Re: [anti-abuse-wg] AS24961 myLoc managed IT AG, uadns.com, ledl.net, and non-disclosing registries
Upon determining the upstream peers of AS24961, complain to those upstream peers: https://bgp.he.net/AS24961#_graph4 and ask them to provide the contract between themselves and AS24961 so you can find which section of the contract is violated, then complaint to the upstream peer head office. - Original Message - Subject: [anti-abuse-wg] AS24961 myLoc managed IT AG, uadns.com, ledl.net, and non-disclosing registries From: "Hans-Martin Mosner" Date: 2/19/20 6:18 pm To: "anti-abuse-wg@ripe.net" AS24961 (RIPE NCC member myLoc managed IT AG) continues to host one persistent spam sender years after years. I have complained to them a number of times, with no noticeable effect. The sender is recognizable by characteristics of their domain names and local parts, and most importantly by their DNS service, which is always uadns.com. Would be easy to deny them service if myLoc wanted to. Domain registrations are most often done via Ledl.net GmbH (RIPE NCC member). Registries DENIC eG (RIPE NCC member), EURid vzw (RIPE NCC member), nic.at GmbH (RIPE NCC member) willingly accept registrations that have most likely fake data (which I can't check because these data are conveniently not disclosed, although they very likely describe a commercial entity and not existing private persons and are therefore not subject to GDPR protections.) Excuse me while I vomit a little. I know that this working group is not responsible for handling individual cases of abuse, so my intention is not to get a solution (which I already did via nullrouting that AS) but to understand how persistent abuse-enabling entities can act unhindered without any clear escalation path. Effectively extracting the last rotten tooth "ICANN Whois Inaccuracy Complaint" by hiding all registration data so that an inaccuracy check is made impossible didn't help much... Cheers, Hans-Martin
Re: [anti-abuse-wg] Reporting abuse to OVH -- don't bother
All OVH and DigitalOcean abuse reports must be submitted via the abuse reporting forms on the website, or they won't be actioned: https://www.ovh.com/world/abuse/ https://www.digitalocean.com/company/contact/abuse/ - Original Message - Subject: Re: [anti-abuse-wg] Reporting abuse to OVH -- don't bother From: "Alessandro Vesely" Date: 2/12/20 11:16 pm To: "anti-abuse-wg@ripe.net" On Wed 12/Feb/2020 09:51:22 +0100 Ronald F. Guilmette wrote: > The RIPE WHOIS data base says that the abose contact for AS16276 is > ab...@ovh.net. > > It would appear thet the folks at OVH haven't yet quite figured how > this whole email thing works. > > Give them time. Another decade or two and they should have it down pat. +1, X-VR-SPAMCAUSE looks particularly appealing... Best Ale Forwarded Message Subject: failure notice Date: 12 Feb 2020 06:18:04 +0200 From: mailer-dae...@mx1.ovh.net To: ab...@tana.it Hi. This is the qmail-send program at mx1.ovh.net. I'm afraid I wasn't able to deliver your message to the following addresses. This is a permanent error; I've given up. Sorry it didn't work out. : user does not exist, but will deliver to /homez.12/vpopmail/domains/ovh.net/abuse/ can not open new email file errno=2 file=/homez.12/vpopmail/domains/ovh.net/abuse/Maildir/tmp/1581481084.9867.mail660.ha.ovh.net,S=4191 system error --- Below this line is a copy of the message. Return-Path: Received: from localhost (HELO queue) (127.0.0.1) by localhost with SMTP; 12 Feb 2020 06:18:04 +0200 Received: from unknown (HELO output25.mail.ovh.net) (10.108.117.188) by mail660.ha.ovh.net with AES256-GCM-SHA384 encrypted SMTP; 12 Feb 2020 06:18:04 +0200 Received: from vr26.mail.ovh.net (unknown [10.101.8.26]) by out25.mail.ovh.net (Postfix) with ESMTP id 48HRFm0K5Sz7P6Fd8 for ; Wed, 12 Feb 2020 04:18:04 + (UTC) Received: from in14.mail.ovh.net (unknown [10.101.4.14]) by vr26.mail.ovh.net (Postfix) with ESMTP id 48HRFf6fgNzrQV85 for ; Wed, 12 Feb 2020 04:17:58 + (UTC) Received-SPF: Pass (mailfrom) identity=mailfrom; client-ip=62.94.243.226; helo=wmail.tana.it; envelope-from=ab...@tana.it; receiver=ab...@ovh.net Authentication-Results: in14.mail.ovh.net; dkim=pass (1152-bit key; unprotected) header.d=tana.it header.i=@tana.it header.b="DSzDkiE5"; dkim-atps=neutral Received: from wmail.tana.it (wmail.tana.it [62.94.243.226]) by in14.mail.ovh.net (Postfix) with ESMTPS id 48HRFf5rYcz1qqm5 for ; Wed, 12 Feb 2020 04:17:58 + (UTC) Received: from localhost (localhost [127.0.0.1]) (uid 1000) by wmail.tana.it with local id 005DC0BE.5E437C70.6938; Wed, 12 Feb 2020 05:17:51 +0100 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=tana.it; s=delta; t=1581481072; bh=hqA0axQ0F0EZuKcuD4BJM7lec22phleodccLJFRo7js=; l=1187; h=From:To:Date; b=DSzDkiE5M2E2RHdufCjt/pvL8szxXfCQCiPcYrJMYxbHDSM6/qNrHDy0JZwW3HfQG jvGk5T7PlE7c6dBvfNjmQl2Z0yTpvjOVufBM6xGVi3WEzkPUb2Wpr0b6oW/Ptan3/d d81pOjTCPaAxOXfx0G1t5PpotLEo0P48qxyNPtkGYVZoMp7kdUev7jtac9Jcq Authentication-Results: tana.it; auth=pass (details omitted) X-mmdbcountrylookup: FR From: "tana.it" To: ab...@ovh.net Date: Wed, 12 Feb 2020 05:17:51 +0100 Subject: Mail server abuse by 188.165.221.36 on 11 February 2020 Mime-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 7bit X-Auto-Response-Suppress: DR, OOF, AutoReply Message-ID: X-Ovh-Remote: 62.94.243.226 (wmail.tana.it) X-Ovh-Tracer-Id: 8968355709213900626 X-VR-SPAMSTATE: OK X-VR-SPAMSCORE: 50 X-VR-SPAMCAUSE: gggruggvucftvghtrhhoucdtuddrgedugedrieeggdeifecutefuodetggdotefrodftvfcurfhrohhfihhlvgemucfqggfjpdevjffgvefmvefgnecuuegrihhlohhuthemucehtddtnecuogfvvgigthfqnhhlhidqqdetfeejfedqtdegucdlhedtmdenucfjughrpefhvfffufggtgfgsehtjedttddttdejnecuhfhrohhmpedfthgrnhgrrdhithdfuceorggsuhhsvgesthgrnhgrrdhitheqnecuffhomhgrihhnpehtrghnrgdrihhtpdhrihhpvgdrnhgvthenucfkphepiedvrdelgedrvdegfedrvddvieenucevlhhushhtvghrufhiiigvpedtnecurfgrrhgrmhepmhhouggvpehsmhhtphdphhgvlhhopehinhdugedrmhgrihhlrdhovhhhrdhnvghtpdhinhgvthepiedvrdelgedrvdegfedrvddviedpmhgrihhlfhhrohhmpegrsghushgvsehtrghnrgdrihhtpdhrtghpthhtoheprggsuhhsvgesohhvhhdrnhgvth X-Ovh-Spam-Status: OK X-Ovh-Spam-Reason: vr: OK; dkim: disabled; spf: disabled X-Ovh-Message-Type: OK Dear Abuse Team The following abusive behavior from IP address under your constituency 188.165.221.36 has been detected: 2020-02-11 11:39:25 CET, 188.165.221.36, old decay: 86400, prob: 34.72%, SMTP auth dictionary attack 188.165.221.36 was caught 102 times since Fri May 18 01:42:13 2018 original data from the mail log: 2020-02-11 11:39:05 CET courieresmtpd: started,ip=[188.165.221.36],port=[58534] 2020-02-11 11:39:05 CET courieresmtpd: started,ip=[188.165.221.36],port=[62026] 2020-02-11 11:39:05 CET courieresmtpd: started,ip=[188.165.221.36],port=[63198] 2020-02-11 11:39:25 CET courieresmtpd:
[anti-abuse-wg] AS48666 MAROSNET
Regarding AS48666 MAROSNET Telecommunication Company LLC, Phishing URL: http://barrierfenceco[.]xyz/upd/ IP: 178.159.36.182 Phishing URL: https://abbahaircareproducts[.]xyz/gsodjif/index.php IP: 91.234.99.117 route: 91.234.99.0/24 descr: Client's network descr: Russia, Moscow origin: AS48666 mnt-by: MNT-MAROSNET created: 2020-01-12T18:42:46Z last-modified: 2020-01-12T18:42:46Z source: RIPE route: 178.159.36.0/24 descr: Client's network origin: AS48666 mnt-by: MAROSNET-MNT created: 2016-10-26T15:40:48Z last-modified: 2016-10-26T15:40:48Z source: RIPE This provider has no publicly accessible website and is unreachable. The email address listed on RIPE as info at marosnet2.ru bounces. It is the provider of autonomous ranges, including that including IP 178.159.36.182 and 91.234.99.117 which is being used to host a plethora of phishing websites. https://ipinfo.io/AS48666 reveals AS48666 sub-lets to "Private Internet Hosting LTD" who has sub-let to the phisher themself. --
Re: [anti-abuse-wg] Periodic Reminder: List Conduct
>> The point remains that there is a code of conduct and I am reminding >> everyone of it. Great. Now if we can take this ^ ^ ^ and apply it to RIPE as a whole, then this group might be 50% of the way towards actually being an anti-abuse working group. Otherwise, someone should move a motion on this group that the group be renamed to : "Anti-Anti-abuse Working Group" - Original Message - Subject: RE: [anti-abuse-wg] Periodic Reminder: List Conduct From: "Brian Nisbet" Date: 1/20/20 8:19 pm To: "Fi Shing" , "anti-abuse-wg@ripe.net" Because they are two completely different things. This is the RIPE Community, of which the RIPE NCC are the secretariat, amongst other things. The rules of conduct for this list and the wider community have nothing to do with the database, nor abuse verification nor any notion of Internet Police. And honestly, you can attempt to find loopholes or argue nonsensical points of logic on this as much as you want. The point remains that there is a code of conduct and I am reminding everyone of it. Thank you, Brian Co-Chair, RIPE AA-WG Brian Nisbet Service Operations Manager HEAnet CLG, Ireland's National Education and Research Network 1st Floor, 5 George's Dock, IFSC, Dublin D01 X8N7, Ireland +35316609040 brian.nis...@heanet.ie www.heanet.ie Registered in Ireland, No. 275301. CRA No. 20036270 From: anti-abuse-wg On Behalf Of Fi Shing Sent: Saturday 18 January 2020 07:22 To: anti-abuse-wg@ripe.net Subject: Re: [anti-abuse-wg] Periodic Reminder: List Conduct It appears you missed the point of my email. How can you say rules apply to this list, but not RIPE itself? Given the logic of many on this list: You are not the internet police, Some people may not agree with a rule, so therefore there are no rules at all, you, as an administrator enforcing this rule of "no personal attacks" would require you to open your emails, which is too much to ask of you as an administrator. - Original Message - Subject: RE: [anti-abuse-wg] Periodic Reminder: List Conduct From: "Brian Nisbet" Date: 1/17/20 10:42 pm To: "Fi Shing" , "anti-abuse-wg@ripe.net" Honestly, you can disagree all you want, but there are rules of conduct in the RIPE community and on this list. My email served as a polite reminder of those rules. If a member of the list chooses not to follow them, then steps will be taken in regards to direct communication, then moderation of postings if it is felt necessary and on from there. The Co-Chairs would greatly prefer not to have to deal with any of this, nor impose any restrictions on engagement with the working group, but if we must, we must, because such attacks do not help the list discussion nor the policy development process. Thanks, Brian Co-Chair, RIPE AA-WG Brian Nisbet Service Operations Manager HEAnet CLG, Ireland's National Education and Research Network 1st Floor, 5 George's Dock, IFSC, Dublin D01 X8N7, Ireland +35316609040 brian.nis...@heanet.ie www.heanet.ie Registered in Ireland, No. 275301. CRA No. 20036270 From: anti-abuse-wg On Behalf Of Fi Shing Sent: Friday 17 January 2020 11:33 To: anti-abuse-wg@ripe.net Subject: Re: [anti-abuse-wg] Periodic Reminder: List Conduct >> but we can tell you not to do it here, so please don't. Well... no, i disagree. Brian Nisbet, i would like to remind you, that ... You are not the Internet Police. In fact, what you consider to be a rule, might not be something that every single person on this planet also considers to be a rule, and so therefore, we have no rules at all, nor is there any basis for you to impose any rules on this list such as that which you have said. To enforce this rule of "no personal attacks", would require you to open you email and read it once every year. That is too much for RIPE to envisage. It's too much resources. It's something that no administrator such as you SHOULD HAVE TO DO. So therefore, let us discuss, in meaningless circular fashion, similar to what you find inside an insane asylum, this idea of yours. SOUND FAMILIAR, ANYONE? - Original Message - Subject: [anti-abuse-wg] Periodic Reminder: List Conduct From: "Brian Nisbet" Date: 1/17/20 8:23 pm To: "anti-abuse-wg@ripe.net" Colleagues, It seems that at some point in every large list discussion I am compelled to send a mail of this type. This is not in response to any single mail, rather it is a reminder to all. Please remember to conduct yourselves well on this list, to discuss the matter at hand and not to attack the person writing the email. Most of the list discussion takes place in the appropriate manner, but I realise that when we're discussin
