I suspect this stems from the incorrect assumption that Section 230 style
protections extend outside the US.
Even if they did, I don't think that they would be enough to allow for the NCC
to start "naming and shaming" companies / members based on this kind of thing
--
Mr Michele Neylon
In message <1609071e-bf44-4e1d-9c81-98616f11b...@consulintel.es>, JORDI
PALET MARTINEZ via anti-abuse-wg writes
>El 16/1/20 21:37, "anti-abuse-wg en nombre de Richard Clayton" boun...@ripe.net en nombre de rich...@highwayman.com> escribió:
>
>In message , JORDI
>PALET MARTINEZ via
Not you either. There are many others vocally arguing for complete inaction.
—srs
From: Gert Doering
Sent: Friday, January 17, 2020 1:34 PM
To: Suresh Ramasubramanian
Cc: Randy Bush; anti-abuse-wg@ripe.net
Subject: Re: [anti-abuse-wg] @EXT: RE: working in new
Hi Denis,
El 17/1/20 0:30, "ripede...@yahoo.co.uk" escribió:
Colleagues
I have just read this whole thread, it took a while (I should get sick more
often and spend a day in bed reading emails). I have a few points to make. Some
are similar to points already raised but I will
Hi Richard,
El 16/1/20 21:37, "anti-abuse-wg en nombre de Richard Clayton"
escribió:
In message , JORDI
PALET MARTINEZ via anti-abuse-wg writes
>So, if I'm reading it correctly (not being a lawyer), a service provider
not
>acting against abuse when it has been
Sérgio,
I’m not sure if you’ve had the opportunity to read the RIPE Policy Development
Process - https://www.ripe.net/participate/policies - but it lays out how
policy is created in the community.
Very deliberately this is not a vote, it comes out of discussion (which can, at
times, seem to
Hi,
On Fri, Jan 17, 2020 at 02:44:30AM +, Suresh Ramasubramanian wrote:
> Database and routing people who haven???t worked security or don???t want
> security roles trying to lecture people who work cert and abuse roles on why
> something abuse mitigation related won???t work is always
Envoyé de mon iPhone par René Briaut
Le 17 janv. 2020 à 07:48, Fi Shing a écrit :
Your email presumes that an "ombudsman" model would resolve an issue.
If a person has dedicated themselves to controlling a 200,000 strong botnet and
sending spam emails through unauthorised access etc.
Your email presumes that an "ombudsman" model would resolve an issue.
If a person has dedicated themselves to controlling a 200,000 strong botnet and
sending spam emails through unauthorised access etc. what is sending them a
fancy piece of paper or an email "asking them to be nice" going to
> Database and routing people who haven’t worked security or don’t want
> security roles trying to lecture people who work cert and abuse roles
> on why something abuse mitigation related won’t work is always
> interesting. Not you Randy but many other posters in this thread.
lecturing such bs at
Database and routing people who haven’t worked security or don’t want security
roles trying to lecture people who work cert and abuse roles on why something
abuse mitigation related won’t work is always interesting. Not you Randy but
many other posters in this thread.
--srs
In message <2ff201d5cccf$f6ffe640$e4ffb2c0$@makeitsimple.pt>,
"=?iso-8859-1?Q?S=E9rgio_Rocha?=" wrote:
>Someone said: You must be new here, yes it's true, I'm on the list for a
>few months. Maybe that's why you're still optimistic.
You completely mis-read my comment.
What I meant was that you
In message ,
Volker Greimann wrote:
>As the abuse using domains registered through us usually does not happen
>on our networks, we have zero ability to detect it in advance, all we
>can do is take care of them after the fact, which we do dilligently. We
>have a team tasked exclusively with
Hello everyone,
Someone said: You must be new here, yes it's true, I'm on the list for a few
months. Maybe that's why you're still optimistic.
Someone said that the shower of comments against any proposed amendment was
Democracy. Maybe that is what we really need.
Many complain that this
I’ve been following this mailing list for the last couple of years having read
far too many arguments resulting in next to no progress.
