Re: Best practices on logical separation of abuse@ vs dmca@ role inboxes
John Levine: > In article you write: >> The main issue with the notion of keeping abuse@ separate from a >> dedicated DMCA takedown mailbox is companies like IP Echelon will just >> blindly E-mail whatever abuse POC is associated with either the AS >> record or whichever POCs are specifically associated with the NET block. >> >> So it becomes kind of difficult to keep them routing to different >> places. >> >> The guys doing the DMCA takedowns use automated tooling. So asking >> them nicely isn't going to help you. > > Seems to me that if you've registered your DMCA address in the Library > of Congress database, and they send takedowns somewhere else, that's > their problem, not not yours. > > If you haven't registered, you should. You can do the whole thing > online in a couple of minutes. The fee is $6 per update no matter how > many business names and domain names you register. > > See https://www.copyright.gov/dmca-directory/ thanks this is useful. has anyone practical experience with how many of the usual DMCA email sending companies actually take this into account when they send their automated emails? Does creating a record there actually result in a substantial fraction of DMCA emails being routed to the email address given there? -- https://twitter.com/nusenu_ https://mastodon.social/@nusenu signature.asc Description: OpenPGP digital signature
Re: Best practices on logical separation of abuse@ vs dmca@ role inboxes
In article <627928051.4141.1533644391202.JavaMail.mhammett@ThunderFuck> you write: >Unless the e-mail is to the contact on file with the FCC, it isn't an official >DMCA take down request, so the request is garbage. It's not the FCC, it's the copyright office. The law also says that the contact address should be on your web site somewhere. R's, John > > > > >- >Mike Hammett >Intelligent Computing Solutions > >Midwest Internet Exchange > >The Brothers WISP
Re: Best practices on logical separation of abuse@ vs dmca@ role inboxes
Unless the e-mail is to the contact on file with the FCC, it isn't an official DMCA take down request, so the request is garbage. - Mike Hammett Intelligent Computing Solutions Midwest Internet Exchange The Brothers WISP - Original Message - From: "Daniel Corbe" To: "Eric Kuhnke" , "nanog@nanog.org list" Sent: Sunday, August 5, 2018 2:43:36 PM Subject: Re: Best practices on logical separation of abuse@ vs dmca@ role inboxes On 8/4/2018 01:04:17, "Eric Kuhnke" wrote: >If you were setting up something new from a clean sheet of paper design >- >do you consider it appropriate to have an abuse role inbox that's >dedicated >to actual network abuse issues (security problems, DDoS, IP hijacks, >misbehavior of downstream customers, etc), and keep that separate from >DMCA >notifications? > >Automated sorting tools *can* pull things which match regexes for >automatically-generated DMCA notifications out of an inbox and route >them >to the appropriate place. > >However, I'm pondering whether it's better to have an ISP's ARIN IP >space >whois entries state clearly that copyright violation type notices >should go >to a dedicated-purpose dmca@ispname inbox. > The main issue with the notion of keeping abuse@ separate from a dedicated DMCA takedown mailbox is companies like IP Echelon will just blindly E-mail whatever abuse POC is associated with either the AS record or whichever POCs are specifically associated with the NET block. So it becomes kind of difficult to keep them routing to different places. The guys doing the DMCA takedowns use automated tooling. So asking them nicely isn't going to help you. >
Re: Best practices on logical separation of abuse@ vs dmca@ role inboxes
at 8:56 PM, John Levine wrote: In article you write: I'm very sorry to read that, as an ISP, you have to comply with a para-judicial process that puts you in charge of censorship. Dealing with DMCA notices is a matter of statute law in the US, and it is a really, really bad idea to ignore them unread. It doesn't matter what anyone here thinks about it. R's, John PS: Here's why: https://www.techdirt.com/articles/20180802/17420540355/sensing-blood-water-all-major-labels-sue-cox-ignoring-their-dmca-notices.shtml This. Plus I’m largely indifferent to it. On one hand, I’m a firm believer in a free and open Internet. But on the other hand, it’s so easy to hide your online activity that I have a hard time feeling sorry for anyone who gets caught up in the drag net. Anyone who gets a notice from us is completely and utterly apathetic about online privacy and it’s astonishing to be just how lazy people really are. I only have a few hundred users, so definitely not a representative sample size, but in all my time here we’ve only had a single repeat offender.
