Re: [anti-abuse-wg] @EXT: RE: working in new version of 2019-04 (Validation of "abuse-mailbox")

I suspect this stems from the incorrect assumption that Section 230 style protections extend outside the US. Even if they did, I don't think that they would be enough to allow for the NCC to start "naming and shaming" companies / members based on this kind of thing -- Mr Michele Neylon

Re: [anti-abuse-wg] @EXT: RE: working in new version of 2019-04 (Validation of "abuse-mailbox")

In message <1609071e-bf44-4e1d-9c81-98616f11b...@consulintel.es>, JORDI PALET MARTINEZ via anti-abuse-wg writes >
El 16/1/20 21:37, "anti-abuse-wg en nombre de Richard Clayton" boun...@ripe.net en nombre de rich...@highwayman.com> escribió: > >In message , JORDI >PALET MARTINEZ via

Re: [anti-abuse-wg] @EXT: RE: working in new version of 2019-04 (Validation of "abuse-mailbox")

Not you either. There are many others vocally arguing for complete inaction. —srs From: Gert Doering Sent: Friday, January 17, 2020 1:34 PM To: Suresh Ramasubramanian Cc: Randy Bush; anti-abuse-wg@ripe.net Subject: Re: [anti-abuse-wg] @EXT: RE: working in new

Re: [anti-abuse-wg] @EXT: RE: working in new version of 2019-04 (Validation of "abuse-mailbox")

Hi Denis, El 17/1/20 0:30, "ripede...@yahoo.co.uk" escribió: Colleagues I have just read this whole thread, it took a while (I should get sick more often and spend a day in bed reading emails). I have a few points to make. Some are similar to points already raised but I will

Re: [anti-abuse-wg] @EXT: RE: working in new version of 2019-04 (Validation of "abuse-mailbox")

Hi Richard, El 16/1/20 21:37, "anti-abuse-wg en nombre de Richard Clayton" escribió: In message , JORDI PALET MARTINEZ via anti-abuse-wg writes >So, if I'm reading it correctly (not being a lawyer), a service provider not >acting against abuse when it has been

Re: [anti-abuse-wg] @EXT: RE: working in new version of 2019-04 (Validation of "abuse-mailbox")

Sérgio, I’m not sure if you’ve had the opportunity to read the RIPE Policy Development Process - https://www.ripe.net/participate/policies - but it lays out how policy is created in the community. Very deliberately this is not a vote, it comes out of discussion (which can, at times, seem to

Re: [anti-abuse-wg] @EXT: RE: working in new version of 2019-04 (Validation of "abuse-mailbox")

Hi, On Fri, Jan 17, 2020 at 02:44:30AM +, Suresh Ramasubramanian wrote: > Database and routing people who haven???t worked security or don???t want > security roles trying to lecture people who work cert and abuse roles on why > something abuse mitigation related won???t work is always

Re: [anti-abuse-wg] @EXT: RE: working in new version of 2019-04 (Validation of "abuse-mailbox")

Envoyé de mon iPhone par René Briaut Le 17 janv. 2020 à 07:48, Fi Shing a écrit : Your email presumes that an "ombudsman" model would resolve an issue. If a person has dedicated themselves to controlling a 200,000 strong botnet and sending spam emails through unauthorised access etc.

Re: [anti-abuse-wg] @EXT: RE: working in new version of 2019-04 (Validation of "abuse-mailbox")

Your email presumes that an "ombudsman" model would resolve an issue. If a person has dedicated themselves to controlling a 200,000 strong botnet and sending spam emails through unauthorised access etc. what is sending them a fancy piece of paper or an email "asking them to be nice" going to

Re: [anti-abuse-wg] @EXT: RE: working in new version of 2019-04 (Validation of "abuse-mailbox")

> Database and routing people who haven’t worked security or don’t want > security roles trying to lecture people who work cert and abuse roles > on why something abuse mitigation related won’t work is always > interesting. Not you Randy but many other posters in this thread. lecturing such bs at

Re: [anti-abuse-wg] @EXT: RE: working in new version of 2019-04 (Validation of "abuse-mailbox")

Database and routing people who haven’t worked security or don’t want security roles trying to lecture people who work cert and abuse roles on why something abuse mitigation related won’t work is always interesting. Not you Randy but many other posters in this thread. --srs

