Re: [anti-abuse-wg] RIPE NCC Anti-Abuse Training: Next Steps & WG Input!
Hi Gert, I think that provides a very good way to actually define it, and also coincides with my view point that it may be abuse for you and not for me, or the other way around. Regards, Jordi @jordipalet El 23/2/22 19:39, "anti-abuse-wg en nombre de Gert Doering" escribió: Hi, On Wed, Feb 23, 2022 at 07:20:48PM +0100, Tobias Knecht via anti-abuse-wg wrote: > I disagree with the idea of defining what abuse is for 3 reasons. I do understand your arguments, but I'm not agreeing with the conclusion. If we can't agree on "this is abuse" and "that is not", how can we ever agree on "we should do something against abuse!"? More extreme wording: why would I, as an ISP, need an abuse handling department if I can just declare "ah, no, this is all normal customer activity" instead? So, yes, defining abuse is very hard - but if we ever want to reach a good level of common abuse squashing, we should find a common understanding. Like "using other people's resources (bandwidth, money, time) without at least implicit permission, for personal gain". (I, for one, consider half the web sites out there abusive, with cookie banners, insanely big graphics, and weird scrolling stuff - but I guess most web developers would not agree to that) Gert Doering -- NetMaster -- have you enabled IPv6 on something today...? SpaceNet AG Vorstand: Sebastian v. Bomhard, Michael Emmer Joseph-Dollinger-Bogen 14Aufsichtsratsvors.: A. Grundner-Culemann D-80807 Muenchen HRB: 136055 (AG Muenchen) Tel: +49 (0)89/32356-444 USt-IdNr.: DE813185279 -- To unsubscribe from this mailing list, get a password reminder, or change your subscription options, please visit: https://lists.ripe.net/mailman/listinfo/anti-abuse-wg ** IPv4 is over Are you ready for the new Internet ? http://www.theipv6company.com The IPv6 Company This electronic message contains information which may be privileged or confidential. The information is intended to be for the exclusive use of the individual(s) named above and further non-explicilty authorized disclosure, copying, distribution or use of the contents of this information, even if partially, including attached files, is strictly prohibited and will be considered a criminal offense. If you are not the intended recipient be aware that any disclosure, copying, distribution or use of the contents of this information, even if partially, including attached files, is strictly prohibited, will be considered a criminal offense, so you must reply to the original sender to inform about this communication and delete it. -- To unsubscribe from this mailing list, get a password reminder, or change your subscription options, please visit: https://lists.ripe.net/mailman/listinfo/anti-abuse-wg
Re: [anti-abuse-wg] RIPE NCC Anti-Abuse Training: Next Steps & WG Input!
I just put a couple of examples. If we define abuse in a fix way, future ways to abuse will remain excluded. It is a matter of how we word it. We just need to explain this very well in trainings, not define “abuse”. I don’t recall specific countries, but in several African countries, when discussing the anti-abuse policies in AFRINIC, we got those comments. And now that you mention it, are you sure that CSAM is illegal in 100% of the countries? There may be countries where legislation even don’t mention it. So it is a perfect example of what I’m saying. Regards, Jordi @jordipalet El 17/2/22 13:43, "Michele Neylon - Blacknight" escribió: I disagree Some types of network activity are not going to be welcome anywhere. Some kinds of use of networks and platforms are not welcome by most people. Please show me ANY COUNTRY where CSAM is legal. And “legality” is NOT the bar. Never has been. If we don’t try to deal with this then governments will probably step in and try to force their views on us, no matter how unworkable they are. -- Mr Michele Neylon Blacknight Solutions Hosting, Colocation & Domains https://www.blacknight.com/ https://blacknight.blog/ Intl. +353 (0) 59 9183072 Direct Dial: +353 (0)59 9183090 Personal blog: https://michele.blog/ Some thoughts: https://ceo.hosting/ --- Blacknight Internet Solutions Ltd, Unit 12A,Barrowside Business Park,Sleaty Road,Graiguecullen,Carlow,R93 X265,Ireland Company No.: 370845 From: anti-abuse-wg on behalf of JORDI PALET MARTINEZ via anti-abuse-wg Date: Tuesday, 15 February 2022 at 11:40 To: anti-abuse-wg@ripe.net Subject: Re: [anti-abuse-wg] RIPE NCC Anti-Abuse Training: Next Steps & WG Input! [EXTERNAL EMAIL] Please use caution when opening attachments from unrecognised sources. I don’t think we can, neither should, define what is abuse. Examples are ok, but should be clear that are only examples of common considered abuse activities and not necessarily inclusive/restrictive of all the possible situations. It all depends on the origin of the claim. Simple examples: In country “a”, unsolicited email maybe legally considered abuse, but not in the country “b” of the origin of that spam. You can even take out of the question the “legal” part, if you want. In country “c” attempt to ssh to hosts from other folks is a criminal action, but in country “d” (origin of the problem) is not. The problem here is to ensure that if you get a claim for a presumed abuse, you’re able to process it, even up to the point to say “sorry” in our jurisdiction or best current practices, or internal policy or AUP ... whatever, this is not an abuse so we can’t accept your claim, or otherwise, “we are handling it … we have resolved that this way”. Regards, Jordi @jordipalet El 10/2/22 10:25, "anti-abuse-wg en nombre de Brian Nisbet" escribió: Colleagues, Since we last spoke about the proposed training the NCC have been working with various community members to put a draft syllabus in place for further discussion. This is a link to the feedback document for this draft: https://docs.google.com/document/d/1M9Wrqu-VKGGwMfJQGK0NlTs5UzH6xJ2_HR2MkTBVR2w/edit?usp=sharing What the NCC and the Co-Chairs would love is if everybody could just comment what they think they understand from the learning goals as they’re written and suggest any changes or additions and obviously ask any questions. We’d also like the feedback on the webinar flow design. It’s important for everybody to understand that the learning objectives are the basis for the training. These are the skills that the learner must acquire. With these skills we also expect a change of attitude towards abuse handling (which is we think the purpose of this training). While discussion on the list is welcomed and encouraged, we've also planned a Zoom session for any interested parties to discuss this further. This will take place on Wednesday 23rd February at 14:00 CET: https://ripe.zoom.us/j/8221791822?pwd=ZFY0MnNQeWJsTkhQSFlyeEZlUkNJQT09 Meeting ID: 822 179 1822 Passcode: 1277 Hopefully with discussion on list and at the session on the 23rd we can move this into a final draft and progress from there. Thanks, Brian Co-Chair, RIPE AA-WG Brian Nisbet (he/him) Service Operations Manager HEAnet CLG, Ireland's National Education and Research Network 1st Floor, 5 George's Dock, IFSC, Dublin D01 X8N7, Ireland +35316609040 brian.nis...@heanet.ie www.heanet.ie Registered in Ireland, No. 275301. CRA No. 20036270 -- To unsubscribe from this mailing list, get a password reminder, or change your subscription options, please visit: https://lists.ripe.net/mailman/listinfo/anti-abuse-wg ** IPv4 is over Are you ready for the new Internet ? http://www.theipv6
Re: [anti-abuse-wg] RIPE NCC Anti-Abuse Training: Next Steps & WG Input!
I don’t think we can, neither should, define what is abuse. Examples are ok, but should be clear that are only examples of common considered abuse activities and not necessarily inclusive/restrictive of all the possible situations. It all depends on the origin of the claim. Simple examples: In country “a”, unsolicited email maybe legally considered abuse, but not in the country “b” of the origin of that spam. You can even take out of the question the “legal” part, if you want. In country “c” attempt to ssh to hosts from other folks is a criminal action, but in country “d” (origin of the problem) is not. The problem here is to ensure that if you get a claim for a presumed abuse, you’re able to process it, even up to the point to say “sorry” in our jurisdiction or best current practices, or internal policy or AUP ... whatever, this is not an abuse so we can’t accept your claim, or otherwise, “we are handling it … we have resolved that this way”. Regards, Jordi @jordipalet El 10/2/22 10:25, "anti-abuse-wg en nombre de Brian Nisbet" escribió: Colleagues, Since we last spoke about the proposed training the NCC have been working with various community members to put a draft syllabus in place for further discussion. This is a link to the feedback document for this draft: https://docs.google.com/document/d/1M9Wrqu-VKGGwMfJQGK0NlTs5UzH6xJ2_HR2MkTBVR2w/edit?usp=sharing What the NCC and the Co-Chairs would love is if everybody could just comment what they think they understand from the learning goals as they’re written and suggest any changes or additions and obviously ask any questions. We’d also like the feedback on the webinar flow design. It’s important for everybody to understand that the learning objectives are the basis for the training. These are the skills that the learner must acquire. With these skills we also expect a change of attitude towards abuse handling (which is we think the purpose of this training). While discussion on the list is welcomed and encouraged, we've also planned a Zoom session for any interested parties to discuss this further. This will take place on Wednesday 23rd February at 14:00 CET: https://ripe.zoom.us/j/8221791822?pwd=ZFY0MnNQeWJsTkhQSFlyeEZlUkNJQT09 Meeting ID: 822 179 1822 Passcode: 1277 Hopefully with discussion on list and at the session on the 23rd we can move this into a final draft and progress from there. Thanks, Brian Co-Chair, RIPE AA-WG Brian Nisbet (he/him) Service Operations Manager HEAnet CLG, Ireland's National Education and Research Network 1st Floor, 5 George's Dock, IFSC, Dublin D01 X8N7, Ireland +35316609040 brian.nis...@heanet.ie www.heanet.ie Registered in Ireland, No. 275301. CRA No. 20036270 -- To unsubscribe from this mailing list, get a password reminder, or change your subscription options, please visit: https://lists.ripe.net/mailman/listinfo/anti-abuse-wg ** IPv4 is over Are you ready for the new Internet ? http://www.theipv6company.com The IPv6 Company This electronic message contains information which may be privileged or confidential. The information is intended to be for the exclusive use of the individual(s) named above and further non-explicilty authorized disclosure, copying, distribution or use of the contents of this information, even if partially, including attached files, is strictly prohibited and will be considered a criminal offense. If you are not the intended recipient be aware that any disclosure, copying, distribution or use of the contents of this information, even if partially, including attached files, is strictly prohibited, will be considered a criminal offense, so you must reply to the original sender to inform about this communication and delete it. -- To unsubscribe from this mailing list, get a password reminder, or change your subscription options, please visit: https://lists.ripe.net/mailman/listinfo/anti-abuse-wg
Re: [anti-abuse-wg] Call For Agenda Items - RIPE82
I think the problem comes from the original email, maybe edited from a previous similar message and the html link is different from the text … El 29/3/21 13:20, "anti-abuse-wg en nombre de Hans-Martin Mosner" escribió: Am 23.03.21 um 17:53 schrieb Brian Nisbet: Colleagues, RIPE 82 will be taking place somewhere on the Internet from the 17th - 21st May 2021. https://ripe82.ripe.net Don't know if anyone noticed, but this is a nice example of how tricksters get you to link on misleading URLs :-) After an indirection via a Microsoft "safelinks" service, the URL does not lead to ripe82.ripe.net, as the readable text would imply, but to ripe81.ripe.net :-) Cheers, Hans-Martin ** IPv4 is over Are you ready for the new Internet ? http://www.theipv6company.com The IPv6 Company This electronic message contains information which may be privileged or confidential. The information is intended to be for the exclusive use of the individual(s) named above and further non-explicilty authorized disclosure, copying, distribution or use of the contents of this information, even if partially, including attached files, is strictly prohibited and will be considered a criminal offense. If you are not the intended recipient be aware that any disclosure, copying, distribution or use of the contents of this information, even if partially, including attached files, is strictly prohibited, will be considered a criminal offense, so you must reply to the original sender to inform about this communication and delete it.
Re: [anti-abuse-wg] On the abuse handling policy of manitu.net (AS34240)
Even worst ... You've read that, but automated systems will not do, just use the abuse mailbox. Anyway, I think in general the information will get if an automated abuse report is sent, will be not personal, but from an organization. In fact, if they send personal data to the "abuser", I think they will be breaking the GDPR, because you need an explicit consent to transfer personal data to third parties, right? And of course, in front of law, all this text is "wet paper". If there is a claim because an abuse case, and their customer doesn't respond, they may be liable. Regards, Jordi @jordipalet El 19/2/21 21:56, "anti-abuse-wg en nombre de furio ercolessi" escribió: Manitu.net is a german hosting provider operating AS34240 currently announcing 2.59.84.0/22, 85.116.192.0/19, 89.238.64.0/18, 217.11.48.0/20 and 2a00:1828::/32. I was quite disconcerted to read this notice in their whois record in the RIPE NCC db (within the nic handle MANI-RIPE ): remarks:trouble:++ remarks:trouble:| In case of abuse, e.g. spam, scans, probes,| remarks:trouble:| hack attacks, violation or any other illegal | remarks:trouble:| activity, please contact | remarks:trouble:|| remarks:trouble:| ab...@manitu.net | remarks:trouble:|| remarks:trouble:| IMPORTANT:Your message will probably sent to | remarks:trouble:| the customer concerned by an automatic system. | remarks:trouble:| All of your data, esp. your name, your e-mail | remarks:trouble:| address and the content of your message, will | remarks:trouble:| be visible to the customer. If you do not | remarks:trouble:| agree with this do not use the e-mail address | remarks:trouble:| shown above. | remarks:trouble:|| remarks:trouble:| Complaints sent to any other contacts cannot | remarks:trouble:| be handled in realtime and are therefore not | remarks:trouble:| preferred. | remarks:trouble:|| remarks:trouble:| Please note that this contact is not | remarks:trouble:| responsible for the actions themselves.| remarks:trouble:| So please do not blame us for actions of | remarks:trouble:| third parties. | remarks:trouble:++ This is so absurd, I had to read it twice to make sure that I was not misreading it. They state that they automatically pass all my personal data to abusers if I send a report to them, so that: * Abusers can listwash me and avoid getting further reports from me * Abusers can sell my data to other abusers * Abusers can start harass me electronically (for instance using list bombing, DDOS etc) as a retaliation for disturbing their activity * Abusers could also harass me or my family in real life for the same reason In this process: * My personal data are released automatically to third parties without my explicit consent * Those third parties will presumably remain unknown to me, and the whole process is completely opaque: I will never know where my personal data went. So this is what a reporter would get back in exchange of doing volunteering work to report incidents to them so that they could run a cleaner network! This behaviour appears to blatantly violate RIPE-409, section 5 [ https://www.ripe.net/publications/docs/ripe-409#5 ]: The ISP MUST ensure that the alleged abuser is NOT informed of the identity of those who are reporting the abuse, except with their explicit permission and I thought that this was given for granted by the whole Internet industry. This brings a lot of suspicion around Manitu GmbH. Who are they? Why are they violating the BCP, probably many privacy laws, putting reporters at danger, and doing such a huge favour to cybercriminals ? What benefit are they getting from acting in this way? In the meanwhile, I would suggest that no one sends anything to Manitu abuse. They have two upstreams, AS9063 (VSE NET) and AS42652 (Inexio): probably their abuse desks should receive all the AS34240 reports, at least until this situation has been clarified. furio ercolessi ** IPv4 is over Are you ready for the new Internet ? http://www.theipv6company.com The
Re: [anti-abuse-wg] Question about spam to abuse inbox
The policy proposal was precisely suggesting XARF, not enforcing it. It is the smarter and cheaper way to resolve the problem for everyone. I usually send (automated) in order of 1.000-1.500 abuse reports per day. It will be impossible to handle even just 1% if I need to fill-in forms. I'm sure I'm not alone on that. If you want to keep the forms, they can still exist, just provide the XARF for automatically filling the form. There is no way to assume that victims must pay for the cost of abuse reporting. We will need to scale this to governments and consumer associations at some point. I will much prefer that the technical community is able to avoid that and resolve in a smarter way. Regards, Jordi @jordipalet El 18/2/21 21:01, "anti-abuse-wg en nombre de John Levine" escribió: In article you write: >Abuse reports are a nuisance � anyone who thinks otherwise needs to get their head examined. Of course they are. But abuse from your customers is a nuisance, too, and if you have any sense you will welcome reports about it so you can fix the problem before everyone else blocks you in self-defense. >However a lot of us will deal with abuse reports, but will not put up with people telling us how we should receive them. There are standard ways to send abuse reports, like ARF defined in RFC 5965 and IODEF defined in RFC 7970. Smart people realize that when we send you an abuse report, we are doing it for your benefit, and you will accept them. Report web forms are out of the question because they do not scale. I send about a hundred abuse reports a day about spam received from all over the Internet, and I have no interest in using your form or anyone else's to make a manual special case for under 1% of my reports. R's, John ** IPv4 is over Are you ready for the new Internet ? http://www.theipv6company.com The IPv6 Company This electronic message contains information which may be privileged or confidential. The information is intended to be for the exclusive use of the individual(s) named above and further non-explicilty authorized disclosure, copying, distribution or use of the contents of this information, even if partially, including attached files, is strictly prohibited and will be considered a criminal offense. If you are not the intended recipient be aware that any disclosure, copying, distribution or use of the contents of this information, even if partially, including attached files, is strictly prohibited, will be considered a criminal offense, so you must reply to the original sender to inform about this communication and delete it.
Re: [anti-abuse-wg] Question about spam to abuse inbox
Any provider can do whatever he wishes, no problem on that, but then the others can filter that network and then explain the customers about that. Hopefully at some point the governments, consumer associations, etc. will play a role on that, because it looks to me, based on actual experience, is mainly the organizations in RIPE region who deny the evidence. Regards, Jordi @jordipalet El 18/2/21 18:53, "Michele Neylon - Blacknight" escribió: Jordi At least you are consistent in your belief that you can dictate how we all run our businesses I can’t and won’t comment on providers who are unresponsive etc., but I sincerely doubt that the medium of the reports has any impact on that. I will note, however, that other providers who use forms do so in order that they can collect all the evidence they need in one place at one time. However you cannot dictate to me how we will accept reports. If we decide that all reports need to go via form so that they can be routed to the correct place then that is our decision and you can either cooperate or not. Regards Michele -- Mr Michele Neylon Blacknight Solutions Hosting, Colocation & Domains https://www.blacknight.com/ https://blacknight.blog/ Intl. +353 (0) 59 9183072 Direct Dial: +353 (0)59 9183090 Personal blog: https://michele.blog/ Some thoughts: https://ceo.hosting/ --- Blacknight Internet Solutions Ltd, Unit 12A,Barrowside Business Park,Sleaty Road,Graiguecullen,Carlow,R93 X265,Ireland Company No.: 370845 From: anti-abuse-wg on behalf of JORDI PALET MARTINEZ via anti-abuse-wg Date: Thursday, 18 February 2021 at 15:59 To: anti-abuse-wg@ripe.net Subject: Re: [anti-abuse-wg] Question about spam to abuse inbox I see it in the other way around. Forms are not useful at all. You need to manually fill in the form, unless you modify the automated reporting tools for “each” “form-holder”. Many of them also ask you to create an account in their ticketing system, but because you’re not their customer, you actually can’t do it, or can’t use it, etc. … When I tried to follow the steps, with major datacenters, such as OVH (one very common hoster of “bad” customers, not to say criminals), they never solve the issues, or you can’t see the “results” of the investigation (I tend to think that never investigated in fact …). Most of the abuse reports that we send by email are responded, typically automatically, and there is a reaction to them *when* we have already attached the relevant logs. The problem continues to be those that don’t get the emails, bounce, don’t read them, etc., or force to fill the forms. In those case, we just permanently ban the full ranges, if the abuse continues. No other way. We keep records of all that, in case of legal issues, so to be able to probe the ignorance of the abuse-mailbox. Regards, Jordi @jordipalet El 18/2/21 16:41, "anti-abuse-wg en nombre de Javier Martín" escribió: Hello. The subject of abuse emails are, with few exceptions, a useless thing, it depends on the good faith of the recipient. For our part, we continue to have servers from large companies attacking us for more than 6 months and after dozens of emails no one has helped us. Regards. Javier Sobre 18/02/2021 16:33:07, Michele Neylon - Blacknight via anti-abuse-wg escribió: Hans-Martin I’d disagree For larger companies the types of abuse reported will go to different places and teams. They’re also better for collecting the data you need to be able to act on a report. Abuse reports are a nuisance – anyone who thinks otherwise needs to get their head examined. However a lot of us will deal with abuse reports, but will not put up with people telling us how we should receive them. Regards Michele -- Mr Michele Neylon Blacknight Solutions Hosting, Colocation & Domains https://www.blacknight.com/ https://blacknight.blog/ Intl. +353 (0) 59 9183072 Direct Dial: +353 (0)59 9183090 Personal blog: https://michele.blog/ Some thoughts: https://ceo.hosting/ --- Blacknight Internet Solutions Ltd, Unit 12A,Barrowside Business Park,Sleaty Road,Graiguecullen,Carlow,R93 X265,Ireland Company No.: 370845 From: anti-abuse-wg on behalf of Hans-Martin Mosner Date: Thursday, 18 February 2021 at 15:27 To: anti-abuse-wg@ripe.net Subject: Re: [anti-abuse-wg] Question about spam to abuse inbox Am 18.02.21 um 15:02 schrieb Michele Neylon - Blacknight via anti-abuse-wg: I know quite a few companies now use specific forms for handling reports of different types of reports and have moved away from email almost entirely, which makes a lot of sense. At the risk of derailing this interesting and useful topic, I have to disagree with the use of forms to report abuse. In the cases I've seen, those forms are hard to fi
Re: [anti-abuse-wg] Question about spam to abuse inbox
I see it in the other way around. Forms are not useful at all. You need to manually fill in the form, unless you modify the automated reporting tools for “each” “form-holder”. Many of them also ask you to create an account in their ticketing system, but because you’re not their customer, you actually can’t do it, or can’t use it, etc. … When I tried to follow the steps, with major datacenters, such as OVH (one very common hoster of “bad” customers, not to say criminals), they never solve the issues, or you can’t see the “results” of the investigation (I tend to think that never investigated in fact …). Most of the abuse reports that we send by email are responded, typically automatically, and there is a reaction to them *when* we have already attached the relevant logs. The problem continues to be those that don’t get the emails, bounce, don’t read them, etc., or force to fill the forms. In those case, we just permanently ban the full ranges, if the abuse continues. No other way. We keep records of all that, in case of legal issues, so to be able to probe the ignorance of the abuse-mailbox. Regards, Jordi @jordipalet El 18/2/21 16:41, "anti-abuse-wg en nombre de Javier Martín" escribió: Hello. The subject of abuse emails are, with few exceptions, a useless thing, it depends on the good faith of the recipient. For our part, we continue to have servers from large companies attacking us for more than 6 months and after dozens of emails no one has helped us. Regards. Javier Sobre 18/02/2021 16:33:07, Michele Neylon - Blacknight via anti-abuse-wg escribió: Hans-Martin I’d disagree For larger companies the types of abuse reported will go to different places and teams. They’re also better for collecting the data you need to be able to act on a report. Abuse reports are a nuisance – anyone who thinks otherwise needs to get their head examined. However a lot of us will deal with abuse reports, but will not put up with people telling us how we should receive them. Regards Michele -- Mr Michele Neylon Blacknight Solutions Hosting, Colocation & Domains https://www.blacknight.com/ https://blacknight.blog/ Intl. +353 (0) 59 9183072 Direct Dial: +353 (0)59 9183090 Personal blog: https://michele.blog/ Some thoughts: https://ceo.hosting/ --- Blacknight Internet Solutions Ltd, Unit 12A,Barrowside Business Park,Sleaty Road,Graiguecullen,Carlow,R93 X265,Ireland Company No.: 370845 From: anti-abuse-wg on behalf of Hans-Martin Mosner Date: Thursday, 18 February 2021 at 15:27 To: anti-abuse-wg@ripe.net Subject: Re: [anti-abuse-wg] Question about spam to abuse inbox Am 18.02.21 um 15:02 schrieb Michele Neylon - Blacknight via anti-abuse-wg: I know quite a few companies now use specific forms for handling reports of different types of reports and have moved away from email almost entirely, which makes a lot of sense. At the risk of derailing this interesting and useful topic, I have to disagree with the use of forms to report abuse. In the cases I've seen, those forms are hard to find, are a burden to fill out, require me to add information that is completely irrelevant to the abuse incident, and don't allow me to add relevant information (such as a complete mail header). Not getting a response only adds to the feeling that I've wasted my time... It may make a lot of sense for companies who see abuse reports as a nuisance, though :-) There are better ways to increase the quality of abuse reports received. The best is to respond positively to informative and verifiable abuse reports with timely and appropriate replies and, above all, actions. Cheers, Hans-Martin ** IPv4 is over Are you ready for the new Internet ? http://www.theipv6company.com The IPv6 Company This electronic message contains information which may be privileged or confidential. The information is intended to be for the exclusive use of the individual(s) named above and further non-explicilty authorized disclosure, copying, distribution or use of the contents of this information, even if partially, including attached files, is strictly prohibited and will be considered a criminal offense. If you are not the intended recipient be aware that any disclosure, copying, distribution or use of the contents of this information, even if partially, including attached files, is strictly prohibited, will be considered a criminal offense, so you must reply to the original sender to inform about this communication and delete it.
Re: [anti-abuse-wg] Question about spam to abuse inbox
Hi Cynthia, I got that, sorry not having been clear. I was just expanding what I think should not be done even if some resource-holders do (any kind of filtering of what’s allowed to come in to the abuse mailbox). With fail2ban you can for example: Detect intrusion attempts (SMTP, SSH, FTP, SIP, DNS, etc.), and decide if you consider an intrusion attempt something that retries more than 5 times in 10 minutes. Then you send the abuse report. And block that IP for 8 hours. If the IP retries after that, then you can define that for “n” retries in “m” minutes, the IP is banned for 8 days … and so on. You could also configure it so warnings of “whatever” are internally send to the relevant staff for manual handling. One possible measure that you can take is to send an automated email such as “if you haven’t sent sufficient logs/details to investigate the case … your email will be ignored, so please resend it if x and y, at least, are missing”. If they continue to send emails without those details, either via an autoresponder or manually, send them a message to inform that due to the high volume of abuse reports without the relevant information, you are forced to ban them for “n days”. I think this is at the end very dependent on your own case, resources available, etc., but agree, everything on this discussion is useful! Saludos, Jordi @jordipalet El 18/2/21 15:06, "Cynthia Revström" escribió: Hi Jordi, Sorry I was probably a bit unclear, I don't filter based on content for the abuse inbox. But as I don't filter based on content, I feel like in some cases I need to sort of have manual fail2ban. I really like your point though and I don't know how I blanked out on a temporary block being a potential solution. Because the main thing I was afraid of is, what if another one of their customers gets this address and actually has legitimate abuse emails? But temporarily blocking the sender is a good enough solution to me at least considering the very low volume of abuse emails I get on a regular basis. Also to clarify these emails in particular were complete nonsense such as "I am under ddos from you, please help" with no other details. They were also sent with invalid SPF, and I don't think the from addresses were actually the senders. Also just a few minutes ago, the abuse contact replied saying that they had taken action so I hope this specific case is now fixed. I still think it is/was a useful topic though as there might be less obvious situations or situations where the abuse contact of the sender doesn't cooperate. -Cynthia On Thu, Feb 18, 2021 at 1:58 PM JORDI PALET MARTINEZ via anti-abuse-wg wrote: In my experience, this is something you need to live with, and not filter anything in the spam folder. Why? Because it can be real spam (and then you can use the abuse contact of the resource-holder for the addresses where the spam is coming from), when you report abuse cases, to facilitate the work of the involved parties, you should be allowed to attach or include headers, logs, etc. that probe that it is an abuse (from your perspective). If you filter that, then you will not receive many abuse reports … For example, some abuse mailboxes filter specific URLs or domains. If the header contains such domain, how are you going to be able to send that? I use fail2ban and block automatically specific IP addresses or ranges once the abuse has been reported and keeps repeating. Depending on the frequency of the repetitions, how many, etc., etc., I could increase automatically from a few hours to days or weeks the banning. Regards, Jordi @jordipalet El 18/2/21 13:40, "anti-abuse-wg en nombre de Cynthia Revström via anti-abuse-wg" escribió: Hi aa-wg, For some context, today and yesterday I have been receiving spam in the form of fake abuse notices to my abuse contact email address. Is there a generally accepted standard for when it's okay to block an address or a prefix from emailing your abuse contact? I consider being able to contact the abuse email address of a network a rather important function, so I prefer not to block it. But also as I have more relaxed spam filters for the abuse contact to make sure nothing gets lost, it feels like blocking the address/prefix is my only option other than manually filtering through these emails (10 so far in total, today and yesterday). So back to the question, is there a generally accepted point at which blocking an address/prefix is fine? Thanks, -Cynthia ** IPv4 is over Are you ready for the new Internet ? http://www.theipv6company.com The IPv6 Company This electronic message contains information which may be privileged or confidential. The information is intended to be for the exclusive use of the individual(s) named ab
Re: [anti-abuse-wg] Question about spam to abuse inbox
In my experience, this is something you need to live with, and not filter anything in the spam folder. Why? Because it can be real spam (and then you can use the abuse contact of the resource-holder for the addresses where the spam is coming from), when you report abuse cases, to facilitate the work of the involved parties, you should be allowed to attach or include headers, logs, etc. that probe that it is an abuse (from your perspective). If you filter that, then you will not receive many abuse reports … For example, some abuse mailboxes filter specific URLs or domains. If the header contains such domain, how are you going to be able to send that? I use fail2ban and block automatically specific IP addresses or ranges once the abuse has been reported and keeps repeating. Depending on the frequency of the repetitions, how many, etc., etc., I could increase automatically from a few hours to days or weeks the banning. Regards, Jordi @jordipalet El 18/2/21 13:40, "anti-abuse-wg en nombre de Cynthia Revström via anti-abuse-wg" escribió: Hi aa-wg, For some context, today and yesterday I have been receiving spam in the form of fake abuse notices to my abuse contact email address. Is there a generally accepted standard for when it's okay to block an address or a prefix from emailing your abuse contact? I consider being able to contact the abuse email address of a network a rather important function, so I prefer not to block it. But also as I have more relaxed spam filters for the abuse contact to make sure nothing gets lost, it feels like blocking the address/prefix is my only option other than manually filtering through these emails (10 so far in total, today and yesterday). So back to the question, is there a generally accepted point at which blocking an address/prefix is fine? Thanks, -Cynthia ** IPv4 is over Are you ready for the new Internet ? http://www.theipv6company.com The IPv6 Company This electronic message contains information which may be privileged or confidential. The information is intended to be for the exclusive use of the individual(s) named above and further non-explicilty authorized disclosure, copying, distribution or use of the contents of this information, even if partially, including attached files, is strictly prohibited and will be considered a criminal offense. If you are not the intended recipient be aware that any disclosure, copying, distribution or use of the contents of this information, even if partially, including attached files, is strictly prohibited, will be considered a criminal offense, so you must reply to the original sender to inform about this communication and delete it.