Re: Best practices on logical separation of abuse@ vs dmca@ role inboxes
In article you write: >I'm very sorry to read that, as an ISP, you have to comply with a >para-judicial process that puts you in charge of censorship. Dealing with DMCA notices is a matter of statute law in the US, and it is a really, really bad idea to ignore them unread. It doesn't matter what anyone here thinks about it. R's, John PS: Here's why: https://www.techdirt.com/articles/20180802/17420540355/sensing-blood-water-all-major-labels-sue-cox-ignoring-their-dmca-notices.shtml
Re: Best practices on logical separation of abuse@ vs dmca@ role inboxes
Hi Daniel, Le 06/08/2018 à 16:48, Daniel Corbe a écrit : > It doesn't work like that though. I can't just bitbucket DMCA takedown > requests because I also provide people with cable TV service. That > means I have content contracts and these contracts are all very specific > about what I need to do to process DMCA takedown requests. I'm sure > that they receive reports regularly from the companies they contract to > do DMCA enforcment. Or maybe they don't and I have no idea what I'm > talking about. But I'm still not going to put my content contracts at > risk because I think my users would be even more pissed off if their > cable TV packages were suddenly unavailable to them. I'm very sorry to read that, as an ISP, you have to comply with a para-judicial process that puts you in charge of censorship. I'd like to think that you'd have some margin to let these "copyright holders" fuck-off when it comes to your mere-pipe services. But I guess it depends on the jurisdiction you're operating under. Providing IP services and CATV are two different things that should not be liable one to another. If you have any right to give them a finger, please, on behalf of our community, give it to them. If not, please work harder on denouncing those indecent contracts. Best regards, -- Jérôme Nicolle +33 6 19 31 27 14
Re: Best practices on logical separation of abuse@ vs dmca@ role inboxes
Le 2018-08-06 16:03, Jérôme Nicolle a écrit : Hi Jack, Le 05/08/2018 à 21:51, na...@jack.fr.eu.org a écrit : By "appropriate place", you mean "the trash bin" ? Nope, that would eat-up storage and IOs. The proper destination is /dev/null, unless they provide you with the required informations to send a bill. Straight to unless, right ;-) mh Best regards,
Re: Best practices on logical separation of abuse@ vs dmca@ role inboxes
On Mon, Aug 6, 2018 at 10:09 AM, wrote: > > Asked and answered already. > > On 8/5/2018 16:53:35, "John Levine" wrote: > >See https://www.copyright.gov/dmca-directory/ > > If you are in fact registered there, it becomes *their* problem to send > their reports to the address you registered. > > I forgot that exists; seems like the only legitimate source for that information, then.
Re: Best practices on logical separation of abuse@ vs dmca@ role inboxes
On Mon, 06 Aug 2018 09:51:17 -0500, Matt Harris said: > But then the question becomes "how are they supposed to find the 'proper > address' for their reports?" Asked and answered already. On 8/5/2018 16:53:35, "John Levine" wrote: >See https://www.copyright.gov/dmca-directory/ If you are in fact registered there, it becomes *their* problem to send their reports to the address you registered. pgpvkBrHfW53Z.pgp Description: PGP signature
Re: Best practices on logical separation of abuse@ vs dmca@ role inboxes
On Sun, Aug 5, 2018 at 5:46 PM, Rich Kulawiec wrote: > This is a solvable problem. If they're sending unsolicited bulk email > (aka "spam"), then they are, by definition, spammers. Block them and > move on. If/when they decide to send proper DMCA notices and send them > to the proper address, perhaps you can then allow them to petition for > the privilege of access to your mail system. > > ---rsk > But then the question becomes "how are they supposed to find the 'proper address' for their reports?" If you run a whois server and link it from your RIRs or create a custom "DMCA Compliance" POC in the RIR listings then you could maybe list that sort of thing there, but most address maintainers do neither, so by default whatever address is listed on those net block records with the RIR seems appropriate enough to me. There's no other established protocol for determining an appropriate contact (like calling the associated phone number and asking, or trying to determine your web url and browing that site for it, or something else much more involved.) If there should be a different protocol established for that, then we need to figure it out and document that and get a critical mass of reporters to buy in to it.