Re: [anti-abuse-wg] Periodic Reminder: List Conduct
It appears you missed the point of my email. How can you say rules apply to this list, but not RIPE itself? Given the logic of many on this list: + You are not the internet police, + Some people may not agree with a rule, so therefore there are no rules at all, + you, as an administrator enforcing this rule of "no personal attacks" would require you to open your emails, which is too much to ask of you as an administrator. - Original Message - Subject: RE: [anti-abuse-wg] Periodic Reminder: List Conduct From: "Brian Nisbet" Date: 1/17/20 10:42 pm To: "Fi Shing" , "anti-abuse-wg@ripe.net" Honestly, you can disagree all you want, but there are rules of conduct in the RIPE community and on this list. My email served as a polite reminder of those rules. If a member of the list chooses not to follow them, then steps will be taken in regards to direct communication, then moderation of postings if it is felt necessary and on from there. The Co-Chairs would greatly prefer not to have to deal with any of this, nor impose any restrictions on engagement with the working group, but if we must, we must, because such attacks do not help the list discussion nor the policy development process. Thanks, Brian Co-Chair, RIPE AA-WG Brian Nisbet Service Operations Manager HEAnet CLG, Ireland's National Education and Research Network 1st Floor, 5 George's Dock, IFSC, Dublin D01 X8N7, Ireland +35316609040 brian.nis...@heanet.ie www.heanet.ie Registered in Ireland, No. 275301. CRA No. 20036270 From: anti-abuse-wg On Behalf Of Fi Shing Sent: Friday 17 January 2020 11:33 To: anti-abuse-wg@ripe.net Subject: Re: [anti-abuse-wg] Periodic Reminder: List Conduct >> but we can tell you not to do it here, so please don't. Well... no, i disagree. Brian Nisbet, i would like to remind you, that ... You are not the Internet Police. In fact, what you consider to be a rule, might not be something that every single person on this planet also considers to be a rule, and so therefore, we have no rules at all, nor is there any basis for you to impose any rules on this list such as that which you have said. To enforce this rule of "no personal attacks", would require you to open you email and read it once every year. That is too much for RIPE to envisage. It's too much resources. It's something that no administrator such as you SHOULD HAVE TO DO. So therefore, let us discuss, in meaningless circular fashion, similar to what you find inside an insane asylum, this idea of yours. SOUND FAMILIAR, ANYONE? - Original Message - Subject: [anti-abuse-wg] Periodic Reminder: List Conduct From: "Brian Nisbet" Date: 1/17/20 8:23 pm To: "anti-abuse-wg@ripe.net" Colleagues, It seems that at some point in every large list discussion I am compelled to send a mail of this type. This is not in response to any single mail, rather it is a reminder to all. Please remember to conduct yourselves well on this list, to discuss the matter at hand and not to attack the person writing the email. Most of the list discussion takes place in the appropriate manner, but I realise that when we're discussing matters about which any of us are passionate we can forget this. Ad hominem attacks, general slights, unfounded accusations, and many other things do not contribute to the list discussion. The Co-Chairs can't tell you not to send them by private mail (albeit we'd greatly prefer you didn't) nor to act in this manner in other for a (albeit we'd prefer if you didn't do that either), but we can tell you not to do it here, so please don't. Thank you all for your interest and passion for this subject. Brian Co-Chair, RIPE AA-WG Brian Nisbet Service Operations Manager HEAnet CLG, Ireland's National Education and Research Network 1st Floor, 5 George's Dock, IFSC, Dublin D01 X8N7, Ireland +35316609040 brian.nis...@heanet.ie www.heanet.ie Registered in Ireland, No. 275301. CRA No. 20036270
Re: [anti-abuse-wg] Periodic Reminder: List Conduct
>> but we can tell you not to do it here, so please don't. Well... no, i disagree. Brian Nisbet, i would like to remind you, that ... You are not the Internet Police. In fact, what you consider to be a rule, might not be something that every single person on this planet also considers to be a rule, and so therefore, we have no rules at all, nor is there any basis for you to impose any rules on this list such as that which you have said. To enforce this rule of "no personal attacks", would require you to open you email and read it once every year. That is too much for RIPE to envisage. It's too much resources. It's something that no administrator such as you SHOULD HAVE TO DO. So therefore, let us discuss, in meaningless circular fashion, similar to what you find inside an insane asylum, this idea of yours. SOUND FAMILIAR, ANYONE? - Original Message - Subject: [anti-abuse-wg] Periodic Reminder: List Conduct From: "Brian Nisbet" Date: 1/17/20 8:23 pm To: "anti-abuse-wg@ripe.net" Colleagues, It seems that at some point in every large list discussion I am compelled to send a mail of this type. This is not in response to any single mail, rather it is a reminder to all. Please remember to conduct yourselves well on this list, to discuss the matter at hand and not to attack the person writing the email. Most of the list discussion takes place in the appropriate manner, but I realise that when we're discussing matters about which any of us are passionate we can forget this. Ad hominem attacks, general slights, unfounded accusations, and many other things do not contribute to the list discussion. The Co-Chairs can't tell you not to send them by private mail (albeit we'd greatly prefer you didn't) nor to act in this manner in other for a (albeit we'd prefer if you didn't do that either), but we can tell you not to do it here, so please don't. Thank you all for your interest and passion for this subject. Brian Co-Chair, RIPE AA-WG Brian Nisbet Service Operations Manager HEAnet CLG, Ireland's National Education and Research Network 1st Floor, 5 George's Dock, IFSC, Dublin D01 X8N7, Ireland +35316609040 brian.nis...@heanet.ie www.heanet.ie Registered in Ireland, No. 275301. CRA No. 20036270
Re: [anti-abuse-wg] @EXT: RE: working in new version of 2019-04 (Validation of "abuse-mailbox")
Your email presumes that an "ombudsman" model would resolve an issue. If a person has dedicated themselves to controlling a 200,000 strong botnet and sending spam emails through unauthorised access etc. what is sending them a fancy piece of paper or an email "asking them to be nice" going to do? For example, there are 3 types of phishing websites: 1) Outright false domain name, 2) hacked server, using legitimate domain name, 3) free website sign-up Which of these would it be appropriate to ask the criminal to behave through a letter or email? In reality, none of them, because the phisher has hacked the server, dumped the phishing website template and left, never to return. The service needs to be suspended, as the server owner cannot expect: 1) a customer to know how to fix the security vulnerability, 2) the customer to log in to their email within the next day, week or even month, it might take them years to log in. 3) the criminal not to control the customers email also etc. Often when reporting phishing websites, the response from ISP is "I have notified the customer to investigate." The question then is, in which instance would it be appropriate to ask nicely of a customer? I can't think of any examples. You are like the United Nations... "North Korea, you are killing 2 million people in concentration camps, so we are asking nicely and going to send you a piece of paper expressing how bad it is." I'm sure North Korea really cares! - Original Message - Subject: Re: [anti-abuse-wg] @EXT: RE: working in new version of 2019-04 (Validation of "abuse-mailbox") From: "Volker Greimann" Date: 1/17/20 2:03 am To: "anti-abuse-wg@ripe.net" Hi Jordi, your example seems a bit off though. If your contract is with your ISP and you need to complain to them, why would you complain to another ISP you have no contract with? I agree that current GDPR implementations may impact the contactibility of the customer, but that can be improved in GDPR-compliant manners that do not require playing chinese whispers down the chain. Not objecting to your 3. but you need to consider it may not be the contractual partner acting against the contract. They may be a victim as well, and therefore enforcing any actions against them may be unproductive. Would you shut down Google.com because of one link to a site violating third party rights? Best, Volker Am 16.01.2020 um 15:52 schrieb JORDI PALET MARTINEZ via anti-abuse-wg: Hi Volker, I don't agree with that, because: I believe the electricity sample I provided proves otherwise. My contract is with the electricity provider (the Internet provider), so I need to complain to them and they need to follow the chain. For a victim, to complain directly to the customer (not the operator), will need to know the data of the “abuser” which may be protected by GDPR. Customers sign a contract with the operator. The contract must have clear conditions (AUP) about the appropriate use of the network. If you act against that contract, the problem is with the operator, not victims. By the way, if an operator has a badly designed AUP, either they are doing a bad job, or they have *no interest* in acting against abuses. Regards, Jordi @jordipalet El 16/1/20 15:44, "anti-abuse-wg en nombre de Volker Greimann" escribi: Obviously every user should lock their doors / protect themselves against fraud. I am just saying that the ability of many service providers to curtail abuse of their system (without impacting legitimate uses) is very limited as it may not their customers doing the abusing and any targeted action against those customers themselvesd would be inappropriate and affect many legitimate users of their services. At what point should a network service provider remove privileges from a customer that is himself being abused but is technically unable to deal with it properly? Would the complaint not be better directed at that customer, not the provider, since they are the ones that can resolve this issue in a more targetted and appropriate manner? How does the service provider differentiate between a customer that is abusing vs one that is being abused? Deputising the service providers will not necessarily solve the problems, and possibly create many new ones. In the domain industry, we were required to provide an abuse contact, however the reports we get to that address usually deal with issues we cannot do much about other than pulling or deactivating the domain name, which is usually the nuclear option. So we spend our time forwarding abuse mails to our customers that the complainant should have sent to the customer directly. Best, volker Am 16.01.2020 um 15:16 schrieb Serge Droz via anti-abuse-wg: Hi Volker On 16/01/2020 15:03, Volker Greimann wrote: isn't making the world (and the internet) first and foremost a job of law enforcement