Re: [anti-abuse-wg] Appeal against the Anti-Abuse WG Co-chairs decisions on proposal 2019-04 (Validation of “abuse-mailbox”)
Hi Petrit, I can see it *now* published, however, *last week* (on 20th according to my browser history), I was working in another policy proposal and looking at this web page, and the text related to the appeal was not there. Could you confirm when it was published and announced? I fully understand that this is the first time we have an appeal and a few days delay in the publication is fine, but in my opinion, it should have been published in a matter of days (not weeks). Furthermore, reading the PDP, the appropriate location on the RIPE web site is not in the proposal web page (may be a link there to the appropriate appeals web page), because otherwise, that means we are updating a web page without stating *when* it has been updated. There is not a "track of changes" of the web page. Definitively, we are missing in every web page or modification, a publication date, in order to be completely transparent. Saludos, Jordi @jordipalet El 26/10/20 9:52, "Petrit Hasani" escribió: Hello Jordi, I would just like to comment on your first point. The appeal was published on the RIPE NCC website on the following links: https://www.ripe.net/participate/policies/proposals/2019-04 https://www.ripe.net/participate/policies/archived-policy-proposals/archive-policy-proposals/ We are currently working to update it by including the recent decision of the WGCC. Kind regards, -- Petrit Hasani Policy Officer RIPE NCC > On 26 Oct 2020, at 09:39, JORDI PALET MARTINEZ via anti-abuse-wg wrote: > > Hi Mirjam, > > See my responses below, in-line as many clarifications are clearly required, not just because this appeal, but because there is a misjudgment of the PDP itself. > > Regards, > Jordi > @jordipalet > > > > El 26/10/20 9:07, "Mirjam Kuehne" escribió: > >Dear Jordi, > >Regarding the appeal you submitted on 5 October to the RIPE Anti-Abuse >Working Group mailing list, I would like to inform you about the >decision of the RIPE Working Group Chairs Collective (according to the >procedure as defined in ripe-710). > > [Jordi] I don't think the PDP has been followed in full for this appeal. For example, there was not announcement of the publication of the appeal in the web site. > >The WG Chairs Collective (WGCC) decided to uphold the decision of the >Co-Chairs of the Anti-Abuse Working Group. Please find below their >detailed response. > >Kind regards, >Mirjam Kühne >RIPE Chair > > > >Summary >=== > >The WGCC does not find sufficient reason to overturn the ruling of >the Anti-Abuse WG chairs on proposal 2019-04 (Validation of >"abuse-mailbox"). > >If Jordi wishes to bring a new proposal that he thinks may achieve >consensus, we note that 2019-04 was being considered during an unusual >time, when we have not had face-to-face meetings due to the COVID-19 >pandemic. So it faced difficulties not normally facing a policy >proposal. As always, the Anti-Abuse WG chairs may decide not to adopt >any new proposal. > > [Jordi] Could you clarify this paragraph; I can't parse it. > >Scope >= > >The WGCC considers the appeal process to be solely to determine if the >working group chairs made a reasonable declaration of consensus or >lack of consensus. > >The appeal process is able review whether the process was followed, or >whether there was bias shown in the declaration. > >The appeal process will not re-visit any of the points for or against >the proposal. > > [Jordi] Following the PDP, I can't agree with this. Can you clarify? > >Discussion >== > >The appeal submitted includes several points that the WGCC found >important to consider. These are discussed here. Points outside of the >scope of the appeal process are omitted. > > >RIPE NCC Impact Analysis > > >The appeal will not review the accuracy of the RIPE NCC impact >analysis. The WGCC defers to the expertise of the RIPE NCC staff who >performed the analysis and the members of the Anti-Abuse WG who >received the analysis. > >Further, an impact analysis is information intended to be helpful to >decide whether to adopt a policy. The RIPE community
Re: [anti-abuse-wg] Appeal against the Anti-Abuse WG Co-chairs decisions on proposal 2019-04 (Validation of “abuse-mailbox”)
There is also another point that I will like to rise and I just noticed, and this is very relevant not just because this appeal, but because the appeal process itself. 3 co-chairs have recused themselves. Is that meaning that all the discussion has been done in a different mailing list apart from the WGCC ? This is an extremely important point for the neutrality of the process. There were other WG co-chairs that, during the proposal discussion, expressed their inputs on this proposal (never mind was in favor, against or neutral). It should be expected that also those co-chairs didn't participate in the appeal. I also expected that the co-chairs of the anti-abuse WG should have taken the same self-recuse position, in order to show a real neutrality/impartiality in the process. All this is clearly showing a lack of impartial appeal process. Regards, Jordi @jordipalet El 26/10/20 9:40, "anti-abuse-wg en nombre de JORDI PALET MARTINEZ via anti-abuse-wg" escribió: Hi Mirjam, See my responses below, in-line as many clarifications are clearly required, not just because this appeal, but because there is a misjudgment of the PDP itself. Regards, Jordi @jordipalet El 26/10/20 9:07, "Mirjam Kuehne" escribió: Dear Jordi, Regarding the appeal you submitted on 5 October to the RIPE Anti-Abuse Working Group mailing list, I would like to inform you about the decision of the RIPE Working Group Chairs Collective (according to the procedure as defined in ripe-710). [Jordi] I don't think the PDP has been followed in full for this appeal. For example, there was not announcement of the publication of the appeal in the web site. The WG Chairs Collective (WGCC) decided to uphold the decision of the Co-Chairs of the Anti-Abuse Working Group. Please find below their detailed response. Kind regards, Mirjam Kühne RIPE Chair Summary === The WGCC does not find sufficient reason to overturn the ruling of the Anti-Abuse WG chairs on proposal 2019-04 (Validation of "abuse-mailbox"). If Jordi wishes to bring a new proposal that he thinks may achieve consensus, we note that 2019-04 was being considered during an unusual time, when we have not had face-to-face meetings due to the COVID-19 pandemic. So it faced difficulties not normally facing a policy proposal. As always, the Anti-Abuse WG chairs may decide not to adopt any new proposal. [Jordi] Could you clarify this paragraph; I can't parse it. Scope = The WGCC considers the appeal process to be solely to determine if the working group chairs made a reasonable declaration of consensus or lack of consensus. The appeal process is able review whether the process was followed, or whether there was bias shown in the declaration. The appeal process will not re-visit any of the points for or against the proposal. [Jordi] Following the PDP, I can't agree with this. Can you clarify? Discussion == The appeal submitted includes several points that the WGCC found important to consider. These are discussed here. Points outside of the scope of the appeal process are omitted. RIPE NCC Impact Analysis The appeal will not review the accuracy of the RIPE NCC impact analysis. The WGCC defers to the expertise of the RIPE NCC staff who performed the analysis and the members of the Anti-Abuse WG who received the analysis. Further, an impact analysis is information intended to be helpful to decide whether to adopt a policy. The RIPE community is free to assign whatever weight it wishes. [Jordi] However, according to this, the co-chairs should also consider that the justification provided by the author against the objections is clearly demonstrating that the analysis impact is wrong in certain aspects, so those objections can't be accepted as valid. Discussion During the Review Phase -- The need to re-state opinions was explicitly mentioned in the e-mail moving the policy proposal to the review phase. It is unfortunate that the importance of this was not clear to Jordi. Possibly in the future this can be highlighted in some way. [Jordi] This is against the PDP. The chairs can even say I must sing a song, but the only valid process is the one CLEARLY STATED in the PDP. Nothing else. Otherwise there is a clear subjectivity in the process which invalidates it. Timing of Consensus Declaration --- Jordi mentions several possible
Re: [anti-abuse-wg] Appeal against the Anti-Abuse WG Co-chairs decisions on proposal 2019-04 (Validation of “abuse-mailbox”)
Hi Mirjam, See my responses below, in-line as many clarifications are clearly required, not just because this appeal, but because there is a misjudgment of the PDP itself. Regards, Jordi @jordipalet El 26/10/20 9:07, "Mirjam Kuehne" escribió: Dear Jordi, Regarding the appeal you submitted on 5 October to the RIPE Anti-Abuse Working Group mailing list, I would like to inform you about the decision of the RIPE Working Group Chairs Collective (according to the procedure as defined in ripe-710). [Jordi] I don't think the PDP has been followed in full for this appeal. For example, there was not announcement of the publication of the appeal in the web site. The WG Chairs Collective (WGCC) decided to uphold the decision of the Co-Chairs of the Anti-Abuse Working Group. Please find below their detailed response. Kind regards, Mirjam Kühne RIPE Chair Summary === The WGCC does not find sufficient reason to overturn the ruling of the Anti-Abuse WG chairs on proposal 2019-04 (Validation of "abuse-mailbox"). If Jordi wishes to bring a new proposal that he thinks may achieve consensus, we note that 2019-04 was being considered during an unusual time, when we have not had face-to-face meetings due to the COVID-19 pandemic. So it faced difficulties not normally facing a policy proposal. As always, the Anti-Abuse WG chairs may decide not to adopt any new proposal. [Jordi] Could you clarify this paragraph; I can't parse it. Scope = The WGCC considers the appeal process to be solely to determine if the working group chairs made a reasonable declaration of consensus or lack of consensus. The appeal process is able review whether the process was followed, or whether there was bias shown in the declaration. The appeal process will not re-visit any of the points for or against the proposal. [Jordi] Following the PDP, I can't agree with this. Can you clarify? Discussion == The appeal submitted includes several points that the WGCC found important to consider. These are discussed here. Points outside of the scope of the appeal process are omitted. RIPE NCC Impact Analysis The appeal will not review the accuracy of the RIPE NCC impact analysis. The WGCC defers to the expertise of the RIPE NCC staff who performed the analysis and the members of the Anti-Abuse WG who received the analysis. Further, an impact analysis is information intended to be helpful to decide whether to adopt a policy. The RIPE community is free to assign whatever weight it wishes. [Jordi] However, according to this, the co-chairs should also consider that the justification provided by the author against the objections is clearly demonstrating that the analysis impact is wrong in certain aspects, so those objections can't be accepted as valid. Discussion During the Review Phase -- The need to re-state opinions was explicitly mentioned in the e-mail moving the policy proposal to the review phase. It is unfortunate that the importance of this was not clear to Jordi. Possibly in the future this can be highlighted in some way. [Jordi] This is against the PDP. The chairs can even say I must sing a song, but the only valid process is the one CLEARLY STATED in the PDP. Nothing else. Otherwise there is a clear subjectivity in the process which invalidates it. Timing of Consensus Declaration --- Jordi mentions several possible changes to the policy proposal which may have led to consensus. He suggests that the declaration of consensus was made too soon. We recognize that this is a bit of an odd time, due to COVID-19. This has removed one of our valuable tools, the face-to-face meetings. The already-tricky job of the working group chairs in the PDP has been made harder. We rely on the chairs of the WG involved to decide whether or not a proposal is likely to ever reach consensus. There are no guidelines given for this decision. We find that the Anti-Abuse WG chairs were reasonable in the timing of declaring that there is no consensus. Specific Points in Conclusion - The conclusion states: 1. It is not acceptable to declare lack of consensus and at the same time recognize that there was “some clear support for the policy during the Discussion Phase”. This is not true. Having support for a policy does not _necessarily_ mean there is consensus. [Jordi] Exactly the same that declaring no-consensus based on justifications that have been refuted by the author, is not acceptable. 2. It is not acceptable to, due to the lack of messages in the Review Phase, instead of
Re: [anti-abuse-wg] [policy-announce] Appeal against the Anti-Abuse WG Co-chairs decisions on proposal 2019-04 (Validation of “abuse-mailbox”)
Hi Alex, The consensus is not measured in terms of “how much” support, but if the objections have been refuted. And, in case you missed that, the sentence “some clear support for the policy during the discussion phase” is quoted from the Co-chairs email, not my words: https://www.ripe.net/ripe/mail/archives/anti-abuse-wg/2020-September/005929.html Regards, Jordi @jordipalet El 5/10/20 11:51, "Alex de Joode" escribió: Jordi, The proposal received a lot of push back. Your statement "some clear support for the policy during the discussion phase", is missing the word "marginal" between some and clear. I believe the Anti-Abuse WG Co-Chairs made the right call. Please consider retracting your appeal. -- IDGARA | Alex de Joode | a...@idgara.nl | +31651108221 On Mon, 05-10-2020 10h 23min, JORDI PALET MARTINEZ wrote: Hi all, This appeal (attached in PDF) follows the process outlined by ripe-710 (RIPE PDP). Regards, Jordi @jordipalet ** IPv4 is over Are you ready for the new Internet ? http://www.theipv6company.com The IPv6 Company This electronic message contains information which may be privileged or confidential. The information is intended to be for the exclusive use of the individual(s) named above and further non-explicilty authorized disclosure, copying, distribution or use of the contents of this information, even if partially, including attached files, is strictly prohibited and will be considered a criminal offense. If you are not the intended recipient be aware that any disclosure, copying, distribution or use of the contents of this information, even if partially, including attached files, is strictly prohibited, will be considered a criminal offense, so you must reply to the original sender to inform about this communication and delete it. ** IPv4 is over Are you ready for the new Internet ? http://www.theipv6company.com The IPv6 Company This electronic message contains information which may be privileged or confidential. The information is intended to be for the exclusive use of the individual(s) named above and further non-explicilty authorized disclosure, copying, distribution or use of the contents of this information, even if partially, including attached files, is strictly prohibited and will be considered a criminal offense. If you are not the intended recipient be aware that any disclosure, copying, distribution or use of the contents of this information, even if partially, including attached files, is strictly prohibited, will be considered a criminal offense, so you must reply to the original sender to inform about this communication and delete it.
[anti-abuse-wg] Appeal against the Anti-Abuse WG Co-chairs decisions on proposal 2019-04 (Validation of “abuse-mailbox”)
Hi all, This appeal (attached in PDF) follows the process outlined by ripe-710 (RIPE PDP). Regards, Jordi @jordipalet ** IPv4 is over Are you ready for the new Internet ? http://www.theipv6company.com The IPv6 Company This electronic message contains information which may be privileged or confidential. The information is intended to be for the exclusive use of the individual(s) named above and further non-explicilty authorized disclosure, copying, distribution or use of the contents of this information, even if partially, including attached files, is strictly prohibited and will be considered a criminal offense. If you are not the intended recipient be aware that any disclosure, copying, distribution or use of the contents of this information, even if partially, including attached files, is strictly prohibited, will be considered a criminal offense, so you must reply to the original sender to inform about this communication and delete it. appeal-2019-04-v1.pdf Description: Adobe PDF document
Re: [anti-abuse-wg] Report & Co-Chair's Decision on Proposal 2019-04
I don’t think this is correct, at least not for google, amazon, and other big providers, which I send email with abuses every other day and they react to it and resolve them. El 8/9/20 16:33, "anti-abuse-wg en nombre de Alex de Joode" escribió: As abuse notices might have legal effect, a company could state they will only accept them by fax, or with registered mail. A webform, for a regulator, most likely will be seen as an 'upgrade'. Note that FB and Google also *only accept* complaints, notices etc via webforms. So one can argue a webform is abuse@ 2.0 :) So I do not share you view that a webform is a second rate instrument for accepting abuse notifications. As for ECD/DSA that will most likely be subject to lobby forces beyond our imagination, so anything is possible there ... -- IDGARA | Alex de Joode | a...@idgara.nl | +31651108221 | Skype:adejoode On Tue, 08-09-2020 15h 51min, Carlos Friaças wrote: On Tue, 8 Sep 2020, Alex de Joode wrote: > There are a couple of things in play here. > Networks normally fall under the "mere conduit' provisions of the eCommerce > Directive (ECD (EU law)), this > means they do not have a (legal) requirement to actively address abuse within > their networks. They need to > forward the abuse to their customer, but basically that is it. Before that, a webform may be in the way :-) If the regulator understands that artificial 'requirement' to be a way of avoiding that action of forwarding the abuse, then they might act. Or not. > The up coming DSA (Digital Services Act, which > will supersede the ECD) (as it stand now) will retain this provision for > networks. So the chance of regulation > (within the EU area) for networks with respect to 'abuse handling' is very > low. Unless there are some additional provisions... > The proposal was flawed, no clear identifiable upside (except for a feel good > factor) and a lot extra work for > no real gain. > > If you want to fight the prevalence of internet abuse, ripe policy might not > be your best avenue. Clearly. But this comment is directly tied with the earlier suggestion of renaming the WG... Regards, Carlos > Cheers, > Alex > > ?-- IDGARA | Alex de Joode | a...@idgara.nl | +31651108221 | Skype:adejoode > > On Tue, 08-09-2020 13h 33min, Suresh Ramasubramanian > wrote: > Probably through regulation as you say. If ripe doesn?t want to be the > Internet police they?ll suddenly find > that there actually is such a thing created and with oversight over them, > sooner or later. Nobody is > going to like the result if that happens, neither the government nor ripe nor > its membership. > > --srs > > __ > From: anti-abuse-wg on behalf of Carlos > Friaças via anti-abuse-wg > > Sent: Tuesday, September 8, 2020 4:44:26 PM > To: anti-abuse-wg@ripe.net > Subject: Re: [anti-abuse-wg] Report & Co-Chair's Decision on Proposal 2019-04 > > > Hi, > > I would like to second Piotr's comment. Thank you for your hard work, and > for not quitting over anti-abuse. > > As i read it consensus was not reached, and it's hard to dispute the > objections are not valid/admissible: > > " > 1) Nick Hilliard and Erik Bais commented that the effort and cost to > implement this proposal are too great in relations to the benefits that > are alleged. > > 2) Michele Neylon and Arash Naderpour commented that they oppose forcing > operators to use only email for > handling abuse reports and internal handling procedures should be solely > defined by the operator. > " > > I just want to note that: > A) it's very hard to measure the benefits. some parties would see bigger > benefits than others. > B) converging abuse reports to email usage is a rule that is inexistent > *today*. people which are not worried about abuse, will likely want to > keep it that way... as a webform is an effective way of discouraging > reports. > > > At some point, people which discard abuse reports (or people which > simulate handling abuse reports) will not be able to run networks. > We're far from it, but if it gets to that point that will not be reached > through consensus, but probably through regulation. > > > Regards, > Carlos > > > > > On Mon, 7 Sep 2020, Piotr Strzyzewski via anti-abuse-wg wrote: > > > On Mon, Sep 07, 2020 at 03:19:27PM +, Brian Nisbet wrote: > > > > Brian, Alireza, Tobias, > > > >> A few weeks ago we reached the end of the latest review phase for 2019-04. > >> The Co-Chairs have worked > closely with the NCC Policy Development Office since then to try to make a > decision on this policy. This > email contains a report on the Discussion Phase and Review Phase and then a > final decision which, we > believe, is supported by the activity during those phases. > >> > >> As always, this is underpinned by the RIPE PDP - > >>
Re: [anti-abuse-wg] 2019-04 Policy Proposal Withdrawn (Validation of "abuse-mailbox")
Hi Brian, I’ve already sent you (and the co-chairs and policy officer) my rational for disagreement yesterday. I’m not sure if I need to copy to the list (I will read the PDP for refreshing myself on the appeals process later on today) or how much I should wait for your response before (if needed, hopefully not), starting an appeal. Regards, Jordi @jordipalet El 9/9/20 10:54, "anti-abuse-wg en nombre de Brian Nisbet" escribió: Morning, If you have specific disagreements with the Co-Chairs, then please contact us at aa-wg-ch...@ripe.net with the your reasoning for 2019-04 has reached consensus. The appeals procedure beyond that is detailed in RIPE 710 and I have copied & pasted the specific paragraph here: "If a grievance cannot be resolved with the chair of the WG the matter can be brought to the attention of the Working Group Chairs Collective (WGCC). Anyone may submit an appeal. This must be submitted to the relevant WG mailing list(s) and to the Policy Announce Mailing List (policy-annou...@ripe.net). The appeal will also be published by the RIPE NCC at appropriate locations on the RIPE web site. Any appeal should include a detailed and specific description of the issues and clearly explain why the appeal was submitted. An appeal must be submitted no later than four weeks after the appealable action has occurred. The WGCC will decide by consensus whether to uphold or reject appeals which have been submitted. The decision of the WGCC should be reached no later than four weeks of an appeal being made. Interested parties shall recuse themselves from any discussion or decision within the WGCC relating to the appeal. If the dispute cannot be resolved by the decision of the WGCC, the issue should be brought to the RIPE Chair. The decision of the RIPE Chair will be final." The WGCC can be contacted at wg-cha...@ripe.net However the first step is to contact the WG Chairs for AA-WG with an argument against our decision. Thanks, Brian Co-Chair, RIPE AA-WG Brian Nisbet Service Operations Manager HEAnet CLG, Ireland's National Education and Research Network 1st Floor, 5 George's Dock, IFSC, Dublin D01 X8N7, Ireland +35316609040 brian.nis...@heanet.ie www.heanet.ie Registered in Ireland, No. 275301. CRA No. 20036270 From: anti-abuse-wg on behalf of JJS JJS Sent: Wednesday 9 September 2020 02:37 To: anti-abuse-wg@ripe.net Subject: Re: [anti-abuse-wg] 2019-04 Policy Proposal Withdrawn (Validation of "abuse-mailbox") CAUTION[External]: This email originated from outside of the organisation. Do not click on links or open the attachments unless you recognise the sender and know the content is safe. I disagree that it did not reach consensus. There was never any proper measure of whether it reached consensus. --- On Wed, Sep 9, 2020 at 1:48 AM Petrit Hasani wrote: Dear colleagues, The policy proposal 2019-04, "Validation of "abuse-mailbox”” has been withdrawn. The proposal aimed to have the RIPE NCC validate "abuse-c:” information more often and introduce a new validation process. The proposal is archived and can be found at: https://www.ripe.net/participate/policies/archived-policy-proposals/archive-policy-proposals/ Reason for withdrawal: The proposal did not reach consensus and the WG chairs did not feel that any further redrafting of the proposal would achieve consensus. Kind regards, -- Petrit Hasani Policy Officer RIPE NCC ** IPv4 is over Are you ready for the new Internet ? http://www.theipv6company.com The IPv6 Company This electronic message contains information which may be privileged or confidential. The information is intended to be for the exclusive use of the individual(s) named above and further non-explicilty authorized disclosure, copying, distribution or use of the contents of this information, even if partially, including attached files, is strictly prohibited and will be considered a criminal offense. If you are not the intended recipient be aware that any disclosure, copying, distribution or use of the contents of this information, even if partially, including attached files, is strictly prohibited, will be considered a criminal offense, so you must reply to the original sender to inform about this communication and delete it.
Re: [anti-abuse-wg] Report & Co-Chair's Decision on Proposal 2019-04
Hi Brian, I understand that the people can change their mind, for example, after other comments or the IA, etc. This is the same across different proposal versions, even editorial text changes. People can change their mind. However not stating a “mind change”, should be taken as having changed their position. I understand that you agree on all that and your decision is based on that perspective? (I want to make sure that language differences between English and Spanish are not an interpretation problem here) Regards, Jordi @jordipalet El 8/9/20 10:07, "Brian Nisbet" escribió: Jordi, Under the PDP, given potential changes to the policy and inputs such as the Impact Analysis it is very difficult for the Co-Chairs to make assumptions about points of view as we move into the Review Phase, hence people will often restate their support or opposition to the policy, and indeed will often hark back to comments they have previously made. Again, this is why we listed the comments from the Discussion Phase and the Co-Chairs feel, even if everyone had made those same comments, the Co-Chairs feel there was no clear consensus for change. Brian Co-Chair, RIPE AA-WG Brian Nisbet Service Operations Manager HEAnet CLG, Ireland's National Education and Research Network 1st Floor, 5 George's Dock, IFSC, Dublin D01 X8N7, Ireland +35316609040 brian.nis...@heanet.ie www.heanet.ie Registered in Ireland, No. 275301. CRA No. 20036270 From: JORDI PALET MARTINEZ Sent: Tuesday 8 September 2020 08:58 To: Brian Nisbet ; anti-abuse-wg@ripe.net Subject: Re: [anti-abuse-wg] Report & Co-Chair's Decision on Proposal 2019-04 CAUTION[External]: This email originated from outside of the organisation. Do not click on links or open the attachments unless you recognise the sender and know the content is safe. Hi Brian, all, First of all, tks for this detailed report. I’m still processing it. However, I’ve a open question for you, which I think it has been also clear from other emails, that it is not clear for the community. People in favor (or against) the proposal has not (including myself), re-stated their position or repeated the same arguments. Is not that an indication that they keep their previous position? Regards, Jordi @jordipalet El 7/9/20 17:19, "anti-abuse-wg en nombre de Brian Nisbet" escribió: Colleagues, A few weeks ago we reached the end of the latest review phase for 2019-04. The Co-Chairs have worked closely with the NCC Policy Development Office since then to try to make a decision on this policy. This email contains a report on the Discussion Phase and Review Phase and then a final decision which, we believe, is supported by the activity during those phases. As always, this is underpinned by the RIPE PDP - https://www.ripe.net/publications/docs/ripe-710 Discussion Phase: There was some clear support for the policy during the Discussion Phase. This came from: Serge Droz, who felt that it would help in a number of cases and that an inability to answer an e-mail every six month probably indicated underlying issues. He also felt it would allow the community to understand who was doing good work and who wasn't, and it will prevent organisations from saying they never received a report. He also pointed out some of the difference in reaction between the security and operator communities on this policy. Carlos Friacas, agreed that it would help, but not solve all problems. He also flagged that if "deregistration" was not a possible outcome for a continuous failure to validate, then the outcome of transparency would still be positive, but did say that must be balanced against the NCC Impact Analysis. Jordi Palet Martinez, the proposer, was, of course, in favour, but also reacted to a number of voices against the proposal: - The job of the RIPE NCC is to implement the policies agreed by the community. I believe is perfectly understandable the need to avoid using manual forms which don't follow a single standard, which means extra work for *everyone*. (Responding to Nick Hilliard) - The actual policy has a bigger level of micro-management, by setting one year and not allowing the NCC to change that. (Responding to Nick Hilliard) - The problem of a form is that is not standard. This is economically non-sustainable and means that the cost of the abuse cases is on the back of the one actually reporting. (Responding to No No) - The actual validation is not working, it is just a technical validation (responding to Gert Doering) - The community prefers to do things in steps, we initially asked for an abuse mailbox, we then added a technical validation, now we are asking for a better validation. I am not asking to verify if you handle abuse case or not and I am not asking to take any new actions. Angel Gonzalez Berdasco suuported the proposal, but also made
Re: [anti-abuse-wg] 2019-04 Review Phase (Validation of "abuse-mailbox")
sing is that the proposal gives the RIPE NCC
the freedom to, in case of a huge number of manual validations are needed,
instead of doing the 1st validation in 6 months, you may need 12 months, or
even 18. Not an issue. No need to have more FTEs for that, if the board or
whoever is in charge of taking the decision don't want to hire more staff (that
was my goal on that part of the proposal -> you manage it at your own pace).
One more advantage of this manual validations is that it may help to discover
LIRs, resources, etc., which even if they "pay the bills" automatically, are
not really taking care of the resources ... People in charge let the company,
that department doesn't exist (but admin pay all the yearly bills, this
happens, I've seen it), etc. This was not my goal with the proposal, but I
think it adds some additional value, I just realized it.
I hope the explanation above is helpful. Please let us know if you have any
other concerns.
[Jordi] Yes, thanks a lot, specially the FTE point.
--
Petrit Hasani
Policy Officer
RIPE NCC
> On 20 Jul 2020, at 16:36, JORDI PALET MARTINEZ via anti-abuse-wg
wrote:
>
> Hi Petrit,
>
> Tks for the impact analysis!
>
> However, I think there are some aspects not well covered.
>
> 1) It is clear, unless you can provide stats about that, that we don't
really know if the 92.5% of the automated validations check are *really*
correct in the sense of being able to receive emails (due to mistakes, or on
purpose), as some % may be reaching a null in-box, a mailbox that bounces
because is full, a mailbox that bounces because is misconfigured, etc. As a
consequence of that, the current validation is not really fulfilling the actual
purpose of the RIPE-705, because "it is required to contain ... which is
intended for receiving ...". If emails can't be received at least a % of the
92.5% is not being validated.
>
> 2) Maybe I got it wrong, but I think it is important to see the progress
of tickets that where needed to open in different passes of RIPE-705. It is
expected that in each pass you have less and less failing abuse-c mailboxes,
right? Otherwise, it will be an indication that some LIRs aren't really doing
the job to comply with RIPE-705.
>
> 3) Just to make it clear: Changing the validation period is let
on-purpose, as an operational aspect to the RIPE NCC. I think it is a feature,
not an issue. This also allows a slow-start, as RIPE NCC did with the
implementation of RIPE-705, so it allows to avoid the extra overload indicated
in the IA. May be a full year or even 1.5-2 years are needed in the first pass.
Not an issue, you can accommodate the internal process to the available man
power for manual follow up.
>
> 4) The proposal doesn't specify that you need to run all the validations
on the same day. I expect the system to be smart, and for example consider an
even split of validations per day, which you can tune, depending on what
happened every previous week, so not to overload the resources needed for
manual follow up. This is also in line which 3 above, and I understand is also
the way RIPE-705 was implemented (at least initially).
>
> 5) I really feel that expecting that 32.000 tickets for each round will
be created is very exaggerated. If that's the case, that will probe my point 1
above and indicate that we have a real problem. Even if that's the case, a
smart slow-start process will not require 10 times the actual FTEs vs the
current level. Again, it is important to insist that it should be done smartly
and, in that sense, it is a huge mistake, in my opinion, not considering it in
the IA, because it provides a very biased view.
>
> 6) Even if it is the case that in the first round we have 32.000 tickets,
this is temporary, because following years will not be the same, otherwise, we
have a different kind of problem with policy compliance.
>
> One possible indication of if this really creates so much trouble, even
if all the validations are sent on the same "day", will be to ask to APNIC,
which already implemented a much stricter proposal a year ago, if I recall
correctly. I understand that it is just an indication, different culture, NIR
there/no here, etc., etc. LACNIC is on their way as well, but I don't know when
it will be implemented yet.
>
> Regards,
> Jordi
> @jordipalet
>
>
>
> El 20/7/20 15:08, "anti-abuse-wg en nombre de Petrit Hasani"
escribió:
>
>Dear colleagues,
>
>Policy proposal 2019-04, "Validation of "abuse-mailbox"", is now in
the Review Phase.
>
>This proposal aims to have the RIPE NCC validate "abuse-c:”
information m
Re: [anti-abuse-wg] 2019-04 Review Phase (Validation of "abuse-mailbox")
Hi Petrit, Tks for the impact analysis! However, I think there are some aspects not well covered. 1) It is clear, unless you can provide stats about that, that we don't really know if the 92.5% of the automated validations check are *really* correct in the sense of being able to receive emails (due to mistakes, or on purpose), as some % may be reaching a null in-box, a mailbox that bounces because is full, a mailbox that bounces because is misconfigured, etc. As a consequence of that, the current validation is not really fulfilling the actual purpose of the RIPE-705, because "it is required to contain ... which is intended for receiving ...". If emails can't be received at least a % of the 92.5% is not being validated. 2) Maybe I got it wrong, but I think it is important to see the progress of tickets that where needed to open in different passes of RIPE-705. It is expected that in each pass you have less and less failing abuse-c mailboxes, right? Otherwise, it will be an indication that some LIRs aren't really doing the job to comply with RIPE-705. 3) Just to make it clear: Changing the validation period is let on-purpose, as an operational aspect to the RIPE NCC. I think it is a feature, not an issue. This also allows a slow-start, as RIPE NCC did with the implementation of RIPE-705, so it allows to avoid the extra overload indicated in the IA. May be a full year or even 1.5-2 years are needed in the first pass. Not an issue, you can accommodate the internal process to the available man power for manual follow up. 4) The proposal doesn't specify that you need to run all the validations on the same day. I expect the system to be smart, and for example consider an even split of validations per day, which you can tune, depending on what happened every previous week, so not to overload the resources needed for manual follow up. This is also in line which 3 above, and I understand is also the way RIPE-705 was implemented (at least initially). 5) I really feel that expecting that 32.000 tickets for each round will be created is very exaggerated. If that's the case, that will probe my point 1 above and indicate that we have a real problem. Even if that's the case, a smart slow-start process will not require 10 times the actual FTEs vs the current level. Again, it is important to insist that it should be done smartly and, in that sense, it is a huge mistake, in my opinion, not considering it in the IA, because it provides a very biased view. 6) Even if it is the case that in the first round we have 32.000 tickets, this is temporary, because following years will not be the same, otherwise, we have a different kind of problem with policy compliance. One possible indication of if this really creates so much trouble, even if all the validations are sent on the same "day", will be to ask to APNIC, which already implemented a much stricter proposal a year ago, if I recall correctly. I understand that it is just an indication, different culture, NIR there/no here, etc., etc. LACNIC is on their way as well, but I don't know when it will be implemented yet. Regards, Jordi @jordipalet El 20/7/20 15:08, "anti-abuse-wg en nombre de Petrit Hasani" escribió: Dear colleagues, Policy proposal 2019-04, "Validation of "abuse-mailbox"", is now in the Review Phase. This proposal aims to have the RIPE NCC validate "abuse-c:” information more often and introduces a new validation process. The RIPE NCC has prepared an impact analysis to support the community’s discussion. You can find the proposal and impact analysis at: https://www.ripe.net/participate/policies/proposals/2019-04 https://www.ripe.net/participate/policies/proposals/2019-04#impact-analysis And the draft documents at: https://www.ripe.net/participate/policies/proposals/2019-04/draft As per the RIPE Policy Development Process (PDP), the purpose of this four week Review Phase is to continue discussion of the proposal, taking the impact analysis into consideration, and to review the full draft RIPE Policy Document. At the end of the Review Phase, the working group chairs will determine whether the WG has reached rough consensus. It is therefore important to provide your opinion, even if it is simply a restatement of your input from the previous phase. We encourage you to read the proposal, impact analysis and draft document and send any comments to before 18 August 2020. Kind regards, -- Petrit Hasani Policy Officer RIPE NCC ** IPv4 is over Are you ready for the new Internet ? http://www.theipv6company.com The IPv6 Company This electronic message contains information which may be privileged or confidential. The information is intended to be for the exclusive use of the individual(s) named above and further non-explicilty authorized disclosure, copying, distribution or use of
Re: [anti-abuse-wg] 2019-04 Review Phase (Validation of "abuse-mailbox")
Because using a form mean a manual process. You can't automate the forms, unless *all* the LIRs use the same form. If you have a very small number of abuse cases to report, it may be feasible, but not in normal circumstances. Regards, Jordi @jordipalet El 20/7/20 15:54, "anti-abuse-wg en nombre de PP" escribió: I don't understand why it would exclude the use of forms to submit abuse information. When submitting by a form, it reaches the host nearly 100% of the time. The same cannot be said for email based submissions. On 20/07/2020 11:07 pm, Petrit Hasani wrote: > Dear colleagues, > > Policy proposal 2019-04, "Validation of "abuse-mailbox"", is now in the Review Phase. > > This proposal aims to have the RIPE NCC validate "abuse-c:” information more often and introduces a new validation process. > > The RIPE NCC has prepared an impact analysis to support the community’s discussion. > > You can find the proposal and impact analysis at: > https://www.ripe.net/participate/policies/proposals/2019-04 > https://www.ripe.net/participate/policies/proposals/2019-04#impact-analysis > > And the draft documents at: > https://www.ripe.net/participate/policies/proposals/2019-04/draft > > As per the RIPE Policy Development Process (PDP), the purpose of this four week Review Phase is to continue discussion of the proposal, taking the impact analysis into consideration, and to review the full draft RIPE Policy Document. > > At the end of the Review Phase, the working group chairs will determine whether the WG has reached rough consensus. It is therefore important to provide your opinion, even if it is simply a restatement of your input from the previous phase. > > We encourage you to read the proposal, impact analysis and draft document and send any comments to before 18 August 2020. > > Kind regards, > > -- > Petrit Hasani > Policy Officer > RIPE NCC > > > > > ** IPv4 is over Are you ready for the new Internet ? http://www.theipv6company.com The IPv6 Company This electronic message contains information which may be privileged or confidential. The information is intended to be for the exclusive use of the individual(s) named above and further non-explicilty authorized disclosure, copying, distribution or use of the contents of this information, even if partially, including attached files, is strictly prohibited and will be considered a criminal offense. If you are not the intended recipient be aware that any disclosure, copying, distribution or use of the contents of this information, even if partially, including attached files, is strictly prohibited, will be considered a criminal offense, so you must reply to the original sender to inform about this communication and delete it.
Re: [anti-abuse-wg] Fwd: Re: botnet controllers
I've trouble to understand why you see "sharing info or files with information of abuse records", is a legal penalty. The only "penalty" (filtering) is imposed by other folks using those files and taking their own decision. If they are doing anything wrong against the law, Andorra is not a safe place. They used to have no transparency as a fiscal paradise, but is no longer the case since several years ago (around 6 maybe). We know it in Spain, because we caught several corrupt politicians hiding the money there. You may be right only on the part of publishing names and pics of people, unless that information is already public ... And last, but not least, law may be on your side (and if that's the case it needs to change), but I don't see why logs are requested to other providers and not to VPN providers. This is a clear discrimination. I'm probably missing lot of information here to judge properly. Regards, Jordi @jordipalet El 9/7/20 19:49, "anti-abuse-wg-boun...@ripe.net en nombre de i...@fos-vpn.org" escribió: Sorry, but only legal entities have the right to impose penalties, not privately owned companies. Spamhaus behaves as if they would be executive, legislative and judiciary at once. They immunize itself against legal actions by moving their headquarters outside the EU. Furthermore, they violate EU laws by publishing the names and even photos of spammers in their ROKSO list without their consent. They never show any proof how they gather their information. Their SBL listings don't prove anything. We even received SBL listings at a time when a certain prefix was unannounced and we have strong evidence that a lot of their listings are incorrect. Yes, VPN services can be used for unlawful activities such as Tor Exit Nodes or public WiFi Hotspots; that lies in the nature of things. However we believe that most of our customers behave behave in a responsible fashion and respect the laws as well as we do. Over the years they have built their trust in us, because when we say we don't take any user logs we don't do it. ** IPv4 is over Are you ready for the new Internet ? http://www.theipv6company.com The IPv6 Company This electronic message contains information which may be privileged or confidential. The information is intended to be for the exclusive use of the individual(s) named above and further non-explicilty authorized disclosure, copying, distribution or use of the contents of this information, even if partially, including attached files, is strictly prohibited and will be considered a criminal offense. If you are not the intended recipient be aware that any disclosure, copying, distribution or use of the contents of this information, even if partially, including attached files, is strictly prohibited, will be considered a criminal offense, so you must reply to the original sender to inform about this communication and delete it.
Re: [anti-abuse-wg] Fwd: Re: botnet controllers
If I found that any of your IP addresses is abusing my networks, I've the perfect right to black list your entire network and even more, make my decision public, so others can follow my advice. Specially if you don't take measures to log your network (despite is legally mandatory or not) and ensure that you don't have "bad" customers on it. This is perfectly legal. Regards, Jordi @jordipalet El 8/7/20 22:17, "anti-abuse-wg-boun...@ripe.net en nombre de i...@fos-vpn.org" escribió: If Spamhaus lists our prefixes on EDROP it's their decision, we have to live with that, but they don't have the right to blacklist clean prefixes of hosting providers which host our service, because that is a form of punishment. Spamhaus is no legal entity and does therefore not have the right to do that. I don't say that all SBL entries are invalid, but some of them definitly are, because we have checked them. On 2020-07-08 22:00, Esa Laitinen wrote: > On Wed, 8 Jul 2020, 15:47 , wrote: > >> It is true that VPN services which don't log any user activities >> attract >> people with bad intentions and believe me: We are not happy about >> that >> either...but we have to live with that > > As per your own admission, you have to live with people abusing your > service, but it doesn't mean others have the same obligation. > > If you do serve people abusing your service by doing things warranting > spamhaus listing as per they policy, why should spamhaus stop listing > those IP addresses? By your own admission, the listing is correct. > > It is up to you to come up with a solution that will stop your users > abusing internet resources not belonging to you, and other intenet > users are not obligated to accept such abuse. > > As for extending the listing to cover the whole subnet, it is called > escalation. Look it up, it is explained in spamhauses web page. > > Yours, > > esa > > ps. to put it simply: you're entitled to send crap to the internet. > Others are entitled to refuse receiving it. ** IPv4 is over Are you ready for the new Internet ? http://www.theipv6company.com The IPv6 Company This electronic message contains information which may be privileged or confidential. The information is intended to be for the exclusive use of the individual(s) named above and further non-explicilty authorized disclosure, copying, distribution or use of the contents of this information, even if partially, including attached files, is strictly prohibited and will be considered a criminal offense. If you are not the intended recipient be aware that any disclosure, copying, distribution or use of the contents of this information, even if partially, including attached files, is strictly prohibited, will be considered a criminal offense, so you must reply to the original sender to inform about this communication and delete it.