Re: [anti-abuse-wg] @EXT: RE: working in new version of 2019-04 (Validation of "abuse-mailbox")

In message <2ff201d5cccf$f6ffe640$e4ffb2c0$@makeitsimple.pt>, "=?iso-8859-1?Q?S=E9rgio_Rocha?=" wrote: >Someone said: You must be new here, yes it's true, I'm on the list for a >few months. Maybe that's why you're still optimistic. You completely mis-read my comment. What I meant was that you

Re: [anti-abuse-wg] @EXT: RE: working in new version of 2019-04 (Validation of "abuse-mailbox")

In message , Volker Greimann wrote: >As the abuse using domains registered through us usually does not happen >on our networks, we have zero ability to detect it in advance, all we >can do is take care of them after the fact, which we do dilligently. We >have a team tasked exclusively with

Re: [anti-abuse-wg] @EXT: RE: working in new version of 2019-04 (Validation of "abuse-mailbox")

Hello everyone, Someone said: You must be new here, yes it's true, I'm on the list for a few months. Maybe that's why you're still optimistic. Someone said that the shower of comments against any proposed amendment was Democracy. Maybe that is what we really need. Many complain that this

Re: [anti-abuse-wg] @EXT: RE: working in new version of 2019-04 (Validation of "abuse-mailbox")

I’ve been following this mailing list for the last couple of years having read far too many arguments resulting in next to no progress. This post from Denis was a refreshing read and one that many should read more than once! Thank you Denis for a reasoned, adult (accepting the UK jab) and

Re: [anti-abuse-wg] @EXT: RE: working in new version of 2019-04 (Validation of "abuse-mailbox")

> It’d be interesting to take individual names of the people most vocal > in their objections and feed them through LinkedIn - that assumption > you made about dealing with spam would soon be tested. give me a hand here. how is this construcive and helpful for the internet operations community?

Re: [anti-abuse-wg] @EXT: RE: working in new version of 2019-04 (Validation of "abuse-mailbox")

It’d be interesting to take individual names of the people most vocal in their objections and feed them through LinkedIn - that assumption you made about dealing with spam would soon be tested. --srs From: anti-abuse-wg on behalf of Randy Bush Sent:

Re: [anti-abuse-wg] @EXT: RE: working in new version of 2019-04 (Validation of "abuse-mailbox")

Colleagues I have just read this whole thread, it took a while (I should get sick more often and spend a day in bed reading emails). I have a few points to make. Some are similar to points already raised but I will reinforce them. I cut out the bits I want to respond to, but sorry I have not

Re: [anti-abuse-wg] @EXT: RE: working in new version of 2019-04 (Validation of "abuse-mailbox")

In message , JORDI PALET MARTINEZ via anti-abuse-wg writes >So, if I'm reading it correctly (not being a lawyer), a service provider not >acting against abuse when it has been informed of so, is liable. don't get confused between the "Hosting" and "Mere Conduit" provisions > I'm sure if the

Re: [anti-abuse-wg] @EXT: RE: working in new version of 2019-04 (Validation of "abuse-mailbox")

Hi, do you talk to your mother with that mouth? Does she know how you behave yourself on the internet? Whatever you assume I know about the volume of illegal use, I dispute that. Most of our customers are legitimate businesses using their domain names in legitimate ways. Your vitriole will

Re: [anti-abuse-wg] @EXT: RE: working in new version of 2019-04 (Validation of "abuse-mailbox")

Hi Alex, Undersood, and thanks a lot; it is very helpful to know that the ecommerce directive has a problem. As said, I’m not advocating for RIPE to take actions if the operator doesn’t react on an abuse case. What I’m trying to make sure, mainly, is that the abuse contact is a *real

Re: [anti-abuse-wg] @EXT: RE: working in new version of 2019-04 (Validation of "abuse-mailbox")

In message , Volker Greimann wrote: >Hi Robert, The nane is Ron, actually. >in 99,9% of the cases, the customer we forward the complaint to is not >the spammer, but the service provider used by the spammer for their >domain registration services, e.g. the party who has the closer

Re: [anti-abuse-wg] @EXT: RE: working in new version of 2019-04 (Validation of "abuse-mailbox")

