49 (0)89/32356-444 USt-IdNr.: DE813185279 signature.asc Description: PGP signature