Re: [anti-abuse-wg] working in new version of 2019-04 (Validation of "abuse-mailbox")
>> Best not to judge the race until it has been fully run. I just do not understand how anyone on this list (other than a criminal or a business owner that wants to reduce over heads by abolishing an employee who has to sit and monitor an abuse desk) could be talking about making it easier for abuse to flourish. It is idiotic and is not ad hominem. This list is filled with people who argue for weeks, perhaps months, about the catastrophic world ending dangers of making an admin verify an abuse address ONCE a year and then someone says "let's abolish abuse desk all together" and these idiots emerge from the wood work like the termites that they are and there's no resistance? The good news is that nothing talked about on this list is ever implemented, so .. talk away you criminals. - Original Message - Subject: Re: [anti-abuse-wg] working in new version of 2019-04 (Validation of "abuse-mailbox") From: "Ronald F. Guilmette" Date: 1/16/20 11:47 am To: "anti-abuse-wg@ripe.net" In message <20200115155949.af7f9f79718891d8e76b551cf73e1563.e548b98006.mailapi@ email19.asia.godaddy.com>, "Fi Shing" wrote: >That is the most stupid thing i've read on this list. Well, I think you shouldn't be quite so harsh in your judgement. It is not immediately apparent that you have been on the list for all that long. So perhaps you should stick around for awhile longer before making such comments. If you do, I feel sure that there will be any number of stupider things that may come to your attention, including even a few from your's truly. Best not to judge the race until it has been fully run. >Which criminal is paying you to say this nonsense, because no ordinary person >that has ever received a spam email would ever say such crap. I would also offer the suggestion that such inartful commentary, being as it is, ad hominem, is not at all likely to advance your agenda. It may have felt good, but I doubt that you have changed a single mind, other than perhaps one or two who will now be persuaded to take the opposing position, relative to whatever it was that you had hoped to achieve. Regards, rfg
Re: [anti-abuse-wg] working in new version of 2019-04 (Validation of "abuse-mailbox")
correction: year 2020* - Original Message - Subject: Re: [anti-abuse-wg] working in new version of 2019-04 (Validation of "abuse-mailbox") From: "Fi Shing" Date: 1/16/20 10:03 am To: "anti-abuse-wg@ripe.net" Sergio, that would make too much sense. This mailing list is not only not even considering what you have said, but they are trying to remove the requirement of a network operator to even receive emails about complaints at all. Pathetic. It's the year 2019, and these "people" on this list (probably cyber criminals or are paid by cyber criminals to weaken policy) come here and say this garbage. - Original Message - Subject: Re: [anti-abuse-wg] working in new version of 2019-04 (Validation of "abuse-mailbox") From: "Srgio Rocha" Date: 1/15/20 8:16 pm To: "anti-abuse-wg" Hi, Maybe we can change the approach. If RIPE website had a platform to post abuse report, that send the email for the abuse contact, it will be possible to evaluate the responsiveness of the abuse contact. This way anyone that report an abuse could assess not only the response but also the effectiveness of the actions taken by the network owner. After some time with this evaluations we would easy to realize who manages the reports and even who does not respond at all. Srgio -Original Message- From: anti-abuse-wg [mailto:anti-abuse-wg-boun...@ripe.net] On Behalf Of Gert Doering Sent: 15 de janeiro de 2020 08:06 To: Carlos Friaas Cc: Gert Doering ; anti-abuse-wg Subject: Re: [anti-abuse-wg] working in new version of 2019-04 (Validation of "abuse-mailbox") Hi, On Wed, Jan 15, 2020 at 07:23:38AM +, Carlos Friaas via anti-abuse-wg wrote: > I obviously don't speak for the incident handling community, but i > think this (making it optional) would be a serious step back. The > current situation is already very bad when in some cases we know from > the start that we are sending (automated) messages/notices to blackholes. So why is it preferrable to send mails which are not acted on, as opposed to "not send mail because you know beforehand that the other network is not interested"? I can see that it is frustrating - but I still cannot support a policy change which will not help dealing with irresponsible networks in any way, but at the same time increases costs and workload for those that do the right thing alrady. > To an extreme, there should always be a known contact responsible for > any network infrastructure. If this is not the case, what's the > purpose of a registry then? "a known contact" and "an *abuse-handling* contact" is not the same thing. Gert Doering -- NetMaster -- have you enabled IPv6 on something today...? SpaceNet AG Vorstand: Sebastian v. Bomhard, Michael Emmer Joseph-Dollinger-Bogen 14 Aufsichtsratsvors.: A. Grundner-Culemann D-80807 Muenchen HRB: 136055 (AG Muenchen) Tel: +49 (0)89/32356-444 USt-IdNr.: DE813185279
Re: [anti-abuse-wg] working in new version of 2019-04 (Validation of "abuse-mailbox")
Sergio, that would make too much sense. This mailing list is not only not even considering what you have said, but they are trying to remove the requirement of a network operator to even receive emails about complaints at all. Pathetic. It's the year 2019, and these "people" on this list (probably cyber criminals or are paid by cyber criminals to weaken policy) come here and say this garbage. - Original Message - Subject: Re: [anti-abuse-wg] working in new version of 2019-04 (Validation of "abuse-mailbox") From: "Srgio Rocha" Date: 1/15/20 8:16 pm To: "anti-abuse-wg" Hi, Maybe we can change the approach. If RIPE website had a platform to post abuse report, that send the email for the abuse contact, it will be possible to evaluate the responsiveness of the abuse contact. This way anyone that report an abuse could assess not only the response but also the effectiveness of the actions taken by the network owner. After some time with this evaluations we would easy to realize who manages the reports and even who does not respond at all. Srgio -Original Message- From: anti-abuse-wg [mailto:anti-abuse-wg-boun...@ripe.net] On Behalf Of Gert Doering Sent: 15 de janeiro de 2020 08:06 To: Carlos Friaas Cc: Gert Doering ; anti-abuse-wg Subject: Re: [anti-abuse-wg] working in new version of 2019-04 (Validation of "abuse-mailbox") Hi, On Wed, Jan 15, 2020 at 07:23:38AM +, Carlos Friaas via anti-abuse-wg wrote: > I obviously don't speak for the incident handling community, but i > think this (making it optional) would be a serious step back. The > current situation is already very bad when in some cases we know from > the start that we are sending (automated) messages/notices to blackholes. So why is it preferrable to send mails which are not acted on, as opposed to "not send mail because you know beforehand that the other network is not interested"? I can see that it is frustrating - but I still cannot support a policy change which will not help dealing with irresponsible networks in any way, but at the same time increases costs and workload for those that do the right thing alrady. > To an extreme, there should always be a known contact responsible for > any network infrastructure. If this is not the case, what's the > purpose of a registry then? "a known contact" and "an *abuse-handling* contact" is not the same thing. Gert Doering -- NetMaster -- have you enabled IPv6 on something today...? SpaceNet AG Vorstand: Sebastian v. Bomhard, Michael Emmer Joseph-Dollinger-Bogen 14 Aufsichtsratsvors.: A. Grundner-Culemann D-80807 Muenchen HRB: 136055 (AG Muenchen) Tel: +49 (0)89/32356-444 USt-IdNr.: DE813185279
Re: [anti-abuse-wg] working in new version of 2019-04 (Validation of "abuse-mailbox")
That is the most stupid thing i've read on this list. What little protection the world has from spammers and all manner of criminals, and you still think it's too much that they even so much as have to check their email account. Which criminal is paying you to say this nonsense, because no ordinary person that has ever received a spam email would ever say such crap. and if there can be no "internet police", i'm sure RIPE will have no problem if someone never pays a fee to it ever again, because it doesn't have the mandate to suspend a resource for crime, it cannot do it for non payment. or is non-payment more serious than a DDoS attack? - Original Message - Subject: Re: [anti-abuse-wg] working in new version of 2019-04 (Validation of "abuse-mailbox") From: "Gert Doering" Date: 1/14/20 9:19 pm To: "JORDI PALET MARTINEZ" Cc: "anti-abuse-wg" Hi, On Tue, Jan 14, 2020 at 10:50:58AM +0100, JORDI PALET MARTINEZ via anti-abuse-wg wrote: > Looks fine to me. > > If we really think that the operators should be free from taking abuse > reports, then let's make it optional. > > As said, I personally think that an operator responsibility is to deal with > abuse cases, but happy to follow what we all decide. I do think that an operator should handle abuse reports (and we do), but *this* is not a suitable vehicle to *make him*. And if it's not going to have the desired effect, do not waste time on it. Gert Doering -- NetMaster -- have you enabled IPv6 on something today...? SpaceNet AG Vorstand: Sebastian v. Bomhard, Michael Emmer Joseph-Dollinger-Bogen 14 Aufsichtsratsvors.: A. Grundner-Culemann D-80807 Muenchen HRB: 136055 (AG Muenchen) Tel: +49 (0)89/32356-444 USt-IdNr.: DE813185279