Re: [anti-abuse-wg] Fwd: Re: botnet controllers
If you can demonstrate that those are fake reports, then you have a base for a court claim, even in Andorra. LEA has the responsibility to investigate and find the real people behind that. El 8/7/20 20:42, "anti-abuse-wg-boun...@ripe.net en nombre de i...@fos-vpn.org" escribió: All I would like from Spamhaus is to stop publishing fake SBL records in order to discredit us and to use that to put pressure both upon us and our upstreams. Non-logging VPN services are as legal within the EU as Exit Nodes of the Tor Network (which have massive abuse entries in various data bases, especially the larger ones) and public WiFi Hotspots, which can be used for abusive activities, too. I don't know who "PP" is (probably the same person which posts under the nickname "Petras Simeon" on Twitter and on various boards), but he contacted us and our upstream providers without telling his name, just using this email address: phishphuc...@storey.ovh and sending us the list of SBL entries which he also posted here. Don't know if he's working for Spamhaus or not, but before attacking others publicly, people should reveal their true identity, anything else would be sneaky in my opinion. ** IPv4 is over Are you ready for the new Internet ? http://www.theipv6company.com The IPv6 Company This electronic message contains information which may be privileged or confidential. The information is intended to be for the exclusive use of the individual(s) named above and further non-explicilty authorized disclosure, copying, distribution or use of the contents of this information, even if partially, including attached files, is strictly prohibited and will be considered a criminal offense. If you are not the intended recipient be aware that any disclosure, copying, distribution or use of the contents of this information, even if partially, including attached files, is strictly prohibited, will be considered a criminal offense, so you must reply to the original sender to inform about this communication and delete it.
Re: [anti-abuse-wg] Fwd: Re: botnet controllers
If I'm listing /24s, instead of addresses, and I clearly state, "within this /24 the following IP addresses have been reported as abusers" and probably other information such as "they do not resolve the abuse cases/they are responding efficiently, etc.", I don't think there is anything wrong. The evil can be in the details, I fully agree, and is difficult to judge if not having "all" the complete set of data. If they are doing "bad things" on purpose or by negligence, even if they aren't disclosing the real identities, the courts, will take care of it in most of the jurisdictions. It will take more time, but this is normal with anything related to law ... unfortunately. By the way, I'm not defending them. I don't know them. Don't know who they are, but I could understand why they don't want to hide. I could tell several personal histories when I brought to Data Protection Agencies/courts several massive spam/abuse cases, and they really tried to do really bad things to me personally. You will be scared. There are real *criminal* organizations behind many "so-called" email marketing companies, spams, hijacks, etc. We all know. They happily will not care to kill anyone if you threaten them. Regards, Jordi @jordipalet El 8/7/20 17:49, "anti-abuse-wg-boun...@ripe.net en nombre de i...@fos-vpn.org" escribió: @Jordi Palet Martinez: If Spamhaus would just list IP addresses we wouldn't mind that. The reality is different though. We brought a /24 prefix to a certain hosting provider which I don't want to name here and a few weeks after that Spamhaus listed the other clean prefixes of that company (which have no direct connection to our IPs) on SBL. The result was that all other customers were unable to sent any emails. The company had to refund them, resulting in a financial damage of more than 7000 Euros. There is no way to prevent this, because right after legal actions were taken in the United Kingdom by one of our upstream partners they moved their companys' headquarters to Andorra, which is outside the EU. Spamhaus is no legal entity, but they behave like one. They can do that because during recent years they gained an enormous power: Most email providers take their lists without any question, so if they want they can destroy an entire hosting provider, and if you want to take legal actions against them you need to find a law firm which is active in Andorra. Why don't they reveal their identities like BitNinja does in its imprint? Then all parties could present their evidence in court. ** IPv4 is over Are you ready for the new Internet ? http://www.theipv6company.com The IPv6 Company This electronic message contains information which may be privileged or confidential. The information is intended to be for the exclusive use of the individual(s) named above and further non-explicilty authorized disclosure, copying, distribution or use of the contents of this information, even if partially, including attached files, is strictly prohibited and will be considered a criminal offense. If you are not the intended recipient be aware that any disclosure, copying, distribution or use of the contents of this information, even if partially, including attached files, is strictly prohibited, will be considered a criminal offense, so you must reply to the original sender to inform about this communication and delete it.
Re: [anti-abuse-wg] [Fwd: Re: Fwd: Re: botnet controllers]
Not being a lawyer, maybe I’m wrong, but I don’t think at least according the Spanish law, that if I anyone, a natural person, or an organization, provides a service to inform “who seems to be a spammer” or “what IP addresses or blocks” are frequently sending spam, if the natural person or the organization just keeps something to probe that there was spam or any other kind of abuse, is fine. Otherwise, all those web pages that have public information about BGP hijacking incidents, will be acting against the law as well. *how* you use that information to create filters for your servers, is *your* decision, not the organization providing that information source. Note that I fully understand your point, I can think on it as “they have a dominant position”. However, this is because they are trusted, not because they have got a government contract or anything like that to have it. If I start building a web page with all the spam, intrusion attempts, and other abuse cases that I receive in any of the networks that I care of, and cite in the web page all those companies that don’t care about those abuse cases, and across the years the community think “this is a valuable” service, let’s use it. AND I can keep the records of why I listed them. Do you think I’m doing anything illegal or wrong? Of course I will be doing something wrong if I list organizations with fake abuse reports, but not otherwise. Regards, Jordi @jordipalet El 8/7/20 16:47, "anti-abuse-wg en nombre de Alex de Joode" escribió: Jordi, Transparency and accountability are key for services that act like a combined privatised police, court and penal force. Unfortunately Spamhaus does not deliver in that department. While the service certainly has merit, they sometimes feels warranted to enforce policies that hurt legal and valid business models like unmanaged hosting and cloud services, vpn's or tor-exits just to name a few. Judge, Jury and Executioner are 3 distinct roles in western democraties, this is for a reason. As a lot of organisations use Spamhaus, this means they have a fudiciary obligation to have clearand targetted policies, a speedy and transparant complaints procedure and they need to provide some form of arbitrage, just to ensure personal issues and preferences are not a factor. To describe Spamhaus usage as "It is up to each individual or organization to use them or not." fundamentally mislabels their position in the abuse handling ecosystem. (it is a bit like arguing we have a working abuse@ mail address, but do not handle abuse at all) -- IDGARA | Alex de Joode | a...@idgara.nl | +31651108221 | Skype:adejoode On Wed, 08-07-2020 15h 08min, JORDI PALET MARTINEZ via anti-abuse-wg wrote: In a couple of occasions (many years ago), some of the IPs under my responsibility, were listed at spamhaus. I contacted them and got delisted, no problem. Of course, after that I took measures so my IP addresses are never involved even by accident, in any "bad" activity: it is my duty. My conclusion is that it offers a good service, which I can use or not, it is my decision. I think services such as spamhaus are good, and I don't know if legally they need to be "registered". I could, as a natural person, so no need for registration if is not a business (no incomes), make this kind of service, for free, and for privacy reasons, and understanding that I may be damaging high-level criminal activities, seek my personal and family protection by not disclosing my real data. I don't think there is nothing wrong about that, because I'm not "forcing" anyone to trust my service or use it, or anything similar. It is up to each individual or organization to use them or not. If ISP a, b, and c, are abusing my network in any way, and I decide to create a public web page to list them, if I can keep the demonstration of that, there is no court that can tell me "you're doing something illegal". I'm just telling the world "those guys have abused my network, you can use it to filter them to avoid having the same trouble", and I can do that I an anonymous way. That said, I think it is a bad excuse to say that there is no login to protect freedom of speech. You can do login but not provide that data to "bad" governments. Only if your own country LEA ask for it, because there was a criminal activity on that connection you will need to provide the data. This is the same for *any* other service. I can't agree that VPN's are a different thing. Note that I'm not trying to say if this or that service is good or bad, but to say that rules are made for all. Regards, Jordi @jordipalet ** IPv4 is over Are you ready for the new Internet ? http://www.theipv6company.com The IPv6 Company This electronic message contains i
Re: [anti-abuse-wg] Fwd: Re: botnet controllers
In a couple of occasions (many years ago), some of the IPs under my responsibility, were listed at spamhaus. I contacted them and got delisted, no problem. Of course, after that I took measures so my IP addresses are never involved even by accident, in any "bad" activity: it is my duty. My conclusion is that it offers a good service, which I can use or not, it is my decision. I think services such as spamhaus are good, and I don't know if legally they need to be "registered". I could, as a natural person, so no need for registration if is not a business (no incomes), make this kind of service, for free, and for privacy reasons, and understanding that I may be damaging high-level criminal activities, seek my personal and family protection by not disclosing my real data. I don't think there is nothing wrong about that, because I'm not "forcing" anyone to trust my service or use it, or anything similar. It is up to each individual or organization to use them or not. If ISP a, b, and c, are abusing my network in any way, and I decide to create a public web page to list them, if I can keep the demonstration of that, there is no court that can tell me "you're doing something illegal". I'm just telling the world "those guys have abused my network, you can use it to filter them to avoid having the same trouble", and I can do that I an anonymous way. That said, I think it is a bad excuse to say that there is no login to protect freedom of speech. You can do login but not provide that data to "bad" governments. Only if your own country LEA ask for it, because there was a criminal activity on that connection you will need to provide the data. This is the same for *any* other service. I can't agree that VPN's are a different thing. Note that I'm not trying to say if this or that service is good or bad, but to say that rules are made for all. Regards, Jordi @jordipalet El 8/7/20 14:47, "anti-abuse-wg-boun...@ripe.net en nombre de i...@fos-vpn.org" escribió: Please allow me to comment on this on behalf of the VPN services affected by the accusations: https://www.ripe.net/participate/mail/forum/anti-abuse-wg/PDRhZGNmYmVmLTNmMmYtNjQ2ZC1iOTMzLWNhY2RkMDEyOGU0M0BzdG9yZXkub3ZoPg== When you run a VPN service it simply lies in the nature of things that some miscreants buy accounts which lead to various types of complaints. Our principle is not to serve the bad, but the good! We checked all SBL listings in the past and found out that most of them were simply invalid. Our removal requests were all ignored by Spamhaus, refusing any communication with us. The problem with Spamhaus is that they can do whatever they want and nearly everyone follows them. After starting legal actions in the UK against them based on their wrong accusations they moved their headquarters to Andorra, using the address of a hospital located there. Earlier on a person we know very well tried the same in Switzerland and found out that they are not even registered there; they just rented some offices from Regus in Geneva. Unlike other services such as BitNinja or Blocklist, Spamhaus has no real imprint on its website. All those names such as Thomas Morrison, Pete Dawes or Vincent Hanna are fake identities. Except a few insiders nobody knows who's behind that company, which claims to be nonprofit. It is true that VPN services which don't log any user activities attract people with bad intentions and believe me: We are not happy about that either...but we have to live with that. To us it seemed that it became a real passion of Mr. Steve Linford to destroy non-logging VPN providers; providers which are needed in countries like Iran or China to protect the freedom of speech (we have a lot of customers there). More than 90 per cent of all VPN providers don't allow any Port Forwarding, but closing all Ports would be a kind of censorship in our opinion. We do have our ToS which don't allow any misuse of our service, but we have no control over the actions of our users whatsoever. I know that most of you won't be satisfied with that answer, but this is how we see things from our perspective. ** IPv4 is over Are you ready for the new Internet ? http://www.theipv6company.com The IPv6 Company This electronic message contains information which may be privileged or confidential. The information is intended to be for the exclusive use of the individual(s) named above and further non-explicilty authorized disclosure, copying, distribution or use of the contents of this information, even if partially, including attached files, is strictly prohibited and will be considered a criminal offense. If you are not the intended recipient be aware that any disclosure, copying, distribution or use of the contents of
Re: [anti-abuse-wg] Fail2ban usage, was Draft Minutes - AA-WG @ RIPE80
Hi Alessandro,
Hi Jordi and all,
TL;DR: Fail2ban can deal with missing or non-responding abuse teams
automatically, without the need to load RIPE with extra costs.
[Jordi] Yes and not!
If you mean reporting to existing and *working* abuse-c, yes, but if the
abuse-c doesn't work, doesn't exists, bounces, or returns an email to fill-in a
form (a non-standard form), you're lost and have no other way to "monitor" the
fail2ban bounces and fill the form manually.
LACNIC, as APNIC, should not be any more a problem, soon, as they both got this
policy accepted by the community. In APNIC is already implemented since a year
ago. LACNIC is still in implementation phase.
In the draft minutes I read:
Jordi said he thinks it will work because smaller providers use more
and
more Open Source tools and it's very common to use Fail2ban. He uses it
himself, and it takes a couple of hours to implement that. So, he
disagreed, but pointed out there there are lots of different opinions
on
the matter.
I can confirm that abuse reporting by email works. When I started
reporting I
noticed some ISPs were receiving lots or reports each day. In some cases,
the
frequency suddenly dropped. Most likely, that's the result of the ISP
starting
to work on my reports and clean up.
Based on such evidence, I recently changed my reporting script. Now, I
don't
use Fail2ban; I use ipqbdb, which works in a similar way. It features an
abuserdap utility which looks up abuse addresses. It takes as argument an
exclusion-file, which I manually fill with the addresses that seem to be
permanently bouncing. Currently, the utility returns no address if either
no
address is found in RDAP, or all the addresses found there are also found
in
the exclusion file. (See bash snippet below).
Like Fail2ban, ipqbdb bans addresses for a limited time. Wrong passwords
deserve a particularly short time period, because they can be given by
legit
users. However, users coming from IP addresses not supported by a
responding
abuse team can be safely banned for a longer period. I do one month.
On Tue 07/Jul/2020 10:33:58 +0200 PP wrote:
> The complaint to RIPE mechanism should only be an escalation mechanism
when the
> ISP does not respond.
Besides costs, that would make RIPE behave different than other LIRs. I
log
how many RDAP lookup fail. Most of them are in LACNIC and APNIC. Figures
are
as follows:
Total RDAP lookups 99, 3.03% of which failed
Total RDAP lookups 107, 5.61% of which failed
Total RDAP lookups 102, 3.92% of which failed
Total RDAP lookups 140, 17.14% of which failed
Total RDAP lookups 125, 6.40% of which failed
Total RDAP lookups 115, 8.70% of which failed
Total RDAP lookups 127, 7.09% of which failed
Total RDAP lookups 113, 4.42% of which failed
Total RDAP lookups 415, 21.93% of which failed
Total RDAP lookups 1542, 39.49% of which failed
Total RDAP lookups 1996, 49.10% of which failed
Total RDAP lookups 1297, 55.05% of which failed
Total RDAP lookups 242, 31.40% of which failed
Total RDAP lookups 125, 40.80% of which failed
Total RDAP lookups 149, 43.62% of which failed
Total RDAP lookups 89, 30.34% of which failed
Total RDAP lookups 55, 18.18% of which failed
Total RDAP lookups 53, 18.87% of which failed
Total RDAP lookups 61, 9.84% of which failed
Total RDAP lookups 64, 25.00% of which failed
Total RDAP lookups 1259, 49.80% of which failed
Total RDAP lookups 1725, 60.46% of which failed
Total RDAP lookups 1746, 64.83% of which failed
Total RDAP lookups 643, 62.99% of which failed
Total RDAP lookups 73, 5.48% of which failed
Total RDAP lookups 148, 8.11% of which failed
Total RDAP lookups 163, 11.04% of which failed
Total RDAP lookups 155, 21.94% of which failed
The relevant snippet of code is below:
let rdap_lookup++
readarray -t <<< "$(abuserdap -x $XCLUDE -vs $rdap_url 2>>
$RDAP_LOG)"
rcpt=${MAPFILE[0]}
if test -z "$rcpt"; then
let rdap_failed++
# since Tue 19 May 2020, ban for 1 month. Don't use -l here!!
ibd-ban -i $key -c 0 -t 2592000 -r "IP without abuse team"
fi
lastline="Recipient found in ${MAPFILE[1]}"
# [...]
if [ "$rdap_lookup" -gt 0 ]; then
printf 'Total RDAP lookups %8d, %6.2f%% of which failed\n' \
"$rdap_lookup" "$(echo
Re: [anti-abuse-wg] 2019-04 Discussion Phase (Validation of "abuse-mailbox")
Hi Petrit, all, Thanks a lot for the clarification. I only discovered that once I was working on the slide for tomorrow, as during the previous days discussion I always used my original word proposal document. I had the feeling that some of the points that we discussed in the last days were misunderstood because there was a "reinforcement or duplication" of the policy text, while it was meant as a clarification. I will make sure to clarify it tomorrow during the WG presentation. Regards, Jordi @jordipalet El 13/5/20 17:58, "anti-abuse-wg en nombre de Petrit Hasani" escribió: Dear colleagues, The proposer has alerted us to a mistake in the “Draft Document” prepared for policy proposal 2019-04: https://www.ripe.net/participate/policies/proposals/2019-04/draft The “Additional information” section in the draft document is part of the proposal and should not be included in the actual policy text. We will update the draft document to remove this section. This means that this section would not be part of the policy text if the proposal is accepted. Please note that the policy proposal itself is not changed - the "Additional information" section remains a part of the proposal: https://www.ripe.net/participate/policies/proposals/2019-04 Kind regards, -- Petrit Hasani Policy Officer RIPE NCC > On 28 Apr 2020, at 16:01, Petrit Hasani wrote: > > Dear colleagues, > > A new version of RIPE policy proposal, 2019-04, "Validation of > "abuse-mailbox"", is now available for discussion. > > This proposal aims to have the RIPE NCC validate "abuse-c:" information > more often and introduces a new validation process. > > Most of the text has been rewritten following the last round of > discussion and the proposal is now at version 3.0. Some key points in > this version: > > - The abuse-mailbox should not force the sender to use a form > - The validation process must ensure that the abuse mailbox is able to > receive messages > - The validation should happen at least every six months > > You can find the full proposal at: > https://www.ripe.net/participate/policies/proposals/2019-04 > > As per the RIPE Policy Development Process (PDP), the purpose of this > four-week Discussion Phase is to discuss the proposal and provide > feedback to the proposer. > > At the end of the Discussion Phase, the proposer, with the agreement of > the Anti-Abuse Working Group Chairs, will decide how to proceed with the > proposal. > > We encourage you to review this proposal and send your comments to > before 27 May 2020. > > Kind regards, > -- > Petrit Hasani > Policy Officer > RIPE NCC > > > > > ** IPv4 is over Are you ready for the new Internet ? http://www.theipv6company.com The IPv6 Company This electronic message contains information which may be privileged or confidential. The information is intended to be for the exclusive use of the individual(s) named above and further non-explicilty authorized disclosure, copying, distribution or use of the contents of this information, even if partially, including attached files, is strictly prohibited and will be considered a criminal offense. If you are not the intended recipient be aware that any disclosure, copying, distribution or use of the contents of this information, even if partially, including attached files, is strictly prohibited, will be considered a criminal offense, so you must reply to the original sender to inform about this communication and delete it.
Re: [anti-abuse-wg] 2019-04 Discussion Phase (Validation of "abuse-mailbox")
Hi Alessandro,
I just read Marco response to this thread (Marco thanks for the quick reaction
on it!), and also Angel response (so to avoid answering to several emails about
the same).
I guess all your other inputs are also relevant for the NCC.
In principle, I don't think all that should be part of the policy proposal, but
if the NCC seems otherwise, I'm happy to work with you/Angel/others to make
sure that we have captured correctly that and see what the WG believes.
Thanks!
Regards,
Jordi
@jordipalet
El 13/5/20 13:02, "anti-abuse-wg en nombre de Alessandro Vesely"
escribió:
Hi Jordy,
On Tue 12/May/2020 22:21:11 +0200 JORDI PALET MARTINEZ via anti-abuse-wg
wrote:
> El 12/5/20 19:26, "anti-abuse-wg en nombre de Alessandro Vesely"
escribió:
>
> I think it is more useful instead of removing the address, marking the
> record as invalid, and this is being done if I recall correctly from RIPE
> NCC presentations. Because it may be a temporary failure of the address,
so
> *not removing it* may bring it back in a subsequent verification.
If at all possible, I'd suggest to register a suitable RDAP JSON value for
the
relevant remark type, at IANA[*]. That would allow automated tools to
discard
the corresponding vcard entry.
ARIN write a remark, like so:
"remarks" : [
{
"description" : [
"ARIN has attempted to validate the data for this POC, but has
received no response from the POC since 2011-06-07"
],
"title" : "Unvalidated POC"
}
],
Such remark is not quite actionable, as it doesn't say which POC does not
work
(recall there are various arrays of vcards, only some of which are tagged
with
the "abuse" role.) Perhaps more importantly, it doesn't say if the invalid
nature of the mailbox was notified to the responsible organization, and such
notification acknowledged.
> [Jordi] I think both [actual validity and statistics] are useful to know.
Is
> the address valid/invalid. If valid, is this LIR processing abuse reports
or
> there is information escalated from the community that is not?
The latter datum is much more difficult to get right. I'd stick with an
invalid mark. If, say, email messages bounced since 2011, and the
organization
was promptly notified and shrugged, a loud and clear mark is well deserved.
> [Jordi] Totally agree. I still think ideally, we should have X-ARF as the
> single way to do all the abuse reporting. Not sure if this could be also
> connected to provide feedback to DNSBL, but I'm not convinced RIPE NCC (or
> any other RIR) could do that ... very difficult to reach consensus on that
> at the time being. The stats might prove that on the long term and then we
> can change our minds.
The format, like the actual handling of reports, is one or more levels
above.
As for a DNSBL, I keep reading that most data in the RIPE Database is
public.
Are there API to browse its content? Is it possible to maintain a
(filtered)
copy of it? If one could collect all the blocks whose abuse-c is marked as
invalid, she could then run a corresponding DNSBL. However, article 3 of
the
Terms and Conditions for Data Access[†] seems to disallow just that.
Best
Ale
--
[*] https://www.iana.org/assignments/rdap-json-values/rdap-json-values.xhtml
[†] https://labs.ripe.net/datarepository/conditions/basic
**
IPv4 is over
Are you ready for the new Internet ?
http://www.theipv6company.com
The IPv6 Company
This electronic message contains information which may be privileged or
confidential. The information is intended to be for the exclusive use of the
individual(s) named above and further non-explicilty authorized disclosure,
copying, distribution or use of the contents of this information, even if
partially, including attached files, is strictly prohibited and will be
considered a criminal offense. If you are not the intended recipient be aware
that any disclosure, copying, distribution or use of the contents of this
information, even if partially, including attached files, is strictly
prohibited, will be considered a criminal offense, so you must reply to the
original sender to inform about this communication and delete it.
Re: [anti-abuse-wg] 2019-04 Discussion Phase (Validation of "abuse-mailbox")
Clearly something that RIPE NCC should improve in their procedures (or at least
explain if there is any issue doing so), but I don't think we need to include
those procedural details in the policy proposal.
What do you think Petrit?
Regards,
Jordi
@jordipalet
El 13/5/20 0:46, "anti-abuse-wg en nombre de Ángel González Berdasco"
escribió:
El mar, 12-05-2020 a las 22:21 +0200, JORDI PALET MARTINEZ via anti-
abuse-wg escribió:
> You misunderstood me. I'm not advocating de-registration of IP
> resources. I
> meant to remove just the abuse-c email address, since it does not
> work. As an
> alternative, as Àngel noted, there could be a tag saying that the
> email address
> is not valid, without actually removing it.
>
> [Jordi] I got your point now, thanks!
>
> I think it is more useful instead of removing the address, marking
> the record as invalid, and this is being done if I recall correctly
> from RIPE NCC presentations.
5.135.48.50is one of such IP addresses.
It has as abuse-c ab...@for-ns.com, which is trivially invalid: for-
ns.com mail is handled by 10 mail.for-ns.com. mail.for-ns.com has
address 176.9.154.142 Yet, there is no mail server on 176.9.154.142:25
Port 43 access provides:
> % Information related to '5.135.48.48 - 5.135.48.51'
>
> % Abuse contact for '5.135.48.48 - 5.135.48.51' is 'ab...@for-ns.com'
> % Abuse-mailbox validation failed. Please refer to ORG-OS3-RIPE for
> further information.
I am unable to see such piece of information on the RDAP view, though:
https://rdap.db.ripe.net/ip/5.135.48.48
Best regards
--
INCIBE-CERT - CERT of the Spanish National Cybersecurity Institute
https://www.incibe-cert.es/
PGP Keys:
https://www.incibe-cert.es/en/what-is-incibe-cert/pgp-public-keys
INCIBE-CERT is the Spanish National CSIRT designated for citizens,
private law entities, other entities not included in the subjective
scope of application of the "Ley 40/2015, de 1 de octubre, de Régimen
Jurídico del Sector Público", as well as digital service providers,
operators of essential services and critical operators under the terms
of the "Real Decreto-ley 12/2018, de 7 de septiembre, de seguridad de
las redes y sistemas de información" that transposes the Directive (EU)
2016/1148 of the European Parliament and of the Council of 6 July 2016
concerning measures for a high common level of security of network and
information systems across the Union.
Disclaimer:
This message may contain confidential information, within the framework
of the corporate Security Management System.If you are not the intended
recipient, please notify the sender and delete this message without
forwarding or retaining a copy, since any unauthorized use is strictly
prohibited by law.
**
IPv4 is over
Are you ready for the new Internet ?
http://www.theipv6company.com
The IPv6 Company
This electronic message contains information which may be privileged or
confidential. The information is intended to be for the exclusive use of the
individual(s) named above and further non-explicilty authorized disclosure,
copying, distribution or use of the contents of this information, even if
partially, including attached files, is strictly prohibited and will be
considered a criminal offense. If you are not the intended recipient be aware
that any disclosure, copying, distribution or use of the contents of this
information, even if partially, including attached files, is strictly
prohibited, will be considered a criminal offense, so you must reply to the
original sender to inform about this communication and delete it.
Re: [anti-abuse-wg] Spamming LIR accounts
I’m not sure if this is true in all the cases, because a physical person can also have PI resources and then a personal email in the database. There is one more point, which I’m discussing with the Spanish DPA in the constitutional court, and it is the classification between personal and company emails, when they have your name and family name, you use it for personal matters (even if the domain is from a company – example, you can have separate emails for business and personal, bus using the same domain), and if the collection of data was authorized or not, and if it was just data collection or also spam. Is not easy. In Spain, the spam (even with business emails) is not allowed according to a further law (LSSI). I guess it varies from country to country. Anyway, I think it has been said a few days ago, harvesting the databases for spam is against the AUP. Regards, Jordi @jordipalet El 12/5/20 23:27, "anti-abuse-wg en nombre de Alex de Joode" escribió: A good summary Sabri. One of the points that has not been addressed (fully) is the fact that the mailing went out to 'role accounts' which are normally company accounts (if some used a personal email address for that, than this will have suddenly become a business email address), so GDPR applicability would be remote, if at all. Alex (LL.M) -- IDGARA | Alex de Joode | a...@idgara.nl | +31651108221 | Skype:adejoode On Tue, 12-05-2020 21h 12min, Sabri Berisha wrote: - On May 12, 2020, at 4:51 AM, Töma Gavrichenkov wrote: Peace, Peace, On Tue, May 12, 2020 at 1:29 PM Arash Naderpour wrote: EU laws are for EU Perhaps sadly for some, but this is not how it works. EU laws protect EU citizens wherever they are, or the EU citizens' personal and sensitive data wherever it is accessed, processed, or stored. Perhaps sadly for some, but this is not how it works. First of all, there is the requirement for the non-EU company to intentionally provide goods or services to the EU. That can be found in article 3(2)a. This means that, per EU rules, the GDPR will not apply to the mom ice cream shop in San Francisco that takes online orders from a EU citizen that happens to be visiting the U.S. The GDPR only affects companies (in or outside the EU) that market to EU citizens or territories. Second, and most important, for a law to protect it must be enforceable. For a law to be enforceable, a court must be able to issue a judgement, and that judgement must be executable. EU judgements based on the GDPR are not necessarily enforceable outside the EU, at least not in the U.S. Treaties must be in place, and a good example is the Hague Convention on Foreign Judgments in Civil and Commercial Matters. In the U.S., foreign judgements are enforceable if they comply with the Uniform Foreign Money Judgments Recognition Act. This law specifies that a judgement may not be recognized if the foreign court did not have "personal jurisdiction" on the U.S. entity. If that entity does not have a physical presence in the EU, establishing the foreign court’s personal jurisdiction will be very difficult if not impossible. But, for folks that did not go to law school, here is a simpler explanation: https://www.youtube.com/watch?v=CD2FlW79PfU :-) Thanks, Sabri ** IPv4 is over Are you ready for the new Internet ? http://www.theipv6company.com The IPv6 Company This electronic message contains information which may be privileged or confidential. The information is intended to be for the exclusive use of the individual(s) named above and further non-explicilty authorized disclosure, copying, distribution or use of the contents of this information, even if partially, including attached files, is strictly prohibited and will be considered a criminal offense. If you are not the intended recipient be aware that any disclosure, copying, distribution or use of the contents of this information, even if partially, including attached files, is strictly prohibited, will be considered a criminal offense, so you must reply to the original sender to inform about this communication and delete it.
Re: [anti-abuse-wg] 2019-04 Discussion Phase (Validation of "abuse-mailbox")
Hi Alessandro, El 12/5/20 19:26, "anti-abuse-wg en nombre de Alessandro Vesely" escribió: Hi Jordy, On Tue 12/May/2020 11:34:19 +0200 JORDI PALET MARTINEZ via anti-abuse-wg wrote: >> El 8/5/20 20:18, "anti-abuse-wg en nombre de Alessandro Vesely" escribió: >> On Fri 08/May/2020 13:28:10 +0200 JORDI PALET MARTINEZ via anti-abuse-wg wrote: >>> >>> As I've indicated already several times (and not just in this discussion), all the RIRs have forms or other methods to escalate any issues. >>> >>> The proposal is only changing "let's have stats". >> >> >> I read: >> >> The RIPE NCC will validate the “abuse-mailbox:” attribute at least >> annually. Where the attribute is deemed incorrect, it will follow up in >> compliance with relevant RIPE Policies and RIPE NCC procedures. >> https://www.ripe.net/participate/policies/proposals/2019-04 >> >> The anonymized statistics is mentioned afterward. It seems to result from >> community escalation and reporting, rather than from the abuse-mailbox >> validation itself. By my proposal, instead, the output of the validation >> process is borne out when the abuse address is removed from the database —and >> the corresponding IP ranges duly transmitted. > > [Jordi] Yes, RIPE provide stats for many things and probably this text is > not really needed, but if we want to make sure to have this specific set of > stats, *we need the text*. If we try to reach consensus in what I'm > interpreting from your last half of the paragraph, it is very difficult to > get consensus, and reclaiming resources must be only done in my opinion, in > extreme cases. What cases are already described in > https://www.ripe.net/publications/docs/ripe-716, not specific to abuse > cases. You misunderstood me. I'm not advocating de-registration of IP resources. I meant to remove just the abuse-c email address, since it does not work. As an alternative, as Àngel noted, there could be a tag saying that the email address is not valid, without actually removing it. [Jordi] I got your point now, thanks! I think it is more useful instead of removing the address, marking the record as invalid, and this is being done if I recall correctly from RIPE NCC presentations. Because it may be a temporary failure of the address, so *not removing it* may bring it back in a subsequent verification. Of course all this depends on the detailed procedure that RIPE NCC is using, but I don't think having so many operational details is good in a policy, unless (I'm not saying is the case, just speaking in general, and not about this specific policy) RIPE NCC is doing so badly and ignoring the community inputs, that the community can only enforce a specific procedure via a policy proposal - but still needs to reach consensus. In one of my earlier versions of the proposal, I had a detailed "example procedure, not part of the policy text". Knowing if an abuse team is reachable is much more useful than statistics which onehas to interpret in order to derive the same information. Setting that information has to be done with care, after making sure that the corresponding organization has acknowledged that their abuse-c doesn't work and doesn't seem to be after fixing it. [Jordi] I think both are useful to know. Is the address valid/invalid. If valid, is this LIR processing abuse reports or there is information escalated from the community that is not? At that point, actions like transmitting the relevant IP ranges to a DNSBL can take place. Such actions are derived from a public database and don't have to be carried out by RIPE NCC. In particular, they imply no termination. [Jordi] Totally agree. I still think ideally, we should have X-ARF as the single way to do all the abuse reporting. Not sure if this could be also connected to provide feedback to DNSBL, but I'm not convinced RIPE NCC (or any other RIR) could do that ... very difficult to reach consensus on that at the time being. The stats might prove that on the long term and then we can change our minds. Best Ale -- ** IPv4 is over Are you ready for the new Internet ? http://www.theipv6company.com The IPv6 Company This electronic message contains information which may be privileged or confidential. The information is intended to be for the exclusive use of the individual(s) named above and further non-explicilty authorized disclosure, copying, distribution or use of the contents of this inf
Re: [anti-abuse-wg] Spamming LIR accounts
Two quick points here: The money collected by Data Protection Agency fines aren’t for the ones claiming, but for the respective governments. If the abuse country don’t have an agreement with the EU to collect that fine, the EU can seize it later on, at any time, when there is a payment from the EU to that company or person, depending on the case. Meanwhile, this company, which has been fined, will not be able to continue business with EU companies. So even if procmail saves time, I feel more responsible, as citizen, to make sure that the law that protects me, is called upon when/if it comes the time for it. Further to that, at least in Spain, I guess is the same in other countries, if you receive spam or any other abuse towards your network, you have law recognized compensation for the damages. Of course this is not millions of euros, even not a few thousands, however a collective claim against a spammer, which my turn the cost for the spammer in something really bad for his/her pocket. Last, but not least, a quick google search shows that there is an agreement for GDPR related issues among the EU and Israel, and Israel has adapted to their equivalent law, which is understandable, because there is a lot of business among those region. Regards, Jordi @jordipalet El 12/5/20 21:49, "anti-abuse-wg en nombre de Sabri Berisha" escribió: - On May 12, 2020, at 12:32 PM, Töma Gavrichenkov wrote: On Tue, May 12, 2020, 10:13 PM Sabri First of all, there is the requirement for the non-EU company to intentionally provide goods or services to the EU. That can be found in article 3(2)a. Well, virtually that's exactly our case: an employee of an Israeli company promotes their services (in multiple local EU languages such as Czech language) through an intentional mailing. Yes, you are absolutely correct in that. Second, and most important, for a law to protect it must be enforceable. For a law to be enforceable, a court must be able to issue a judgement, and that judgement must be executable. Still fine: AFAIK Israeli companies with a remote offering directed to the EU citizens are subject to extraterritorial reaches. At least, I've seen some of those working in GDPR compliance. What do I miss here? This is the part where I disagree. According to EU law, they are subject to what's called "universal jurisdiction", but unless there are treaties in place, or the local Israeli courts are willing to recognize foreign judgements, that EU law is nothing but a useless piece of paper. The EU cannot enforce their laws in a different country without the local courts granting jurisdiction. And that, in turn, means that EU laws cannot be applied to those outside of its reach. It would be different if said entity (whether that's a person or business) had any assets in the EU. In that case they could be seized upon a monetary judgement. Which is the case with Google, Facebook etc. In more simpler terms: EU courts can award you 100 million euros, but without a way to collect it you're still poor. Hence my recommendation to just plonk the guy into oblivion instead of pursuing a theoretical and practically impossible avenue (GDPR enforcement). Just procmail the guy's emails, and vote for the other candidates. Saves you a lot of headaches :) Thanks, Sabri ** IPv4 is over Are you ready for the new Internet ? http://www.theipv6company.com The IPv6 Company This electronic message contains information which may be privileged or confidential. The information is intended to be for the exclusive use of the individual(s) named above and further non-explicilty authorized disclosure, copying, distribution or use of the contents of this information, even if partially, including attached files, is strictly prohibited and will be considered a criminal offense. If you are not the intended recipient be aware that any disclosure, copying, distribution or use of the contents of this information, even if partially, including attached files, is strictly prohibited, will be considered a criminal offense, so you must reply to the original sender to inform about this communication and delete it.