This post from Denis was a refreshing read and one that many should read more
than once!
Thank you Denis for a reasoned, adult (accepting the UK jab) and
> It’d be interesting to take individual names of the people most vocal
> in their objections and feed them through LinkedIn - that assumption
> you made about dealing with spam would soon be tested.
give me a hand here. how is this construcive and helpful for the
internet operations community?
It’d be interesting to take individual names of the people most vocal in their
objections and feed them through LinkedIn - that assumption you made about
dealing with spam would soon be tested.
--srs
From: anti-abuse-wg on behalf of Randy Bush
Sent:
Colleagues
I have just read this whole thread, it took a while (I should get sick more
often and spend a day in bed reading emails). I have a few points to make. Some
are similar to points already raised but I will reinforce them. I cut out the
bits I want to respond to, but sorry I have not
In message , JORDI
PALET MARTINEZ via anti-abuse-wg writes
>So, if I'm reading it correctly (not being a lawyer), a service provider not
>acting against abuse when it has been informed of so, is liable.
don't get confused between the "Hosting" and "Mere Conduit" provisions
> I'm sure if the
Hi,
do you talk to your mother with that mouth? Does she know how you behave
yourself on the internet?
Whatever you assume I know about the volume of illegal use, I dispute
that. Most of our customers are legitimate businesses using their domain
names in legitimate ways. Your vitriole will
Hi Alex,
Undersood, and thanks a lot; it is very helpful to know that the ecommerce
directive has a problem.
As said, I’m not advocating for RIPE to take actions if the operator doesn’t
react on an abuse case.
What I’m trying to make sure, mainly, is that the abuse contact is a *real
In message ,
Volker Greimann wrote:
>Hi Robert,
The nane is Ron, actually.
>in 99,9% of the cases, the customer we forward the complaint to is not
>the spammer, but the service provider used by the spammer for their
>domain registration services, e.g. the party who has the closer
Hi Alex,
My reading of the eCommerce Directive
(https://eur-lex.europa.eu/legal-content/EN/ALL/?uri=CELEX:32000L0031) is
different. Some points (most relevant text only):
(40) … the provisions of this Directive relating to liability should not
preclude the development and effective
> I do not see so far any concrete proposal in the sense of addressing
> issues, only shooting down proposals (for good or bad reasons
the desire to stop a whack-a-mole does not imply a responsibility to
make moles.
a lot of folk here actually deal with spam, or likely they would not be
on this
On Thu, Jan 16, 2020 at 03:36:46PM +, Marcolla, Sara Veronica wrote:
Alex,
You say ???they just feel this issue should be address via leveraging RIPE
resouces???, but I do not see so far any concrete proposal in the sense of
addressing issues, only shooting down proposals (for good or bad
Jordi,
Nice analogy, but when you add the eCommerce Directive into the mix, where a
network provider (or hosting provider) is not liable for what their users do,
the outcome changes. Only if you have knowledge there might be a possibility
for liability, but if you do not accept abuse notices,
Hi Alex,
El 16/1/20 16:30, "anti-abuse-wg en nombre de Alex de Joode"
escribió:
Hi Sara,
The issue with your statement below is that RIPE NCC cannot (legally, under
Dutch contract law) disconnect resources if a resource holder (or more likely
his customer) does not (properly)
Hi Volker,
El 16/1/20 16:03, "anti-abuse-wg en nombre de Volker Greimann"
escribió:
Hi Jordi,
your example seems a bit off though. If your contract is with your ISP and you
need to complain to them, why would you complain to another ISP you have no
contract with?
Text was not
Hi Sara,
The issue with your statement below is that RIPE NCC cannot (legally, under
Dutch contract law) disconnect resources if a resource holder (or more likely
his customer) does not (properly) deal with abuse complaints. (for instance due
to reasons of proportionality)
Currently RIPE NCC
In message <23ad49c8-8fc4-41fa-a8fc-cae3479ad...@key-systems.net>,
Volker Greimann wrote:
>In the domain industry, we were required to provide an abuse contact,
>however the reports we get to that address usually deal with issues we
>cannot do much about other than pulling or deactivating the
Good evening!