Re: [anti-abuse-wg] working in new version of 2019-04 (Validation of "abuse-mailbox")
Well the operators are already free to decide if and when they respond to abuse reports. But this farcical system should not be legitimised by weak imbeciles such as those on this list. - Original Message - Subject: Re: [anti-abuse-wg] working in new version of 2019-04 (Validation of "abuse-mailbox") From: "JORDI PALET MARTINEZ via anti-abuse-wg" Date: 1/14/20 8:50 pm To: "anti-abuse-wg" Looks fine to me. If we really think that the operators should be free from taking abuse reports, then let's make it optional. As said, I personally think that an operator responsibility is to deal with abuse cases, but happy to follow what we all decide. Regards, Jordi @jordipalet El 14/1/20 10:47, "Gert Doering" escribi: Hi, On Tue, Jan 14, 2020 at 10:38:28AM +0100, Gert Doering wrote: > On Tue, Jan 14, 2020 at 10:36:10AM +0100, JORDI PALET MARTINEZ via > anti-abuse-wg wrote: > > So it is not just easier to ask the abuse-c mailboxes that don't want to > > process to setup an autoresponder with an specific (standard) text about > > that, for example: > > > > "This is an automated convirmation that you reached the correct abuse-c > > mailbox, but we don't process abuse cases, so your reports will be > > discarded." > > I would support that. ... but it's actually way too complicated to implement. A much simpler approach would be to make abuse-c: an optional attribute (basically, unrolling the "mandatory" part of the policy proposal that introduced it in the first place) - If you want to handle abuse reports, put something working in. - If you do not want to handle abuse reports, don't. The ARC could be extended with a question "are you aware that you are signalling 'we do not not care about abuse coming from our network'?" and if this is what LIRs *want* to signal, the message is clear. The NCC could still verify (as they do today) that an e-mail address, *if given*, is not bouncing (or coming back with a human bounce "you have reached the wrong person, stop sending me mail" if someone puts in the e-mail address of someone else). MUCH less effort. Gert Doering -- NetMaster -- have you enabled IPv6 on something today...? SpaceNet AG Vorstand: Sebastian v. Bomhard, Michael Emmer Joseph-Dollinger-Bogen 14 Aufsichtsratsvors.: A. Grundner-Culemann D-80807 Muenchen HRB: 136055 (AG Muenchen) Tel: +49 (0)89/32356-444 USt-IdNr.: DE813185279 ** IPv4 is over Are you ready for the new Internet ? http://www.theipv6company.com The IPv6 Company This electronic message contains information which may be privileged or confidential. The information is intended to be for the exclusive use of the individual(s) named above and further non-explicilty authorized disclosure, copying, distribution or use of the contents of this information, even if partially, including attached files, is strictly prohibited and will be considered a criminal offense. If you are not the intended recipient be aware that any disclosure, copying, distribution or use of the contents of this information, even if partially, including attached files, is strictly prohibited, will be considered a criminal offense, so you must reply to the original sender to inform about this communication and delete it.
Re: [anti-abuse-wg] working in new version of 2019-04 (Validation of "abuse-mailbox")
I agree, perhaps these internet companies would be happy if it took 15 days for each credit card payment to take place between that company and the customer when a new customer uses their services? - Original Message - Subject: Re: [anti-abuse-wg] working in new version of 2019-04 (Validation of "abuse-mailbox") From: "Ronald F. Guilmette" Date: 1/14/20 8:34 am To: "JORDI PALET MARTINEZ" Cc: "anti-abuse-wg" In message <6afc7d17-bac4-464c-8af8-2ad852d39...@consulintel.es>, JORDI PALET MARTINEZ wrote: >I'm happy to hear other inputs, stats, data, etc. Having only just read the proposal, my comments are few: I do not understand parst of this, specifically: Section 2.0 bullet point #2. What's wrong with web forms? Section 3.0 part 3. Why on earth should it take 15 days for anyone to respond to an email?? Things on the Internet happen in millseconds. If a provider is unable to respond to an issue within 72 hours then they might as well be dead, because they have abandoned all social responsibility. Regards, rfg
Re: [anti-abuse-wg] [routing-wg] 2019-08 New Policy Proposal (RPKI ROAs for Unallocated and Unassigned RIPE NCC Address Space) to be discussed on Routing Working Group Mailing List
You're suggesting that RIR should have reasonable oversight of internet resources? That would make too much sense! In the mean time, here's a brick wall for you to hit your head against: https://www.cdc.gov/nceh/radiation/images/BrickWall.jpg In reality, the RIR (and ICANN) should be arrested for aiding & abetting serious crimes. Imagine a bank robber runs in to your back yard, and the police want to enter to arrest them and you stand there saying "WELL DERRR, UNDER POLICY 18/2019, WE HAVE NO CONTROL OVER THIS YARD, SO WE CANNOT AUTHORISE THAT, SO DUU HER DERRR YOU NEED TO CONTACT THE JANITOR WHO OWNS THIS RESOURCE AND WHO CARES IF THEY DON'T EVEN CHECK THEIR INBOX FOR THE NEXT 2 YEARS, DUHH DE.." You would be charged with obstruction. Absolutely the RIR employees and ICANN should be arrested and imprisoned. - Original Message - Subject: Re: [anti-abuse-wg] [routing-wg] 2019-08 New Policy Proposal (RPKI ROAs for Unallocated and Unassigned RIPE NCC Address Space) to be discussed on Routing Working Group Mailing List From: "Ronald F. Guilmette" Date: 12/24/19 11:57 am To: "anti-abuse-wg@ripe.net" , "RIPE Routing WG" In message Job Snijders wrote: >On Tue, Dec 24, 2019 at 12:09 AM Ronald F. Guilmette > wrote: >> I feel sure that other IRRs have some or all of the same issues. RADB >> stands out however due to its continued widespread use. > >The above statement is true, and the good news is that there is work >under way to reduce the clutter! > >The largest IRRs (RADB, NTTCOM, ARIN, ALTDB, others) are either >actively working on, or have added to their roadmap, a variant of this >type of cleanup: https://www.ripe.net/publications/docs/ripe-731 Long overdue, IMHO. I mean it isn't as if the bogus/fradulent routing problem just appeared last month or anything. The games and funny business have been going on for years now, aided and abetted, in many cases, by an apparent utter lack of attention by IRR oprrators. >For most of these IRR operators there is a project dependency on IRRd >4's ability to delete or suppress IRR "route:" objects that are in >conflict with RPKI data. This is tracked in >https://github.com/irrdnet/irrd4/issues/197 and hopefully the code can >be made available in Q1 2020 as part of the "IRRd 4.1" release. This >release in turn means for most organisations that they can probably >deploy in Q2 or Q3 2020 (after internal software testing & customer >outreach). > >Given that there is active work underway in the community - I would >like to suggest that the topic of "stale data in IRRs" is brought up >again in about 6 months... With all due respect to my friend Job, I am, have been, and remain totally flummoxed and appalled by the consistant lack of urgency, within the Internet community generally, with respect to what could be, quite obviously, a swift, effective, and sensible resolution of many of these problems, even without the need for any grand policy pronouncements or fornalized ratifications thereof. It shouldn't take a genius to note that multiple conflicting route objects cannot all be right, or that route objects to reserved or unallocated space, or involving reserved or unallocated ASNs are, on their faces, utter rubbish which can be and which ought to be removed from any IRR that contains them, immediately if not sooner. If any of these RIR operators are unable to develop scripts, within one man-week, which would detect and purge route objects for unallocated space or involving unallocated ASNs, then they obviously are reserving their available cash for Christmas parties or executive bonuses in lieu of adequate salaries for competent professional software engineers, and even in those cases, I stand ready to volunteer my time to help each one to do its homework, as may be needed... and not six months from now, but by early January. Clearly, an awful lot of people are not looking at the things I am looking at, and this is apparently the root of the problem when it comes to the apparent lack of urgency. It is unfortunate that I must coordinate with others in order to arrange for properly timed releases of what I know, but that is unavoidable. In the meantime, I can only state for the record that if people knew about the various kinds of criminality that are currently ongoing with and from a lot of these bogus and, for now at least, IRR-sanctioned routes, then people wouldn't be taking the relaxed attitude that all of this can and should be revisited in six months. Innocent victims are being conned, ripped-off, and hacked every single day, and as inconvenient as it may be for the rest of us, the scammers, hackers, and criminals of the Internet are quite certainly not taking Christmas off, nor are they dedicating any of their time to long term scheduling, lengthy policy debates, committee meetings, or the development of roadmaps. I see no
Re: [anti-abuse-wg] Massive prefix theft in AFRINIC - attributed to an insider
https://krebsonsecurity.com/2019/12/the-great-50m-african-ip-address-heist/ - Original Message - Subject: Re: [anti-abuse-wg] Massive prefix theft in AFRINIC - attributed to an insider From: "Michele Neylon - Blacknight" Date: 12/6/19 1:14 am To: "Suresh Ramasubramanian" , "anti-abuse-wg@ripe.net" Great work from Ron Sad to see this happen, though it was to be expected considering how much IPs are now worth -- Mr Michele Neylon Blacknight Solutions Hosting, Colocation & Domains https://www.blacknight.com/ http://blacknight.blog/ Intl. +353 (0) 59 9183072 Direct Dial: +353 (0)59 9183090 Personal blog: https://michele.blog/ Some thoughts: https://ceo.hosting/ --- Blacknight Internet Solutions Ltd, Unit 12A,Barrowside Business Park,Sleaty Road,Graiguecullen,Carlow,R93 X265,Ireland Company No.: 370845 On 04/12/2019, 19:43, "anti-abuse-wg on behalf of Suresh Ramasubramanian" wrote: Congratulations, Ron Guilmette. You've been doing this for years and this is your biggest success yet. https://mybroadband.co.za/news/internet/330379-how-internet-resources-worth-r800-million-were-stolen-and-sold-on-the-black-market.html tl;dr - The insider is apparently Ernest Byaruhanga, AFRINIC employee #2, and he has now separated from AFRINIC --srs
Re: [anti-abuse-wg] Orange contact wanted
orangegroup.pressoffice at orange.com soc at orange.com - Original Message - Subject: [anti-abuse-wg] Orange contact wanted From: 'Ronald F. Guilmette' Date: 10/15/19 5:11 am To: anti-abuse-wg@ripe.net Do any of you folks happen to have a contact at Orange that you could share with me?