Re: [anti-abuse-wg] Spamming LIR accounts
I don't think EU laws are useless towards non-EU countries that break them. In the case of privacy, they will not be able to keep doing business with the EU. In a more understanding way, EU (or EU members) reach agreements with specific countries so the sanctions can be applied as well, including fines. For example, when speaking about GDPR, countries like Mauritius and Uruguay, have signed those agreements. I believe the reason is to allow mutual business, it makes a lot of sense: if you are offering applications that collect our citizen data, you must follow our rules, or we will find someone that want to follows them. We do this every other day, in any economic activity. I know that if you violate speed limit in one country the fine will be collected from your account in many other countries, it is just reciprocity. Regards, Jordi @jordipalet El 10/5/20 20:54, "anti-abuse-wg en nombre de Sabri Berisha" escribió: - On May 7, 2020, at 2:26 AM, Nick Hilliard n...@foobar.org wrote: Hi, (And to you Töma, Peace :)) > Töma Gavrichenkov wrote on 07/05/2020 10:03: >> What does GDPR have to say about this? > > You mean the Privacy and Electronic Communications Regulations / PECR. > Spamming is prohibited under article 13. > > National transcriptions of this legislation have implemented this as a > civil offence in some EU countries and a criminal offence in others. Yes, and as long as the sender is safe in a non-EU country, none of the EU "laws" will apply to them nor will they care. It's the same thing as saying bad things about Thailand's king while shouting from a pedestal on St. Petersburg Square. I don't know about you guys, but I have a very effective system for dealing with this kind of crap. It's called *plonk*. Thanks, Sabri ** IPv4 is over Are you ready for the new Internet ? http://www.theipv6company.com The IPv6 Company This electronic message contains information which may be privileged or confidential. The information is intended to be for the exclusive use of the individual(s) named above and further non-explicilty authorized disclosure, copying, distribution or use of the contents of this information, even if partially, including attached files, is strictly prohibited and will be considered a criminal offense. If you are not the intended recipient be aware that any disclosure, copying, distribution or use of the contents of this information, even if partially, including attached files, is strictly prohibited, will be considered a criminal offense, so you must reply to the original sender to inform about this communication and delete it.
Re: [anti-abuse-wg] About "consensus" and "voting"...
Hi Nick, all, In many situations "rough consensus" was reached after many versions. Sometimes is a matter of finding the right balance, "the point in the middle" I was referring before. Even if it takes 10 versions instead of just 2. The issue is for the chairs, not an easy task, in the way to determine if objections are valid. Objections aren't just a matter of "taste", which is not valid, as very well described in RFC7282. Regards, Jordi @jordipalet El 9/5/20 23:36, "anti-abuse-wg en nombre de Nick Hilliard" escribió: Hi Carlos, Carlos Friaças wrote on 09/05/2020 22:25: > On Sat, 9 May 2020, Nick Hilliard wrote: >> Suresh Ramasubramanian wrote on 09/05/2020 15:23: >>> Having one might at least lay this discussion to rest once and for >>> all. I?ve seen variants of it for several years now. >> >> But imagine if someone contacted a bunch of their colleagues and said: >> "look, there's this policy proposal going on in RIPE AAWG and it would >> be really great if you could just join up on the mailing list and add >> in a +1, thanks!" >> >> Therein lies the problem - or at least one of the problems - with >> voting: it's wide open to manipulation. > > Same goes for "it takes only 2 or 3 voices to break consensus". > > Even if arguments are somewhat "creative"... no, and in fact this is the point of consensus. It depends on informed judgement and assessment, not a handful of dissenting voices, or people shouting, or votes or anything else. It's worth reading RFC 7282. There is a lot of wisdom in that document. >> In the sense that you're concerned that there's stalemate regarding >> some of these proposals, there isn't according to the PDP: no >> consensus is a legitimate and clear outcome, and when there is no >> consensus, the policy does not proceed. > > The *proposal* does not proceed... the policy can already be in place, > but remains unchanged. The existing reached consensus despite a number of dissenting voices :-) Personally, I think the policy does more harm than good, but it is what it is. I'm not going to put in a proposal to remove it because that probably wouldn't reach consensus and it would end up wasting working group time. Nick ** IPv4 is over Are you ready for the new Internet ? http://www.theipv6company.com The IPv6 Company This electronic message contains information which may be privileged or confidential. The information is intended to be for the exclusive use of the individual(s) named above and further non-explicilty authorized disclosure, copying, distribution or use of the contents of this information, even if partially, including attached files, is strictly prohibited and will be considered a criminal offense. If you are not the intended recipient be aware that any disclosure, copying, distribution or use of the contents of this information, even if partially, including attached files, is strictly prohibited, will be considered a criminal offense, so you must reply to the original sender to inform about this communication and delete it.
Re: [anti-abuse-wg] About "consensus" and "voting"...
I think we all need to re-read, from time to time, RFC7282. Regards, Jordi @jordipalet El 9/5/20 18:21, "anti-abuse-wg en nombre de Sérgio Rocha" escribió: Hi everyone Otherwise we change the way the working Groups works it will remain unchanged for ever. I agree that we must get a way to vote or another democratic way to get decisions. If we don't change something in the process it better close this mailing lists that only exist to give the fake image that the community it's working SR Enviado a partir do meu smartphone Samsung Galaxy. Mensagem original De : Carlos Friaças via anti-abuse-wg Data: 09/05/20 13:41 (GMT+00:00) Para: Suresh Ramasubramanian Cc: Gert Doering , anti-abuse-wg@ripe.net Assunto: [anti-abuse-wg] About "consensus" and "voting"... Hi Suresh, Gert, All, "member organizations represented by" -- this only happens at the RIPE NCC GM, twice a year. The PDP doesn't happen at the RIPE NCC GM, afaik, whether we like it or not. When polarisation is obvious, "consensus" is impossible and everything tend to remain as is... Cheers, Carlos On Sat, 9 May 2020, Suresh Ramasubramanian wrote: > > In a case where the community is polarised to this extent it would be better > to break with procedure and call a vote for once.? With member organizations > represented by their abuse team heads, rather than IP / routing people, so > that > the organisation?s stance on this is clear. > > ? > > From: Gert Doering > Date: Saturday, 9 May 2020 at 3:57 PM > To: Suresh Ramasubramanian > Cc: Randy Bush , Nick Hilliard , > anti-abuse-wg@ripe.net > Subject: Re: [anti-abuse-wg] 2019-04 Discussion Phase (Validation of > "abuse-mailbox") > > Hi, > > On Sat, May 09, 2020 at 01:12:32AM +, Suresh Ramasubramanian wrote: > > Has this even been put to a vote or is it the same group of extremely vocal > > RIPE regulars against it and the same group of extremely vocal security > > types for it??? Rough consensus has its limitations in such cases. > > There is no voting. > > It's either "there is sufficient support and counterarguments have been > adequately addressed" or "no consensus, rewrite or withdraw". > > Gert Doering > ??? -- NetMaster > -- > have you enabled IPv6 on something today...? > > SpaceNet AG? Vorstand: Sebastian v. Bomhard, Michael Emmer > Joseph-Dollinger-Bogen 14??? Aufsichtsratsvors.: A. Grundner-Culemann > D-80807 Muenchen HRB: 136055 (AG Muenchen) > Tel: +49 (0)89/32356-444 USt-IdNr.: DE813185279 > > > ** IPv4 is over Are you ready for the new Internet ? http://www.theipv6company.com The IPv6 Company This electronic message contains information which may be privileged or confidential. The information is intended to be for the exclusive use of the individual(s) named above and further non-explicilty authorized disclosure, copying, distribution or use of the contents of this information, even if partially, including attached files, is strictly prohibited and will be considered a criminal offense. If you are not the intended recipient be aware that any disclosure, copying, distribution or use of the contents of this information, even if partially, including attached files, is strictly prohibited, will be considered a criminal offense, so you must reply to the original sender to inform about this communication and delete it.
Re: [anti-abuse-wg] 2019-04 Discussion Phase (Validation of "abuse-mailbox")
Hi Nick, El 8/5/20 23:58, "Nick Hilliard" escribió: JORDI PALET MARTINEZ via anti-abuse-wg wrote on 08/05/2020 12:07: > [Jordi] The job of the RIPE NCC is to implement the policies agreed > by the community. Different folks may consider different pieces of > all of our policies as "inappropriate" or "arbitrary" which is fine, mostly. Subject to usual discretion of the RIPE NCC to ignore policy which is harmful to itself or others. Various board members have confirmed in the past that the RIPE NCC will not buy an island if instructed to do so by the RIPE Community. > and the goal is > to find a point in the middle, which is what we call consensus. The goal is to try to find consensus. There's nothing in the concept of consensus about trying to find a point in the middle. If I make a policy proposal to demand that the RIPE NCC buy an island, would it be reasonable to settle on a compromise which involved the RIPE NCC buying only half an island? It's ok for consensus to be that a policy proposal be rejected entirely. [Jordi] I guess there is a translation problem here. For us in Spain, something in the middle means a middle term or "compromise" to find an agreement, not to buy half of the island ;-) even less when I'm not trying to buy any island! Consensus is very well described in many nice sentences in RFC7282 (by the way, remember that is not just consensus, we use it for short, but actually it is "rough consensus"). For example: "Coming to consensus is when everyone (including the person making the objection) comes to the conclusion that either the objections are valid, and therefore make a change to address the objection, or that the objection was not really a matter of importance, but merely a matter of taste. Of course, coming to full consensus like that does not always happen. That's why in the IETF, we talk about "rough consensus"." *** See also "5. Consensus is the path, not the destination", it requires time and sometimes many cycles (many versions), is the only way we have, is slow, by in my opinion is the right way. > I believe is perfectly understandable the need to avoid using manual > forms which don't follow a single standard, which means extra work > for *everyone*. Couple of things on this: - if you want to standardise a mechanism for abuse reporting, then that would be useful and by all means, go ahead with that idea first. There are many forums available for doing this. [Jordi] The standard is already defined and this version of the proposal included it. Now we need to agree if we want to use it or not, and at the time being I wrote it as one choice. Maybe the community prefers making it as the only valid option. We do that very often in many other proposals. Why not for abuse reporting? - your proposal threatens to close down RIPE NCC members if they decline to support abuse reports over email. This is unhinged. [Jordi] No, this is not my proposal, this is already *any policy violation* , and actually the actual policy already do that, but in an unclear way. I'm trying to expose it being more honest and transparent with the interpretation of the actual text: "The RIPE NCC will validate the “abuse-mailbox:” attribute at least annually. Where the attribute is deemed incorrect, it will follow up in compliance with relevant RIPE Policies and RIPE NCC procedures." > [Jordi] The actual policy has a bigger level of micro-management, by > setting one year and not allowing the NCC to change that. I think it > is much better to explicitly allow it. One alternative, I will be > fine with that, is not define the time at all, and let the NCC to > adapt it to the needs. Would you thing this is more appropriate? The entire policy is poorly thought-through to start with. You can't fix bad policy with minor tweaks around the edges. [Jordi] Well, we disagree here, many documents reached consensus thru contributions from people, even if it was a bad document (I don't think it is the case) from the start. > [Jordi] What I'm asking here is to make sure that we have stats. I'm > not changing what is an actual practice. You can always report to > *any* RIR, what you think is wrong and if you're a good internet > citizen, you should do that. If you're a good internet citizen, you have some moral obligation to report abuse to an internet number resources registry? [Jordi] This is my opinion, not just in the Internet community. If I see something wrong in "any community", I need to cooperate to make it better. Otherwise I can't complain. If you don't like the food in the restaurant, you either stop eating there or complain so t
Re: [anti-abuse-wg] 2019-04 Discussion Phase (Validation of "abuse-mailbox")
Hi Alessandro, El 8/5/20 20:18, "anti-abuse-wg en nombre de Alessandro Vesely" escribió: On Fri 08/May/2020 13:28:10 +0200 JORDI PALET MARTINEZ via anti-abuse-wg wrote: > Hi Alessandro, > > As I've indicated already several times (and not just in this discussion), all the RIRs have forms or other methods to escalate any issues. > > The proposal is only changing "let's have stats". I read: The RIPE NCC will validate the “abuse-mailbox:” attribute at least annually. Where the attribute is deemed incorrect, it will follow up in compliance with relevant RIPE Policies and RIPE NCC procedures. https://www.ripe.net/participate/policies/proposals/2019-04 The anonymized statistics is mentioned afterward. It seems to result from community escalation and reporting, rather than from the abuse-mailbox validation itself. By my proposal, instead, the output of the validation process is borne out when the abuse address is removed from the database —and the corresponding IP ranges duly transmitted. [Jordi] Yes, RIPE provide stats for many things and probably this text is not really needed, but if we want to make sure to have this specific set of stats, *we need the text*. If we try to reach consensus in what I'm interpreting from your last half of the paragraph, it is very difficult to get consensus, and reclaiming resources must be only done in my opinion, in extreme cases. What cases are already described in https://www.ripe.net/publications/docs/ripe-716, not specific to abuse cases. Best Ale > El 4/5/20 12:29, "anti-abuse-wg en nombre de Alessandro Vesely" escribió: > > Hi, > > On 29/04/2020 13:22, Gert Doering wrote: > > > > If people *want* to handle abuse reports, they do so today already > > (and if they mess up their mail reception, the NCC will check this today > > already, and let them know). > > > > If people *do not want* to handle abuse reports, this proposal will not > > make them. > > > The above is unquestionable truth. There is a grey area, where a mailbox > doesn't work because of misconfiguration, mailbox full, or similar issues. > Validation might help in those cases. > > However, statements like: > > The “abuse-c:” will be mandatory for all aut-nums > > are in conflict with the unquestionable truth quoted above. Please, allow > abuse-c to be empty! I have to keep a dont-send list of non-responding abuse > addresses. Some 70% of the complaints I would have sent hit that list. It > would be more practical to have an empty abuse-c entry in the first place. > > In addition, having networks without abuse addresses makes them more easily > identifiable. RIPE NCC could compile the relevant IP addresses into an easily > usable format, for example one readable by rbldns. Rather than following-up > and threatening resource revocation, upon repeated validation failures, the > RIPE NCC should just remove the non-working abuse-c entry, thereby adding the > relevant IP addresses to the "no-complaints" list. > > A web form to report bouncing abuse addresses would be useful too. > > > Best > Ale > -- > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > ** > IPv4 is over > Are you ready for the new Internet ? > http://www.theipv6company.com > The IPv6 Company > > This electronic message contains information which may be privileged or confidential. The information is intended to be for the exclusive use of the individual(s) named above and further non-explicilty authorized disclosure, copying, distribution or use of the contents of this information, even if partially, including attached files, is strictly prohibited and will be considered a criminal offense. If you are not the intended recipient be aware that any disclosure, copying, distribution or use of the contents of this information, even if partially, including attached files, is strictly prohibited, will be considered a criminal offense, so you must reply to the original sender to inform about this communication and delete it. >
Re: [anti-abuse-wg] 2019-04 Discussion Phase (Validation of "abuse-mailbox")
Hi Sergey, El 8/5/20 16:28, "anti-abuse-wg en nombre de Sergey Myasoedov via anti-abuse-wg" escribió: Dear Jordi, > There are existing procedures for that in extreme cases. I think it's now obvious that existing procedures does not work. [Jordi] I don't think so, however if that's the case, it is transversal to all the policies, not just one. It will not make sense to me to address it only for abuse cases, and not for other policy violations. -- Sergey Friday, May 8, 2020, 1:20:45 PM, you wrote: JPMvaaw> However, I fully understand that the community prefer to do things in different steps. JPMvaaw> We initially asked for the abuse mailbox. JPMvaaw> Then we added a technical validation. JPMvaaw> Now I'm asking for a better validations and make sure that JPMvaaw> the reporting is feasible. I'm not asking to verify if you handle the abuse case or not. JPMvaaw> *AND* I'm not asking to take *new* actions. There are JPMvaaw> existing procedures for that in extreme cases. JPMvaaw> JPMvaaw> El 30/4/20 9:51, "anti-abuse-wg en nombre de Serge Droz via JPMvaaw> anti-abuse-wg" anti-abuse-wg@ripe.net> escribió: JPMvaaw> I do not disagree with this. JPMvaaw> Serge JPMvaaw> On 30.04.20 09:41, Hans-Martin Mosner wrote: JPMvaaw> > Am 30.04.20 um 02:58 schrieb Suresh Ramasubramanian: JPMvaaw> >> JPMvaaw> >> However, being in a fiduciary role - with IPv4 being traded like JPMvaaw> >> currency these days the description fits - RIPE NCC can’t not get JPMvaaw> >> involved. JPMvaaw> >> JPMvaaw> > ... JPMvaaw> >> NCC owes it to the rest of its membership and the internet community JPMvaaw> >> at large to take a more active role in this matter. JPMvaaw> >> JPMvaaw> > This. JPMvaaw> > JPMvaaw> > And as long as RIPE and/or NCC explicitly does not want to take action JPMvaaw> > when RIPE members don't handle abuse from their networks properly, the JPMvaaw> > whole issue of validating abuse mailbox addresses is moot. After all JPMvaaw> > discussion, the toothless compromise will be that there should be an JPMvaaw> > abuse mailbox, and FWIW it can be handled by Dave Null because nobody JPMvaaw> > will exert pressure on the resource holder to do anything else. JPMvaaw> > JPMvaaw> > Our problem on the receiving side of network abuse is not with the few JPMvaaw> > good-willing but technically challenged providers whose abuse mailbox JPMvaaw> > isn't working properly but with those large operators who don't give a JPMvaaw> > flying f about their customer's network abuse. JPMvaaw> > JPMvaaw> > Personally, I consider the anti-abuse WG a failure at this point. When I JPMvaaw> > joined I had hoped to see and possibly support constructive work towards JPMvaaw> > a reduction in network abuse, but apparently there are big players in JPMvaaw> > this game who are not interested in such a reduction as it would JPMvaaw> > undermine their "business". JPMvaaw> > JPMvaaw> > Cheers, JPMvaaw> > Hans-Martin JPMvaaw> > JPMvaaw> -- JPMvaaw> Dr. Serge Droz JPMvaaw> Chair of the FIRST Board of Directors JPMvaaw> https://www.first.org JPMvaaw> ** JPMvaaw> IPv4 is over JPMvaaw> Are you ready for the new Internet ? JPMvaaw> http://www.theipv6company.com JPMvaaw> The IPv6 Company JPMvaaw> This electronic message contains information which may be JPMvaaw> privileged or confidential. The information is intended to be JPMvaaw> for the exclusive use of the individual(s) named above and JPMvaaw> further non-explicilty authorized disclosure, copying, JPMvaaw> distribution or use of the contents of this information, even JPMvaaw> if partially, including attached files, is strictly JPMvaaw> prohibited and will be considered a criminal offense. If you JPMvaaw> are not the intended recipient be aware that any disclosure, JPMvaaw> copying, distribution or use of the contents of this JPMvaaw> information, even if partially, including attached files, is JPMvaaw> strictly prohibited, will be considered a criminal offense, JPMvaaw> so you must reply to the original sender to inform about this communication and delete it. ** IPv4 is over Are you ready for the new Internet ? http://www.theipv6company.com The IPv6 Company This electronic message contains information which may be privileged or confidential. The information is intended to be for the exclusive use of the individual(s) named above and further non-explicilty authorized disclosure, copying, distribution or use of
Re: [anti-abuse-wg] 2019-04 Discussion Phase (Validation of "abuse-mailbox")
Hi Alessandro, As I've indicated already several times (and not just in this discussion), all the RIRs have forms or other methods to escalate any issues. The proposal is only changing "let's have stats". El 4/5/20 12:29, "anti-abuse-wg en nombre de Alessandro Vesely" escribió: Hi, On 29/04/2020 13:22, Gert Doering wrote: > > If people *want* to handle abuse reports, they do so today already > (and if they mess up their mail reception, the NCC will check this today > already, and let them know). > > If people *do not want* to handle abuse reports, this proposal will not > make them. The above is unquestionable truth. There is a grey area, where a mailbox doesn't work because of misconfiguration, mailbox full, or similar issues. Validation might help in those cases. However, statements like: The “abuse-c:” will be mandatory for all aut-nums are in conflict with the unquestionable truth quoted above. Please, allow abuse-c to be empty! I have to keep a dont-send list of non-responding abuse addresses. Some 70% of the complaints I would have sent hit that list. It would be more practical to have an empty abuse-c entry in the first place. In addition, having networks without abuse addresses makes them more easily identifiable. RIPE NCC could compile the relevant IP addresses into an easily usable format, for example one readable by rbldns. Rather than following-up and threatening resource revocation, upon repeated validation failures, the RIPE NCC should just remove the non-working abuse-c entry, thereby adding the relevant IP addresses to the "no-complaints" list. A web form to report bouncing abuse addresses would be useful too. Best Ale -- ** IPv4 is over Are you ready for the new Internet ? http://www.theipv6company.com The IPv6 Company This electronic message contains information which may be privileged or confidential. The information is intended to be for the exclusive use of the individual(s) named above and further non-explicilty authorized disclosure, copying, distribution or use of the contents of this information, even if partially, including attached files, is strictly prohibited and will be considered a criminal offense. If you are not the intended recipient be aware that any disclosure, copying, distribution or use of the contents of this information, even if partially, including attached files, is strictly prohibited, will be considered a criminal offense, so you must reply to the original sender to inform about this communication and delete it.
Re: [anti-abuse-wg] 2019-04 Discussion Phase (Validation of "abuse-mailbox")
However, I fully understand that the community prefer to do things in different steps. We initially asked for the abuse mailbox. Then we added a technical validation. Now I'm asking for a better validations and make sure that the reporting is feasible. I'm not asking to verify if you handle the abuse case or not. *AND* I'm not asking to take *new* actions. There are existing procedures for that in extreme cases. El 30/4/20 9:51, "anti-abuse-wg en nombre de Serge Droz via anti-abuse-wg" escribió: I do not disagree with this. Serge On 30.04.20 09:41, Hans-Martin Mosner wrote: > Am 30.04.20 um 02:58 schrieb Suresh Ramasubramanian: >> >> However, being in a fiduciary role - with IPv4 being traded like >> currency these days the description fits - RIPE NCC can’t not get >> involved. >> > ... >> NCC owes it to the rest of its membership and the internet community >> at large to take a more active role in this matter. >> > This. > > And as long as RIPE and/or NCC explicitly does not want to take action > when RIPE members don't handle abuse from their networks properly, the > whole issue of validating abuse mailbox addresses is moot. After all > discussion, the toothless compromise will be that there should be an > abuse mailbox, and FWIW it can be handled by Dave Null because nobody > will exert pressure on the resource holder to do anything else. > > Our problem on the receiving side of network abuse is not with the few > good-willing but technically challenged providers whose abuse mailbox > isn't working properly but with those large operators who don't give a > flying f about their customer's network abuse. > > Personally, I consider the anti-abuse WG a failure at this point. When I > joined I had hoped to see and possibly support constructive work towards > a reduction in network abuse, but apparently there are big players in > this game who are not interested in such a reduction as it would > undermine their "business". > > Cheers, > Hans-Martin > -- Dr. Serge Droz Chair of the FIRST Board of Directors https://www.first.org ** IPv4 is over Are you ready for the new Internet ? http://www.theipv6company.com The IPv6 Company This electronic message contains information which may be privileged or confidential. The information is intended to be for the exclusive use of the individual(s) named above and further non-explicilty authorized disclosure, copying, distribution or use of the contents of this information, even if partially, including attached files, is strictly prohibited and will be considered a criminal offense. If you are not the intended recipient be aware that any disclosure, copying, distribution or use of the contents of this information, even if partially, including attached files, is strictly prohibited, will be considered a criminal offense, so you must reply to the original sender to inform about this communication and delete it.
Re: [anti-abuse-wg] 2019-04 Discussion Phase (Validation of "abuse-mailbox")
El 29/4/20 14:23, "anti-abuse-wg en nombre de Gert Doering" escribió: Hi, On Wed, Apr 29, 2020 at 01:44:42PM +0200, Serge Droz via anti-abuse-wg wrote: > >> Coming from the incident response side, I'm tiered of people constantly > >> telling me, that issues are not their problem > > > > How would this proposal help with said problem? > > - It will catch the cases where some miss configuration happened indeed This is already caught today. The RIPE NCC *does* abuse-c mailbox validation today. [Jordi] But is not working, it is just a technical validation. > - It will make it impossible for orgs to say "We never received a report" How so? Yes, there is a mailbox. But if someone doesn't care, why would they not still claim "I have never seen a report"? [Jordi] We need to know stats about those cases. > - It allows us to enumerate better who does good work and who doesn't. And how does *this proposal* have any influence on this? [Jordi] I agree here with Gert. Personally, I will like to know who is not handling abuse cases, so I can filter its network. As "what is best for the community, at the time being", and the way I phrased it in the proposal I just want to have stats, not pointing to anyone. I'm usually more of an reporter than a responder, but I've seen both sides - and [as I've said before...] you don't get orgs that do not care to magically expend resources on abuse handling by introducing more mailbox verification procedures. Gert Doering -- NetMaster -- have you enabled IPv6 on something today...? SpaceNet AG Vorstand: Sebastian v. Bomhard, Michael Emmer Joseph-Dollinger-Bogen 14Aufsichtsratsvors.: A. Grundner-Culemann D-80807 Muenchen HRB: 136055 (AG Muenchen) Tel: +49 (0)89/32356-444 USt-IdNr.: DE813185279 ** IPv4 is over Are you ready for the new Internet ? http://www.theipv6company.com The IPv6 Company This electronic message contains information which may be privileged or confidential. The information is intended to be for the exclusive use of the individual(s) named above and further non-explicilty authorized disclosure, copying, distribution or use of the contents of this information, even if partially, including attached files, is strictly prohibited and will be considered a criminal offense. If you are not the intended recipient be aware that any disclosure, copying, distribution or use of the contents of this information, even if partially, including attached files, is strictly prohibited, will be considered a criminal offense, so you must reply to the original sender to inform about this communication and delete it.
Re: [anti-abuse-wg] 2019-04 Discussion Phase (Validation of "abuse-mailbox")
El 29/4/20 13:18, "anti-abuse-wg en nombre de Elad Cohen" escribió: What is this ? "However, the community should report any situation to the RIPE NCC, which can provide (anonymous) periodical statistics to the community, which can take further decisions about that." Ripe members are informers? "divide and conquer" strategy ? [Jordi] I’ve explained the intent before. The reporting to the RIPE NCC (and all the other RIRs) of anything which may be relevant is not acting as “informer”, but collaboration in order to discover isues and improve. Can you suggest a better wording? Abuse email addresses (just like any other email address) are being spammed, not only by non-relevant spammers but also by automatic useless services that are installed at servers that don't take themselves any measure of proper configuration to avoid the automatic useless services. To my opinion, Ripe should create its own anti-abuse system, each LIR will have login access to it (LIR will be able to choose to receive notifications through sms / email) and to mark each abuse complaint as resolved or not (that system can also have an API so LIR's will be able to pull their abuse complaints), the main issue is that complaints to that system will not be able to be done automatically or by email - only manually by form filling with captcha. (after the LIR will mark an abuse complain as resolved - the complainer will receive an email address also to confirm with him if issue is resolved or not, non-detailed statistics will be able to be displayed to the whole community - to see the percentage of how many manual complaints weren't handled by each LIR) [Jordi] Maybe you could submit a proposal for that? --- Besides the above, I also believe that we as a community should not accept complainers which are not taking the most basic configuration actions to protect their systems, and would consider these complaints as spam. In order for abuse complaints not to be abused. [Jordi] I disagree here. Is like you tell a shop owner, you’re guilty because you didn’t took enough measures. Too many measures sometimes avoid getting real customers coming in. Respectfully, Elad From: anti-abuse-wg on behalf of Serge Droz via anti-abuse-wg Sent: Wednesday, April 29, 2020 11:22 AM To: anti-abuse-wg@ripe.net Subject: Re: [anti-abuse-wg] 2019-04 Discussion Phase (Validation of "abuse-mailbox") Hi All I think this is a good policy. We can always find use cases where it fails, but it will help in some cases. And if some one is not able to answer an e-mail every six month, there are probably underlying issues. Also the argument, that the bad guys flood the mailbox is not really acceptable. It just means you can't filter spam. The proposal does not check how the reports are used. But it helps us to enumerate organizations, that don't act, coming up with various excuses, along the lines the best problems are some one else's problems, so let's make it some on else's problem. The fact is: Most mature organizations are perfectly capable of handling such mail boxes, even if they have a high load. Coming from the incident response side, I'm tiered of people constantly telling me, that issues are not their problem Best Serge On 28.04.20 16:01, Petrit Hasani wrote: > Dear colleagues, > > A new version of RIPE policy proposal, 2019-04, "Validation of > "abuse-mailbox"", is now available for discussion. > > This proposal aims to have the RIPE NCC validate "abuse-c:" information > more often and introduces a new validation process. > > Most of the text has been rewritten following the last round of > discussion and the proposal is now at version 3.0. Some key points in > this version: > > - The abuse-mailbox should not force the sender to use a form > - The validation process must ensure that the abuse mailbox is able to > receive messages > - The validation should happen at least every six months > > You can find the full proposal at: > https://www.ripe.net/participate/policies/proposals/2019-04 > > As per the RIPE Policy Development Process (PDP), the purpose of this > four-week Discussion Phase is to discuss the proposal and provide > feedback to the proposer. > > At the end of the Discussion Phase, the proposer, with the agreement of > the Anti-Abuse Working Group Chairs, will decide how to proceed with the > proposal. > > We encourage you to review this proposal and send your comments to > before 27 May 2020. > > Kind regards, > -- > Petrit Hasani > Policy Officer > RIPE NCC > > > > > -- Dr. Serge Droz Chair of the FIRST Board of Directors https://www.first.org ** IPv4 is over Are you ready for the new Internet ? http://www.theipv6company.com The IPv6 Company This electronic message contains information which may be privileged or confidential. The information is intended to be for the exclusive use of the
Re: [anti-abuse-wg] 2019-04 Discussion Phase (Validation of "abuse-mailbox")
El 29/4/20 4:25, "anti-abuse-wg en nombre de No No" escribió: In relation to the policy, where it says: "must not force the sender to use a form." as someone that reports phishing websites, I find the use of forms helpful, as it ensures the company receives the report, particularly where they implement a CAPTCHA. [Jordi] I disagree here and many people has also indicated the same in previous versions discussions. The problem of a form is that is not standard. If you’re reporting abuses to 100 ISPs, and each one has its own form, you really need to do it manually, you can’t automate it. Even if you do the job for automating it, they may change it and your automation may fail. This is economically non-sustainable and means that the cost of the abuse cases is on the back of the one actually reporting. To require the resource to only accept abuse reports via email, means all the criminals have to do is flood the mailbox, making it physically impossible to receive the abuse reports. [Jordi] That's why I’m suggesting the use of standards as one of the options. I’m happy to find a better way or wording to improve it. Do we agree that something that can be fully automatted is much better, even to filter that kind of flooding? If the policy could be amended to include a suggestion that the abuse mailbox contain a verification procedure (such as "your email has been received. Please "click here" to confirm you sent it") it would improve efficiency all around. [Jordi] A previous version had many many many details and it was considered to intrusive, that's why I’m going away from there. In relation to Nick Hilliard's email, where they say: " it is beyond inappropriate for this working group to expect the RIPE NCC to withdraw numbering resources if member organisations don't comply with an arbitrary policy which forces the use of SMTP email like this." This is, in a nutshell, what is wrong with this RIR, and others, such as ARIN. Often I will look up abuse contacts on ARIN, to find that the abuse mailbox bounces, and a message such as "ARIN has attempted to verify this email address since 10-11-2010" - almost 10 YEARS! So, what are you seriously suggesting? Because these people that become offended at the suggestion that it's unreasonable for someone to ensure an email address is valid once per year (very onerous i'm sure), never really say what they really mean, which is really what is inappropriate: that criminals should be able to use a resource indefinitely to pump out spam, host phishing websites, co-ordinate botnets etc... and that the person that receives this crap is not even entitled to let the resource owner know? On Wed, Apr 29, 2020 at 12:01 AM Petrit Hasani wrote: Dear colleagues, A new version of RIPE policy proposal, 2019-04, "Validation of "abuse-mailbox"", is now available for discussion. This proposal aims to have the RIPE NCC validate "abuse-c:" information more often and introduces a new validation process. Most of the text has been rewritten following the last round of discussion and the proposal is now at version 3.0. Some key points in this version: - The abuse-mailbox should not force the sender to use a form - The validation process must ensure that the abuse mailbox is able to receive messages - The validation should happen at least every six months You can find the full proposal at: https://www.ripe.net/participate/policies/proposals/2019-04 As per the RIPE Policy Development Process (PDP), the purpose of this four-week Discussion Phase is to discuss the proposal and provide feedback to the proposer. At the end of the Discussion Phase, the proposer, with the agreement of the Anti-Abuse Working Group Chairs, will decide how to proceed with the proposal. We encourage you to review this proposal and send your comments to before 27 May 2020. Kind regards, -- Petrit Hasani Policy Officer RIPE NCC ** IPv4 is over Are you ready for the new Internet ? http://www.theipv6company.com The IPv6 Company This electronic message contains information which may be privileged or confidential. The information is intended to be for the exclusive use of the individual(s) named above and further non-explicilty authorized disclosure, copying, distribution or use of the contents of this information, even if partially, including attached files, is strictly prohibited and will be considered a criminal offense. If you are not the intended recipient be aware that any disclosure, copying, distribution or use of the contents of this information, even if partially, including attached files, is strictly prohibited, will be considered a criminal offense, so you must reply to the original sender to inform about this communication and delete it.
