> On Dec 16, 2021, at 12:57 , Amy Potter wrote:
>
> Hi all,
>
> Opinions were fairly divided here, but it sounds like a decent number of you
> may be open to or prefer if we made adding an abuse URL optional, and keeping
> the abuse POC as mandatory. I've edited the text of this draft
On Thu, Dec 16, 2021 at 12:59 PM Amy Potter wrote:
> Opinions were fairly divided here, but it sounds like a decent
> number of you may be open to or prefer if we made adding
> an abuse URL optional, and keeping the abuse POC as mandatory.
> I've edited the text of this draft policy in that
Hi all,
Opinions were fairly divided here, but it sounds like a decent number of
you may be open to or prefer if we made adding an abuse URL optional, and
keeping the abuse POC as mandatory. I've edited the text of this draft
policy in that direction. Please let me know what you think.
Amy
Owen -
Feel free to engage in comparisons with the number resource policy in other
regions.
While I believe it to be obvious, I will make the concern explicit for
avoidance of any doubt: the referenced remarks went beyond discussion of
comparative policy implications and rather contained
How you define the border line of what can be enforced by policies and what not?
The RSA already confirms that what is in the policies is mandatory. If we say
the abuse-mailbox must be "usable", we can also say "how much usable" must be.
If we take a look a the NRPM, it may happen that many
On Thu, Oct 28, 2021 at 12:23 AM JORDI PALET MARTINEZ via ARIN-PPML
wrote:
> I don't think this is correct and it may be a language appreciation, because
> I'm not native English, so how you and I understand "enforce" or similar
> words may differ. Let me explain.
Hi Jordi,
It may be a
Hi Bill,
I don't think this is correct and it may be a language appreciation, because
I'm not native English, so how you and I understand "enforce" or similar words
may differ. Let me explain.
For example, if we, as a community, have the power to define the policies and
we decide that as part
> On Oct 27, 2021, at 19:41 , William Herrin wrote:
>
> On Wed, Oct 27, 2021 at 2:07 PM JORDI PALET MARTINEZ via ARIN-PPML
> wrote:
>> However, right now 2 above doesn’t exist and instead
>> if we keep using email but making a policy that enforces
>> a transition to X-ARF/RFC5965/RFC6650,
On Wed, Oct 27, 2021 at 2:07 PM JORDI PALET MARTINEZ via ARIN-PPML
wrote:
> However, right now 2 above doesn’t exist and instead
> if we keep using email but making a policy that enforces
> a transition to X-ARF/RFC5965/RFC6650, resolves the
> problems for spam into abuse mailboxes (because it is
-Original Message-
From: ARIN-PPML On Behalf Of JORDI PALET MARTINEZ
via ARIN-PPML
Sent: Wednesday, October 27, 2021 10:23 AM
To: arin-ppml@arin.net
Subject: Re: [arin-ppml] Draft Policy ARIN-2021-7: Make Abuse Contact Useful
Maybe I should review and resubmit my abuse-c proposal now
Yes, I did, but *only* in order to make sure that the status of the abuse-c
polices is known in the list for what is worth on this discussion, because I
assume that not everyone follows/contributes to the policies in the 5 RIRs as
it is my case (probably just a very few folks).
I think it
There is no need to define what is abuse, and in fact this is not good neither
feasible, because it may depend on each country jurisdiction.
What it must be enforced is that the resource holder can be notified about that
and takes care of looking at it, as part of his/her job as the resource
To make it short and focus a bit …
I agree that whatever we do there should be a transition path
I agree that if there is a better IETF standard way than email, even using
forms (if they can be automated) is good
However, right now 2 above doesn’t exist and instead if we keep using email but
I will point out that Jordi started the references to other regions in his post.
Owen
> On Oct 27, 2021, at 13:11 , John Curran wrote:
>
> Owen -
>
> Please keep your comments focused on the draft policy under consideration –
> as Jordi notes below, opining on events in the other regions
On Wed, Oct 27, 2021 at 1:16 PM Owen DeLong via ARIN-PPML
wrote:
> Want to bet that I can’t write an abuse report generator for any standard you
> choose in less than 24 hours that will not get detected as SPAM by automation?