Re: [anti-abuse-wg] 2019-03 Policy Proposal Withdrawn (Resource Hijacking is a RIPE Policy Violation)
Ok, so let me understand: Requiring resource holders to deal with criminals could lead to "unacceptable liability risks" But putting up with their crimes using RIPE infrastructure, including the millions of dollars worth of damage and financial consequences from spam, botnets, etc etc etc... is NOT an "unacceptable liability risk." - Original Message - Subject: [anti-abuse-wg] 2019-03 Policy Proposal Withdrawn (Resource Hijacking is a RIPE Policy Violation) From: 'Marco Schmidt' Date: 10/2/19 11:09 pm To: anti-abuse-wg@ripe.net Dear colleagues, The policy proposal 2019-03, "Resource Hijacking is a RIPE Policy Violation" has been withdrawn. This proposal aimed to define that BGP hijacking is not accepted as normal practice within the RIPE NCC service region. The proposal is archived and can be found at: https://www.ripe.net/participate/policies/archived-policy-proposals/archive-policy-proposals/ Reason for withdrawal: The proposers felt they were unable to address concerns that the policy would expose the RIPE NCC to unacceptable liability risks. These concerns were expressed by both the Executive Board and some community members. Kind regards, Marco Schmidt Policy Officer RIPE NCC
Re: [anti-abuse-wg] [Misc] Research project on blacklists
The only organisation that is in a prime position to implement any meaningful blacklist is a RIR like RIPE itself. Anything less than RIR level blacklisting is what is known as "whac a mole" https://en.wikipedia.org/wiki/Whac-A-Mole But, as it comes down to time and money, the likes of which even google and facebook etc are not motivated to part with in terms of accountability, organisations like RIPE, APNIC, ICANN etc. All of them, without exception, refuse to engage in responsible practices. They are happy to take money to issue resources, but taking them away is equated to sacrilege. In an ideal world, the employees of RIPE etc should be arrested in jailed for aiding and abetting crime. - Original Message - Subject: Re: [anti-abuse-wg] [Misc] Research project on blacklists From: "ac" Date: 7/18/19 3:20 pm To: anti-abuse-wg@ripe.net Oh. Lets look more at this then. "UC Berkeley" - USA "International Computer Science Institute" "evaluating and improving the accuracy of blacklists." "including a web link, which is tracked and cross tracked" "an anonymous survey" Dude, let us be frank: On this list we discuss abuse, in the open and directly. People on this list has "skills" and can all be anonymous on this list, if they wish to, in fact, many are. (I do not and I am not private) We are talking about email blacklists? right? as the routing blacklists do not bother the evil tech monopolies! It is a fact that the spam from the top ten USA tech companies are the most challenging abuse on the planet - as this type of abuse, is the hardest to combat. - Twitter does not even accept abuse complaints. Facebook does not care and Google mixes spam with ham all the time to defeat email blacklists Why not study the reasons for the percentage increase in the use of inspection/tracking/non private/invasive anti abuse technologies in use by the largest email and dominant players, Google and Microsoft, of ipv6 and the reason why these huge tech players HAVE to push for ipv6 email servers relay to ensure their future dominance of email relay? Instead of "My colleagues and I are working on evaluating and improving the accuracy of blacklists" As, imnsho, that is absolute USA bullshit. and is not even possible. I would go sofar as to state that such research is not intended to "improve" anything but to cement the monopolies we fight daily and is on the EVIL side of the fight. Andre On Wed, 17 Jul 2019 10:01:16 -0700 Barry Greene wrote: > Not a joke. > > Just a researcher exploring ways to quantify and measure. Always > important to have the academic doing the due diligence on our > operational assumptions. > > > On Jul 17, 2019, at 07:40, ac wrote: > > > > > > This is a joke email, right? > > > > Is it the 1st of April already? :) > > > > Andre > > > > On Wed, 17 Jul 2019 13:42:21 +0200 > > Anushah Hossain wrote: > > > >> Hi everyone, > >> > >> I'm a researcher at UC Berkeley and the International Computer > >> Science Institute. My colleagues and I are working on evaluating > >> and improving the accuracy of blacklists. As part of this work, > >> we'd like to hear from you about the blacklists you currently use, > >> what you perceive as their strengths and weaknesses, and any > >> thoughts you have on how they might be improved. > >> > >> We've prepared an anonymous survey where you can share your views: > >> > >> If you have five to ten minutes free today to fill it out, I would > >> greatly appreciate your help! Thank you, and please don't hesitate > >> to respond to me with comments or questions. > >> > >> (Apologies if you receive this message twice - trying to minimize > >> cross-posting while still reaching a broad audience) > >> > >> Best, > >> Anushah > >> > > > >
Re: [anti-abuse-wg] 2019-04 New Policy Proposal (Validation of "abuse-mailbox")
It is not for RIPE to abandon a policy proposal simply because a resource holder is too cheap to implement it. - Original Message - Subject: Re: [anti-abuse-wg] 2019-04 New Policy Proposal (Validation of "abuse-mailbox") From: "Neil McRae" Date: 5/31/19 12:05 am To: anti-abuse-wg@ripe.net I'm subscribing to the list specifically to also position not in favour of this policy. This will generate work for the NCC that just wastes their time following up on lots of false positives. It will have _zero_ impact on the handling of abuse requests, in-fact I predict that perhaps even make response time worse. I urge the community to reject this proposal. Neil. -- Neil J. McRae neil.mc...@bt.com Sent via RIPE Forum -- https://www.ripe.net/participate/mail/forum
Re: [anti-abuse-wg] 2019-04 New Policy Proposal (Validation of "abuse-mailbox")
> This is fully sufficient to notice technical brokenness. No it isn't for the reasons previously said by others: 1) if i put your email address as the abuse contact for my resource, the system would make it as "valid", 2) sometimes an address can be broken, even in ways that the sender cannot be aware of - for example, if an email address relies on a forwarding mechanism and 1 or more of the email addresses that it forwards to are shut down or the person no longer works at the company, any "bounces" will be sent to the original abuse email address, which is not monitored. 3) some email accounts can forward emails to a black hole (deliberately) 4) some email accounts can label an email as "spam" because it contains spam characteristics, and automatically delete it, The emphasis should be on demonstrating a properly functioning abuse email address. Issues relating to proper handling past the point of ensuring that the owner is compelled to actually RECEIVE the email is another discussion all together. - Original Message - Subject: Re: [anti-abuse-wg] 2019-04 New Policy Proposal (Validation of "abuse-mailbox") From: "Gert Doering" Date: 5/23/19 7:39 pm To: "ac" Cc: anti-abuse-wg@ripe.net Hi, On Thu, May 23, 2019 at 06:29:32AM +0200, ac wrote: > > Folks, the process we have in the RIPE region for abuse contact > > validation is the result of a *consensus based process* that happend > > *in this working group*. > > Before you all argue for "we need to have more paperwork!" please take > > a step back and explain a) what is wrong with the current validation > > process, and b) why this proposal would improve this. > > Gert Doering > > -- NetMaster > > because, IRL (in real life) things do not remain "static" This is why we do (already!) verify abuse-c: reachability today. In a lightweight process that came out as consensus out of this very WG. [..] > your very forceful and multiple emails arguing very hard against and > all your emails, attacking each and every +1 simply serves to > illustrate that you really want to enforce your opinion on the group > in this regard. > > So, again, I ask: Why not propose to remove the abuse contact resource > completely? Is this where you are going with your very strong and > continuing and ongoing objections? No. Abuse-contacts are useful. We do validate them today for technical reachability. This is fully sufficient to notice technical brokenness. It is not sufficient to enforce actual abuse *handling*, but neither is the proposed policy change. Do not put words in my mouth, I'm perfectly able to do that myself. Gert Doering -- NetMaster -- have you enabled IPv6 on something today...? SpaceNet AG Vorstand: Sebastian v. Bomhard, Michael Emmer Joseph-Dollinger-Bogen 14 Aufsichtsratsvors.: A. Grundner-Culemann D-80807 Muenchen HRB: 136055 (AG Muenchen) Tel: +49 (0)89/32356-444 USt-IdNr.: DE813185279
Re: [anti-abuse-wg] Off-List Responses
and if someone receives one of these abusive emails, lets hope they don't have to refer to the abuse contact information in the RIPE database to complain to the ISP. - Original Message - Subject: [anti-abuse-wg] Off-List Responses From: "Brian Nisbet" Date: 5/23/19 12:35 am To: "anti-abuse-wg@ripe.net" Colleagues, This adds to the list of things I never expected to have to send an email about, but... While obviously neither the Co-Chairs, nor the RIPE Community, has any wish, intent or ability to "police" mails between two private individuals; I would ask that mails sent off-list *in response* to on-list mails stay within the spirit of conduct that is expected of those interacting in the RIPE Community. As always, please discuss policies, ideas and approaches, do not attack groups or individual people and certainly do not send abusive messages. If you have any questions or comments on this, please don't hesitate to contact aa-wg-ch...@ripe.net Thanks, Brian Co-Chair, RIPE AA-WG Brian Nisbet Service Operations Manager HEAnet CLG, Ireland's National Education and Research Network 1st Floor, 5 George's Dock, IFSC, Dublin D01 X8N7, Ireland +35316609040 brian.nis...@heanet.ie www.heanet.ie Registered in Ireland, No. 275301. CRA No. 20036270
Re: [anti-abuse-wg] 2019-04 New Policy Proposal (Validation of "abuse-mailbox")