Re: [anti-abuse-wg] 2019-04 Discussion Phase (Validation of "abuse-mailbox")
Hi Nick, all, I was waiting a few days because I though it will be easier wait for most of the participants to be able to react and then try to summarize and respond to all the comments in a single email. I'm going to try to do it anyway with as fewer emails as I can. This means trying to avoid repeating myself, in the interest of everyone, but if you feel that I'm missing anything which is key, please, let me know. I would suggest to wait a couple of hours, so I stop replying in order to ask something that I will be replying already in minutes ... So ... My responses below, in line, as [Jordi] El 28/4/20 21:28, "anti-abuse-wg en nombre de Nick Hilliard" escribió: Petrit Hasani wrote on 28/04/2020 15:01: > A new version of RIPE policy proposal, 2019-04, "Validation of > "abuse-mailbox"", is now available for discussion. The updated version of this policy proposal is here: > https://www.ripe.net/participate/policies/proposals/2019-04/draft The proposal has the following problems, each of which would be sufficient reason it its own right to reject the proposal: > and must not force the sender to use a form. It's not the job of the RIPE NCC to tell its members how to handle abuse reports, and it is beyond inappropriate for this working group to expect the RIPE NCC to withdraw numbering resources if member organisations don't comply with an arbitrary policy which forces the use of SMTP email like this. [Jordi] The job of the RIPE NCC is to implement the policies agreed by the community. Different folks may consider different pieces of all of our policies as "inappropriate" or "arbitrary" and the goal is to find a point in the middle, which is what we call consensus. I believe is perfectly understandable the need to avoid using manual forms which don't follow a single standard, which means extra work for *everyone*. > [...] is present and can receive messages at least every six months*. > If the validation fails, the RIPE NCC and: > *The RIPE NCC may change the validation period depending on the level > of accuracy of the contacts. For example, switching from six-month to > one-year period once contact accuracy has improved. This addition proposes to micromanage the RIPE NCC even further. Arbitrary time-scales like this are operational details which have no place in a well-thought-out policy. [Jordi] The actual policy has a bigger level of micro-management, by setting one year and not allowing the NCC to change that. I think it is much better to explicitly allow it. One alternative, I will be fine with that, is not define the time at all, and let the NCC to adapt it to the needs. Would you thing this is more appropriate? > This validation process will not check how the abuse cases are > processed. The community should escalate/report back to the RIPE NCC, > so anonymised statistics can be collected and periodically > published. > However, the community should report any situation to the RIPE NCC, > which can provide (anonymous) periodical statistics to the community, > which can take further decisions about that. This proposes that the RIPE NCC becomes an abuse reporting clearinghouse based on unsubstantiated community gossip. This is inappropriate in many different ways. [Jordi] What I'm asking here is to make sure that we have stats. I'm not changing what is an actual practice. You can always report to *any* RIR, what you think is wrong and if you're a good internet citizen, you should do that. I'm happy if you believe that my wording is not good, and we agree on that goal, to find an alternative one. Any suggestion? > It should be clear that the policy intent is not to look into how the > abuse mailbox is monitored or how abuse cases are handled. It's difficult to take this seriously when the intent of most of the rest of the text in the proposal is about using the RIPE NCC to monitor how abuse cases are handled and to ensure that the abuse mailbox is monitored. [Jordi] I can't agree here. If you compare the different versions, you will see that I've taken in consideration the inputs on this and removed lots of text that were considered as telling the resource holders how to do it. The proposal no longer looks if you have a person, a robot, or whatever to monitor de abuse mailbox, or if you ignore the cases. The proposal is self-contradictory, intrusive into NCC membership business processes and there is no compelling reason to believe that the proposal will end up reducing the amount of abuse on the internet. [Jordi] Again, the proposal is trying to ensure that we have stats. Then we, as a community, can decide if we need to do anything or not. I don't think this is intrusive at all and if we compare with other policies, that also tell us how you do the things, because many
Re: [anti-abuse-wg] 2019-04 Discussion Phase (Validation of "abuse-mailbox")
I fully agree with Gert here. The proposal is not trying to punish anyone, just to improve things, make sure that errors are discovered and corrected, and for that we need to have stats and tools. And this is why it was also removed from this version text that we had in previous versions about that. El 29/4/20 8:38, "anti-abuse-wg en nombre de Gert Doering" escribió: Hi, On Wed, Apr 29, 2020 at 12:31:39PM +1000, No No wrote: > I would also like to make another suggestion: > > That where the RIPE has to manually verify an abuse mailbox, the costs of > that verification should be levelled against the resource holder as a fee, > for example: $2 per IPv4 address > > and, > > failing manual verification, that a countdown be implemented and sent to > the abuse mailbox, in the form of: "Click here within 7 days to ensure your > resources are not de-registered" and then if they fail to click that link, > the automatic de-registering of the IP address/resources, and the immediate > sale of that IPv4 address/space to the highest bidder. And *this* is exactly why this proposal is the beginning of a slippery slope that leads to "no way!" land. Mail system misconfigurations happen, even for the best of us. Gert Doering -- NetMaster -- have you enabled IPv6 on something today...? SpaceNet AG Vorstand: Sebastian v. Bomhard, Michael Emmer Joseph-Dollinger-Bogen 14Aufsichtsratsvors.: A. Grundner-Culemann D-80807 Muenchen HRB: 136055 (AG Muenchen) Tel: +49 (0)89/32356-444 USt-IdNr.: DE813185279 ** IPv4 is over Are you ready for the new Internet ? http://www.theipv6company.com The IPv6 Company This electronic message contains information which may be privileged or confidential. The information is intended to be for the exclusive use of the individual(s) named above and further non-explicilty authorized disclosure, copying, distribution or use of the contents of this information, even if partially, including attached files, is strictly prohibited and will be considered a criminal offense. If you are not the intended recipient be aware that any disclosure, copying, distribution or use of the contents of this information, even if partially, including attached files, is strictly prohibited, will be considered a criminal offense, so you must reply to the original sender to inform about this communication and delete it.
Re: [anti-abuse-wg] RIPE NCC Executive Board election
Maybe the point is not talking about illegal, but abusive or not. Internet is about cooperation, if the community, in general believe that a behavior is abusive, we have our policy system to define our rules so we do not tolerate that behavior, and if that means not providing (or even cancelling) number resources to someone which persistently abuse against other community members, it is just fine. Is the same as when we cancel resources for falsified documents. It is also part of our rules. No difference, because we setup our rules. Regards, Jordi @jordipalet El 17/4/20 10:43, "anti-abuse-wg en nombre de Maxi" escribió: Hey, Is this the official point of view from Europol? If so, please have in mind that the RIPE NCC has to follow certain court rules. The RIPE NCC should stay neutral, because only courts could decide if something is illegal or not. //Maxi Impressum: Zeug e.K. Hochstraße 15 92637 Theisseil Inhaber: Maximilian Schieder Telefon: 015678 572314 E-Mail: m...@zeug.co Registergericht: Amtsgericht Weiden in der Oberpfalz Registernummer: HRA 2907 ** IPv4 is over Are you ready for the new Internet ? http://www.theipv6company.com The IPv6 Company This electronic message contains information which may be privileged or confidential. The information is intended to be for the exclusive use of the individual(s) named above and further non-explicilty authorized disclosure, copying, distribution or use of the contents of this information, even if partially, including attached files, is strictly prohibited and will be considered a criminal offense. If you are not the intended recipient be aware that any disclosure, copying, distribution or use of the contents of this information, even if partially, including attached files, is strictly prohibited, will be considered a criminal offense, so you must reply to the original sender to inform about this communication and delete it.
Re: [anti-abuse-wg] Reporting abuse to OVH -- don't bother
Tried that also, and doesn't work for OVH, for Digital Ocean some times. Regards, Jordi @jordipalet El 13/2/20 5:27, "anti-abuse-wg en nombre de Fi Shing" escribió: All OVH and DigitalOcean abuse reports must be submitted via the abuse reporting forms on the website, or they won't be actioned: https://www.ovh.com/world/abuse/ https://www.digitalocean.com/company/contact/abuse/ - Original Message - Subject: Re: [anti-abuse-wg] Reporting abuse to OVH -- don't bother From: "Alessandro Vesely" Date: 2/12/20 11:16 pm To: "anti-abuse-wg@ripe.net" On Wed 12/Feb/2020 09:51:22 +0100 Ronald F. Guilmette wrote: > The RIPE WHOIS data base says that the abose contact for AS16276 is > ab...@ovh.net. > > It would appear thet the folks at OVH haven't yet quite figured how > this whole email thing works. > > Give them time. Another decade or two and they should have it down pat. +1, X-VR-SPAMCAUSE looks particularly appealing... Best Ale Forwarded Message Subject: failure notice Date: 12 Feb 2020 06:18:04 +0200 From: mailer-dae...@mx1.ovh.net To: ab...@tana.it Hi. This is the qmail-send program at mx1.ovh.net. I'm afraid I wasn't able to deliver your message to the following addresses. This is a permanent error; I've given up. Sorry it didn't work out. : user does not exist, but will deliver to /homez.12/vpopmail/domains/ovh.net/abuse/ can not open new email file errno=2 file=/homez.12/vpopmail/domains/ovh.net/abuse/Maildir/tmp/1581481084.9867.mail660.ha.ovh.net,S=4191 system error --- Below this line is a copy of the message. Return-Path: Received: from localhost (HELO queue) (127.0.0.1) by localhost with SMTP; 12 Feb 2020 06:18:04 +0200 Received: from unknown (HELO output25.mail.ovh.net) (10.108.117.188) by mail660.ha.ovh.net with AES256-GCM-SHA384 encrypted SMTP; 12 Feb 2020 06:18:04 +0200 Received: from vr26.mail.ovh.net (unknown [10.101.8.26]) by out25.mail.ovh.net (Postfix) with ESMTP id 48HRFm0K5Sz7P6Fd8 for ; Wed, 12 Feb 2020 04:18:04 + (UTC) Received: from in14.mail.ovh.net (unknown [10.101.4.14]) by vr26.mail.ovh.net (Postfix) with ESMTP id 48HRFf6fgNzrQV85 for ; Wed, 12 Feb 2020 04:17:58 + (UTC) Received-SPF: Pass (mailfrom) identity=mailfrom; client-ip=62.94.243.226; helo=wmail.tana.it; envelope-from=ab...@tana.it; receiver=ab...@ovh.net Authentication-Results: in14.mail.ovh.net; dkim=pass (1152-bit key; unprotected) header.d=tana.it header.i=@tana.it header.b="DSzDkiE5"; dkim-atps=neutral Received: from wmail.tana.it (wmail.tana.it [62.94.243.226]) by in14.mail.ovh.net (Postfix) with ESMTPS id 48HRFf5rYcz1qqm5 for ; Wed, 12 Feb 2020 04:17:58 + (UTC) Received: from localhost (localhost [127.0.0.1]) (uid 1000) by wmail.tana.it with local id 005DC0BE.5E437C70.6938; Wed, 12 Feb 2020 05:17:51 +0100 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=tana.it; s=delta; t=1581481072; bh=hqA0axQ0F0EZuKcuD4BJM7lec22phleodccLJFRo7js=; l=1187; h=From:To:Date; b=DSzDkiE5M2E2RHdufCjt/pvL8szxXfCQCiPcYrJMYxbHDSM6/qNrHDy0JZwW3HfQG jvGk5T7PlE7c6dBvfNjmQl2Z0yTpvjOVufBM6xGVi3WEzkPUb2Wpr0b6oW/Ptan3/d d81pOjTCPaAxOXfx0G1t5PpotLEo0P48qxyNPtkGYVZoMp7kdUev7jtac9Jcq Authentication-Results: tana.it; auth=pass (details omitted) X-mmdbcountrylookup: FR From: "tana.it" To: ab...@ovh.net Date: Wed, 12 Feb 2020 05:17:51 +0100 Subject: Mail server abuse by 188.165.221.36 on 11 February 2020 Mime-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 7bit X-Auto-Response-Suppress: DR, OOF, AutoReply Message-ID: X-Ovh-Remote: 62.94.243.226 (wmail.tana.it) X-Ovh-Tracer-Id: 8968355709213900626 X-VR-SPAMSTATE: OK X-VR-SPAMSCORE: 50 X-VR-SPAMCAUSE: gggruggvucftvghtrhhoucdtuddrgedugedrieeggdeifecutefuodetggdotefrodftvfcurfhrohhfihhlvgemucfqggfjpdevjffgvefmvefgnecuuegrihhlohhuthemucehtddtnecuogfvvgigthfqnhhlhidqqdetfeejfedqtdegucdlhedtmdenucfjughrpefhvfffufggtgfgsehtjedttddttdejnecuhfhrohhmpedfthgrnhgrrdhithdfuceorggsuhhsvgesthgrnhgrrdhitheqnecuffhomhgrihhnpehtrghnrgdrihhtpdhrihhpvgdrnhgvthenucfkphepiedvrdelgedrvdegfedrvddvieenucevlhhushhtvghrufhiiigvpedtnecurfgrrhgrmhepmhhouggvpehsmhhtphdphhgvlhhopehinhdugedrmhgrihhlrdhovhhhrdhnvghtpdhinhgvthepiedvrdelgedrvdegfedrvddviedpmhgrihhlfhhrohhmpegrsghushgvsehtrghnrgdrihhtpdhrtghpthhtoheprggsuhhsvgesohhvhhdrnhgvth X-Ovh-Spam-Status: OK X-Ovh-Spam-Reason: vr: OK; dkim: disabled; spf: disabled X-Ovh-Message-Type: OK Dear Abuse Team The following abusive behavior from IP address under your constituency 188.165.221.36 has been detected: 2020-02-11 11:39:25 CET, 188.165.221.36, old decay: 86400, prob: 34.72%, SMTP auth dictionary attack 188.165.221.36 was caught 102 times since Fri May 18 01:42:13 2018 original data from the mail log: 2020-02-11 11:39:05 CET courieresmtpd: started,ip=[188.165.221.36],port=[58534] 2020-02-11 11:39:05 CET courieresmtpd: started,ip=[188.165.221.36],port=[62026] 2020-02-11 11:39:05 CET courieresmtpd:
Re: [anti-abuse-wg] Reporting abuse to OVH -- don't bother
In my experience, OVH is one of the larger worlwide host of spammers, DDoS, intrusion attempts (SIP, SSH, IMAP, SMTP, etc., etc.), etc., together with cloudstar.is. Any criminal action you can think off … sure a IPs from OVH or Cloudstar are involved! I’m sure there are many other, but in my own case, this is the major %. I’m fighting with them every other day, they never do *anything* despite having provided logs, demonstrations of GDPR abuse, etc., etc. For some reason, it looks to me that most of the so called “email marketing” companies (or databases), which to me are all criminal companies (because it is clear that they keep breaking GDPR and many other rules every other day), using OVH (and sometimes other DCs), are from France. May be their DPA is not doing anything or maybe nobody is complaining “enough” to them. Regards, Jordi @jordipalet El 12/2/20 18:51, "anti-abuse-wg en nombre de Javier Martín" escribió: Hi all. This one of the abuse emails that cries out to heaven. There is an idiot who does not stop attacking us and does not answer the abuse email. Someone knows what to do in this cases? RIPE said that is nothing to do because there is not a "return from their server" to our email. This provider is full of spam, we banned all theirs ips. https://en.asytech.cn/check-ip/89.248.160.193 https://ipinfo.io/AS202425 It is very striking how a Seychelles provider with a new AS number can spam without limits. Kind regards. Javier Sobre 12/02/2020 18:44:24, Alex de Joode escribió: Alessandro, The abuse notification below, is absolutely terrible: it only highlights the OVH IP that was used, however it completely fails to identify the IP/hostname that was "attacked", no action (other than forward the notice to the user of the IP) can be taken. Please in the future include all relevant data in you abuse notice. (src+dst ip are relevant!) Thx. -- IDGARA | Alex de Joode | a...@idgara.nl | +31651108221 | Skype:adejoode On Wed, 12-02-2020 13h 16min, Alessandro Vesely wrote: Dear Abuse Team The following abusive behavior from IP address under your constituency 188.165.221.36 has been detected: 2020-02-11 11:39:25 CET, 188.165.221.36, old decay: 86400, prob: 34.72%, SMTP auth dictionary attack 188.165.221.36 was caught 102 times since Fri May 18 01:42:13 2018 original data from the mail log: 2020-02-11 11:39:05 CET courieresmtpd: started,ip=[188.165.221.36],port=[58534] 2020-02-11 11:39:05 CET courieresmtpd: started,ip=[188.165.221.36],port=[62026] 2020-02-11 11:39:05 CET courieresmtpd: started,ip=[188.165.221.36],port=[63198] 2020-02-11 11:39:25 CET courieresmtpd: started,ip=[188.165.221.36],port=[58743] 2020-02-11 11:39:25 CET courieresmtpd: started,ip=[188.165.221.36],port=[50520] 2020-02-11 11:39:25 CET courieresmtpd: error,relay=188.165.221.36,port=58743,msg="535 Authentication failed.",cmd: AUTH LOGIN 42D117A2.9F10013D ** IPv4 is over Are you ready for the new Internet ? http://www.theipv6company.com The IPv6 Company This electronic message contains information which may be privileged or confidential. The information is intended to be for the exclusive use of the individual(s) named above and further non-explicilty authorized disclosure, copying, distribution or use of the contents of this information, even if partially, including attached files, is strictly prohibited and will be considered a criminal offense. If you are not the intended recipient be aware that any disclosure, copying, distribution or use of the contents of this information, even if partially, including attached files, is strictly prohibited, will be considered a criminal offense, so you must reply to the original sender to inform about this communication and delete it.
Re: [anti-abuse-wg] working in new version of 2019-04 (Validation of "abuse-mailbox")
Maybe I’m not using the right wording. What I’m suggesting is and “intermediation” but automated. NCC staff doesn’t “see” anything, just goes thru a system that logs everything and forwards to each other party. El 17/1/20 13:04, "Volker Greimann" escribió: Hmm, if you include RIPE NCC in all responses, you will greatly increase the overhead and noise to signal ratio it has to deal with. It may be better to maintain the ability to audit the responses. instead of receiving them all. -- Volker A. Greimann General Counsel and Policy Manager KEY-SYSTEMS GMBH T: +49 6894 9396901 M: +49 6894 9396851 F: +49 6894 9396851 W: www.key-systems.net Key-Systems GmbH is a company registered at the local court of Saarbruecken, Germany with the registration no. HR B 18835 CEO: Alexander Siffrin Part of the CentralNic Group PLC (LON: CNIC) a company registered in England and Wales with company number 8576358. On Fri, Jan 17, 2020 at 12:00 PM JORDI PALET MARTINEZ via anti-abuse-wg wrote: I will be fine with this (having RIPE NCC as an intermediator just to send the abuse report), if instead of a web form (or in addition to it), it is possible to automate it, for example RIPE NCC also accepts x-arf via email. RIPE NCC has the obligation to keep the information without disclosing it, so why we need to have a way to encypt it so RIPE NCC can’t read it? Furthermore, this should be an automated process. The staff is not going to handle every report manually. And moreover, in case of a bigger dispute, even if going to the courts, RIPE NCC can provide in a neutral way all the info of what happened. However, I’ve the feeling that in order to get this working, the policy must mandate that all the responser from the operator which customer is producing the abuse, also follow the same path, so: Abuse reporter (Victim or its ISP) -> RIPE NCC -> abuser operator -> RIPE NCC -> abuse reporter Otherwise, there will not be a way for RIPE to have stats of who is responding to abuse cases and who is not, or even simpler than that, what abuse mailboxes get bounced (which will be a policy violation if happens all the time with the same operator). Never mind we decide or not that not-responding is an abuse-c violation. Stats are good, even if not published with operator names. El 17/1/20 1:12, "anti-abuse-wg en nombre de ripedenis--- via anti-abuse-wg" escribió: Hi Sergio As I read through this thread similar ideas came to my mind. The question I would ask is "Is it too late to take a completely different approach to abuse contacts and reporting via the RIPE Database?" Suppose we had a standard form available via the ripe.net website for providing details of abuse. If you are able to find the "abuse-c:" details in the database now then you must know the IP address involved. The RIPE NCC could send the report to the abuse contact taken from the database via the specified IP address. This does not have to be an email interface either. We could look at other options. The RIPE NCC would then at least know if the report was successfully delivered. Using a standard form would make it much easier for the resource holder to interpret the information. Someone said: "Making such a scheme compulsory would be unacceptable to people who wish to interact with network owners without disclosing that in public ..." I have no understanding of the technology involved here, but when I send you a message on WhatsApp it is encrypted end to end. WhatsApp have no idea (they say) of the content of the message. Would it be possible to submit a form on ripe.net in a way that the content of that form is encrypted and sent to the resource holder so the RIPE NCC have no idea of the content of the form? That would satisfy this concern. Regardless of the outcome of the RIPE Database Requirements Task Force, something like this could still be implemented as it is external to the RIPE Database. Food for thought... cheers denis co-chair DB-WG On Wednesday, 15 January 2020, 10:22:28 CET, Sérgio Rocha wrote: Hi, Maybe we can change the approach. If RIPE website had a platform to post abuse report, that send the email for the abuse contact, it will be possible to evaluate the responsiveness of the abuse contact. This way anyone that report an abuse could assess not only the response but also the effectiveness of the actions taken by the network owner. After some time with this evaluations we would easy to realize who manages the reports and even who does not respond at all. Sérgio -Original Message- From: anti-abuse-wg [mailto:anti-abuse-wg-boun...@ripe.net] On Behalf Of Gert Doering Sent: 15 de janeiro de 2020 08:06 To: Carlos Friaças Cc: Gert Doering ; anti-abuse-wg Subject: Re: [anti-abuse-wg] working in new version of 2019-04 (Validation of "abuse-mailbox") Hi, On
Re: [anti-abuse-wg] working in new version of 2019-04 (Validation of "abuse-mailbox")
Hi Alessandro, El 17/1/20 10:24, "anti-abuse-wg en nombre de Alessandro Vesely" escribió: Hi, a few points: The “abuse-mailbox:” attribute must be available in an unrestricted way via whois, APIs and future techniques. I'd explicitly mention RDAP here. It's not a future technique any more You're right, we can explicitly mention RDAP. Confirm that the resource holder understands the procedure and the policy, that they regularly monitor the abuse-mailbox, that measures are taken, and that abuse reports receive a response. I'd skip the last line. In my automated abuse reports a add a header field like "X-Auto-Response-Suppress: DR, OOF, AutoReply". Yet, many abuse team send automatic notifications that I have to skim, possibly hiding real replies that need attention. Responses are due only if needed. Furthermore, couldn't the RIPE NCC have a web form, possibly advertised in RDAP output, where receivers of NDNs from abuse-c contacts can notify that a given mailbox bounces? The effect of filling such form would be to advance the mailbox position in the validation queue. Finally, IMHO: On Tue 14/Jan/2020 10:24:42 +0100 JORDI PALET MARTINEZ via anti-abuse-wg wrote: > El 14/1/20 0:11, "Leo Vegoda" escribió: > >> It creates hope for reporters and wastes the RIPE NCC's and the >> reporters' resources by forcing unwilling organizations to spend >> cycles on unproductive activity. >> >> Why not give networks two options? >> >> 1. Publish a reliable method for people to submit abuse reports - and act on it >> 2. Publish a statement to the effect that the network operator does >> not act on abuse reports >> >> This would save lots of wasted effort and give everyone more reliable >> information about the proportion of networks/operators who will and >> won't act on abuse reports. > > Even if I think that the operators MUST process abuse cases, if the > community thinks otherwise, I'm happy to support those two options in the > proposal. For example, an autoresponder in the abuse-c mailbox for those > that don't intend to process the abuse cases to option 2 above? No, autoresponders waste even more resources. In case, let's use a conventional address like, say, noone@localhost to decline to receive abuse reports. There would be no attempt to validate such address. There are a number of cases, especially in large organizations, where a mailbox fails to work because email refurbishing resulted in mail loops, erroneous forwarding, dead relays, and the like. Having an alternative contact can bring attention to the fact and reestablish the functionality. There are cases where there is no abuse team and holders don't care. Sooner or later the community will find out how to set up some kind of Don't Route Or Peer list of those. However, forcing them to have a "working" abuse-c is nonsensical. Best Ale > > > There might be some value in having the RIPE NCC cooperate with > networks who want help checking that their abuse-c is working. But > this proposal seems to move the RIPE NCC from the role of a helpful > coordinator towards that of an investigator and judge. > > No, I don't think so, but I'm happy to modify the text if it looks like that. > > > > > > ** > IPv4 is over > Are you ready for the new Internet ? > http://www.theipv6company.com > The IPv6 Company > > This electronic message contains information which may be privileged or confidential. The information is intended to be for the exclusive use of the individual(s) named above and further non-explicilty authorized disclosure, copying, distribution or use of the contents of this information, even if partially, including attached files, is strictly prohibited and will be considered a criminal offense. If you are not the intended recipient be aware that any disclosure, copying, distribution or use of the contents of this information, even if partially, including attached files, is strictly prohibited, will be considered a criminal offense, so you must reply to the original sender to inform about this communication and delete it. > > > > > ** IPv4 is over Are you ready for the new Internet ? http://www
[anti-abuse-wg] working in new version of 2019-04 (Validation of "abuse-mailbox")
Hi Michele, (changing the subject so we can correctly track this and following emails) The last version is available here: https://www.ripe.net/participate/policies/proposals/2019-04 But the goal of this discussion is to understand what the community want, for making a new version. I think we are having a good discussion with several key points and already looking in a way forward. Regards, Jordi @jordipalet El 17/1/20 11:49, "anti-abuse-wg en nombre de Michele Neylon - Blacknight" escribió: I've been trying to follow the back and forth here over the last few days and to be honest I'm rather confused. Which text is actually being proposed? A lot of the discussion here seems to have gone off into all sorts of tangents and it's hard to see what is actually being discussed Michele -- Mr Michele Neylon Blacknight Solutions Hosting, Colocation & Domains https://www.blacknight.com/ https://blacknight.blog/ Intl. +353 (0) 59 9183072 Direct Dial: +353 (0)59 9183090 Personal blog: https://michele.blog/ Some thoughts: https://ceo.hosting/ --- Blacknight Internet Solutions Ltd, Unit 12A,Barrowside Business Park,Sleaty Road,Graiguecullen,Carlow,R93 X265,Ireland Company No.: 370845 ** IPv4 is over Are you ready for the new Internet ? http://www.theipv6company.com The IPv6 Company This electronic message contains information which may be privileged or confidential. The information is intended to be for the exclusive use of the individual(s) named above and further non-explicilty authorized disclosure, copying, distribution or use of the contents of this information, even if partially, including attached files, is strictly prohibited and will be considered a criminal offense. If you are not the intended recipient be aware that any disclosure, copying, distribution or use of the contents of this information, even if partially, including attached files, is strictly prohibited, will be considered a criminal offense, so you must reply to the original sender to inform about this communication and delete it.
Re: [anti-abuse-wg] working in new version of 2019-04 (Validation of "abuse-mailbox")
I will be fine with this (having RIPE NCC as an intermediator just to send the abuse report), if instead of a web form (or in addition to it), it is possible to automate it, for example RIPE NCC also accepts x-arf via email. RIPE NCC has the obligation to keep the information without disclosing it, so why we need to have a way to encypt it so RIPE NCC can’t read it? Furthermore, this should be an automated process. The staff is not going to handle every report manually. And moreover, in case of a bigger dispute, even if going to the courts, RIPE NCC can provide in a neutral way all the info of what happened. However, I’ve the feeling that in order to get this working, the policy must mandate that all the responser from the operator which customer is producing the abuse, also follow the same path, so: Abuse reporter (Victim or its ISP) -> RIPE NCC -> abuser operator -> RIPE NCC -> abuse reporter Otherwise, there will not be a way for RIPE to have stats of who is responding to abuse cases and who is not, or even simpler than that, what abuse mailboxes get bounced (which will be a policy violation if happens all the time with the same operator). Never mind we decide or not that not-responding is an abuse-c violation. Stats are good, even if not published with operator names. El 17/1/20 1:12, "anti-abuse-wg en nombre de ripedenis--- via anti-abuse-wg" escribió: Hi Sergio As I read through this thread similar ideas came to my mind. The question I would ask is "Is it too late to take a completely different approach to abuse contacts and reporting via the RIPE Database?" Suppose we had a standard form available via the ripe.net website for providing details of abuse. If you are able to find the "abuse-c:" details in the database now then you must know the IP address involved. The RIPE NCC could send the report to the abuse contact taken from the database via the specified IP address. This does not have to be an email interface either. We could look at other options. The RIPE NCC would then at least know if the report was successfully delivered. Using a standard form would make it much easier for the resource holder to interpret the information. Someone said: "Making such a scheme compulsory would be unacceptable to people who wish to interact with network owners without disclosing that in public ..." I have no understanding of the technology involved here, but when I send you a message on WhatsApp it is encrypted end to end. WhatsApp have no idea (they say) of the content of the message. Would it be possible to submit a form on ripe.net in a way that the content of that form is encrypted and sent to the resource holder so the RIPE NCC have no idea of the content of the form? That would satisfy this concern. Regardless of the outcome of the RIPE Database Requirements Task Force, something like this could still be implemented as it is external to the RIPE Database. Food for thought... cheers denis co-chair DB-WG On Wednesday, 15 January 2020, 10:22:28 CET, Sérgio Rocha wrote: Hi, Maybe we can change the approach. If RIPE website had a platform to post abuse report, that send the email for the abuse contact, it will be possible to evaluate the responsiveness of the abuse contact. This way anyone that report an abuse could assess not only the response but also the effectiveness of the actions taken by the network owner. After some time with this evaluations we would easy to realize who manages the reports and even who does not respond at all. Sérgio -Original Message- From: anti-abuse-wg [mailto:anti-abuse-wg-boun...@ripe.net] On Behalf Of Gert Doering Sent: 15 de janeiro de 2020 08:06 To: Carlos Friaças Cc: Gert Doering ; anti-abuse-wg Subject: Re: [anti-abuse-wg] working in new version of 2019-04 (Validation of "abuse-mailbox") Hi, On Wed, Jan 15, 2020 at 07:23:38AM +, Carlos Friaças via anti-abuse-wg wrote: > I obviously don't speak for the incident handling community, but i > think this (making it optional) would be a serious step back. The > current situation is already very bad when in some cases we know from > the start that we are sending (automated) messages/notices to blackholes. So why is it preferrable to send mails which are not acted on, as opposed to "not send mail because you know beforehand that the other network is not interested"? I can see that it is frustrating - but I still cannot support a policy change which will not help dealing with irresponsible networks in any way, but at the same time increases costs and workload for those that do the right thing alrady. > To an extreme, there should always be a known contact responsible for > any network infrastructure. If this is not the case, what's the > purpose of a registry then? "a known contact" and "an *abuse-handling* contact" is not the same thing. Gert Doering -- NetMaster -- have you enabled IPv6 on
Re: [anti-abuse-wg] @EXT: RE: working in new version of 2019-04 (Validation of "abuse-mailbox")
Hi Denis, El 17/1/20 0:30, "ripede...@yahoo.co.uk" escribió: Colleagues I have just read this whole thread, it took a while (I should get sick more often and spend a day in bed reading emails). I have a few points to make. Some are similar to points already raised but I will reinforce them. I cut out the bits I want to respond to, but sorry I have not included the authors (you will know if it's you). "If I need to use a web form, which is not standard, for every abuse report that I need to submit, there is no sufficient time in the world to fill all them." So instead each resource holder must interpret randomly written emails and find any relevant information from within lots of junk. There are open source tools to extract the logs from an automated abuse reporting system (for example fail2ban), and it very easy to configure them for your own needs. In any case, much easier than having a different web form non-standard for every ISP that requires that. Of course, as said, ideally a standard system could be used. May be is time to specify it in the policy, and this is something that I’m already considering in the next version, depending on what I can interpret from all this discussion. "ever since the day that RIPE NCC first published an abuse reporting address in the data base, it has, in effect, injected itself, even if only to a minimal degree, into the relationship between a network abuse victim and the relevant resource holders that have clear connections to the abuse source" To be clear, the RIPE NCC is the data controller, not the data content provider. The RIPE NCC does not publish the abuse contacts, they facilitate resource holders to publish them. "make abuse-c: an optional attribute (basically, unrolling the "mandatory" part of the policy proposal that introduced it in the first place)" As co-author/designer of "abuse-c:" one of the original aims of the "abuse-c:" attribute was to provide one single point of contact for a resource holder's abuse reports. If it is made optional, abuse reports would simply be sent to the "admin-c:", "tech-c:", "notify:", etc email addresses, as they were before. People will simply search the database for any email address associated with the resource holder and spam them all. It won't stop abuse reports being sent 'somewhere'. And once someone has had to go to the trouble of finding a list of email addresses to use for the resource holder who has no "abuse-c:", then they will probably do the same for all reports they send. So those of you who do respond to abuse complaints will find complaints being sent to a whole host of your email addresses from the RIPE Database. We lose the 'keep it in one well defined location' benefit. I agree with you on this. I think the alternative is the autoresponder I mention. So keep the abuse-c mandatory, but tell the reporters “I will ignore your report”. "at the very least, RIPE NCC could set up and maintain just a basic review "platform" where the public at large can at least make it known to all observers which networks are the assholes and which ones aren't." This would be an excellent way for a network operator to 'take out' their competitors. "While I would accept Gert's proposal for making abuse-c an optional attribute, the reason I offered a counter proposal for publishing "a statement to the effect that the network operator does not act on abuse reports" is to add clarity at a high level." How many operators are going to make such a statement? It would become an invitation to block their traffic. If that was the alternative to any verification then they know if they don't make such a statement there will be no penalty. So just don't make a statement and still ignore the reports. Yes and not. Money talks. But at least you know what you can expect from any operator, instead of insisting in sending reports and wasting time trying to contact them. May be the point to have in the policy is that if you don’t have a valid abuse-c (so it is mandatory), either you choose to respond to abuses, or you have an autoresponder to tell you are not taking care of them. If you don’t have one or the other, it is a policy violation. "i'm more worried about someone using real e-mail addresses of real unrelated people than the /dev/null or unattended mailboxes." Separately to this discussion we need to have a mechanism to say "Remove my email address from this resource", as Google has when someone uses your gmail address as a recovery address. (A service I use on a weekly basis) I guess this is not needed. If someone is using my email in a non-related contact at the RIPE databases, and I notice it, clearly, I can tell to RIPE NCC: this is fake, please remove it. Otherwise RIPE NCC may be liable for the damages. "Nice analogy, but when you add the eCommerce Directive into the mix, where a
Re: [anti-abuse-wg] @EXT: RE: working in new version of 2019-04 (Validation of "abuse-mailbox")
Hi Richard, El 16/1/20 21:37, "anti-abuse-wg en nombre de Richard Clayton" escribió: In message , JORDI PALET MARTINEZ via anti-abuse-wg writes >So, if I'm reading it correctly (not being a lawyer), a service provider not >acting against abuse when it has been informed of so, is liable. don't get confused between the "Hosting" and "Mere Conduit" provisions > I'm sure if the >service provider tries to avoid being "informed" by not looking at notifications >(email, postal, fax, etc.), they will also be liable in front of courts. correct, but that's a "Hosting" aspect and that's not necessarily the issue when considering spam (which is certainly some of what is being considered under the generic "abuse" label) I'm not sure to understand what do you mean. In my opinion, if the hosting provider is the resource-holder of the addresses being used for any abuse (including spam), he is the responsible against the law and he is consequently liable of possible damages. -- richard Richard Clayton Those who would give up essential Liberty, to purchase a little temporary Safety, deserve neither Liberty nor Safety. Benjamin Franklin 11 Nov 1755 ** IPv4 is over Are you ready for the new Internet ? http://www.theipv6company.com The IPv6 Company This electronic message contains information which may be privileged or confidential. The information is intended to be for the exclusive use of the individual(s) named above and further non-explicilty authorized disclosure, copying, distribution or use of the contents of this information, even if partially, including attached files, is strictly prohibited and will be considered a criminal offense. If you are not the intended recipient be aware that any disclosure, copying, distribution or use of the contents of this information, even if partially, including attached files, is strictly prohibited, will be considered a criminal offense, so you must reply to the original sender to inform about this communication and delete it.