Hi Alex, My reading of the eCommerce Directive (https://eur-lex.europa.eu/legal-content/EN/ALL/?uri=CELEX:32000L0031) is different. Some points (most relevant text only): (40) …  the provisions of this Directive relating to liability should not preclude the development and effective

Re: [anti-abuse-wg] @EXT: RE: working in new version of 2019-04 (Validation of "abuse-mailbox")

> I do not see so far any concrete proposal in the sense of addressing > issues, only shooting down proposals (for good or bad reasons the desire to stop a whack-a-mole does not imply a responsibility to make moles. a lot of folk here actually deal with spam, or likely they would not be on this

Re: [anti-abuse-wg] @EXT: RE: working in new version of 2019-04 (Validation of "abuse-mailbox")

On Thu, Jan 16, 2020 at 03:36:46PM +, Marcolla, Sara Veronica wrote: Alex, You say ???they just feel this issue should be address via leveraging RIPE resouces???, but I do not see so far any concrete proposal in the sense of addressing issues, only shooting down proposals (for good or bad

Re: [anti-abuse-wg] @EXT: RE: working in new version of 2019-04 (Validation of "abuse-mailbox")

​Jordi, Nice analogy, but when you add the eCommerce Directive into the mix, where a network provider (or hosting provider) is not liable for what their users do, the outcome changes. Only if you have knowledge there might be a possibility for liability, but if you do not accept abuse notices,

Re: [anti-abuse-wg] @EXT: RE: working in new version of 2019-04 (Validation of "abuse-mailbox")

Hi Alex, El 16/1/20 16:30, "anti-abuse-wg en nombre de Alex de Joode" escribió: Hi Sara, The issue with your statement below is that RIPE NCC cannot (legally, under Dutch contract law) disconnect resources if a resource holder (or more likely his customer) does not (properly)

Re: [anti-abuse-wg] @EXT: RE: working in new version of 2019-04 (Validation of "abuse-mailbox")

Hi Volker, El 16/1/20 16:03, "anti-abuse-wg en nombre de Volker Greimann" escribió: Hi Jordi, your example seems a bit off though. If your contract is with your ISP and you need to complain to them, why would you complain to another ISP you have no contract with? Text was not

Re: [anti-abuse-wg] @EXT: RE: working in new version of 2019-04 (Validation of "abuse-mailbox")

Hi Sara, The issue with your statement below is that RIPE NCC cannot (legally, under Dutch contract law) disconnect resources if a resource holder (or more likely his customer) does not (properly) deal with abuse complaints. (for instance due to reasons of proportionality) ​ Currently RIPE NCC

Re: [anti-abuse-wg] @EXT: RE: working in new version of 2019-04 (Validation of "abuse-mailbox")

In message <23ad49c8-8fc4-41fa-a8fc-cae3479ad...@key-systems.net>, Volker Greimann wrote: >In the domain industry, we were required to provide an abuse contact, >however the reports we get to that address usually deal with issues we >cannot do much about other than pulling or deactivating the

Re: [anti-abuse-wg] @EXT: RE: working in new version of 2019-04 (Validation of "abuse-mailbox")

Good evening! I fully understand that why RIPE abuse policy is a subject of community agreement. It dates back to the history of internet and back when it was mainly academic with few services and dependencies to the functioning of the society and state. Every day we in CERT-EE send out a number

Re: [anti-abuse-wg] @EXT: RE: working in new version of 2019-04 (Validation of "abuse-mailbox")

Hi Jordi, your example seems a bit off though. If your contract is with your ISP and you need to complain to them, why would you complain to another ISP you have no contract with? I agree that current GDPR implementations may impact the contactibility of the customer, but that can be

Re: [anti-abuse-wg] @EXT: RE: working in new version of 2019-04 (Validation of "abuse-mailbox")

Hi Volker, I don’t agree with that, because: I believe the electricity sample I provided proves otherwise. My contract is with the electricity provider (the Internet provider), so I need to complain to them and they need to follow the chain. For a victim, to complain directly to the customer

Re: [anti-abuse-wg] @EXT: RE: working in new version of 2019-04 (Validation of "abuse-mailbox")