Yeah, see that's the thing. I technically have an abuse POC but it
> On Oct 27, 2021, at 09:51 , David Farmer via ARIN-PPML
> wrote:
>
> And "tel:123-456-7890" is a URL for a phone number. However, that means to
> replace the current POC info you need at least two URLs and probably more if
> you want to support a web form and possibly an API option. But I
> On Oct 27, 2021, at 09:40 , JORDI PALET MARTINEZ via ARIN-PPML
> wrote:
>
> It doesn't work if emails aren't validated at least a couple of times per
> year.
Meh… Doable, but expensive.
> It doesn't work if the policy doesn't enforce that the resource actually
> addresses the abuse
Owen -
Please keep your comments focused on the draft policy under consideration – as
Jordi notes below, opining on events in the other regions isn’t particularly
germane to this policy discussion.
Thanks,
/John
John Curran
President and CEO
American Registry for Internet Numbers
On 27 Oct
I’d vote no. Your definition of success appears to be based on the number of
complaints generated rather than
on the actions taken as a result of those complaints.
I think that data on the latter would show that your “success” is much less
than your current estimate.
Owen
> On Oct 27, 2021,
> On Oct 27, 2021, at 01:12 , JORDI PALET MARTINEZ via ARIN-PPML
> wrote:
>
> Hi Owen, all,
>
> Responding in-line as [Jordi]
I will once again urge you to get an MUA that works correctly.
>
>
>
>> On Oct 26, 2021, at 15:17 , JORDI PALET MARTINEZ via ARIN-PPML
>>
Change the proposed language in 2.1.2 from “must” to “may”, and develop (via
IETF, or simply across RIRs) a standard API format for submitting reports, and
I could support this policy.
Given such a standard does not exist, I am not inclined to support this
proposal. If such a standard existed,
On Wed, Oct 27, 2021 at 10:59 AM Scott Leibrand wrote:
> Backwards compatibility is important here. If we want to add URL
> capabilities, there's no reason it can't be a new field.
Hi Scott,
I buy the backwards compatibility theory. ARIN staff will have to
comment but I think that's an
On 10/27/2021 12:51 PM, William Herrin wrote:
On Wed, Oct 27, 2021 at 9:40 AM JORDI PALET MARTINEZ via ARIN-PPML
wrote:
It doesn't work if emails aren't validated at least a couple of times per year.
It doesn't work if the policy doesn't enforce that the resource actually
addresses the abuse
's no reason it can't be a new field.
Opposed as written.
-Scott
>
>
> *From:* ARIN-PPML *On Behalf Of *David
> Farmer via ARIN-PPML
> *Sent:* Wednesday, October 27, 2021 12:51 PM
> *To:* William Herrin
> *Cc:* arin-ppml@arin.net
> *Subject:* Re: [arin-ppml] Draft Po
I would support getting a proper standard
format/api/whatever in place for all the RIR's to agree on. And
yes, that's outside our scope but that doesn't mean it can't be
done.
Then, and only then, replace what we have. Otherwise, things will
just get
On Wed, Oct 27, 2021 at 9:40 AM JORDI PALET MARTINEZ via ARIN-PPML
wrote:
> It doesn't work if emails aren't validated at least a couple of times per
> year.
>
> It doesn't work if the policy doesn't enforce that the resource actually
> addresses the abuse cases.
>
> It doesn't work if the
It doesn't work if emails aren't validated at least a couple of times per year.
It doesn't work if the policy doesn't enforce that the resource actually
addresses the abuse cases.
It doesn't work if the policy allows an auto-responder that enforces a form
submission.
Ideally, we, as a global
My report is not the problem, it is instead the problem of operators that
demand all reports be entered into their system, ignoring the CURRENT
standard of abuse email reports as the ONLY reporting means other than
phone for current abuse.
I suspect that is because they are trying to gather
On Wed, Oct 27, 2021 at 9:07 AM wrote:
> I think that is wrong, since
> email IS the current standard for reporting abuse.
And how is that working out for you?
> Already there are operators that have set up autoresponders to "demand"
> you report abuse by their web application and stating that
I Oppose this.
Already there are operators that have set up autoresponders to "demand"
you report abuse by their web application and stating that they are
choosing to ignore your email submission. I think that is wrong, since
email IS the current standard for reporting abuse.