Re: [anti-abuse-wg] @EXT: RE: working in new version of 2019-04 (Validation of "abuse-mailbox")
Hi Alex, Undersood, and thanks a lot; it is very helpful to know that the ecommerce directive has a problem. As said, I’m not advocating for RIPE to take actions if the operator doesn’t react on an abuse case. What I’m trying to make sure, mainly, is that the abuse contact is a *real one*. The actual validation doesn’t ensure this. So the current situation (using your words) is not correct. I think this is the main problem. I believe most of the LIRs/end-users, don’t understand that there is a “small” problem here. So a direct question. Do you think it is acceptable that RIPE NCC does a good validation (as done by ARIN, APNIC and soon LACNIC), or it is acceptable that any operator can use a fake email? Regards, Jordi @jordipalet El 16/1/20 18:04, "Alex de Joode" escribió: Hi Jordi, The inability based on the current ecommerce directive to adequately hold providers responsible when they ignore notices is the reason the Dutch government came up with some 'suggestions' on how to fix these. I'm involved in mitigating the adverse effects of these proposals. (I'm a lawyer and a lobbyist, so a double bad ;)) In my opinion RIPE should ensure those willing have an easy means of knowing who to contact. (that is the current situation) Full mailboxes/bounces etc is something the resource holder should take care of himself. Resource holders who are not interested in properly handling notices, and are striving for a 'McColo status' should be dealt with. However that should not be a role nor a responsibility of RIPE. Europol' EC3, JIT's, local police etc should primarily deal with this (yes takes time and effeort). Advocating for a role for RIPE basically is outsourcing policing (based on Term of Service, something advocated by "your local police" as this looks like a "quick fix" however expect them to insist your ToS needs to have an article "x" and "y" soon.), and removes a lot of due process safeguards you have under the criminal system. If the internet is a "wretched hive of scum and villainy" the powers that be should allocate enough resources to deal with the problem. -- IDGARA | Alex de Joode | a...@idgara.nl | +31651108221 | Skype:adejoode On Thu, 16-01-2020 17h 17min, JORDI PALET MARTINEZ via anti-abuse-wg wrote: Hi Alex, My reading of the eCommerce Directive (https://eur-lex.europa.eu/legal-content/EN/ALL/?uri=CELEX:32000L0031) is different. Some points (most relevant text only): (40) … the provisions of this Directive relating to liability should not preclude the development and effective operation, by the different interested parties, of technical systems of protection and identification and of technical surveillance instruments … (44) A service provider who deliberately collaborates with one of the recipients of his service in order to undertake illegal acts goes beyond the activities of "mere conduit" or "caching" and as a result cannot benefit from the liability exemptions established for these activities. (46) In order to benefit from a limitation of liability, the provider of an information society service, consisting of the storage of information, upon obtaining actual knowledge or awareness of illegal activities has to act expeditiously to remove or to disable access to the information concerned ... So, if I'm reading it correctly (not being a lawyer), a service provider not acting against abuse when it has been informed of so, is liable. I'm sure if the service provider tries to avoid being "informed" by not looking at notifications (email, postal, fax, etc.), they will also be liable in front of courts. Regards, Jordi @jordipalet El 16/1/20 16:40, "Alex de Joode" escribió: Jordi, Nice analogy, but when you add the eCommerce Directive into the mix, where a network provider (or hosting provider) is not liable for what their users do, the outcome changes. Only if you have knowledge there might be a possibility for liability, but if you do not accept abuse notices, and therefore do not have knowledge you are not liable. Also note there is no monitoring obligation, but if you do monitor you can gain knowledge and become liable for -everything-. So the current legal environment (in the EU) isn't very 'pro' abuse handling. -- IDGARA | Alex de Joode | a...@idgara.nl | +31651108221 | Skype:adejoode On Thu, 16-01-2020 15h 18min, JORDI PALET MARTINEZ via anti-abuse-wg wrote: Let’s try to see it from another perspective. If you’re an electricity provider, and one of your customers injects 1.000 v into the network and thus create damages to other customers (even from other electricity providers), the electricity provider must have the means to resolve the problem, disconnect that customer if needed, and pay the damages if the customer creating them don’t do that. W
Re: [anti-abuse-wg] @EXT: RE: working in new version of 2019-04 (Validation of "abuse-mailbox")
Hi Alex, My reading of the eCommerce Directive (https://eur-lex.europa.eu/legal-content/EN/ALL/?uri=CELEX:32000L0031) is different. Some points (most relevant text only): (40) … the provisions of this Directive relating to liability should not preclude the development and effective operation, by the different interested parties, of technical systems of protection and identification and of technical surveillance instruments … (44) A service provider who deliberately collaborates with one of the recipients of his service in order to undertake illegal acts goes beyond the activities of "mere conduit" or "caching" and as a result cannot benefit from the liability exemptions established for these activities. (46) In order to benefit from a limitation of liability, the provider of an information society service, consisting of the storage of information, upon obtaining actual knowledge or awareness of illegal activities has to act expeditiously to remove or to disable access to the information concerned ... So, if I'm reading it correctly (not being a lawyer), a service provider not acting against abuse when it has been informed of so, is liable. I'm sure if the service provider tries to avoid being "informed" by not looking at notifications (email, postal, fax, etc.), they will also be liable in front of courts. Regards, Jordi @jordipalet El 16/1/20 16:40, "Alex de Joode" <mailto:a...@idgara.nl> escribió: Jordi, Nice analogy, but when you add the eCommerce Directive into the mix, where a network provider (or hosting provider) is not liable for what their users do, the outcome changes. Only if you have knowledge there might be a possibility for liability, but if you do not accept abuse notices, and therefore do not have knowledge you are not liable. Also note there is no monitoring obligation, but if you do monitor you can gain knowledge and become liable for -everything-. So the current legal environment (in the EU) isn't very 'pro' abuse handling. -- IDGARA | Alex de Joode | a...@idgara.nl | +31651108221 | Skype:adejoode On Thu, 16-01-2020 15h 18min, JORDI PALET MARTINEZ via anti-abuse-wg wrote: Let’s try to see it from another perspective. If you’re an electricity provider, and one of your customers injects 1.000 v into the network and thus create damages to other customers (even from other electricity providers), the electricity provider must have the means to resolve the problem, disconnect that customer if needed, and pay the damages if the customer creating them don’t do that. When this happens, most of the time, the customer insurance will cover it, initially, and then claim to the electricity provider insurance, which in turn, can claim to the customer creating the trouble. If insurance doesn’t work, most of the time, law will make the electricity provider responsible at the same level of the defaulting customer (especially if this one doesn’t pay the damages). I’m sure that this is the same in every EU country. Can we agree on that? This is totally symmetric to the Internet. An operator provides a service. If a customer is creating damages, even to customers of other operators, the minimum that the provider of the defaulting customer should be able to do is: 1) Receive the abuse report (it can be automated) 2) Investigate the abuse (it can be automated in many cases, especially if we mandate a format for the reporting, and there are open source tools that do that for most of the cases) 3) If it is against the AUP which its customers, take actions, warnings to the customer the first time, etc., even disconnecting the customer (of course, this means losing customers such as spammers that pay a lot …) I don’t expect to respond to the abuse, but it’s nice to do. There are many open source ticket systems that do most of this. I don’t expect to compensate the victims, but I’m sure it can be done if the victims go to the courts. No difference with the electricity example, just we don’t have (as I know) this kind of insurance for Internet abuses. Actually, it will be very nice to have those insurances, because insurance companies have the power to put together many claims in the courts, so operators that don’t care about abuse pay for it. Saludos, Jordi @jordipalet El 16/1/20 15:03, "anti-abuse-wg en nombre de Volker Greimann" <mailto:anti-abuse-wg-boun...@ripe.net en nombre de mailto:vgreim...@key-systems.net> escribió: Hi Sara, isn't making the world (and the internet) first and foremost a job of law enforcement agencies like the police and Europol? While I agree that everyone has a role to play, crime prevention and protection of the public is part of the LEA job description, right? Civil society entities certainly have a role to play, but it does not help trying to deputize them into a role they do not carry. I disagree that the contract language you qu
Re: [anti-abuse-wg] @EXT: RE: working in new version of 2019-04 (Validation of "abuse-mailbox")
Hi Alex, El 16/1/20 16:30, "anti-abuse-wg en nombre de Alex de Joode" escribió: Hi Sara, The issue with your statement below is that RIPE NCC cannot (legally, under Dutch contract law) disconnect resources if a resource holder (or more likely his customer) does not (properly) deal with abuse complaints. (for instance due to reasons of proportionality) Currently RIPE NCC mandates an email address for receiving abuse notices (which is good, as companies can specify a specific address that is monitored by people who can take action, and notifiers have a way to find out where to sent notices for speedy resolution). The availability of this address is checked by RIPE. So the current system basically works to enhance the infrastructure for those that are willing to deal with abuse notices. This is where we disagree: The current system doesn’t work. Only checks that “a mailbox” exist, but not that the mailbox works, isn’t full, bounces, or it has your email address for *your* abuse-c. It seems a simple issue, but a policy amendment is required to make the RIPE NCC to change this and make it coherent same as in ARIN, APNIC and (as soon as implemented) LACNIC. Some within this community do feel this is not enough. That as RIPE controls resources, RIPE should be put in a position to leverage these resources in such a way as to ensure all it's resource holders deal with abuse notice in a proper way. This would then lead to a crime free internet and everybody is happy. Implementing this is a fundament shift in the role and responsibility of RIPE. A large and vocal group here, do not believe this "deputisation" is the direction RIPE should pursue. That does not mean they are in favour of a "un-safe, spam infested, crime ridden internet", they just feel this issue should be address via leveraging RIPE resouces. -- IDGARA | Alex de Joode | a...@idgara.nl | +31651108221 | Skype:adejoode On Thu, 16-01-2020 14h 23min, "Marcolla, Sara Veronica" wrote: Very well put, Sérgio. Thank you for voicing clearly the concern of (at least a part of) the community. We should not forget that, according to the provisions of RIPE NCC audits, “every party that has entered into an agreement with the RIPE NCC is contractually obliged to provide the RIPE NCC with complete, updated and accurate information necessary for the provision of the RIPE NCC services and to assist the RIPE NCC with audits and security checks”. Complete, accurate information goes hand in hand with a duty of care, of promptly taking actions against abuse, and should be accompanied by a social responsibility of trying to make the Internet a safe and secure place for everyone, thus not enabling actively DDoS, spammers, and criminals in general. If the community does not agree that everyone has the right to a safe, spam free, crime free Internet, maybe we have some issue to solve here first. Kind regards, Sara Europol - O3 European Cyber Crime Centre (EC3) Eisenhowerlaan 73, 2517 KK The Hague, The Netherlands www.europol.europa.eu From: anti-abuse-wg On Behalf Of Sérgio Rocha Sent: 16 January 2020 13:38 To: anti-abuse-wg@ripe.net Subject: Re: [anti-abuse-wg] working in new version of 2019-04 (Validation of "abuse-mailbox") Hi, Agree, This anti-abuse list seems the blocking group to any anit-abuse response measure. It's amazing that nobody cant propose anything without receiving a shower of all sorts of arguments against There is an idea that everyone has to hold, if as a community we cannot organize a policy, one of these days there will be a problem that will make governments take the opportunity to legislate and we will no longer have the free and open internet. There are a feew ideas that is simple to understand: 1 - If you have been assigned a network you have responsibilities, paying should not be the only one. 2 - There is no problem with email, since ever are made solutions to integrate with emails. There is no need to invent a new protocol. Who has a lot of abuse, invests in integrating these emails. 3 - If you have no ability to manage abuse should not have addressing, leave it to professionals. The internet is critical for everyone, the ability for actors to communicate with each other to respond to abuse must exist and RIPE must ensure that it exists. It’s like the relation with local governments, there is a set of information that has to be kept up to date to avoid problems, in RIPE it must be the same. Sergio From: anti-abuse-wg [mailto:anti-abuse-wg-boun...@ripe.net] On Behalf Of Fi Shing Sent: 16 de janeiro de 2020 04:55 To: anti-abuse-wg@ripe.net Subject: Re: [anti-abuse-wg] working in new version of 2019-04 (Validation of "abuse-mailbox") >> Best not to judge the race until it has been fully run. I just do not understand how anyone on this list (other than a
Re: [anti-abuse-wg] @EXT: RE: working in new version of 2019-04 (Validation of "abuse-mailbox")
Hi Volker, El 16/1/20 16:03, "anti-abuse-wg en nombre de Volker Greimann" escribió: Hi Jordi, your example seems a bit off though. If your contract is with your ISP and you need to complain to them, why would you complain to another ISP you have no contract with? Text was not clear … I’m the victim. My ISP is A. The abuser ISP is B. I can complain to A, so he can complain to B. I also don’t see any issue anyway, for me to complain directly to B. I agree that current GDPR implementations may impact the contactibility of the customer, but that can be improved in GDPR-compliant manners that do not require playing chinese whispers down the chain. Not objecting to your 3. but you need to consider it may not be the contractual partner acting against the contract. They may be a victim as well, and therefore enforcing any actions against them may be unproductive. Would you shut down Google.com because of one link to a site violating third party rights? Agree. I’m a family. I know nothing about IT. My wireless is open, or somehow my network has been hacked and is being used for sending spam or DDoS. The ISP is still responsible for making sure that the problem is resolved, either warning the user, helping them, or blocking (until the user solves the problem) the relevant ports (even the connection if needed). It is up to the local legislation if the user has any responsibility or not. This is probably out of scope for our policy, right? But if the ISP is not reacting at all, he is risking that other operators block him, right? That’s why I still believe that abuse-c must be mandatory, unless you clearly state that you ignore abuse cases. Best, Volker Am 16.01.2020 um 15:52 schrieb JORDI PALET MARTINEZ via anti-abuse-wg: Hi Volker, I don’t agree with that, because: 1) I believe the electricity sample I provided proves otherwise. My contract is with the electricity provider (the Internet provider), so I need to complain to them and they need to follow the chain. 2) For a victim, to complain directly to the customer (not the operator), will need to know the data of the “abuser” which may be protected by GDPR. 3) Customers sign a contract with the operator. The contract must have clear conditions (AUP) about the appropriate use of the network. If you act against that contract, the problem is with the operator, not victims. By the way, if an operator has a badly designed AUP, either they are doing a bad job, or they have *no interest* in acting against abuses. Regards, Jordi @jordipalet El 16/1/20 15:44, "anti-abuse-wg en nombre de Volker Greimann" escribió: Obviously every user should lock their doors / protect themselves against fraud. I am just saying that the ability of many service providers to curtail abuse of their system (without impacting legitimate uses) is very limited as it may not their customers doing the abusing and any targeted action against those customers themselvesd would be inappropriate and affect many legitimate users of their services. At what point should a network service provider remove privileges from a customer that is himself being abused but is technically unable to deal with it properly? Would the complaint not be better directed at that customer, not the provider, since they are the ones that can resolve this issue in a more targetted and appropriate manner? How does the service provider differentiate between a customer that is abusing vs one that is being abused? Deputising the service providers will not necessarily solve the problems, and possibly create many new ones. In the domain industry, we were required to provide an abuse contact, however the reports we get to that address usually deal with issues we cannot do much about other than pulling or deactivating the domain name, which is usually the nuclear option. So we spend our time forwarding abuse mails to our customers that the complainant should have sent to the customer directly. Best, volker Am 16.01.2020 um 15:16 schrieb Serge Droz via anti-abuse-wg: Hi Volker On 16/01/2020 15:03, Volker Greimann wrote: isn't making the world (and the internet) first and foremost a job of law enforcement agencies like the police and Europol? Law enforcement's job primarily is arresting criminals. And yes they do prevention. But you can't stop locking your door or walk by fight just ignoring it, because it's LEA's job. This is even more true on the internet, where CERT's have long been working together fighting cybercrime etc. While there obviously is an appeal to the notion of "The best problems are some one else's problem" my believe is we don't want to have an internet or a world, for that matter, where this is how things run. The internet is a bottom up thing, it is so cool because people follow protocols, that are not law. There was a time whn this wasn't a given: Durin
Re: [anti-abuse-wg] @EXT: RE: working in new version of 2019-04 (Validation of "abuse-mailbox")
Hi Volker, I don’t agree with that, because: I believe the electricity sample I provided proves otherwise. My contract is with the electricity provider (the Internet provider), so I need to complain to them and they need to follow the chain. For a victim, to complain directly to the customer (not the operator), will need to know the data of the “abuser” which may be protected by GDPR. Customers sign a contract with the operator. The contract must have clear conditions (AUP) about the appropriate use of the network. If you act against that contract, the problem is with the operator, not victims. By the way, if an operator has a badly designed AUP, either they are doing a bad job, or they have *no interest* in acting against abuses. Regards, Jordi @jordipalet El 16/1/20 15:44, "anti-abuse-wg en nombre de Volker Greimann" escribió: Obviously every user should lock their doors / protect themselves against fraud. I am just saying that the ability of many service providers to curtail abuse of their system (without impacting legitimate uses) is very limited as it may not their customers doing the abusing and any targeted action against those customers themselvesd would be inappropriate and affect many legitimate users of their services. At what point should a network service provider remove privileges from a customer that is himself being abused but is technically unable to deal with it properly? Would the complaint not be better directed at that customer, not the provider, since they are the ones that can resolve this issue in a more targetted and appropriate manner? How does the service provider differentiate between a customer that is abusing vs one that is being abused? Deputising the service providers will not necessarily solve the problems, and possibly create many new ones. In the domain industry, we were required to provide an abuse contact, however the reports we get to that address usually deal with issues we cannot do much about other than pulling or deactivating the domain name, which is usually the nuclear option. So we spend our time forwarding abuse mails to our customers that the complainant should have sent to the customer directly. Best, volker Am 16.01.2020 um 15:16 schrieb Serge Droz via anti-abuse-wg: Hi Volker On 16/01/2020 15:03, Volker Greimann wrote: isn't making the world (and the internet) first and foremost a job of law enforcement agencies like the police and Europol? Law enforcement's job primarily is arresting criminals. And yes they do prevention. But you can't stop locking your door or walk by fight just ignoring it, because it's LEA's job. This is even more true on the internet, where CERT's have long been working together fighting cybercrime etc. While there obviously is an appeal to the notion of "The best problems are some one else's problem" my believe is we don't want to have an internet or a world, for that matter, where this is how things run. The internet is a bottom up thing, it is so cool because people follow protocols, that are not law. There was a time whn this wasn't a given: During the "Browser wars" different producer leveraged ambiguities in the HTML standard, and the end result was horrible. We don't want this. If we delegate the problem, we've already lost. Best Serge -- Volker A. Greimann General Counsel and Policy Manager KEY-SYSTEMS GMBH T: +49 6894 9396901 M: +49 6894 9396851 F: +49 6894 9396851 W: www.key-systems.net Key-Systems GmbH is a company registered at the local court of Saarbruecken, Germany with the registration no. HR B 18835 CEO: Alexander Siffrin Part of the CentralNic Group PLC (LON: CNIC) a company registered in England and Wales with company number 8576358. ** IPv4 is over Are you ready for the new Internet ? http://www.theipv6company.com The IPv6 Company This electronic message contains information which may be privileged or confidential. The information is intended to be for the exclusive use of the individual(s) named above and further non-explicilty authorized disclosure, copying, distribution or use of the contents of this information, even if partially, including attached files, is strictly prohibited and will be considered a criminal offense. If you are not the intended recipient be aware that any disclosure, copying, distribution or use of the contents of this information, even if partially, including attached files, is strictly prohibited, will be considered a criminal offense, so you must reply to the original sender to inform about this communication and delete it.
Re: [anti-abuse-wg] @EXT: RE: working in new version of 2019-04 (Validation of "abuse-mailbox")
El 16/1/20 15:25, "anti-abuse-wg en nombre de Ronald F. Guilmette" escribió: In message , JORDI PALET MARTINEZ via anti-abuse-wg wrote: >I'm sure that this is the same in every EU country. Can we agree on that? Quite certainly not! Doing so would break ALL established precedent! I used EU on purpose here. I didn't want to say every RIPE NCC country. I really think the electricity case I've described works that way in EU countries. Anyone believes not? Any lawyer in the list can provides hints why yes or why not? When was the last time this working group agreed on *anything*? Regards, rfg P.S. And anyway, as I myself have just been reminded, RIPE != EU. ** IPv4 is over Are you ready for the new Internet ? http://www.theipv6company.com The IPv6 Company This electronic message contains information which may be privileged or confidential. The information is intended to be for the exclusive use of the individual(s) named above and further non-explicilty authorized disclosure, copying, distribution or use of the contents of this information, even if partially, including attached files, is strictly prohibited and will be considered a criminal offense. If you are not the intended recipient be aware that any disclosure, copying, distribution or use of the contents of this information, even if partially, including attached files, is strictly prohibited, will be considered a criminal offense, so you must reply to the original sender to inform about this communication and delete it.
Re: [anti-abuse-wg] @EXT: RE: working in new version of 2019-04 (Validation of "abuse-mailbox")
Let’s try to see it from another perspective. If you’re an electricity provider, and one of your customers injects 1.000 v into the network and thus create damages to other customers (even from other electricity providers), the electricity provider must have the means to resolve the problem, disconnect that customer if needed, and pay the damages if the customer creating them don’t do that. When this happens, most of the time, the customer insurance will cover it, initially, and then claim to the electricity provider insurance, which in turn, can claim to the customer creating the trouble. If insurance doesn’t work, most of the time, law will make the electricity provider responsible at the same level of the defaulting customer (especially if this one doesn’t pay the damages). I’m sure that this is the same in every EU country. Can we agree on that? This is totally symmetric to the Internet. An operator provides a service. If a customer is creating damages, even to customers of other operators, the minimum that the provider of the defaulting customer should be able to do is: Receive the abuse report (it can be automated) Investigate the abuse (it can be automated in many cases, especially if we mandate a format for the reporting, and there are open source tools that do that for most of the cases) If it is against the AUP which its customers, take actions, warnings to the customer the first time, etc., even disconnecting the customer (of course, this means losing customers such as spammers that pay a lot …) I don’t expect to respond to the abuse, but it’s nice to do. There are many open source ticket systems that do most of this. I don’t expect to compensate the victims, but I’m sure it can be done if the victims go to the courts. No difference with the electricity example, just we don’t have (as I know) this kind of insurance for Internet abuses. Actually, it will be very nice to have those insurances, because insurance companies have the power to put together many claims in the courts, so operators that don’t care about abuse pay for it. Saludos, Jordi @jordipalet El 16/1/20 15:03, "anti-abuse-wg en nombre de Volker Greimann" escribió: Hi Sara, isn't making the world (and the internet) first and foremost a job of law enforcement agencies like the police and Europol? While I agree that everyone has a role to play, crime prevention and protection of the public is part of the LEA job description, right? Civil society entities certainly have a role to play, but it does not help trying to deputize them into a role they do not carry. I disagree that the contract language you quote puts any duty of care regarding the abuse of any networks by third parties on the parties to the agreement. That duty may arise from other sources, but this language is directed at its own information the party provides to RIPE NCC and the cooperation with any audits. Just because it includes the word security does not mean it refers to all thinkable security issues. The ability of any part of the internet infrastructure to curtail abuse that somehow touches services it providers is usually severely curtailed and its ability to review abuse complaints is usually limited to the resources it provides. In many cases, that is simply not enough information to go on when dealing with many common forms of abuse. Best, Volker Am 16.01.2020 um 14:23 schrieb Marcolla, Sara Veronica: Very well put, Sérgio. Thank you for voicing clearly the concern of (at least a part of) the community. We should not forget that, according to the provisions of RIPE NCC audits, “every party that has entered into an agreement with the RIPE NCC is contractually obliged to provide the RIPE NCC with complete, updated and accurate information necessary for the provision of the RIPE NCC services and to assist the RIPE NCC with audits and security checks”. Complete, accurate information goes hand in hand with a duty of care, of promptly taking actions against abuse, and should be accompanied by a social responsibility of trying to make the Internet a safe and secure place for everyone, thus not enabling actively DDoS, spammers, and criminals in general. If the community does not agree that everyone has the right to a safe, spam free, crime free Internet, maybe we have some issue to solve here first. Kind regards, Sara Europol - O3 European Cyber Crime Centre (EC3) Eisenhowerlaan 73, 2517 KK The Hague, The Netherlands www.europol.europa.eu From: anti-abuse-wg On Behalf Of Sérgio Rocha Sent: 16 January 2020 13:38 To: anti-abuse-wg@ripe.net Subject: Re: [anti-abuse-wg] working in new version of 2019-04 (Validation of "abuse-mailbox") Hi, Agree, This anti-abuse list seems the blocking group to any anit-abuse response measure. It's amazing that nobody cant propose anything without receiving a shower of all sorts of
Re: [anti-abuse-wg] @EXT: RE: working in new version of 2019-04 (Validation of "abuse-mailbox")
Hi Sara, While I fully agree with Sergio and yourself, the issue here is that this part of your text “Complete, accurate information goes hand in hand with a duty of care, of promptly taking actions against abuse, and should be accompanied by a social responsibility of trying to make the Internet a safe and secure place for everyone, thus not enabling actively DDoS, spammers, and criminals in general” Is not documented, so not “obvious” (as legal text) to everyone or I’m missing something? Of course, I fail to see that any operator can deny that … but is not in the text. Regards, Jordi @jordipalet El 16/1/20 14:24, "anti-abuse-wg en nombre de Marcolla, Sara Veronica" escribió: Very well put, Sérgio. Thank you for voicing clearly the concern of (at least a part of) the community. We should not forget that, according to the provisions of RIPE NCC audits, “every party that has entered into an agreement with the RIPE NCC is contractually obliged to provide the RIPE NCC with complete, updated and accurate information necessary for the provision of the RIPE NCC services and to assist the RIPE NCC with audits and security checks”. Complete, accurate information goes hand in hand with a duty of care, of promptly taking actions against abuse, and should be accompanied by a social responsibility of trying to make the Internet a safe and secure place for everyone, thus not enabling actively DDoS, spammers, and criminals in general. If the community does not agree that everyone has the right to a safe, spam free, crime free Internet, maybe we have some issue to solve here first. Kind regards, Sara Europol - O3 European Cyber Crime Centre (EC3) Eisenhowerlaan 73, 2517 KK The Hague, The Netherlands www.europol.europa.eu From: anti-abuse-wg On Behalf Of Sérgio Rocha Sent: 16 January 2020 13:38 To: anti-abuse-wg@ripe.net Subject: Re: [anti-abuse-wg] working in new version of 2019-04 (Validation of "abuse-mailbox") Hi, Agree, This anti-abuse list seems the blocking group to any anit-abuse response measure. It's amazing that nobody cant propose anything without receiving a shower of all sorts of arguments against There is an idea that everyone has to hold, if as a community we cannot organize a policy, one of these days there will be a problem that will make governments take the opportunity to legislate and we will no longer have the free and open internet. There are a feew ideas that is simple to understand: 1 - If you have been assigned a network you have responsibilities, paying should not be the only one. 2 - There is no problem with email, since ever are made solutions to integrate with emails. There is no need to invent a new protocol. Who has a lot of abuse, invests in integrating these emails. 3 - If you have no ability to manage abuse should not have addressing, leave it to professionals. The internet is critical for everyone, the ability for actors to communicate with each other to respond to abuse must exist and RIPE must ensure that it exists. It’s like the relation with local governments, there is a set of information that has to be kept up to date to avoid problems, in RIPE it must be the same. Sergio From: anti-abuse-wg [mailto:anti-abuse-wg-boun...@ripe.net] On Behalf Of Fi Shing Sent: 16 de janeiro de 2020 04:55 To: anti-abuse-wg@ripe.net Subject: Re: [anti-abuse-wg] working in new version of 2019-04 (Validation of "abuse-mailbox") >> Best not to judge the race until it has been fully run. I just do not understand how anyone on this list (other than a criminal or a business owner that wants to reduce over heads by abolishing an employee who has to sit and monitor an abuse desk) could be talking about making it easier for abuse to flourish. It is idiotic and is not ad hominem. This list is filled with people who argue for weeks, perhaps months, about the catastrophic world ending dangers of making an admin verify an abuse address ONCE a year and then someone says "let's abolish abuse desk all together" and these idiots emerge from the wood work like the termites that they are and there's no resistance? The good news is that nothing talked about on this list is ever implemented, so .. talk away you criminals. - Original Message - Subject: Re: [anti-abuse-wg] working in new version of 2019-04 (Validation of "abuse-mailbox") From: "Ronald F. Guilmette" Date: 1/16/20 11:47 am To: "anti-abuse-wg@ripe.net" In message <20200115155949.af7f9f79718891d8e76b551cf73e1563.e548b98006.mailapi@ email19.asia.godaddy.com>, "Fi Shing" wrote: >That is the most stupid thing i've read on this list. Well, I think you shouldn't be quite so harsh in your judgement. It is not immediately apparent that you have been on the list for all that long. So perhaps you should stick around for awhile longer before
Re: [anti-abuse-wg] working in new version of 2019-04 (Validation of "abuse-mailbox")
Hi Carlos, El 15/1/20 22:58, "Carlos Friaças" escribió: Hi, On Wed, 15 Jan 2020, JORDI PALET MARTINEZ via anti-abuse-wg wrote: > In my opinion, the actual situation is the worst. We are validating over "nothing". We don't know how many of the "validated" mailboxes are real, or even read, full, etc. > > I will prefer a mandatory abuse-c which is validated in the way I'm proposing, as it is being done in ARIN and APNIC and soon in LACNIC. This detail is interesting... In my opinion it reached consensus also in the last AFRINIC meeting, but chairs didn't agree, and I don't want to start an appeal. So, I will retry in the next meeting. > If this can't reach consensus, I prefer to know in advance "this > operator doesn't handle abuses" that wasting time in reporting them. I > will have the choice to just block their network and when several folks > block them and their customers complain, then they may change their > mind. I was wondering if this "block" would mean blocking all prefixes announced by the same ASN, or just the prefix where the abuse originated from. Well, this is up to each operator ... If it is my network, I will definitively block the complete ASN, because a network that doesn't process abuse, is not something I want to get traffic from. But is just my personal view. > Better 50% of good and *real* validated abuse contacts than 100% from which I don't know how may are for real. As i already stated, i'm more worried about someone using real e-mail addresses of real unrelated people than the /dev/null or unattended mailboxes. When someone uses a 3rd party address without authorization+knowledge, i think it's reasonable to allow for a fix, instead of directly running to ripe-716. Cheers, Carlos > El 15/1/20 8:24, "anti-abuse-wg en nombre de Carlos Friaças via anti-abuse-wg" escribió: > > >Hi, > >I obviously don't speak for the incident handling community, but i think >this (making it optional) would be a serious step back. The current >situation is already very bad when in some cases we know from the start >that we are sending (automated) messages/notices to blackholes. > >To an extreme, there should always be a known contact responsible for >any network infrastructure. If this is not the case, what's the purpose >of a registry then? > >Regards, >Carlos > > > >On Tue, 14 Jan 2020, Leo Vegoda wrote: > >> On Tue, Jan 14, 2020 at 1:48 AM Gert Doering wrote: >> >> [...] >> >>> A much simpler approach would be to make abuse-c: an optional attribute >>> (basically, unrolling the "mandatory" part of the policy proposal that >>> introduced it in the first place) >> >> This seems like a simple approach for letting network operators >> indicate whether or not they will act on abuse reports. If there's no >> way of reporting abuse then the operators clearly has no processes for >> evaluating reports, or acting on them. This helps everyone save time. >> >> Regards, >> >> Leo Vegoda >> > > > > > > ** > IPv4 is over > Are you ready for the new Internet ? > http://www.theipv6company.com > The IPv6 Company > > This electronic message contains information which may be privileged or confidential. The information is intended to be for the exclusive use of the individual(s) named above and further non-explicilty authorized disclosure, copying, distribution or use of the contents of this information, even if partially, including attached files, is strictly prohibited and will be considered a criminal offense. If you are not the intended recipient be aware that any disclosure, copying, distribution or use of the contents of this information, even if partially, including attached files, is strictly prohibited, will be considered a criminal offense, so you must reply to the original sender to inform about this communication and delete it. > > > > > ** IPv4 is over Are you ready for the new Internet ? http://www.theipv6company.com The IPv6 Company This electronic message contains information which may be privileged or confidential. The
Re: [anti-abuse-wg] working in new version of 2019-04 (Validation of "abuse-mailbox")
Hi Job, You need to have that process already for ARIN and APNIC, and once implemented LACNIC. The process is the same. You implement it once (I'm not counting the minutes that can take to implement it) and it seems simple to me: the abuse-mailbox get twice a year a verification email, a responsible guy in the abuse-team must act on it, clicking on the verification link. So, if you have already the process for other RIRs, what is the extra cost? (2 minutes) I think is much less that the time you can save, and this is the balance that we need to look for. El 15/1/20 22:56, "Job Snijders" escribió: On Wed, Jan 15, 2020 at 10:41:54PM +0100, JORDI PALET MARTINEZ via anti-abuse-wg wrote: > Exactly 2 minutes a year (1 minute each time you click the link in the > email from RIPE NCC). > > And because you invest 2 minutes a year, you will save a lot of time > (many hours/days) yourself, trying to report abuses to invalid > mailboxes! I am not sure it is just two minutes a year, it is desiging and monitoring an additional work process to be executed in corporations. I am of course not sure how much it is, but certainly more than two minutes. Kind regards, Job ** IPv4 is over Are you ready for the new Internet ? http://www.theipv6company.com The IPv6 Company This electronic message contains information which may be privileged or confidential. The information is intended to be for the exclusive use of the individual(s) named above and further non-explicilty authorized disclosure, copying, distribution or use of the contents of this information, even if partially, including attached files, is strictly prohibited and will be considered a criminal offense. If you are not the intended recipient be aware that any disclosure, copying, distribution or use of the contents of this information, even if partially, including attached files, is strictly prohibited, will be considered a criminal offense, so you must reply to the original sender to inform about this communication and delete it.
Re: [anti-abuse-wg] working in new version of 2019-04 (Validation of "abuse-mailbox")
Hi Warren, When some operators aren't responding to abuse cases, or when they are bouncing emails, or you get a response from someone telling "sorry I'm not the right contact for this, the email is mistaken", and many other similar situations ... the operator is telling you "we don't care about abuse from our customer to other networks". There is not different to say that explicitly by making the abuse-c optional, so those that don't want to handle the abuse reports, just don't have it. There is no difference in having the email bouncing than having an autoresponder saying "we don't care" ... El 15/1/20 21:15, "anti-abuse-wg en nombre de Warren Kumari" escribió: On Wed, Jan 15, 2020 at 2:46 PM Leo Vegoda wrote: > > On Wed, Jan 15, 2020 at 11:02 AM Jeffrey Race wrote: > > [...] > > > Aside from the reciprocity issue, it's a basic engineering rule > > that systems target their goal only when a corrective > > feedback path exists. > > That feedback path does not need to be a personally written e-mail. > Instead, it is possible to use signals like the absence of a reliable > reporting mechanism to make decisions about not accepting some or all > traffic from an abusing network. > > My main concern with proposal 2019-04 is that it would make everyone > look the same. It then takes time and effort to distinguish the > networks that will actually use abuse reports to fix problems from > those that won't or just don't have the ability to do so. > > While I would accept Gert's proposal for making abuse-c an optional > attribute, the reason I offered a counter proposal for publishing "a > statement to the effect that the network operator does not act on > abuse reports" is to add clarity at a high level. > > In the first case, it avoids wasting resources lodging reports that > will be ignored. Secondly, it provides reliable statistical > information about the networks whose operators claim to use abuse > reports to clean things up. This would provide a metric that could be > used both by other network operators to guide operational policies and > governments or regulators to set theirs. I suspect I'm somewhat confused / have lost the thread somewhere. I really don't think that any network is likely to advertise that they are not dealing with abuse -- it gives a bad impression, and the marketing droids will likely want *something* listed. The same goes for legal - saying "Meh, don't bother sending us abuse reports, we ignore them" doesn't seem to have any PR / marketing / legal upside, and has many downsides... Pretend that you are a network that (largely) ignores abuse reports -- your current solution of throwing these mails away costs you nothing; what's the upside to telling everyone that you are doing this? I suspect that people will continue to have abuse@, hostmaster@, abuse-c,and any other conventions filled in -- and many will just continue to shuffle these into self-closing ticket systems / mailboxes which never get read and / or /dev/null... W > > Finally, we don't yet know what the RIPE Database Requirements TF will > recommend. But I think that building a new business process on the > existing model for publishing contact information assumes they won't > recommend changes. Let's wait until they report before asking the RIPE > NCC to build new workflows on a model that the community might want to > change. > > Kind regards, > > Leo Vegoda > -- I don't think the execution is relevant when it was obviously a bad idea in the first place. This is like putting rabid weasels in your pants, and later expressing regret at having chosen those particular rabid weasels and that pair of pants. ---maf ** IPv4 is over Are you ready for the new Internet ? http://www.theipv6company.com The IPv6 Company This electronic message contains information which may be privileged or confidential. The information is intended to be for the exclusive use of the individual(s) named above and further non-explicilty authorized disclosure, copying, distribution or use of the contents of this information, even if partially, including attached files, is strictly prohibited and will be considered a criminal offense. If you are not the intended recipient be aware that any disclosure, copying, distribution or use of the contents of this information, even if partially, including attached files, is strictly prohibited, will be considered a criminal offense, so you must reply to the original sender to inform about this communication and delete it.