I fully understand that why RIPE abuse policy is a subject of community
agreement. It dates back to the history of internet and back when it was
mainly academic with few services and dependencies to the functioning of
the society and state.
Every day we in CERT-EE send out a number
Hi Jordi,
your example seems a bit off though. If your contract is with your ISP
and you need to complain to them, why would you complain to another ISP
you have no contract with?
I agree that current GDPR implementations may impact the contactibility
of the customer, but that can be
Hi Volker,
I don’t agree with that, because:
I believe the electricity sample I provided proves otherwise. My contract is
with the electricity provider (the Internet provider), so I need to complain to
them and they need to follow the chain.
For a victim, to complain directly to the customer
Obviously every user should lock their doors / protect themselves
against fraud. I am just saying that the ability of many service
providers to curtail abuse of their system (without impacting legitimate
uses) is very limited as it may not their customers doing the abusing
and any targeted
El 16/1/20 15:25, "anti-abuse-wg en nombre de Ronald F. Guilmette"
escribió:
In message ,
JORDI PALET MARTINEZ via anti-abuse-wg wrote:
>I'm sure that this is the same in every EU country. Can we agree on that?
Quite certainly not! Doing so would break ALL
In message ,
JORDI PALET MARTINEZ via anti-abuse-wg wrote:
>I'm sure that this is the same in every EU country. Can we agree on that?
Quite certainly not! Doing so would break ALL established precedent!
When was the last time this working group agreed on *anything*?
Regards,
rfg
P.S.
Let’s try to see it from another perspective.
If you’re an electricity provider, and one of your customers injects 1.000 v
into the network and thus create damages to other customers (even from other
electricity providers), the electricity provider must have the means to resolve
the
Hi Volker
On 16/01/2020 15:03, Volker Greimann wrote:
> isn't making the world (and the internet) first and foremost a job of
> law enforcement agencies like the police and Europol?
Law enforcement's job primarily is arresting criminals. And yes they do
prevention. But you can't stop locking
In message ,
JORDI PALET MARTINEZ wrote:
>{... quoting Sara...}
>"Complete, accurate information goes hand in hand with a duty of care..."
A simple proposal:
Be it resolved that:
Henceforth, and until this policy is retracted, it shall be the
policy and practice of RIPE
Hi Volker,
Did you realize you just proved Sergio’s point?
I do agree, Law Enforcement have a duty in maintaining security. But as it
happens that municipalities have a duty in maintaining the roads clean of
litter and organize pick-ups for rubbish, this does not exempt all citizens and
In message <33b2e10eb9694eadb4bdaba30eb25...@elvas.europol.eu.int>,
"Marcolla, Sara Veronica" wrote:
>If the community does not agree that everyone has the right to a safe, spam
>free, crime free Internet, maybe we have some issue to solve here first.
Welcome to the Working Group. You must be
Hi Sara,
isn't making the world (and the internet) first and foremost a job of
law enforcement agencies like the police and Europol? While I agree that
everyone has a role to play, crime prevention and protection of the
public is part of the LEA job description, right? Civil society entities
Hi Jordi,
Indeed. However, it’s exactly what policies like the abuse –c and this new
iteration of your proposal are trying to solve. Apparently, in a sea of
denial/counterarguments/gaslighting. I do indeed hope more “security” people
from ISPs and CERTs can join the discourse and make it
Hi Sara,
While I fully agree with Sergio and yourself, the issue here is that this part
of your text
“Complete, accurate information goes hand in hand with a duty of care, of
promptly taking actions against abuse, and should be accompanied by a social
responsibility of trying to make
Very well put, Sérgio. Thank you for voicing clearly the concern of (at least a
part of) the community.
We should not forget that, according to the provisions of RIPE NCC audits,
“every party that has entered into an agreement with the RIPE NCC is
contractually obliged to provide the RIPE NCC
45 matches
Mail list logo