This "proportionality" test you speak of, has as much relevance to the regulating of internet resources, as "freedom of speech" does to regulating internet forum membership (no relevance at all). - Original Message - Subject: Re: [anti-abuse-wg] 2019-04 New Policy Proposal (Validation of "abuse-mailbox") From: "Alex de Joode" Date: 5/16/19 4:56 pm To: "JORDI PALET MARTINEZ" Cc: anti-abuse-wg@ripe.net On Fri, 17-05-2019 1h 45min, JORDI PALET MARTINEZ via anti-abuse-wg wrote: Hi Nick, [..] Anyone failing in repetitive ocassions to comply with policies is subjected to further NCC scrutiny, including account closure. This is a different policy already in place. If we don't like that, we should change that policy, but then we don't need policies anymore. Policies are the rules for the community to be respected by all, and not having an administrative enforcement by the NCC is the wilde west. It is an illusion to think ripe can suspend/withdraw resources if an organisation does not reply to a abuse validation request. That simply will not pass the proportionality test needed under Dutch law. So you will have no recourse. (Only if you can prove the entity has registered with false creditials (Due Diligence by new members takes care of this) -and- the entity is active in a criminal enterprise, you might have a case) Cheers, Alex
Re: [anti-abuse-wg] Email Spam & Spam Abuse Definitions
The twitter example is not advertising a product or service. It is conveying information about a product/service that the person has already hired. If twitter sends unsolicited emails to someone when they have not requested that service, or have indicated they no longer want the service, then it is spam. - Original Message - Subject: [anti-abuse-wg] Email Spam & Spam Abuse Definitions From: "ac" Date: 4/27/19 4:22 am To: anti-abuse-wg@ripe.net Hi, From a recent rant in the WG, something of interest was posted; > opinions on the proper definition of spam. Mr. Andre's preferred > definition appears to allow for "one time" invitations to be blasted > to everyone in the universe. Nonetheless, in Mr. Andre's considered > opinion, "Email Spam is not the same as Spam Abuse" and a "... one In my opinion, the sending of a confirmation email, from say Twitter, to confirm that the actual email address does indeed exist and that their further communications will be solicited - as well as including links to remove/stop further communications: Would be spam (it is still an unsolicited email) - but that single confirmation email is not abuse in itself. Even though Twitter may send 1000's of these to 1000's of different email addresses... I do not think that there is anyone, that works with actual spam abuse, in this WG that disagrees completely with my opinion above. Also, I wanted to add another useful resource link for anyone that is still learning about email abuse: https://www.ripe.net/publications/docs/ripe-409 What is frequently missed is that BULK EMAIL itself, is not the issue, but that the keyword is "unsolicited" - For example if you were to relay 1000 Invoices or 1000 status notifications or 1000 opted in mailing list recipients, this would/should not be considered spam or abuse. Then, of course, imnsho UBE itself is outdated as the spammers use 'drip' systems by spinning out 1's of emails from 1's of ip's Which various RBL cater for by speedily listing and de-listing resources and then there are all the shiny new tech things, which probably needs a new thread: Automated comment spam or AI based web form spam is a growing issue and is something that merits discussion and a watchful eye... Andre
Re: [anti-abuse-wg] 2019-03 New Policy Proposal (BGP Hijacking is a RIPE Policy Violation)
What absolute crap. Why is that every time something resembling common sense enters this group, there are these people who insist on using slippery slop fallacy?https://en.wikipedia.org/wiki/Slippery_slopeIt wouldn't half surprise me if people like this "randy bush" are motivated by criminal groups. I cannot think of any reason, other than a criminal one, why someone would object to common sense policy that leads to a reduction in abuse.(Usually, there is one other motivation (financial) but not in this proposal). Original Message Subject: Re: [anti-abuse-wg] 2019-03 New Policy Proposal (BGP Hijacking is a RIPE Policy Violation) From: Randy BushDate: Fri, April 19, 2019 1:55 am To: anti-abuse-wg@ripe.net < rant > this is insane. neither ripe nor the ncc should be the net police, courts, and prison rolled into one kangaroo court. it is droll that the erstwhile anti-abuse working group becomes a self-righteous abuser. so it is with so many abused children. put your energy into routing security not converting ripe and the ncc into an authoritarian state. we have enough of those. randy
Re: [anti-abuse-wg] telia.lt: Ignoring abuse complaints (?)
Select "cyber crimes" Original Message Subject: [anti-abuse-wg] telia.lt: Ignoring abuse complaints (?) From: "Ronald F. Guilmette"Date: Sun, April 07, 2019 6:05 am To: anti-abuse-wg@ripe.net It will be wonderful when the RIPE NCC people are able to verify that all abuse reporting addresses listed in the RIPE data base are at least able to receive incoming mail. The alone, of course, will not do anything to insure that any human ever reads any message or message sent to any such e-mail address. That separate and additional issue is a whole separate can of worms. Here is an example. I just received a spam from 195.12.186.6 which is quite clearly on the network of AS47205, aka telia.lt. so I sent a polite abuse report, inclduing the full spam headers, to the address, just as I am instructed to do by the RIPE WHOIS record for AS47205. I received back, almost immediately, the automated response appended below. This response appears to me to be saying that the managers of AS47205 are intending to 100% ignore my spam report, unless and until I ALSO take up my time to fill out their stupid web form... a web form that has a checkbox for every other kind of network abuse EXCEPT for spamming. I do not have time in my day to figure out how to fill out the eighteen million different kinds of web forms that each separate ASN has concocted in order to try to thwart and deter people from reporting simple kinds of abuse like spamming, and I will not do so. The offense in this case was committed over email, and I do not see why the REPORT of that offense should not likewise be accepted over email. For this reason, it is my hope that whoever in NCC is doing the abuse email address verification will take some steps to find out not just that the email addresses accept incoming email, but also that some actual human sits behind each one of those email addresses. Anybody can easily program what is sometimes called an "ignorebot" to send out meaningless replies to incoming mail, just s telia.lt appears to have done, but that is not a productive way to actually resolve spamming issues. Of course, it is my hope that telia.lt will rid itself of this particular troublesome customer, but in lieu of that I would be willing to accept that their abuse handler(s) have at least been made aware of the issue. But it seems that even that minimal aspiration is too much to hope for, at least for some networks. Regards, rfg === Return-Path: X-Original-To: r...@tristatelogic.com Delivered-To: r...@tristatelogic.com Received: from EUR03-DB5-obe.outbound.protection.outlook.com (mail-eopbgr40089.outbound.protection.outlook.com [40.107.4.89]) by segfault.tristatelogic.com (Postfix) with ESMTP id 8670F3AFF4 for ; Sat, 6 Apr 2019 12:39:03 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=TelcloudLT.onmicrosoft.com; s=selector1-telia-lt; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=BUSHfNh3Hp1HFJ94NFi7MR324ExTC8M6wccKAcKo8N4=; b=GQKY/rqL0A7n4AXR3t2IsqduWIhW6ki5RCosC0lBT7UnmrbHGuhOfzUAKEcyMcys3VbG2gGtYX0VzOe3gtiouJiRB6Eql1lOEsjOi8VQlt6hqD5jGj8W7v+uS0QSIpVhm/+xLarqgPfF3G3f54jc7xc41drAf3mrlnWyWkLwyQw= Received: from AM6PR10CA0088.EURPRD10.PROD.OUTLOOK.COM (2603:10a6:209:8c::29) by DB8PR10MB3017.EURPRD10.PROD.OUTLOOK.COM (2603:10a6:10:ea::29) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.1771.16; Sat, 6 Apr 2019 19:39:01 + Received: from AM5EUR02FT027.eop-EUR02.prod.protection.outlook.com (2a01:111:f400:7e1e::205) by AM6PR10CA0088.outlook.office365.com (2603:10a6:209:8c::29) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384) id 15.20.1771.16 via Frontend Transport; Sat, 6 Apr 2019 19:39:01 + Authentication-Results: spf=fail (sender IP is 88.118.134.180) smtp.mailfrom=telia.lt; tristatelogic.com; dkim=none (message not signed) header.d=none;tristatelogic.com; dmarc=none action="" header.from=telia.lt; Received-SPF: Fail (protection.outlook.com: domain of telia.lt does not designate 88.118.134.180 as permitted sender) receiver=protection.outlook.com; client-ip=88.118.134.180; helo=mail.telia.lt; Received: from mail.telia.lt (88.118.134.180) by AM5EUR02FT027.mail.protection.outlook.com (10.152.8.127) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384) id 15.20.1771.16 via Frontend Transport; Sat, 6 Apr 2019 19:39:01 + Received: from SREHCZ2.in.telecom.lt (10.75.8.219) by mail.telia.lt (10.75.128.5) with Microsoft SMTP Server (version=TLS1_0, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA) id 15.1.1531.3; Sat, 6 Apr 2019 22:39:00 +0300 Received: from SREMBP2.in.telecom.lt ([fe80::3d26:8437:9e0d:59e8]) by srehcz2.in.telecom.lt ([::1]) with mapi id
Re: [anti-abuse-wg] I support 2019-03
See at the bottom of the website:https://lists.ripe.net/mailman/listinfo/anti-abuse-wg Original Message Subject: Re: [anti-abuse-wg] I support 2019-03 From: Isabel StrijlandDate: Wed, April 03, 2019 5:13 am To: "TRAILL Neville (RIC-US)" Cc: "anti-abuse-wg@ripe.net" How can I unsibscribe to this??? The e-mails are driving me crazy. Von meinem iPhone gesendet Am 02.04.2019 um 20:07 schrieb TRAILL Neville (RIC-US) :Dear RIPE NCC I support 2019-03. Neville Traill Cyber Specialist | Richemont North America, Inc.3 Enterprise Drive | Shelton CT 06484 | United States (tel) +12039256400 | (direct) +18177852548 (email) neville.tra...@richemont.com © 2019 Richemont North America, Inc.. All Rights Reserved The information contained in this e-mail message is confidential - please do not cross-post. This communication is intended for the use of the addressee(s) only. If you are not the intended recipient, you are hereby notified that any review, reliance, disclosure, distribution or copying of this communication may be prohibited by law and might constitute a breach of confidence. If you have received this communication in error, please notify us immediately and delete it and all copies (including attachments) from your system.