Re: [anti-abuse-wg] working in new version of 2019-04 (Validation of "abuse-mailbox")
Hi Leo, El 15/1/20 18:09, "anti-abuse-wg en nombre de Leo Vegoda" escribió: On Wed, Jan 15, 2020 at 12:16 AM Serge Droz via anti-abuse-wg wrote: [...] > - Lastly: It makes our life as Incident responders easier to have a > uniform way of sending reports, even if not all of them are followed up. This is an excellent point but e-mail is probably not the right medium for that. Standardizing protocols for reporting abuse - and therefore acting on those reports more quickly - would be far more helpful. But only organizations don't want abuse on their networks will invest in the people, processes, and systems, whatever the reporting medium. This is an additional step. Do you think it may be better to include in the proposal, instead of plain email for the reporting, to mandate the use of XARF? http://xarf.org/index.html I've been tempted several times to go that path ... so may be is time for it? > I kind of don't buy into "There is no point on placing a burden on orgs > that choose not to act". It's not about the burden on the organizations that don't want to act. It's about providing a clear signal to the reporting organizations that there is no point reporting. That should allow reporting organizations to decide on next steps more quickly. ** IPv4 is over Are you ready for the new Internet ? http://www.theipv6company.com The IPv6 Company This electronic message contains information which may be privileged or confidential. The information is intended to be for the exclusive use of the individual(s) named above and further non-explicilty authorized disclosure, copying, distribution or use of the contents of this information, even if partially, including attached files, is strictly prohibited and will be considered a criminal offense. If you are not the intended recipient be aware that any disclosure, copying, distribution or use of the contents of this information, even if partially, including attached files, is strictly prohibited, will be considered a criminal offense, so you must reply to the original sender to inform about this communication and delete it.
Re: [anti-abuse-wg] working in new version of 2019-04 (Validation of "abuse-mailbox")
What we do today is not a validation if I can use Gert or Serge or any "null" email in all my abuse contacts and nobody notice it, and then you start getting abuse reports from other folks ... This is creating lots of wasted time to both you and the abuse case reporters. El 15/1/20 9:59, "anti-abuse-wg en nombre de Gert Doering" escribió: Hi, On Wed, Jan 15, 2020 at 09:24:21AM +0100, Serge Droz wrote: > Sorry I misunderstood you then. But honestly, this does not really place > a burden on you. It does. Even if it's just 5 minutes per Mail - I need to train abuse handlers what to do with this sort of message, etc. > So I think the balance is hugely positive. Nobody has been able to demonstrate why it would have a positive effect at all. So how can the balance be "hugely positive"? E-Mail addresses *are* validated today. Just not in an as labour-intensive way on the receipient like the proposers want to install. Gert Doering -- NetMaster -- have you enabled IPv6 on something today...? SpaceNet AG Vorstand: Sebastian v. Bomhard, Michael Emmer Joseph-Dollinger-Bogen 14Aufsichtsratsvors.: A. Grundner-Culemann D-80807 Muenchen HRB: 136055 (AG Muenchen) Tel: +49 (0)89/32356-444 USt-IdNr.: DE813185279 ** IPv4 is over Are you ready for the new Internet ? http://www.theipv6company.com The IPv6 Company This electronic message contains information which may be privileged or confidential. The information is intended to be for the exclusive use of the individual(s) named above and further non-explicilty authorized disclosure, copying, distribution or use of the contents of this information, even if partially, including attached files, is strictly prohibited and will be considered a criminal offense. If you are not the intended recipient be aware that any disclosure, copying, distribution or use of the contents of this information, even if partially, including attached files, is strictly prohibited, will be considered a criminal offense, so you must reply to the original sender to inform about this communication and delete it.
Re: [anti-abuse-wg] working in new version of 2019-04 (Validation of "abuse-mailbox")
Exactly 2 minutes a year (1 minute each time you click the link in the email from RIPE NCC). And because you invest 2 minutes a year, you will save a lot of time (many hours/days) yourself, trying to report abuses to invalid mailboxes! El 15/1/20 9:24, "anti-abuse-wg en nombre de Serge Droz via anti-abuse-wg" escribió: Hi Gert Sorry I misunderstood you then. But honestly, this does not really place a burden on you. RIPE can automate this, and you simply reply to a message. We do this, e.g. in TF-CSIRT twice a year, and it does help, event the good guys, that realize they have an issue and did not receive their mail. In fact, it's become a bit of a competition to be the first to reply to the challenge. So the extra work is what, 10 minutes / year, if the system is setup properly? So I think the balance is hugely positive. Just my two cents. Serge On 15/01/2020 09:18, Gert Doering wrote: > Hi, > > On Wed, Jan 15, 2020 at 09:14:59AM +0100, Serge Droz via anti-abuse-wg wrote: >> I kind of don't buy into "There is no point on placing a burden on orgs >> that choose not to act". > > This is not what I said. My stance on this is: placing extra burdens on > orgs *that do the right thing today* (with extra verification hoops) > should be balanced against "will it change the situation wrt orgs that > do not care". > > And I think the balance is negative - extra work for the good guys, and > no relevant incentive for the bad guys to actually *act on* their abuse > reports. > > Gert Doering > -- NetMaster > -- Dr. Serge Droz Chair, Forum of Incident Response and Security Teams (FIRST) Phone +41 76 542 44 93 | serge.d...@first.org | https://www.first.org ** IPv4 is over Are you ready for the new Internet ? http://www.theipv6company.com The IPv6 Company This electronic message contains information which may be privileged or confidential. The information is intended to be for the exclusive use of the individual(s) named above and further non-explicilty authorized disclosure, copying, distribution or use of the contents of this information, even if partially, including attached files, is strictly prohibited and will be considered a criminal offense. If you are not the intended recipient be aware that any disclosure, copying, distribution or use of the contents of this information, even if partially, including attached files, is strictly prohibited, will be considered a criminal offense, so you must reply to the original sender to inform about this communication and delete it.
Re: [anti-abuse-wg] working in new version of 2019-04 (Validation of "abuse-mailbox")
In my opinion, the actual situation is the worst. We are validating over "nothing". We don't know how many of the "validated" mailboxes are real, or even read, full, etc. I will prefer a mandatory abuse-c which is validated in the way I'm proposing, as it is being done in ARIN and APNIC and soon in LACNIC. If this can't reach consensus, I prefer to know in advance "this operator doesn't handle abuses" that wasting time in reporting them. I will have the choice to just block their network and when several folks block them and their customers complain, then they may change their mind. Better 50% of good and *real* validated abuse contacts than 100% from which I don't know how may are for real. El 15/1/20 8:24, "anti-abuse-wg en nombre de Carlos Friaças via anti-abuse-wg" escribió: Hi, I obviously don't speak for the incident handling community, but i think this (making it optional) would be a serious step back. The current situation is already very bad when in some cases we know from the start that we are sending (automated) messages/notices to blackholes. To an extreme, there should always be a known contact responsible for any network infrastructure. If this is not the case, what's the purpose of a registry then? Regards, Carlos On Tue, 14 Jan 2020, Leo Vegoda wrote: > On Tue, Jan 14, 2020 at 1:48 AM Gert Doering wrote: > > [...] > >> A much simpler approach would be to make abuse-c: an optional attribute >> (basically, unrolling the "mandatory" part of the policy proposal that >> introduced it in the first place) > > This seems like a simple approach for letting network operators > indicate whether or not they will act on abuse reports. If there's no > way of reporting abuse then the operators clearly has no processes for > evaluating reports, or acting on them. This helps everyone save time. > > Regards, > > Leo Vegoda > ** IPv4 is over Are you ready for the new Internet ? http://www.theipv6company.com The IPv6 Company This electronic message contains information which may be privileged or confidential. The information is intended to be for the exclusive use of the individual(s) named above and further non-explicilty authorized disclosure, copying, distribution or use of the contents of this information, even if partially, including attached files, is strictly prohibited and will be considered a criminal offense. If you are not the intended recipient be aware that any disclosure, copying, distribution or use of the contents of this information, even if partially, including attached files, is strictly prohibited, will be considered a criminal offense, so you must reply to the original sender to inform about this communication and delete it.
Re: [anti-abuse-wg] working in new version of 2019-04 (Validation of "abuse-mailbox")
Hi Ronald, El 14/1/20 13:10, "anti-abuse-wg en nombre de Ronald F. Guilmette" escribió: In message <30174d32-225f-467e-937a-5bc42650f...@consulintel.es>, JORDI PALET MARTINEZ via anti-abuse-wg wrote: >I think if we try to agree on those ratings, we will never reach consensus Right, and that was a part of my point about eBay-like feedback ratings for resource holders, i.e. "Let's not even try." Instead, let the people decide. Let anyone register a feedback point, positive or negative, against any resource holder, with the proviso that if they are registering a negative feedback point, they should assert exactly *why* they are unhappy (e.g. "mail to abuse address bounced as undeliverable", "no response for eight days" etc.) and if possible, provide some context also, e.g. a copy of the spam, a copy of some logs showing hack attempts, etc. This may have legal consequences for RIPE NCC, as somebody could use the system to publish untrue information for competitors ... not a good idea. >So it is not just easier to ask the abuse-c mailboxes that don't want to >process to setup an autoresponder with an specific (standard) text about that, for example:... In the "eBay feedback" model I am proposing there is no need for *RIPE NCC* to ask anybody about anything. People will register negative points against any resource holder with an undeliverable abuse address. (I know I will!) I'm sorry Jordi, if this idea sounds like it is undermining everything you have been trying to do, which is all very very admirable. But I have only just realized what you said above, i.e. if we really start to try to design a system where RIPE NCC will do 100% of the work of "reviewing" No ... this is an automated process. It is working already in ARIN, in APNIC and now will be also implemented in LACNIC. It is just an email sent to each abuse-c twice a year, and they have 15 days to click in the link to verify that this mailbox is working. RIPE NCC will only take care of the failed emails. It may mean some extra work at the beginning, but after a pass will be less and less work. Some of those emails that fail, have already been escalated by RIPE NCC with the existing policy, so it means even less work. all one zillion RIPE resource holders, the size of the task will almost be the least of the worries. The first order problem, as you already know since you have been doing yeoman's work on this for awhile now, is just getting people in the various RIRs to agree on the numerous fine details. (Hell! You can't even get *me* to agree that a 15 day turn- around is in any sense "reasonable", and apparently I'm not alone in that regard.) So, my solution is just don't. Let the whole planet vote on whether they think this provider or that provider are ***heads, and let the chips fall where they may. I'm not saying that even this idea would neessarily be piece-of-cake easy. The first problem would be working out a way to prevent the system from being gamed by bad actors for malicious purposes, or for positive "PR" purposes. (Don't get me started about the fake positive review over on TripAdvisor.) But I am not persuaded that these are in any sense insoluable problems. Regards, rfg ** IPv4 is over Are you ready for the new Internet ? http://www.theipv6company.com The IPv6 Company This electronic message contains information which may be privileged or confidential. The information is intended to be for the exclusive use of the individual(s) named above and further non-explicilty authorized disclosure, copying, distribution or use of the contents of this information, even if partially, including attached files, is strictly prohibited and will be considered a criminal offense. If you are not the intended recipient be aware that any disclosure, copying, distribution or use of the contents of this information, even if partially, including attached files, is strictly prohibited, will be considered a criminal offense, so you must reply to the original sender to inform about this communication and delete it.
Re: [anti-abuse-wg] working in new version of 2019-04 (Validation of "abuse-mailbox")
I couldn't stop laughing for more than 30 minutes ... this is what they call (and they pay for) laughter therapy ? Tks! El 14/1/20 12:52, "anti-abuse-wg en nombre de Ronald F. Guilmette" escribió: In message <671286eb-7fad-4d70-addd-efa0a680b...@consulintel.es>, JORDI PALET MARTINEZ via anti-abuse-wg wrote: >>Section 3.0 part 3. Why on earth should it take 15 days for >>anyone to respond to an email?? Things on the Internet happen >>in millseconds. If a provider is unable to respond to an issue >>within 72 hours then they might as well be dead, because they >>have abandoned all social responsibility. >> >>I fully agree! My original proposal was only 3 working days, but the >>community told me "no way". This was the same input I got in APNIC >>and LACNIC (in both regions it reached consensus with 15 days). >> >>So, I will keep 15 days ... > >I think this is provable, and also transparently obvious and colossal >bullshit, but that's just my opinion. > >And mine!, but as a proposal author, I need to try to match as much as poss= >ible the wishes of the community. You are hereby officially absolved from all guilt in the matter. In nomine patri et fili spiritu sancte. Go in peace my son, and do what you have to do. Regards, rfg ** IPv4 is over Are you ready for the new Internet ? http://www.theipv6company.com The IPv6 Company This electronic message contains information which may be privileged or confidential. The information is intended to be for the exclusive use of the individual(s) named above and further non-explicilty authorized disclosure, copying, distribution or use of the contents of this information, even if partially, including attached files, is strictly prohibited and will be considered a criminal offense. If you are not the intended recipient be aware that any disclosure, copying, distribution or use of the contents of this information, even if partially, including attached files, is strictly prohibited, will be considered a criminal offense, so you must reply to the original sender to inform about this communication and delete it.
Re: [anti-abuse-wg] working in new version of 2019-04 (Validation of "abuse-mailbox")
This is the key point. We already agreed to have a mandatory abuse-c. We can change our mind and make it optional. But one way or the other, should be a *real* one. A validation that can be faked just using (for example) Carlos email, is not a good procedure. It doesn't make sense at all. We are not saying the RIR will need to verify that an abuse case is investigated or resolved. This is not the point. El 14/1/20 12:28, "anti-abuse-wg en nombre de Carlos Friaças via anti-abuse-wg" escribió: On Tue, 14 Jan 2020, Nick Hilliard wrote: > Gert Doering wrote on 14/01/2020 10:19: >> And if it's not going to have the desired effect, do not waste time on it. > > More to the point, the RIPE number registry should not be used as a stick for > threatening to beat people up if they don't comply with our current favourite > ideas about how to manage social policy on the internet. > > It is a registry, not a police truncheon. Hello, (Going perhaps a bit off-topic...) If people are not able to follow the rules of the registry, maybe they shouldn't be allowed inside the system... :-) [Fact 1] If someone provides falsified documents to the registry, that someone goes off the wagon. [Fact 2] If someone doesn't pay the registry in due time (after several warnings), that someone goes off the wagon. I would also feel comfortable if someone who indicates a 3rd party e-mail address as the abuse-mailbox for their _OWN_ address space, goes off the wagon (after some warnings, of course...). BTW, some years ago our physical address was added in whois to someone else's address space in a different RIR and that was _NOT_ a nice experience... Regards, Carlos > Nick > ** IPv4 is over Are you ready for the new Internet ? http://www.theipv6company.com The IPv6 Company This electronic message contains information which may be privileged or confidential. The information is intended to be for the exclusive use of the individual(s) named above and further non-explicilty authorized disclosure, copying, distribution or use of the contents of this information, even if partially, including attached files, is strictly prohibited and will be considered a criminal offense. If you are not the intended recipient be aware that any disclosure, copying, distribution or use of the contents of this information, even if partially, including attached files, is strictly prohibited, will be considered a criminal offense, so you must reply to the original sender to inform about this communication and delete it.
Re: [anti-abuse-wg] working in new version of 2019-04 (Validation of "abuse-mailbox")
Hi Nick,
Not really, I think you're reading a different text ... I'm not intending to
ask RIPE to verify if the operators resolve the abuse cases.
The point here is to amend the existing policy to do a *good* validation of the
abuse mailbox.
The actual policy only makes a "technical" validation, so it checks that the
mailbox exists and is the right one and allows sending abuse reports, and
that's it.
If the mailbox is full, if it is never read, if it belongs to a /dev/null or
not the right person or team, even if it if you have my email in your abuse-c,
all that, passes the validation.
Regards,
Jordi
@jordipalet
El 15/1/20 13:14, "anti-abuse-wg en nombre de Nick Hilliard"
escribió:
Serge Droz via anti-abuse-wg wrote on 15/01/2020 08:24:
> So the extra work is what, 10 minutes / year, if the system is setup
> properly?
Serge,
The policy proposal here is: if the registry doesn't comply, then it is
in explicit violation of RIPE policies.
According to the "Closure of Members, Deregistration of Internet
Resources and Legacy Internet Resources" document (currently RIPE
716), if you don't comply with RIPE policies or RIPE NCC procedures,
then the RIPE NCC is obliged to follow up with the resource holder and
if they continue not to comply, then the number resources will be withdrawn.
The purpose behind RIPE-716 is to ensure accurate registration of number
resources, which the core function of the RIPE registry.
Jordi has confirmed that the intention behind 2019-04 is to force
resource holders to comply with the abuse handling procedures defined in
his policy, and that if they don't comply for whatever reason, that
their number resources are withdrawn under the terms of RIPE-716.
To be clear, deregistration of resources would make it difficult or
impossible for almost any holder of addresses to continue their business.
So what's being proposed here is that RIPE-716 - whose purpose was to
ensure integrity and accuracy of the the RIPE registry - should now be
repurposed as a mechanism to enforce social behaviour practices on the
Internet.
There are some pretty serious and fundamental problems with this.
Many of these problems were discussed in the context of RIPE policy
2019-03 ("Resource Hijacking is a RIPE Policy Violation"), and some of
them were formally addressed in the RIPE NCC review of that policy.
Nick
**
IPv4 is over
Are you ready for the new Internet ?
http://www.theipv6company.com
The IPv6 Company
This electronic message contains information which may be privileged or
confidential. The information is intended to be for the exclusive use of the
individual(s) named above and further non-explicilty authorized disclosure,
copying, distribution or use of the contents of this information, even if
partially, including attached files, is strictly prohibited and will be
considered a criminal offense. If you are not the intended recipient be aware
that any disclosure, copying, distribution or use of the contents of this
information, even if partially, including attached files, is strictly
prohibited, will be considered a criminal offense, so you must reply to the
original sender to inform about this communication and delete it.
Re: [anti-abuse-wg] working in new version of 2019-04 (Validation of "abuse-mailbox")
Looks fine to me. If we really think that the operators should be free from taking abuse reports, then let's make it optional. As said, I personally think that an operator responsibility is to deal with abuse cases, but happy to follow what we all decide. Regards, Jordi @jordipalet El 14/1/20 10:47, "Gert Doering" escribió: Hi, On Tue, Jan 14, 2020 at 10:38:28AM +0100, Gert Doering wrote: > On Tue, Jan 14, 2020 at 10:36:10AM +0100, JORDI PALET MARTINEZ via anti-abuse-wg wrote: > > So it is not just easier to ask the abuse-c mailboxes that don't want to process to setup an autoresponder with an specific (standard) text about that, for example: > > > > "This is an automated convirmation that you reached the correct abuse-c mailbox, but we don't process abuse cases, so your reports will be discarded." > > I would support that. ... but it's actually way too complicated to implement. A much simpler approach would be to make abuse-c: an optional attribute (basically, unrolling the "mandatory" part of the policy proposal that introduced it in the first place) - If you want to handle abuse reports, put something working in. - If you do not want to handle abuse reports, don't. The ARC could be extended with a question "are you aware that you are signalling 'we do not not care about abuse coming from our network'?" and if this is what LIRs *want* to signal, the message is clear. The NCC could still verify (as they do today) that an e-mail address, *if given*, is not bouncing (or coming back with a human bounce "you have reached the wrong person, stop sending me mail" if someone puts in the e-mail address of someone else). MUCH less effort. Gert Doering -- NetMaster -- have you enabled IPv6 on something today...? SpaceNet AG Vorstand: Sebastian v. Bomhard, Michael Emmer Joseph-Dollinger-Bogen 14Aufsichtsratsvors.: A. Grundner-Culemann D-80807 Muenchen HRB: 136055 (AG Muenchen) Tel: +49 (0)89/32356-444 USt-IdNr.: DE813185279 ** IPv4 is over Are you ready for the new Internet ? http://www.theipv6company.com The IPv6 Company This electronic message contains information which may be privileged or confidential. The information is intended to be for the exclusive use of the individual(s) named above and further non-explicilty authorized disclosure, copying, distribution or use of the contents of this information, even if partially, including attached files, is strictly prohibited and will be considered a criminal offense. If you are not the intended recipient be aware that any disclosure, copying, distribution or use of the contents of this information, even if partially, including attached files, is strictly prohibited, will be considered a criminal offense, so you must reply to the original sender to inform about this communication and delete it.
Re: [anti-abuse-wg] working in new version of 2019-04 (Validation of "abuse-mailbox")
I think if we try to agree on those ratings, we will never reach consensus ... So it is not just easier to ask the abuse-c mailboxes that don't want to process to setup an autoresponder with an specific (standard) text about that, for example: "This is an automated convirmation that you reached the correct abuse-c mailbox, but we don't process abuse cases, so your reports will be discarded." This will be still in line with the actual policy (and the proposal modifications) and will allow the operators to decide if they want to be good netcitizens or not, and the victims to decide if they want to block them. Regards, Jordi @jordipalet El 14/1/20 2:46, "anti-abuse-wg en nombre de Ronald F. Guilmette" escribió: In message , =?utf-8?B?w4FuZ2VsIEdvbnrDoWxleiBCZXJkYXNjbw==?= wrote: >Well, I do see the value of an option (a magic email value?) meaning "this >entity supports the use of its network for abusive purposes and will take no >action on any abuse report". > >That would save time for everyone involved, and would allow to easily block >those networks from accesing ours! These are pretty much my sentiments exactly. The only questions remaining are: 1) Should there just be a simple yes/no one-bit flag published for each resource holder, or would a scale and a range of possible "rating" values be more useful? 2) How shall the "ratings" be computed and by whom? I have provided my personal opinions on both of these points in my prior posting. Regards, rfg ** IPv4 is over Are you ready for the new Internet ? http://www.theipv6company.com The IPv6 Company This electronic message contains information which may be privileged or confidential. The information is intended to be for the exclusive use of the individual(s) named above and further non-explicilty authorized disclosure, copying, distribution or use of the contents of this information, even if partially, including attached files, is strictly prohibited and will be considered a criminal offense. If you are not the intended recipient be aware that any disclosure, copying, distribution or use of the contents of this information, even if partially, including attached files, is strictly prohibited, will be considered a criminal offense, so you must reply to the original sender to inform about this communication and delete it.
Re: [anti-abuse-wg] working in new version of 2019-04 (Validation of "abuse-mailbox")
Hi Ronald, El 14/1/20 0:17, "anti-abuse-wg en nombre de Ronald F. Guilmette" escribió: In message <55d65bf8-a430-4bdc-ae58-63ff3dca4...@consulintel.es>, JORDI PALET MARTINEZ wrote: >Section 2.0 bullet point #2. What's wrong with web forms? > >If I need to use a web form, which is not standard, for every abuse report... OHHH! Your proposal did not make it at all clear that the web forms you were making reference to were ones that the resource holder might put in place in order to provide a way for abuse victims to file a report. I agree completely that those things are intolerable, and I will go further and say that any resoirce holder who puts such a form online should properly be consigned to the fifth ring of hell. Sorry! I had misconstrued. When your proposal mentioned web forms I had assumed that you were making reference to some form that the RIPE NCC might put online and that the resources holders would need to type something into (e.g. a unique magic cookei) in order to fully confirm that they are in fact receiving emails to their documented abuse reporting email addresses. No worries. I will tidy up the text to make it clearer! Thanks! I think that the verification email messages that RIPE NCC sends out resource holders should indeed contain a link to web form, on the RIPE web site, where the recipient resource holder should be required to make at least some minimal demonstration that it has at least one actual conscious and sentient human being looking at the inbound emails that are sent to its abuse address. Please clarify in your proposal what exactly your use of the term "web form" was intended to convey. TYhank you. >Section 3.0 part 3. Why on earth should it take 15 days for >anyone to respond to an email?? Things on the Internet happen >in millseconds. If a provider is unable to respond to an issue >within 72 hours then they might as well be dead, because they >have abandoned all social responsibility. > >I fully agree! My original proposal was only 3 working days, but the >community told me "no way". This was the same input I got in APNIC >and LACNIC (in both regions it reached consensus with 15 days). > >So, I will keep 15 days ... I think this is provable, and also transparently obvious and colossal bullshit, but that's just my opinion. And mine!, but as a proposal author, I need to try to match as much as possible the wishes of the community. I say again. Things happen on the Internet in milliseconds. Any service provider that can't react to an email within 72 hours should be removed from the Internet of Responsible Adults and relegated to the agricultural industry, or to the study of geology, or at any rate to some profession where things are calm and leisurely, perhaps including the delivery of regular postal mail. If anyone wants to make his fortune by being an absentee landlord, just gathering in revenue and not taking any day to day responsibility for anything, let them get into the vacation rentals business and get the off the Internet. Regards, rfg ** IPv4 is over Are you ready for the new Internet ? http://www.theipv6company.com The IPv6 Company This electronic message contains information which may be privileged or confidential. The information is intended to be for the exclusive use of the individual(s) named above and further non-explicilty authorized disclosure, copying, distribution or use of the contents of this information, even if partially, including attached files, is strictly prohibited and will be considered a criminal offense. If you are not the intended recipient be aware that any disclosure, copying, distribution or use of the contents of this information, even if partially, including attached files, is strictly prohibited, will be considered a criminal offense, so you must reply to the original sender to inform about this communication and delete it.
Re: [anti-abuse-wg] working in new version of 2019-04 (Validation of "abuse-mailbox")
Hi Leo El 14/1/20 0:11, "Leo Vegoda" escribió: On Mon, Jan 13, 2020 at 1:50 PM JORDI PALET MARTINEZ via anti-abuse-wg wrote: [...] > I will love to have in the policy that they must be investigated and acted upon, but what I heard from the inputs in previous versions is that having that in policy is too much and no way to reach consensus … I don't understand the value of requiring organizations who do not intend to investigate abuse reports to spend resources publishing an address from which they can acknowledge the reports - only to then delete those reports without doing anything. This is not handled by this proposal. The existing policy already mandates that: https://www.ripe.net/participate/policies/proposals/2017-02 It creates hope for reporters and wastes the RIPE NCC's and the reporters' resources by forcing unwilling organizations to spend cycles on unproductive activity. Why not give networks two options? 1. Publish a reliable method for people to submit abuse reports - and act on it 2. Publish a statement to the effect that the network operator does not act on abuse reports This would save lots of wasted effort and give everyone more reliable information about the proportion of networks/operators who will and won't act on abuse reports. Even if I think that the operators MUST process abuse cases, if the community thinks otherwise, I'm happy to support those two options in the proposal. For example, an autoresponder in the abuse-c mailbox for those that don't intend to process the abuse cases to option 2 above? There might be some value in having the RIPE NCC cooperate with networks who want help checking that their abuse-c is working. But this proposal seems to move the RIPE NCC from the role of a helpful coordinator towards that of an investigator and judge. No, I don't think so, but I'm happy to modify the text if it looks like that. ** IPv4 is over Are you ready for the new Internet ? http://www.theipv6company.com The IPv6 Company This electronic message contains information which may be privileged or confidential. The information is intended to be for the exclusive use of the individual(s) named above and further non-explicilty authorized disclosure, copying, distribution or use of the contents of this information, even if partially, including attached files, is strictly prohibited and will be considered a criminal offense. If you are not the intended recipient be aware that any disclosure, copying, distribution or use of the contents of this information, even if partially, including attached files, is strictly prohibited, will be considered a criminal offense, so you must reply to the original sender to inform about this communication and delete it.
Re: [anti-abuse-wg] working in new version of 2019-04 (Validation of "abuse-mailbox")
Hi Randy, As I just said, ideally we should ask for abuse-c reports to be procesed, but I know many folks don't like it. But at least, we need to make sure that if you have an abuse-c, it is a "real" and "working" one so you're able to actually send the reports there. If ignored, that's another problem. I don't know if in Spain law say that you must have a post box, or if you are violating the law if is full and the extra post that you get is going to make the street dirty (in this case you're violating a different law). I'm not asking to go there. I'm asking to have a functional mailbox, not how you operate your abuse cases. El 13/1/20 18:53, "anti-abuse-wg en nombre de Randy Bush" escribió: well, not exactly as i see it. abuse-c: is the op's way of saying "please send any abuse related information here." it is not a legal or social contract to act on it (and i suspect that next year the wannabe net police will want to enumerate exactly *how* they must act in 93 different circumstances), read it, reply to it, ... dunno about spain, but most juristictions i know say post is delivered to my post box, but not what i must do with it. randy ** IPv4 is over Are you ready for the new Internet ? http://www.theipv6company.com The IPv6 Company This electronic message contains information which may be privileged or confidential. The information is intended to be for the exclusive use of the individual(s) named above and further non-explicilty authorized disclosure, copying, distribution or use of the contents of this information, even if partially, including attached files, is strictly prohibited and will be considered a criminal offense. If you are not the intended recipient be aware that any disclosure, copying, distribution or use of the contents of this information, even if partially, including attached files, is strictly prohibited, will be considered a criminal offense, so you must reply to the original sender to inform about this communication and delete it.
Re: [anti-abuse-wg] working in new version of 2019-04 (Validation of "abuse-mailbox")
Hi Ronald, El 13/1/20 22:34, "Ronald F. Guilmette" escribió: In message <6afc7d17-bac4-464c-8af8-2ad852d39...@consulintel.es>, JORDI PALET MARTINEZ wrote: >I'm happy to hear other inputs, stats, data, etc. Having only just read the proposal, my comments are few: I do not understand parst of this, specifically: Section 2.0 bullet point #2. What's wrong with web forms? If I need to use a web form, which is not standard, for every abuse report that I need to submit, there is no sufficient time in the world to fill all them. Every ISP has their own URL, forms with different fields, etc. You want to develop tools for each ISP in the world that decides to use a form to automate the abuse submission process? Instead, ensuring that you are able to use, for example fail2ban, means that any abuse case is automatically reported via email (including the logs to probe the abuse). Section 3.0 part 3. Why on earth should it take 15 days for anyone to respond to an email?? Things on the Internet happen in millseconds. If a provider is unable to respond to an issue within 72 hours then they might as well be dead, because they have abandoned all social responsibility. I fully agree! My original proposal was only 3 working days, but the community told me "no way". This was the same input I got in APNIC and LACNIC (in both regions it reached consensus with 15 days). So, I will keep 15 days ... Regards, rfg ** IPv4 is over Are you ready for the new Internet ? http://www.theipv6company.com The IPv6 Company This electronic message contains information which may be privileged or confidential. The information is intended to be for the exclusive use of the individual(s) named above and further non-explicilty authorized disclosure, copying, distribution or use of the contents of this information, even if partially, including attached files, is strictly prohibited and will be considered a criminal offense. If you are not the intended recipient be aware that any disclosure, copying, distribution or use of the contents of this information, even if partially, including attached files, is strictly prohibited, will be considered a criminal offense, so you must reply to the original sender to inform about this communication and delete it.
Re: [anti-abuse-wg] working in new version of 2019-04 (Validation of "abuse-mailbox")
Hi Leo, El 13/1/20 18:16, "Leo Vegoda" escribió: Hi Jordi, all, On Mon, Jan 13, 2020 at 6:58 AM JORDI PALET MARTINEZ via anti-abuse-wg wrote: Hi all, I'm working in a new version of the proposal 2019-04 (Validation of "abuse-mailbox"). In the last discussion phase, the only detailed response to this proposal that I got was from Carlos Friacas (which I will respond in detail later-on, as this may also help to revive the discussion). The main question/issue here is still that the actual policy is just a "technical validation". It confirms that there is a mailbox but it doesn't confirm that: 1) Accept emails for abuse reporting 2) The mailbox is the right one and not from someone else, not related to the abuse processing 3) The mailbox is attended and not a black-hole, so nobody pay attention to the abuse reports, or even worst, not full Anything not fulfilling that is useless (as will not fulfil the mission for that mailbox), and then we don't need an abuse-c at all. Can you please clarify what you mean by "fulfil the mission for that mailbox" and the "intended I was referring about the goal of the abuse-c (even without this policy proposal). Why we want it if is not a real one, able to get abuse reports, and so on? purpose" you mention in section 3.1 of the new text? The reason I ask is that the purpose does not seem to be defined in an earlier section. My reading of what you have written is that this became policy it would require that reports can be made and that these reports must be acknowledged. But it seems that there would be no obligation for reports to be investigated or acted upon. I will love to have in the policy that they must be investigated and acted upon, but what I heard from the inputs in previous versions is that having that in policy is too much and no way to reach consensus … Have I misunderstood what is intended? Thanks, Leo Vegoda ** IPv4 is over Are you ready for the new Internet ? http://www.theipv6company.com The IPv6 Company This electronic message contains information which may be privileged or confidential. The information is intended to be for the exclusive use of the individual(s) named above and further non-explicilty authorized disclosure, copying, distribution or use of the contents of this information, even if partially, including attached files, is strictly prohibited and will be considered a criminal offense. If you are not the intended recipient be aware that any disclosure, copying, distribution or use of the contents of this information, even if partially, including attached files, is strictly prohibited, will be considered a criminal offense, so you must reply to the original sender to inform about this communication and delete it.
Re: [anti-abuse-wg] diff online 2019-03 v1 vs v2
Just to clarify my comment in the presentation this morning. We wanted to use for v2 "Resource hijacking is a RIPE policy violation" but this is already used by some other NCC docs to refer to "members account hijacking" ... so was not feasible. It looks like simply "Hijacking is a RIPE policy violation" is a possible choice ? Regards, Jordi El 23/5/19 14:02, "Carlos Friaças" escribió: Hi Michele, All, On Thu, 23 May 2019, Michele Neylon - Blacknight wrote: > As I said in the face to face meeting this morning, I both withdraw my > support for this proposal and would also urge you to completely withdraw > it. The name of the policy does not reflect its intent and that alone > should be reason enough for it to be removed Is there any other detail that makes you withdraw your support besides the proposal's title...? A proposal's title _can_ be changed... (recent) example: https://www.ripe.net/participate/policies/proposals/2019-02/?version=1 https://www.ripe.net/participate/policies/proposals/2019-02/?version=2 Thanks, Carlos > Regards > > Michele > > > -- > Mr Michele Neylon > Blacknight Solutions > Hosting, Colocation & Domains > https://www.blacknight.com/ > http://blacknight.blog/ > Intl. +353 (0) 59 9183072 > Direct Dial: +353 (0)59 9183090 > Personal blog: https://michele.blog/ > Some thoughts: https://ceo.hosting/ > --- > Blacknight Internet Solutions Ltd, Unit 12A,Barrowside Business Park,Sleaty > Road,Graiguecullen,Carlow,R93 X265,Ireland Company No.: 370845 > > > On 23/05/2019, 09:00, "anti-abuse-wg on behalf of JORDI PALET MARTINEZ via anti-abuse-wg" wrote: > >Hi all, > >As v2 of 2019-03 is not yet published, according to the PDP, until the impact analysis is completed, I've published a diff online at: > >https://www.diffchecker.com/Fy6z4VYH > >Regards, >Jordi > > > > > >** >IPv4 is over >Are you ready for the new Internet ? >http://www.theipv6company.com >The IPv6 Company > >This electronic message contains information which may be privileged or confidential. The information is intended to be for the exclusive use of the individual(s) named above and further non-explicilty authorized disclosure, copying, distribution or use of the contents of this information, even if partially, including attached files, is strictly prohibited and will be considered a criminal offense. If you are not the intended recipient be aware that any disclosure, copying, distribution or use of the contents of this information, even if partially, including attached files, is strictly prohibited, will be considered a criminal offense, so you must reply to the original sender to inform about this communication and delete it. > > > > > > > > ** IPv4 is over Are you ready for the new Internet ? http://www.theipv6company.com The IPv6 Company This electronic message contains information which may be privileged or confidential. The information is intended to be for the exclusive use of the individual(s) named above and further non-explicilty authorized disclosure, copying, distribution or use of the contents of this information, even if partially, including attached files, is strictly prohibited and will be considered a criminal offense. If you are not the intended recipient be aware that any disclosure, copying, distribution or use of the contents of this information, even if partially, including attached files, is strictly prohibited, will be considered a criminal offense, so you must reply to the original sender to inform about this communication and delete it.