Re: Best practices on logical separation of abuse@ vs dmca@ role inboxes
On 8/5/2018 18:46:36, "Rich Kulawiec" wrote: On Sun, Aug 05, 2018 at 07:43:36PM +, Daniel Corbe wrote: This is a solvable problem. If they're sending unsolicited bulk email (aka "spam"), then they are, by definition, spammers. Block them and move on. If/when they decide to send proper DMCA notices and send them to the proper address, perhaps you can then allow them to petition for the privilege of access to your mail system. It doesn't work like that though. I can't just bitbucket DMCA takedown requests because I also provide people with cable TV service. That means I have content contracts and these contracts are all very specific about what I need to do to process DMCA takedown requests. I'm sure that they receive reports regularly from the companies they contract to do DMCA enforcment.Or maybe they don't and I have no idea what I'm talking about. But I'm still not going to put my content contracts at risk because I think my users would be even more pissed off if their cable TV packages were suddenly unavailable to them.
Re: Best practices on logical separation of abuse@ vs dmca@ role inboxes
Hi Jack, Le 05/08/2018 à 21:51, na...@jack.fr.eu.org a écrit : > By "appropriate place", you mean "the trash bin" ? Nope, that would eat-up storage and IOs. The proper destination is /dev/null, unless they provide you with the required informations to send a bill. Best regards, -- Jérôme Nicolle +33 6 19 31 27 14
Re: Best practices on logical separation of abuse@ vs dmca@ role inboxes
On Sun, Aug 05, 2018 at 07:43:36PM +, Daniel Corbe wrote: > The main issue with the notion of keeping abuse@ separate from a dedicated > DMCA takedown mailbox is companies like IP Echelon will just blindly E-mail > whatever abuse POC is associated with either the AS record or whichever POCs > are specifically associated with the NET block. > > So it becomes kind of difficult to keep them routing to different places. This is a solvable problem. If they're sending unsolicited bulk email (aka "spam"), then they are, by definition, spammers. Block them and move on. If/when they decide to send proper DMCA notices and send them to the proper address, perhaps you can then allow them to petition for the privilege of access to your mail system. ---rsk
Re: Best practices on logical separation of abuse@ vs dmca@ role inboxes
On 8/4/2018 01:04:17, "Eric Kuhnke" wrote: > Automated sorting tools *can* pull things which match regexes for > automatically-generated DMCA notifications out of an inbox and route them > to the appropriate place. By "appropriate place", you mean "the trash bin" ? Sieve filters are enough for this task
Re: Best practices on logical separation of abuse@ vs dmca@ role inboxes
On Fri, Aug 03, 2018 at 10:04:17PM -0700, Eric Kuhnke wrote: > If you were setting up something new from a clean sheet of paper design - > do you consider it appropriate to have an abuse role inbox that's dedicated > to actual network abuse issues (security problems, DDoS, IP hijacks, > misbehavior of downstream customers, etc), and keep that separate from DMCA > notifications? Separate, because you'll need to design/implement different defenses for them. For example: abuse@ *must* accept traffic with attached malware, since victims of abuse may forward messages containing said malware. But dmca@ doesn't need to and shouldn't. ---rsk
Re: Best practices on logical separation of abuse@ vs dmca@ role inboxes
I'd keep them separate since it's a different set of people that needs to handle dmca vs actual abuse. On Sat, Aug 4, 2018, 1:07 AM Eric Kuhnke wrote: > If you were setting up something new from a clean sheet of paper design - > do you consider it appropriate to have an abuse role inbox that's dedicated > to actual network abuse issues (security problems, DDoS, IP hijacks, > misbehavior of downstream customers, etc), and keep that separate from DMCA > notifications? > > Automated sorting tools *can* pull things which match regexes for > automatically-generated DMCA notifications out of an inbox and route them > to the appropriate place. > > However, I'm pondering whether it's better to have an ISP's ARIN IP space > whois entries state clearly that copyright violation type notices should go > to a dedicated-purpose dmca@ispname inbox. >
Best practices on logical separation of abuse@ vs dmca@ role inboxes
If you were setting up something new from a clean sheet of paper design - do you consider it appropriate to have an abuse role inbox that's dedicated to actual network abuse issues (security problems, DDoS, IP hijacks, misbehavior of downstream customers, etc), and keep that separate from DMCA notifications? Automated sorting tools *can* pull things which match regexes for automatically-generated DMCA notifications out of an inbox and route them to the appropriate place. However, I'm pondering whether it's better to have an ISP's ARIN IP space whois entries state clearly that copyright violation type notices should go to a dedicated-purpose dmca@ispname inbox.