Re: [anti-abuse-wg] Webzilla
There is no incentive for a corporation to remove an abuser if the abuser is a paying customer.There is also no incentive for RIR to create any sort of oversight, if that oversight requires investment.Hence, the shit fight known as "the internet" that we have today. Original Message Subject: [anti-abuse-wg] Webzilla From: "Ronald F. Guilmette"Date: Sun, March 17, 2019 7:15 am To: anti-abuse-wg@ripe.net Perhaps some folks here might be interested to read these two report, the first of which is a fresh news report published just a couple of days ago, and the other one is a far more detailed investigative report that was completed some time ago now. https://www.buzzfeednews.com/article/kenbensinger/dossier-gubarev-russian-hackers-dnc https://www.documentcloud.org/documents/5770258-Fti.html Please share these links widely. The detailed technical report makes it quite abundantly clear that Webzilla, and all of its various tentacles... many of which even I didn't know about until seeing this report... most probably qualifies as, and has qualified as a "bullet proof hosting" operation for some considerable time now. As the report notes, the company has received over 400,000 complaints or reports of bad behavior, and it is not clear to me, from reading the report, if anyone at the company even bothered to read any more than a small handful of those. I have two comments about this. First, I am inclined to wonder aloud why anyone is even still peering with any of the several ASNs mentioned in the report. To me, the mere fact that any of these ASNs still have connectivity represents a clear and self-evident failure of "self policing" in and among the networks that comprise the Internet. Second, its has already been a well know fact, both to me and to many others, for some years now, that Webzilla is by no means alone in the category commonly refered to as "bullet proof hosters". This fact itself raises some obvious questions. It is clear and apparent, not only from the report linked to above, but from the continuous and years-long existance of -many- "bullet proof hosters" on the Internet that there is no shortage of a market for the services of such hosting companies. The demand for "bullet proof" services is clearly there, and it is not likely to go away any time soon. In addition to the criminal element, there are also various mischevious governments, or their agents, that will always be more that happy to pay premium prices for no-questions-asked connectivity. So the question naturally arises: Other than de-peering by other networks, are there any other steps that can be taken to disincentivize networks from participating in this "bullet proof" market and/or to incentivize them to give a damn about their received network abuse complaints? I have no answers for this question myself, but I felt that it was about time that someone at least posed the question. The industry generally, and especially in the RIPE region, has a clear and evident problem that traditional "self policing" is not solving. Worse yet, it is not even discussed much, and that is allowing it to fester and worsen, over time. It would be Good if there was some actual leadership on this issue, at least from -some- quarter. So far I have not noticed any such worth commenting about, and even looking out towards the future horizon, I don't see any arriving any time soon. Regards, rfg
Re: [anti-abuse-wg] Google Privacy Abuse
Please provide your source of information that chrome browsers rely on a local blacklist. Original Message Subject: Re: [anti-abuse-wg] Google Privacy Abuse From: Serge Droz via anti-abuse-wg <anti-abuse-wg@ripe.net> Date: Sat, March 16, 2019 6:37 am To: anti-abuse-wg@ripe.net Your assertion is wrong: Google safebrowsing works by comparing the URL to a local list, which the browser downloads from Google's Servers. Browser do not send the URL to Google for checking. See for example > https://superuser.com/questions/832608/what-is-being-send-to-received-from-safebrowsing-google-com-when-i-open-firefo Some ISPs in the US collect URLs from http traffic, but not https traffic, the later does not work. THat is indeed concerneing, but has nothing to do with Google. What Google or other see, however is URLs going through URL shortners,, or the urls you click on a Google page. Also trackers, embedded in many websites deliver info back to Google (or whatever tracker site). This again something that should be made a bit more transparent. I do feel it is very important to base any discussions surrounding the important topics discussed on this list on verifiable facts and not on claims or fear. Best Serge On 15/03/2019 13:41, Fi Shing wrote: > /"And no, You are also wrong: Opera does not upload your visited URL's > to a third party server."/ > > If opera (like chrome, edge or firefox) check the URL to see if it is > "dangerous" (a phishing URL etc) then that is logged on their end, when > it checks the database to see if the link has been flagged. > > This is the price that people pay for "free" browsers. > > Google protects you from "phishing websites", whilst archiving your > website access, and then sells that as marketing data to who ever will > buy it. > > > > > > > > Original Message > Subject: Re: [anti-abuse-wg] Google Privacy Abuse > From: ac <a...@main.me ><mailto:a...@main.me>> > Date: Thu, March 14, 2019 8:16 pm > To: anti-abuse-wg@ripe.net <mailto:anti-abuse-wg@ripe.net> > > Hi Esa, > > No, you are wrong... the URL's are not available to anyone. > > What is available to the ISP is the domain name lookup. (this is also > available to the DNS servers, etc - just the domain name) > > And no, You are also wrong: Opera does not upload your visited URL's to > a third party server. > > Up to now, nobody has even tried this as it is abuse / abusive > > HTTPS URL's, themselves frequently contain personal data and other > sensitive info, as the URL itself is supposes to be part of the > encrypted session. > > And, this is the whole point of all of this. > > If Google starts saving all URL's and link that with the local cache > (because they control the local software), the effect will be an > increase > in speed (as the media does not have to come over the encrypted > session) > > This will probably eventually FORCE Opera/Firefox/insert name here - to > also operate in this fashion, as users will want the speed - and they > will not know that it is less secure / less private, etc. > > This is a major issue and not a small issue, it will eventually affect > all of us. > > for example, one of my bank URL at login is: > > https://nameofbank.com/login > > then, later in the session: > https://nameofbank.com/?id=x=1 > etc etc > > This, right now, is not an issue as the URL itself is encrypted > > it is a major invasion of privacy that a third party vendor, supplying > "free" software is also now recording url's which gives them two > advantages over the ethical software providers. Not only that but that > their "innovation" of breaking the HTTPS protocol, may force other > vendors to go down the same path as the "consumers" are too lazy or > uninformed to understand what it happening. > > If society does nothing about this case of a multinational > leveraging people > against people's bad behavior (or poor choices - as Ronald said: use a > different browser) this will eventually affect us all. > > On Thu, 14 Mar 2019 09:53:47 +0100 > Esa Laitinen <e...@laitinen.org ><mailto:e...@laitinen.org>> wrote: > > > On Thu, Mar 14, 2019 at 6:05 AM ac <a...@main.me ><mailto:a...@main.me>> wrote: > > > > > HTTPS protocol, by design, is secure and private. > > > > > > The average consumer expects this to be true. > > > > > &g
Re: [anti-abuse-wg] Google Privacy Abuse
"And no, You are also wrong: Opera does not upload your visited URL's to a third party server."If opera (like chrome, edge or firefox) check the URL to see if it is "dangerous" (a phishing URL etc) then that is logged on their end, when it checks the database to see if the link has been flagged.This is the price that people pay for "free" browsers.Google protects you from "phishing websites", whilst archiving your website access, and then sells that as marketing data to who ever will buy it. Original Message Subject: Re: [anti-abuse-wg] Google Privacy Abuse From: acDate: Thu, March 14, 2019 8:16 pm To: anti-abuse-wg@ripe.net Hi Esa, No, you are wrong... the URL's are not available to anyone. What is available to the ISP is the domain name lookup. (this is also available to the DNS servers, etc - just the domain name) And no, You are also wrong: Opera does not upload your visited URL's to a third party server. Up to now, nobody has even tried this as it is abuse / abusive HTTPS URL's, themselves frequently contain personal data and other sensitive info, as the URL itself is supposes to be part of the encrypted session. And, this is the whole point of all of this. If Google starts saving all URL's and link that with the local cache (because they control the local software), the effect will be an increase in speed (as the media does not have to come over the encrypted session) This will probably eventually FORCE Opera/Firefox/insert name here - to also operate in this fashion, as users will want the speed - and they will not know that it is less secure / less private, etc. This is a major issue and not a small issue, it will eventually affect all of us. for example, one of my bank URL at login is: https://nameofbank.com/login then, later in the session: https://nameofbank.com/?id=x=1 etc etc This, right now, is not an issue as the URL itself is encrypted it is a major invasion of privacy that a third party vendor, supplying "free" software is also now recording url's which gives them two advantages over the ethical software providers. Not only that but that their "innovation" of breaking the HTTPS protocol, may force other vendors to go down the same path as the "consumers" are too lazy or uninformed to understand what it happening. If society does nothing about this case of a multinational leveraging people against people's bad behavior (or poor choices - as Ronald said: use a different browser) this will eventually affect us all. On Thu, 14 Mar 2019 09:53:47 +0100 Esa Laitinen wrote: > On Thu, Mar 14, 2019 at 6:05 AM ac wrote: > > > HTTPS protocol, by design, is secure and private. > > > > The average consumer expects this to be true. > > > > Google had to actually go and change, in an "under cover" way, the > > entire way and method that HTTPS works. This "change" is being sold > > as a "good thing" to poor people and/or people with low bandwidth > > and that Google is doing a "good thing" by making this change. > > > > Dear Andre > > The URLs you're accessing are also available for > > - your ISP > - your VPN provider (unless you've rolled your own) > and some information is also potentially stored by > - your DNS provider > > And Opera browser has been doing similar things when you've enabled > the bandwidth savings. > > or am I missing something? > > OK. I'm ignoring here that this particular thingi is using MITM > methods to do the optimization, which is for me a bit more worrying > than google having access to the URLs I browse. They have them mostly > anyway. > > But, it is a choice a user makes, it is not forced upon them. > > > Yours, > > esa > > >
Re: [anti-abuse-wg] Google Privacy Abuse
"it is not forced upon them."If the user doesn't ask for it, it is forced upon them.How many users ask for it, by the way? Original Message Subject: Re: [anti-abuse-wg] Google Privacy Abuse From: Esa LaitinenDate: Thu, March 14, 2019 7:53 pm To: ac Cc: anti-abuse-wg@ripe.net On Thu, Mar 14, 2019 at 6:05 AM ac wrote:HTTPS protocol, by design, is secure and private. The average consumer expects this to be true. Google had to actually go and change, in an "under cover" way, the entire way and method that HTTPS works. This "change" is being sold as a "good thing" to poor people and/or people with low bandwidth and that Google is doing a "good thing" by making this change.Dear AndreThe URLs you're accessing are also available for - your ISP- your VPN provider (unless you've rolled your own)and some information is also potentially stored by- your DNS providerAnd Opera browser has been doing similar things when you've enabled the bandwidth savings.or am I missing something?OK. I'm ignoring here that this particular thingi is using MITM methods to do the optimization, which is for me a bit more worrying than google having access to the URLs I browse. They have them mostly anyway.But, it is a choice a user makes, it is not forced upon them.Yours,esa -- Skype: reunaesaYahoo: reunaesaMobile: +4178 838 57 77
Re: [anti-abuse-wg] Verification of abuse contact addresses ?