While I can
On 10/27/2021 12:26 AM, William Herrin wrote:
On Tue, Oct 26, 2021 at 5:33 PM Andrew Dul wrote:
I'd might be ok with a URL, but not just "any URL" if the community is
really interested in improving reporting, we likely need a structured
data format and API so that input can be better used by
Maybe I should review and resubmit my abuse-c proposal now that it is clear
that at least in other 2 RIRs is being a success?
https://www.arin.net/vault/policy/proposals/ARIN_prop_264_orig.html
https://www.arin.net/vault/policy/proposals/2019_5.html
Regards,
Jordi
@jordipalet
El
-1, I appose.
Anything that further waters down the requirement for a valid abuse
'email' harms the internet as a whole. We are still waiting for more
ARIN action on invalid data, and more enforcement on the requirement to
respond to abuse reports using the current methods.
Other methods
Hi Owen, all,
Responding in-line as [Jordi]
Saludos,
Jordi
@jordipalet
El 27/10/21 8:06, "Owen DeLong" escribió:
On Oct 26, 2021, at 15:17 , JORDI PALET MARTINEZ via ARIN-PPML
wrote:
Hi,
Unless I misunderstood this proposal, I believe this is the wrong
On Tue, Oct 26, 2021 at 3:17 PM JORDI PALET MARTINEZ via ARIN-PPML
wrote:
> Is this proposal suggesting that the abuse email must not be used anymore and
> instead a URL for abuse reports enforced?
Hi Jordi,
No and yes respectively. "mailto:some@address; is a valid URL.
Regards,
Bill Herrin
On Tue, Oct 26, 2021 at 5:33 PM Andrew Dul wrote:
> I'd might be ok with a URL, but not just "any URL" if the community is
> really interested in improving reporting, we likely need a structured
> data format and API so that input can be better used by those receiving
> the reports.
Hi Andrew,
On Tue, Oct 26, 2021 at 2:59 PM John Santos wrote:
> My domain has a valid abuse contact (me), and it's been years since I actually
> received anything except spam. (I check the spam detector output daily to
> make
> sure it actually is spam, and it always is. It's usually no more than a
>
While I think you are on the right track, Andrew, I think that standardizing
the format and API is outside of ARIN’s remit and suggest that OPSAWG might be
a good place
to achieve that.
Owen
> On Oct 26, 2021, at 17:33 , Andrew Dul wrote:
>
> Email as a reporting mechanism does seem old
> On Oct 26, 2021, at 15:17 , JORDI PALET MARTINEZ via ARIN-PPML
> wrote:
>
> Hi,
>
> Unless I misunderstood this proposal, I believe this is the wrong way to go.
>
> Is this proposal suggesting that the abuse email must not be used anymore and
> instead a URL for abuse reports enforced?
>
Email as a reporting mechanism does seem old these days.
I'd might be ok with a URL, but not just "any URL" if the community is
really interested in improving reporting, we likely need a structured
data format and API so that input can be better used by those receiving
the reports.
Andrew
By the way, this is the link to the latest version of this proposal in AFRINIC,
which is taking inputs from previous experience in the other RIRs:
https://www.afrinic.net/policy/proposals/2018-gen-001-d7#proposal
Regards,
Jordi
@jordipalet
El 27/10/21 0:17, "ARIN-PPML en
Hi,
Unless I misunderstood this proposal, I believe this is the wrong way to go.
Is this proposal suggesting that the abuse email must not be used anymore and
instead a URL for abuse reports enforced?
If you look at all the other 4 RIRs, this is totally contrary to the practical
experience.
My domain has a valid abuse contact (me), and it's been years since I actually
received anything except spam. (I check the spam detector output daily to make
sure it actually is spam, and it always is. It's usually no more than a handful
of spam emails daily, probably because I never respond
On 21 October 2021, the ARIN Advisory Council (AC) accepted "ARIN-prop-303:
Make Abuse Contact Useful" as a Draft Policy.
Draft Policy ARIN-2021-7 is below and can be found at:
https://www.arin.net/participate/policy/drafts/2021_7/
You are encouraged to discuss all Draft Policies on
44 matches
Mail list logo