[anti-abuse-wg] diff online 2019-03 v1 vs v2
Hi all, As v2 of 2019-03 is not yet published, according to the PDP, until the impact analysis is completed, I've published a diff online at: https://www.diffchecker.com/Fy6z4VYH Regards, Jordi ** IPv4 is over Are you ready for the new Internet ? http://www.theipv6company.com The IPv6 Company This electronic message contains information which may be privileged or confidential. The information is intended to be for the exclusive use of the individual(s) named above and further non-explicilty authorized disclosure, copying, distribution or use of the contents of this information, even if partially, including attached files, is strictly prohibited and will be considered a criminal offense. If you are not the intended recipient be aware that any disclosure, copying, distribution or use of the contents of this information, even if partially, including attached files, is strictly prohibited, will be considered a criminal offense, so you must reply to the original sender to inform about this communication and delete it.
Re: [anti-abuse-wg] 2019-04 New Policy Proposal (Validation of "abuse-mailbox")
Hi Tarass, El 21/5/19 16:18, "Taras Heichenko" escribió: > On May 21, 2019, at 18:35, JORDI PALET MARTINEZ via anti-abuse-wg wrote: > > > > El 21/5/19 15:32, "Gert Doering" escribió: > >Hi, > >the whole point of your policy is the underlying assumption that people >are *not* acting in good faith, so why all of a sudden assume they are? > > Is in the other way around. If you're acting in good faith, you should not have a problem to have a validation. The time you invest in a couple of validations per year, will be *much less* than the time that you *now* invest in unusable abuse contacts. If you're acting in good faith you do not need the validation. So other people do not need to validate your abuse contact. It just works. If you're acting in bad faith then additional validation will not change your behavior. You just check your >>> Right, but those folks *then* are violating the policy. mailbox to reply to the validation. Nothing more. But the people who are acting in good faith will have additional headache to not miss the validation to make all good. > >Gert Doering >-- NetMaster >-- >have you enabled IPv6 on something today...? > >SpaceNet AG Vorstand: Sebastian v. Bomhard, Michael Emmer >Joseph-Dollinger-Bogen 14Aufsichtsratsvors.: A. Grundner-Culemann >D-80807 Muenchen HRB: 136055 (AG Muenchen) >Tel: +49 (0)89/32356-444 USt-IdNr.: DE813185279 > > > > > ** > IPv4 is over > Are you ready for the new Internet ? > http://www.theipv6company.com > The IPv6 Company > > This electronic message contains information which may be privileged or confidential. The information is intended to be for the exclusive use of the individual(s) named above and further non-explicilty authorized disclosure, copying, distribution or use of the contents of this information, even if partially, including attached files, is strictly prohibited and will be considered a criminal offense. If you are not the intended recipient be aware that any disclosure, copying, distribution or use of the contents of this information, even if partially, including attached files, is strictly prohibited, will be considered a criminal offense, so you must reply to the original sender to inform about this communication and delete it. > > > > > -- Best regards Taras Heichenko ta...@hostmaster.ua ** IPv4 is over Are you ready for the new Internet ? http://www.theipv6company.com The IPv6 Company This electronic message contains information which may be privileged or confidential. The information is intended to be for the exclusive use of the individual(s) named above and further non-explicilty authorized disclosure, copying, distribution or use of the contents of this information, even if partially, including attached files, is strictly prohibited and will be considered a criminal offense. If you are not the intended recipient be aware that any disclosure, copying, distribution or use of the contents of this information, even if partially, including attached files, is strictly prohibited, will be considered a criminal offense, so you must reply to the original sender to inform about this communication and delete it.
Re: [anti-abuse-wg] 2019-04 New Policy Proposal (Validation of "abuse-mailbox")
Hi Gert, El 21/5/19 16:07, "Gert Doering" escribió: Hi, you are comparing the claimed cost savings on the side of the reporters with the very real extra costs incurred on the side of the abuse handlers. You can't do that, and come up with a positive result. The cost of TWO human validations per year, is negligible compared with the cost of TWO manual processes to report abuses when the abuse contact is not valid. (Well, you can, but that approach is very one-side and flawed at that) Gert Doering -- NetMaster -- have you enabled IPv6 on something today...? SpaceNet AG Vorstand: Sebastian v. Bomhard, Michael Emmer Joseph-Dollinger-Bogen 14Aufsichtsratsvors.: A. Grundner-Culemann D-80807 Muenchen HRB: 136055 (AG Muenchen) Tel: +49 (0)89/32356-444 USt-IdNr.: DE813185279 ** IPv4 is over Are you ready for the new Internet ? http://www.theipv6company.com The IPv6 Company This electronic message contains information which may be privileged or confidential. The information is intended to be for the exclusive use of the individual(s) named above and further non-explicilty authorized disclosure, copying, distribution or use of the contents of this information, even if partially, including attached files, is strictly prohibited and will be considered a criminal offense. If you are not the intended recipient be aware that any disclosure, copying, distribution or use of the contents of this information, even if partially, including attached files, is strictly prohibited, will be considered a criminal offense, so you must reply to the original sender to inform about this communication and delete it.
Re: [anti-abuse-wg] 2019-04 New Policy Proposal (Validation of "abuse-mailbox")
El 21/5/19 15:32, "Gert Doering" escribió: Hi, the whole point of your policy is the underlying assumption that people are *not* acting in good faith, so why all of a sudden assume they are? Is in the other way around. If you're acting in good faith, you should not have a problem to have a validation. The time you invest in a couple of validations per year, will be *much less* than the time that you *now* invest in unusable abuse contacts. Gert Doering -- NetMaster -- have you enabled IPv6 on something today...? SpaceNet AG Vorstand: Sebastian v. Bomhard, Michael Emmer Joseph-Dollinger-Bogen 14Aufsichtsratsvors.: A. Grundner-Culemann D-80807 Muenchen HRB: 136055 (AG Muenchen) Tel: +49 (0)89/32356-444 USt-IdNr.: DE813185279 ** IPv4 is over Are you ready for the new Internet ? http://www.theipv6company.com The IPv6 Company This electronic message contains information which may be privileged or confidential. The information is intended to be for the exclusive use of the individual(s) named above and further non-explicilty authorized disclosure, copying, distribution or use of the contents of this information, even if partially, including attached files, is strictly prohibited and will be considered a criminal offense. If you are not the intended recipient be aware that any disclosure, copying, distribution or use of the contents of this information, even if partially, including attached files, is strictly prohibited, will be considered a criminal offense, so you must reply to the original sender to inform about this communication and delete it.
Re: [anti-abuse-wg] 2019-04 New Policy Proposal (Validation of "abuse-mailbox")
Hi Gert, El 21/5/19 14:37, "Gert Doering" escribió: Hi, you cannot know if someone complies with the policy in good faith or not. And this is exactly the same for any other policies that we have adopted, and that doesn't preclude us to adopt them, because in any membership organization, we presume good faith from members? Gert Doering -- NetMaster -- have you enabled IPv6 on something today...? SpaceNet AG Vorstand: Sebastian v. Bomhard, Michael Emmer Joseph-Dollinger-Bogen 14Aufsichtsratsvors.: A. Grundner-Culemann D-80807 Muenchen HRB: 136055 (AG Muenchen) Tel: +49 (0)89/32356-444 USt-IdNr.: DE813185279 ** IPv4 is over Are you ready for the new Internet ? http://www.theipv6company.com The IPv6 Company This electronic message contains information which may be privileged or confidential. The information is intended to be for the exclusive use of the individual(s) named above and further non-explicilty authorized disclosure, copying, distribution or use of the contents of this information, even if partially, including attached files, is strictly prohibited and will be considered a criminal offense. If you are not the intended recipient be aware that any disclosure, copying, distribution or use of the contents of this information, even if partially, including attached files, is strictly prohibited, will be considered a criminal offense, so you must reply to the original sender to inform about this communication and delete it.
Re: [anti-abuse-wg] 2019-04 New Policy Proposal (Validation of "abuse-mailbox")
Hi Rich, El 21/5/19 9:31, "anti-abuse-wg en nombre de Rich Kulawiec" escribió: This is a bad idea and should be abandoned. The goal is fine: everyone/everything should have a valid abuse@ address per RFC 2142, decades of best practices, and inherent accountability to the entire Internet community. Everybody should pay attention to what shows up there, conduct investigations, mitigate problems, report/apologize as necessary, and so on. I've been on the record for a long time supporting this goal and that hasn't changed. However: 1. Sending UBE to abuse mailboxes is bad. Think about it. We have no other way, unless we have a standard widely adopted. Is also something being done today, with most of the abuse cases. What is wrong is to have a different form for every possible LIR/end-user in the world. Not workable. 2. Expecting people to follow URLs contained in messages to abuse If you read the example procedure in the proposal, this has been sorted out. mailboxes is a horrible idea. Penalizing them for not doing it is worse. Penalizing member of an RIR that don't follow policies, is the right thing to do. (Best practice for abuse handlers is to not use a mail client that parses HTML or a mail client with a GUI, for what I trust are obvious reasons.) 3. Whatever response mechanism is devised, it WILL be automated. I note the reference to "captchas" and suggest reading my recent comment on those in another recent thread here: briefly, they have long since been quite thoroughly beaten. They are worthless, and anyone using them or suggesting their use is woefully ignorant. It is up to the implementation to decide what is best, and I guess it will evolve along the time. 4. Knowing that abuse reports are accepted and read is nice, but not terribly useful. What matters is what's done with them, and that ranges from "investigated promptly and acted on decisively if they're shown to be accurate" to "ignored and discarded" to "forwarded to the abusers". I've preferred not to go into the fine line if there must be properly investigated and properly acted on, but this is something that the community can decide as well. I don't think is coherent to have a business providing Internet services and not have an AUP, or even worst, having an AUP not acting against that. This is a business that doesn't impact only in your own customers if you allow criminals in your network, it impacts the rest of the world, very different level of responsibility than any other business. And we (for a vague value of "we") already know this: we know because we've submitted abuse reports and observed outcomes for years. We know which operations never respond in any way and we know which ones hand data over to abusers (or *are* the abusers). We know this by practice and experience -- it's not something that can be automated. It takes time and effort and expertise to figure out. As indicated already several times, ideally, we have a standard, and then open source or commercial tools that take care of that as much as possible. However, meanwhile we need to act. 5. This approach fails the "what if everybody did it?" test quite badly. Sorry, not sure to understand your point here. 6. Of course, the moment something like this is deployed -- if not before -- bad actors will realize that copycatting it may well be an effective tactic to directly attack abuse desk operations and/or gather intelligence on them and/or compromise them. Again, if you read the policy there is an example of things that can be done to avoid that, such as periodically changing domains, subjects, etc. ---rsk ** IPv4 is over Are you ready for the new Internet ? http://www.theipv6company.com The IPv6 Company This electronic message contains information which may be privileged or confidential. The information is intended to be for the exclusive use of the individual(s) named above and further non-explicilty authorized disclosure, copying, distribution or use of the contents of this information, even if partially, including attached files, is strictly prohibited and will be considered a criminal offense. If you are not the intended recipient be aware that any disclosure, copying, distribution or use of the contents of this information, even if partially, including attached files, is strictly prohibited, will be considered a criminal offense, so you must reply to the original sender to inform about this communication and delete it.
Re: [anti-abuse-wg] 2019-04 New Policy Proposal (Validation of "abuse-mailbox")
Hi Gert, Yeah, I definitively should go to school, never went when I was a child. However, this is not a matter of math's, it is just a matter of responding too fast while sleeping only a couple of hours. Anyway, nobody knows how much will be the % at the end of the year, as this is not necessarily linear. Regards, Jordi El 18/5/19 19:07, "Gert Doering" escribió: Hi, On Sat, May 18, 2019 at 10:43:11AM +0200, JORDI PALET MARTINEZ via anti-abuse-wg wrote: > My team has nearly sent out 6000 abuse reports (only about intrusion > attempts and brute force attacks) since Jan 1st this year. > I've just checked, and only 2.5% bounced. 2018's bounces were around 4.5%. > > I guess that means that it is increasing. 2.5% is only for 5 first months of this year, so it may end up in 2019 you have 5-6% ? Learn math. Percentages are not added up. Absolutes numbers are, but there is no indication why the *relative* number would be any different in the second half of 2019. Gert Doering -- NetMaster -- have you enabled IPv6 on something today...? SpaceNet AG Vorstand: Sebastian v. Bomhard, Michael Emmer Joseph-Dollinger-Bogen 14Aufsichtsratsvors.: A. Grundner-Culemann D-80807 Muenchen HRB: 136055 (AG Muenchen) Tel: +49 (0)89/32356-444 USt-IdNr.: DE813185279 ** IPv4 is over Are you ready for the new Internet ? http://www.theipv6company.com The IPv6 Company This electronic message contains information which may be privileged or confidential. The information is intended to be for the exclusive use of the individual(s) named above and further non-explicilty authorized disclosure, copying, distribution or use of the contents of this information, even if partially, including attached files, is strictly prohibited and will be considered a criminal offense. If you are not the intended recipient be aware that any disclosure, copying, distribution or use of the contents of this information, even if partially, including attached files, is strictly prohibited, will be considered a criminal offense, so you must reply to the original sender to inform about this communication and delete it.
Re: [anti-abuse-wg] 2019-04 New Policy Proposal (Validation of "abuse-mailbox")
Hi Gert, I'm fine if it is outsourced to comply with the policy, of course, but not to circumvent it. I think any way to comply with policies is just fine if acting in good faith. Regards, Jordi El 18/5/19 19:03, "Gert Doering" escribió: Hi, On Sat, May 18, 2019 at 10:38:46AM +0200, JORDI PALET MARTINEZ via anti-abuse-wg wrote: > I have an idea. > > I will set up a service where everyone can have an e-mail address which > will totally follow everything you propose as validation mechanism - like, > click on tokes, report back in 10 minutes (even in the middle of the > night), etc. - LIRs that want to be spared this annoyance can just pay > me 50 EUR/month, and I'll handle all these chores for them. > > So, this would totally fulfill your proposed policy, and not help in any > bit with *abuse handling*. > > That automated system will be against the policy. I've already > worded it out in such way that is not possible this type of > "work-around the policy", at least it was my original intent to > avoid it. If I've broken something across more than 20 versions > that I edited internally since started, I will make sure to fix it > in the next version. Who said that this is automated? If enough LIRs give me 50 EUR/month, I can hire a few students who will sit there all day waiting for confirmation requests and dutifully do (as humans) what they are expected to do. You do not seem to be willing to listen: what you propose is sheer and uncalled-for extra annoyance for the vast majority of LIRs, and will do *nothing* to improve abuse handling. All it will do is ensure that someone wastes a few minutes of human lifetime on your challenge. And *that* can be nicely outsourced. Gert Doering -- NetMaster -- have you enabled IPv6 on something today...? SpaceNet AG Vorstand: Sebastian v. Bomhard, Michael Emmer Joseph-Dollinger-Bogen 14Aufsichtsratsvors.: A. Grundner-Culemann D-80807 Muenchen HRB: 136055 (AG Muenchen) Tel: +49 (0)89/32356-444 USt-IdNr.: DE813185279 ** IPv4 is over Are you ready for the new Internet ? http://www.theipv6company.com The IPv6 Company This electronic message contains information which may be privileged or confidential. The information is intended to be for the exclusive use of the individual(s) named above and further non-explicilty authorized disclosure, copying, distribution or use of the contents of this information, even if partially, including attached files, is strictly prohibited and will be considered a criminal offense. If you are not the intended recipient be aware that any disclosure, copying, distribution or use of the contents of this information, even if partially, including attached files, is strictly prohibited, will be considered a criminal offense, so you must reply to the original sender to inform about this communication and delete it.
Re: [anti-abuse-wg] 2019-04 New Policy Proposal (Validation of "abuse-mailbox")
Hi Töma, El 18/5/19 16:25, "anti-abuse-wg en nombre de Töma Gavrichenkov" escribió: On Thu, May 16, 2019, 11:42 PM Alex de Joode wrote: It seems you want to verify that a human reads the abuse box. This is actually a very bright proposal in view of the next generation economy. Everything would be machine learning and automated; cab drivers, delivery folks, factory and construction workers would lose their jobs; but we could then still adopt thousands if not millions of people, because there would be a requirement that abuse mailboxes would be to be handled by humans only. Science fiction warns though: at some point, an X-ray and MRI scans might become necessary to ensure compliance. Small clarification about what the proposal is asking for: “Avoid exclusively automated processing” So, I’m fine with automated processing, AI or anything that in the future we or our robots or the robots that they create for us, however the goal is to guarantee that at the end, instead of a “no response to an abuse report”, a human is reachable. -- Töma ** IPv4 is over Are you ready for the new Internet ? http://www.theipv6company.com The IPv6 Company This electronic message contains information which may be privileged or confidential. The information is intended to be for the exclusive use of the individual(s) named above and further non-explicilty authorized disclosure, copying, distribution or use of the contents of this information, even if partially, including attached files, is strictly prohibited and will be considered a criminal offense. If you are not the intended recipient be aware that any disclosure, copying, distribution or use of the contents of this information, even if partially, including attached files, is strictly prohibited, will be considered a criminal offense, so you must reply to the original sender to inform about this communication and delete it.
Re: [anti-abuse-wg] 2019-04 New Policy Proposal (Validation of "abuse-mailbox")
Hi Nick, El 18/5/19 15:38, "Nick Hilliard" escribió: JORDI PALET MARTINEZ via anti-abuse-wg wrote on 18/05/2019 14:32: > This will not work. > > Allowing every resource holder in the world to use their own form means > that you need to develop tons of specific reporting tools to match all > those specific formats and bring the cost of that to the victims. > Meanwhile, if reporting is done by email, attaching logs, it can be > processed by the ISP that get the money from the abusive customer, and > if the cost (if any) falls on the right side. So, either RIPE LIRs adopt Jordi's work flow for abuse complaint management, or the RIPE NCC will take away their internet addresses? I'm sure you know this, just in case ... policy proposals are precisely to find an agreement in the community, so yes, it is my proposal, but it is up to the community discussion to agree on what we believe is best, this is my understanding on rough consensus. I'm definitively for making sure that the victims don't have costs, as they aren't getting money for that. I think it is a perfect valid wish. In case you haven’t noticed it, APNIC already agreed with my proposal and is being implemented. Pity that we don't have a presentation of it in the next meeting, however, it was presented last week in LACNIC and you can follow the slides and video (English) here: https://www.lacnic.net/innovaportal/file/3635/1/lacnic31-apnic-policies-update-sunny.pdf For the video see minute 39:00: https://www.youtube.com/watch?v=eUU7-FTv-n0=youtu.be Wow. Nick ** IPv4 is over Are you ready for the new Internet ? http://www.theipv6company.com The IPv6 Company This electronic message contains information which may be privileged or confidential. The information is intended to be for the exclusive use of the individual(s) named above and further non-explicilty authorized disclosure, copying, distribution or use of the contents of this information, even if partially, including attached files, is strictly prohibited and will be considered a criminal offense. If you are not the intended recipient be aware that any disclosure, copying, distribution or use of the contents of this information, even if partially, including attached files, is strictly prohibited, will be considered a criminal offense, so you must reply to the original sender to inform about this communication and delete it.
Re: [anti-abuse-wg] 2019-04 New Policy Proposal (Validation of "abuse-mailbox")
This will not work.
Allowing every resource holder in the world to use their own form means that
you need to develop tons of specific reporting tools to match all those
specific formats and bring the cost of that to the victims. Meanwhile, if
reporting is done by email, attaching logs, it can be processed by the ISP that
get the money from the abusive customer, and if the cost (if any) falls on the
right side.
In addition to that, RFC5965 is only for reporting about email, but not other
abuse cases. I agree that ideally, we should have X-ARF as a standard for *any*
abuse reporting, and if you followed the previous discussion (a few weeks ago),
I’m already working on that, but this will take typically 2 years. When this
happens, we can update the existing policy to mandate the use of that standard.
Regards,
Jordi
El 18/5/19 14:36, "Alex de Joode" escribió:
Thanks Jordi,
You cannot force LIR's to act in the fashion below (that is wishful thinking).
However you can make transparant, how abuse desks deal with complaints.
I would therefore suggest the following:
Keep the current validation procedure, add a date to the abuse-whois, when the
address was last sucessfully checked.
Give LIR's the options to add an acceptable abuse format for automated
processing to the whois.
By this you - make visible the adres works;
- make the abuse
whois act as a source for how responsible organisations deal with abuse.
I could image there would be the one or more of the following options:
{blank} = not filled in by LIR
{manual} = LIR handles abuse in a manual fashion
{XARF} = accepts Xarf/RFC5965 form and handles them automatically
{other specification, maybe with URL}
{api with url}
{'whatever'}
This would be more valuable for the whole global abuse handling process than
the burdensome time waster that is now proposed.
--
IDGARA | Alex de Joode | +31651108221
On Sat, 18-05-2019 13h 31min, JORDI PALET MARTINEZ via anti-abuse-wg
wrote:
Hi Alex,
The intent of this policy is to ensure that the validation process is useful,
and that means ensuring that the inbox is working, real (not from somebody
else), monitored for abuse reports (automatically is ok if it really works, but
there must be a way for human participation), and that those that send abuse
reports don’t need to use a different form for every possible LIR in the world,
which is not viable (unless there is a common standard for that – work in
parallel but may take years).
A responsible organization will deal with abuse reports, and having a working
abuse-c is part of it, otherwise people can’t report abuse cases. If abuse
cases are ignored you escalate to the NCC or courts, or whatever, that’s
another layer.
Regards,
Jordi
El 16/5/19 22:42, "anti-abuse-wg en nombre de Alex de Joode"
escribió:
Ola,
It's unclear to me what you are trying to accomplish with this policy:
1. ensure ripe members have a working (as in receiving mail) abuse email
address;
2. ensure ripe members have a working abuse email address and process
incoming mails;
3. ensure ripe members have a working abuse email address and read it;
4. ensure ripe members have a working abuse email address and act
responsibly on notices.
It seems you want to verify that a human reads the abuse box. However this will
tell you nothing about how an organisation actually deals with abuse. So it
will only burden ripe members to no avail.
It is my belief ripe should stick to technical verification that a abuse email
box exists and is able to receive mail. Ripe is not the internet sheriff :)
Cheers,
Alex
--
IDGARA | Alex de Joode | +31651108221
**
IPv4 is over
Are you ready for the new Internet ?
http://www.theipv6company.com
The IPv6 Company
This electronic message contains information which may be privileged or
confidential. The information is intended to be for the exclusive use of the
individual(s) named above and further non-explicilty authorized disclosure,
copying, distribution or use of the contents of this information, even if
partially, including attached files, is strictly prohibited and will be
considered a criminal offense. If you are not the intended recipient be aware
that any disclosure, copying, distribution or use of the contents of this
information, even if partially, including attached files, is strictly
prohibited, will be considered a criminal offense, so you must reply to the
original sender to inform about this communication and delete it.
**
IPv4 is over
Are you ready for the new Internet ?
http://www.theipv6company.com
The IPv6 Company
This electronic message contains information which may be privileged or
confident
Re: [anti-abuse-wg] 2019-04 New Policy Proposal (Validation of "abuse-mailbox")
Hi Alex, The intent of this policy is to ensure that the validation process is useful, and that means ensuring that the inbox is working, real (not from somebody else), monitored for abuse reports (automatically is ok if it really works, but there must be a way for human participation), and that those that send abuse reports don’t need to use a different form for every possible LIR in the world, which is not viable (unless there is a common standard for that – work in parallel but may take years). A responsible organization will deal with abuse reports, and having a working abuse-c is part of it, otherwise people can’t report abuse cases. If abuse cases are ignored you escalate to the NCC or courts, or whatever, that’s another layer. Regards, Jordi El 16/5/19 22:42, "anti-abuse-wg en nombre de Alex de Joode" escribió: Ola, It's unclear to me what you are trying to accomplish with this policy: 1. ensure ripe members have a working (as in receiving mail) abuse email address; 2. ensure ripe members have a working abuse email address and process incoming mails; 3. ensure ripe members have a working abuse email address and read it; 4. ensure ripe members have a working abuse email address and act responsibly on notices. It seems you want to verify that a human reads the abuse box. However this will tell you nothing about how an organisation actually deals with abuse. So it will only burden ripe members to no avail. It is my belief ripe should stick to technical verification that a abuse email box exists and is able to receive mail. Ripe is not the internet sheriff :) Cheers, Alex -- IDGARA | Alex de Joode | +31651108221 ** IPv4 is over Are you ready for the new Internet ? http://www.theipv6company.com The IPv6 Company This electronic message contains information which may be privileged or confidential. The information is intended to be for the exclusive use of the individual(s) named above and further non-explicilty authorized disclosure, copying, distribution or use of the contents of this information, even if partially, including attached files, is strictly prohibited and will be considered a criminal offense. If you are not the intended recipient be aware that any disclosure, copying, distribution or use of the contents of this information, even if partially, including attached files, is strictly prohibited, will be considered a criminal offense, so you must reply to the original sender to inform about this communication and delete it.
Re: [anti-abuse-wg] 2019-04 New Policy Proposal (Validation of "abuse-mailbox")
El 17/5/19 10:41, "anti-abuse-wg en nombre de Carlos Friaças via anti-abuse-wg" escribió: Hi All, I'm not sure about the 6 month period (vs. 12 months), and probably some details can be improved in further versions, but i do support this proposal, which is clearly in the path of "anti-abuse". My team has nearly sent out 6000 abuse reports (only about intrusion attempts and brute force attacks) since Jan 1st this year. I've just checked, and only 2.5% bounced. 2018's bounces were around 4.5%. I guess that means that it is increasing. 2.5% is only for 5 first months of this year, so it may end up in 2019 you have 5-6% ? I've looked at my own network and the situation is even worst. Major number of abuse reports for me are intrusion attempts, attempts to use our SIP and SPAM. In total, the average number of abuse reports per month is about 3.800 (99% are automated). Bounces increase from previous year, average, is 23%. Maybe when we start to send out (automated) abuse reports about spam, the percentage will increase. We also send messages, globally, so solving the issue only in RIPEland will have limited impact. I've read this is already under implementation in another region, and proposed in the remaining 3 -- great! I also think some reference to the ARC (Assisted Registry Check) could be included in the proposal, and could work as a primary step well before going into other actions which can carry more impact. Regards, Carlos On Thu, 16 May 2019, Marco Schmidt wrote: > Dear colleagues, > > A new RIPE Policy proposal, 2019-04, "Validation of "abuse-mailbox"", is now available for discussion. > > This proposal aims to have the RIPE NCC validate "abuse-c:" information more often, and introduces a new validation process that requires manual input from resource holders. > > You can find the full proposal at: > https://www.ripe.net/participate/policies/proposals/2019-04 > > As per the RIPE Policy Development Process (PDP), the purpose of this four-week Discussion Phase is to discuss the proposal and provide feedback to the proposer. > > At the end of the Discussion Phase, the proposer, with the agreement of the Anti-Abuse Working Group Chairs, decides how to proceed with the proposal. > > We encourage you to review this proposal and send your comments to before 14 June 2019. > > Kind regards, > > Marco Schmidt > Policy Officer > RIPE NCC > > Sent via RIPE Forum -- https://www.ripe.net/participate/mail/forum > ** IPv4 is over Are you ready for the new Internet ? http://www.theipv6company.com The IPv6 Company This electronic message contains information which may be privileged or confidential. The information is intended to be for the exclusive use of the individual(s) named above and further non-explicilty authorized disclosure, copying, distribution or use of the contents of this information, even if partially, including attached files, is strictly prohibited and will be considered a criminal offense. If you are not the intended recipient be aware that any disclosure, copying, distribution or use of the contents of this information, even if partially, including attached files, is strictly prohibited, will be considered a criminal offense, so you must reply to the original sender to inform about this communication and delete it.
Re: [anti-abuse-wg] 2019-04 New Policy Proposal (Validation of "abuse-mailbox")
El 18/5/19 10:35, "Gert Doering" escribió: Hi, On Sat, May 18, 2019 at 10:28:45AM +0200, JORDI PALET MARTINEZ via anti-abuse-wg wrote: > So, please state *first* what is wrong or insufficient with the current > process, and why these added complications would improve the end goal: > abuse reports sent to ISPs are handled "better" (in a to-be-defined > metric). > > A process that allows to use emails from other random people is not a *real validation* it looks closer to a joke. If the NCC's existing abuse mail validation mails hit other people's mailboxes, those can report back, and the NCC will surely follow up with the LIR that did this incorrect entry. I have an idea. I will set up a service where everyone can have an e-mail address which will totally follow everything you propose as validation mechanism - like, click on tokes, report back in 10 minutes (even in the middle of the night), etc. - LIRs that want to be spared this annoyance can just pay me 50 EUR/month, and I'll handle all these chores for them. So, this would totally fulfill your proposed policy, and not help in any bit with *abuse handling*. That automated system will be against the policy. I've already worded it out in such way that is not possible this type of "work-around the policy", at least it was my original intent to avoid it. If I've broken something across more than 20 versions that I edited internally since started, I will make sure to fix it in the next version. Can you now see why your proposal is useless in achieving it (not very clearly stated) goal? And if something is not useful towards the goal, but has lots of drawbacks, it should not be followed. Gert Doering -- NetMaster -- have you enabled IPv6 on something today...? SpaceNet AG Vorstand: Sebastian v. Bomhard, Michael Emmer Joseph-Dollinger-Bogen 14Aufsichtsratsvors.: A. Grundner-Culemann D-80807 Muenchen HRB: 136055 (AG Muenchen) Tel: +49 (0)89/32356-444 USt-IdNr.: DE813185279 ** IPv4 is over Are you ready for the new Internet ? http://www.theipv6company.com The IPv6 Company This electronic message contains information which may be privileged or confidential. The information is intended to be for the exclusive use of the individual(s) named above and further non-explicilty authorized disclosure, copying, distribution or use of the contents of this information, even if partially, including attached files, is strictly prohibited and will be considered a criminal offense. If you are not the intended recipient be aware that any disclosure, copying, distribution or use of the contents of this information, even if partially, including attached files, is strictly prohibited, will be considered a criminal offense, so you must reply to the original sender to inform about this communication and delete it.
Re: [anti-abuse-wg] 2019-04 New Policy Proposal (Validation of "abuse-mailbox")
El 18/5/19 9:56, "anti-abuse-wg en nombre de Gert Doering" escribió: Hi, On Sat, May 18, 2019 at 12:02:48AM +0100, Carlos Friaças wrote: > > There is no indication that the complications Jordi is proposing are > > an actual improvement in any metric, except "human life time wasted". > > Starting with "complications" is really not that constructive. > > If the process is too complex let's work on it, and make it simpler where > it is possible. We have an existing process that is the result of a PDP discussed in this very working group, reflecting community consensus on the balance between checking and annoyance. Nobody has made a convincing argument why this needs to be made stricter and more time consuming. > Trying to build a softer approach, maybe the NCC doesn't need to send > _everyone_ a message twice a year, but if someone finds an abuse-mailbox > to be unresponsive, then if it is mandatory to have a working > contact/mailbox, the NCC could only get into the picture when someone > detects that is not in place. > > Or is _that_ already in place...? We *HAVE* a process to check abuse contacts. We *HAVE* ARCs. So, please state *first* what is wrong or insufficient with the current process, and why these added complications would improve the end goal: abuse reports sent to ISPs are handled "better" (in a to-be-defined metric). A process that allows to use emails from other random people is not a *real validation* it looks closer to a joke. Note: taking away lifetime from the people doing abuse mail handling is not going to make them more enthusiastic about doing their job. Gert Doering -- NetMaster -- have you enabled IPv6 on something today...? SpaceNet AG Vorstand: Sebastian v. Bomhard, Michael Emmer Joseph-Dollinger-Bogen 14Aufsichtsratsvors.: A. Grundner-Culemann D-80807 Muenchen HRB: 136055 (AG Muenchen) Tel: +49 (0)89/32356-444 USt-IdNr.: DE813185279 ** IPv4 is over Are you ready for the new Internet ? http://www.theipv6company.com The IPv6 Company This electronic message contains information which may be privileged or confidential. The information is intended to be for the exclusive use of the individual(s) named above and further non-explicilty authorized disclosure, copying, distribution or use of the contents of this information, even if partially, including attached files, is strictly prohibited and will be considered a criminal offense. If you are not the intended recipient be aware that any disclosure, copying, distribution or use of the contents of this information, even if partially, including attached files, is strictly prohibited, will be considered a criminal offense, so you must reply to the original sender to inform about this communication and delete it.
Re: [anti-abuse-wg] 2019-04 New Policy Proposal (Validation of "abuse-mailbox")
Internet is global, so local customs are from the "Internet planet". El 17/5/19 12:16, "Gert Doering" escribió: Hi, On Fri, May 17, 2019 at 12:13:12PM +0200, JORDI PALET MARTINEZ wrote: > Anyway, this is a curious thing ... last week I was asked in the LACNIC meeting policy session to avoid responding in-line to emails about policy discussions. "If you go to Rome, do as the romans do" = "follow local customs" And Outlook *can* do that. Gert Doering -- NetMaster -- have you enabled IPv6 on something today...? SpaceNet AG Vorstand: Sebastian v. Bomhard, Michael Emmer Joseph-Dollinger-Bogen 14Aufsichtsratsvors.: A. Grundner-Culemann D-80807 Muenchen HRB: 136055 (AG Muenchen) Tel: +49 (0)89/32356-444 USt-IdNr.: DE813185279 ** IPv4 is over Are you ready for the new Internet ? http://www.theipv6company.com The IPv6 Company This electronic message contains information which may be privileged or confidential. The information is intended to be for the exclusive use of the individual(s) named above and further non-explicilty authorized disclosure, copying, distribution or use of the contents of this information, even if partially, including attached files, is strictly prohibited and will be considered a criminal offense. If you are not the intended recipient be aware that any disclosure, copying, distribution or use of the contents of this information, even if partially, including attached files, is strictly prohibited, will be considered a criminal offense, so you must reply to the original sender to inform about this communication and delete it.
Re: [anti-abuse-wg] 2019-04 New Policy Proposal (Validation of "abuse-mailbox")
My email client doesn't allow me to do it in a different way (Outlook for Mac). If somebody is able to help, I'm happy. I can't change my client, for different and long to explain business reasons. Anyway, this is a curious thing ... last week I was asked in the LACNIC meeting policy session to avoid responding in-line to emails about policy discussions. So, I'm confused. Regards, Jordi El 17/5/19 12:08, "anti-abuse-wg en nombre de Brian Nisbet" escribió: Folks, > -Original Message- > From: anti-abuse-wg On Behalf Of Gert > Doering > Sent: Friday 17 May 2019 11:03 > > And, at least try the minimum amount of politeness in quoting according to > local customs. > > (@chairs: can i propose a policy that makes it required policy to do proper e- > mail quoting style, and otherwise people will permanently lose their Internet > access? This would arguably only hit bad people and would be so much relief > from this continuos abuse of my eyes!) Can we please let this particular one go? For various reasons, such as software, style and the changing nature of reality, top posting is a common thing. This is the reality. I realise it breaks sacred oaths and trusts and I also understand a lot of people find it more difficult to parse, but it's the reality and, even if it could be changed, remarks on this mailing list will not change it. I am happy to discuss this further with you over a beverage at the meeting next week, but it ain't gonna change, so I do not believe it's helpful to any discussion to continue to refer to it. Thanks, Brian (Only slightly with his Co-Chair hat on, this is more of a hope than anything else...) Brian Nisbet Service Operations Manager HEAnet CLG, Ireland's National Education and Research Network 1st Floor, 5 George's Dock, IFSC, Dublin D01 X8N7, Ireland +35316609040 brian.nis...@heanet.ie www.heanet.ie Registered in Ireland, No. 275301. CRA No. 20036270 ** IPv4 is over Are you ready for the new Internet ? http://www.theipv6company.com The IPv6 Company This electronic message contains information which may be privileged or confidential. The information is intended to be for the exclusive use of the individual(s) named above and further non-explicilty authorized disclosure, copying, distribution or use of the contents of this information, even if partially, including attached files, is strictly prohibited and will be considered a criminal offense. If you are not the intended recipient be aware that any disclosure, copying, distribution or use of the contents of this information, even if partially, including attached files, is strictly prohibited, will be considered a criminal offense, so you must reply to the original sender to inform about this communication and delete it.