Why can't it be both?12.5% annual fee incurred daily, to a maximum of 7 days, with resources being decommissioned if the abuse contact is not updated within that time. Original Message Subject: Re: [anti-abuse-wg] Verification of abuse contact addresses ? From: "Ronald F. Guilmette"Date: Mon, March 11, 2019 12:26 pm To: anti-abuse-wg@ripe.net In message <9793c47c-2c44-47e3-033a-1d60ca4d3...@time-travellers.org>, Shane Kerr wrote: >As far as I know there is nothing in any policy about decommissioning >resources. (I'm not even sure what that would mean in practice...) > >I don't think that such a proposal would get consensus in the RIPE >community, but I am often wrong so if you want this then please submit a >policy proposal. The RIPE NCC staff, the working group chairs, or some >friendly community member can help you with this. It might be interesting to float a proposal to tack on a small extra annual registration fee... say, another 12.5% or something... applicable to all respouces for which corrections to the contact info have not been made. I agree that it would be politically problematic to outright kill someone's allocations, but making it just a little painful (if they are screwing up) might be helpful and productive. Regards, rfg
Re: [anti-abuse-wg] Verification of abuse contact addresses ?
But Marco's response mentions to *correcting* the contact addresses, not just verifying them. That involves working with human beings, so it makes sense that it will take a while.No it doesn't - that was the whole point of the "change" in the first place, that it was to reduce the amount of verification needed to be done by RIPE. There is a simple automated way to verify the entries - click a link, enter a CAPTCHA, or your resources are decommissioned within 24 hours.How much crime can be committed in the months it has taken (and continues to take)? Original Message Subject: Re: [anti-abuse-wg] Verification of abuse contact addresses ? From: Shane Kerr <sh...@time-travellers.org> Date: Fri, March 08, 2019 9:40 pm To: anti-abuse-wg@ripe.net Fi Shing, I'm sure verifying the delivery of 70k e-mails (or however many is in the database) can be done in a few hours. But Marco's response mentions to *correcting* the contact addresses, not just verifying them. That involves working with human beings, so it makes sense that it will take a while. Cheers, -- Shane On 08/03/2019 11.07, Fi Shing wrote: > If it takes more than a week to verify your entire database, there is > the first sign that something is wrong with your system. > > > Original Message > Subject: Re: [anti-abuse-wg] Verification of abuse contact addresses ? > From: Marco Schmidt <mschm...@ripe.net ><mailto:mschm...@ripe.net>> > Date: Thu, March 07, 2019 10:03 pm > To: "Ronald F. Guilmette" <r...@tristatelogic.com > <mailto:r...@tristatelogic.com>>, > anti-abuse-wg@ripe.net <mailto:anti-abuse-wg@ripe.net> > > Hello Ronald, > > We are planning to publish an updated timeline soon. > > Ultimately, our implementation will depend of the level of cooperation > we get from LIRs and the nature of issues that need to be fixed before > an abuse contact can be updated (for example, some organisations may > need to reset their maintainer password). > > Over the next few weeks we will be analysing our progress, to make a > realistic estimation. From observations so far, we think we might be > able to finish our initial validation of all abuse contacts within six > months - but it is still too early to make any strong predictions. > > Kind regards, > Marco Schmidt > RIPE NCC > > > On 05/03/2019 21:51, Ronald F. Guilmette wrote: > > In message <9c95c110-d5a3-e94a-6b3c-b02030736...@ripe.net > <mailto:9c95c110-d5a3-e94a-6b3c-b02030736...@ripe.net>>, > > Marco Schmidt <mschm...@ripe.net ><mailto:mschm...@ripe.net>> wrote: > > > >> It is correct that the implementation phase is still ongoing. Currently > >> we are validating all the abuse contact information referenced in LIR > >> organisation objects. Then we will proceed with the validation of abuse > >> contacts referenced in LIR resource objects - the example that you > >> mentioned belongs to this group. And finally all abuse contacts > >> referenced in End User (sponsored) objects will be validated. > > Thanks for the info Marco. > > > > I guess the only question I would ask is this: Is there a published > > timeline for how this whole process is planned to play out, and for > > when it is planned to be completed? > > > > > > Regards, > > rfg > > > >
Re: [anti-abuse-wg] Verification of abuse contact addresses ?
If it takes more than a week to verify your entire database, there is the first sign that something is wrong with your system. Original Message Subject: Re: [anti-abuse-wg] Verification of abuse contact addresses ? From: Marco SchmidtDate: Thu, March 07, 2019 10:03 pm To: "Ronald F. Guilmette" , anti-abuse-wg@ripe.net Hello Ronald, We are planning to publish an updated timeline soon. Ultimately, our implementation will depend of the level of cooperation we get from LIRs and the nature of issues that need to be fixed before an abuse contact can be updated (for example, some organisations may need to reset their maintainer password). Over the next few weeks we will be analysing our progress, to make a realistic estimation. From observations so far, we think we might be able to finish our initial validation of all abuse contacts within six months - but it is still too early to make any strong predictions. Kind regards, Marco Schmidt RIPE NCC On 05/03/2019 21:51, Ronald F. Guilmette wrote: > In message <9c95c110-d5a3-e94a-6b3c-b02030736...@ripe.net>, > Marco Schmidt wrote: > >> It is correct that the implementation phase is still ongoing. Currently >> we are validating all the abuse contact information referenced in LIR >> organisation objects. Then we will proceed with the validation of abuse >> contacts referenced in LIR resource objects - the example that you >> mentioned belongs to this group. And finally all abuse contacts >> referenced in End User (sponsored) objects will be validated. > Thanks for the info Marco. > > I guess the only question I would ask is this: Is there a published > timeline for how this whole process is planned to play out, and for > when it is planned to be completed? > > > Regards, > rfg >
Re: [anti-abuse-wg] Verification_of_abuse_contact_addresse s ?
from what I was reading on here, all they do is check if a mail server exists. So if i list my abuse contact email as your email address, their system would regard that as being correct, simply because the email address exists. Original Message Subject: Re: [anti-abuse-wg] Verification_of_abuse_contact_addresse s ? From: "Ronald F. Guilmette" <r...@tristatelogic.com> Date: Wed, March 06, 2019 7:47 am To: anti-abuse-wg@ripe.net In message <20190305042821.af7f9f79718891d8e76b551cf73e1563.4d026bdf0f@email19.godaddy.com>, "Fi Shing" <phish...@storey.xxx> wrote: > Yes, the verification mechanism they chose to implement was a flop, > with no input required from address owners. So, um, nobody even checked for undeliverable bounces?? Facinating.
Re: [anti-abuse-wg] Verification of abuse contact addresses ?
Yes, the verification mechanism they chose to implement was a flop, with no input required from address owners.In reality, it should be "verify your email address by clicking this link once a week or your resources are decommissioned within 24 hours" but alas, that would make too much sense.abuse.net lists these contacts for mesh digital:ab...@meshdigital.com (for meshdigital.com)n...@meshdigital.com (for meshdigital.com)r...@netsumo.com (for meshdigital.com) Original Message Subject: [anti-abuse-wg] Verification of abuse contact addresses ? From: "Ronald F. Guilmette"Date: Tue, March 05, 2019 8:55 am To: anti-abuse-wg@ripe.net Sorry folks, when this topic was discussed, I confess that I wasn't really paying much attention. So now I am forced to ask: Was someone going to verify the abuse contact addresses listed in the RIPE WHOIS data base? If so, how is that project coming along? I'll tell you why I ask. It's quite simple really. Some jerk, probably Mexican, just sent me a spam wherein he was advertising for sale his list of 18 million "business" email addreses. (I can't quite tell if those are all supposed to be specifically Mexican email addrses or what... because the spam was written in Spanish, and I don't speak Spanish.) https://pastebin.com/raw/dT11krpN Note that the specific email address of mine that was spammed was one that I only used in ancient times, and only in conjunction with my activities on one specific web site. (It obviously leaked somehow.) The envelope sender address was forged to be my own. The source IP was 109.68.33.19 as you can see. So naturally, I performed a RIPE WHOIS query on that IP address and the results I got back indicated that the contact email address for spam reports was . So I emailed off a report to that address. Of course, it bounced back to me immediately as undeliverable. This causes me to suspect that either (a) that stuff that I thought that I has seen previously about a project to verify abuse addresses was all just a bunch of malarkey, or else (b) that project is still unfinished and perhaps not going all that well. Could someone please enlighten me and tell me which possibility actually applies? Regards, rfg P.s. It is annoying enough to have to lookup who the bleep should receive a report about spamming from their network _and_ to have to even write such reports, when 9 time sout of ten, the sending network could have easly prevented the spam from even going out. It is just adding insult to injury when the bloody "official" abuse reporting address doesn't even actually exist. And of course, neither meshdigital.com nor meshdigital.net even have functioning web sites. Apparently this is all the work of some dolts at a company called heg.com, in Germany. Do any of you happen to know any of the clueless nitwits who work there? If so, maybe you could put me in direct touch so that I could personally apply a much needed clue-by-four.