Obviously every user should lock their doors / protect themselves against fraud. I am just saying that the ability of many service providers to curtail abuse of their system (without impacting legitimate uses) is very limited as it may not their customers doing the abusing and any targeted

Re: [anti-abuse-wg] @EXT: RE: working in new version of 2019-04 (Validation of "abuse-mailbox")

El 16/1/20 15:25, "anti-abuse-wg en nombre de Ronald F. Guilmette" escribió: In message , JORDI PALET MARTINEZ via anti-abuse-wg wrote: >I'm sure that this is the same in every EU country. Can we agree on that? Quite certainly not! Doing so would break ALL

Re: [anti-abuse-wg] @EXT: RE: working in new version of 2019-04 (Validation of "abuse-mailbox")

In message , JORDI PALET MARTINEZ via anti-abuse-wg wrote: >I'm sure that this is the same in every EU country. Can we agree on that? Quite certainly not! Doing so would break ALL established precedent! When was the last time this working group agreed on *anything*? Regards, rfg P.S.

Re: [anti-abuse-wg] @EXT: RE: working in new version of 2019-04 (Validation of "abuse-mailbox")

Let’s try to see it from another perspective. If you’re an electricity provider, and one of your customers injects 1.000 v into the network and thus create damages to other customers (even from other electricity providers), the electricity provider must have the means to resolve the

Re: [anti-abuse-wg] @EXT: RE: working in new version of 2019-04 (Validation of "abuse-mailbox")

Hi Volker On 16/01/2020 15:03, Volker Greimann wrote: > isn't making the world (and the internet) first and foremost a job of > law enforcement agencies like the police and Europol? Law enforcement's job primarily is arresting criminals. And yes they do prevention. But you can't stop locking

Re: [anti-abuse-wg] @EXT: RE: working in new version of 2019-04 (Validation of "abuse-mailbox")

In message , JORDI PALET MARTINEZ wrote: >{... quoting Sara...} >"Complete, accurate information goes hand in hand with a duty of care..." A simple proposal: Be it resolved that: Henceforth, and until this policy is retracted, it shall be the policy and practice of RIPE

[anti-abuse-wg] @EXT: RE: working in new version of 2019-04 (Validation of "abuse-mailbox")

Hi Volker, Did you realize you just proved Sergio’s point? I do agree, Law Enforcement have a duty in maintaining security. But as it happens that municipalities have a duty in maintaining the roads clean of litter and organize pick-ups for rubbish, this does not exempt all citizens and

Re: [anti-abuse-wg] @EXT: RE: working in new version of 2019-04 (Validation of "abuse-mailbox")

In message <33b2e10eb9694eadb4bdaba30eb25...@elvas.europol.eu.int>, "Marcolla, Sara Veronica" wrote: >If the community does not agree that everyone has the right to a safe, spam >free, crime free Internet, maybe we have some issue to solve here first. Welcome to the Working Group. You must be

Re: [anti-abuse-wg] @EXT: RE: working in new version of 2019-04 (Validation of "abuse-mailbox")

Hi Sara, isn't making the world (and the internet) first and foremost a job of law enforcement agencies like the police and Europol? While I agree that everyone has a role to play, crime prevention and protection of the public is part of the LEA job description, right? Civil society entities

[anti-abuse-wg] @EXT: RE: working in new version of 2019-04 (Validation of "abuse-mailbox")

Hi Jordi, Indeed. However, it’s exactly what policies like the abuse –c and this new iteration of your proposal are trying to solve. Apparently, in a sea of denial/counterarguments/gaslighting. I do indeed hope more “security” people from ISPs and CERTs can join the discourse and make it

Re: [anti-abuse-wg] @EXT: RE: working in new version of 2019-04 (Validation of "abuse-mailbox")

Hi Sara, While I fully agree with Sergio and yourself, the issue here is that this part of your text “Complete, accurate information goes hand in hand with a duty of care, of promptly taking actions against abuse, and should be accompanied by a social responsibility of trying to make

[anti-abuse-wg] @EXT: RE: working in new version of 2019-04 (Validation of "abuse-mailbox")

Very well put, Sérgio. Thank you for voicing clearly the concern of (at least a part of) the community. We should not forget that, according to the provisions of RIPE NCC audits, “every party that has entered into an agreement with the RIPE NCC is contractually obliged to provide the RIPE NCC