This archive is retained to ensure existing URLs remain functional. It will not contain any emails sent to this mailing list after July 1, 2024. For all messages, including those sent before and after this date, please visit the new location of the archive at https://mailman.ripe.net/archives/list/anti-abuse-wg@ripe.net/
[anti-abuse-wg] DRAFT: RIPE proposal - implementation of an abuse monitor system
- Previous message (by thread): [anti-abuse-wg] DRAFT: RIPE proposal - implementation of an abuse
- Next message (by thread): [anti-abuse-wg] DRAFT: RIPE proposal - implementation of an abuse monitor system
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Martin Neitzel
neitzel at gaertner.de
Fri Apr 9 16:23:08 CEST 2010
frank at powerweb.de wrote: > No, because the system generates email addresses [1.2.3.4 at abuse.ripe.net] > only related to the IP address that causes the abuse. No, it doesn't. The mail will go to wherever some human or robot *assumes* the spam cause to be. Never seen a complaint which was mis-directed to because some bozo fell prey to faked headers? If I understood your draft section 5 correctly, you think that there are actually people who consider researching "whois" records too complicated but, at the same time, are able to do a decent analysis of email headers? I've never met members of this species. And I'd be afraid if I were *forced* (by RIPE) to read and repsond to their spam reports. Your policy draft is extremely week on th only policy point it contains: Section 5 "Advantages": [...] RIPE NCC can ensure that all allocations have a working abuse address. [...] Like, how? As someone else has already pointed out: redirecting all reports to /dev/null would make your control system happy -- no bounces. It all gets back to human checks: Internet user U complaints (at the RIPE) about LIR L, saying something like "unrepsonsive LIR, restract its allocation containing 62.67.229.200". Your proposal would have to state the further course of action (i.e., "the policy"). In particular, please be clear on legal issues. When U complains about "the contact for 62.67.229.200", the RIPE NCC should do what? Snail-mail two warnings, then "pull the plug" for 62.67.228.0/20 (or would it be the 62.67.0.0/16, because of "remarks: all abuse reports to abuse at level3.com")? The very next day, the three distinct end users of, say, 62.67.1.1, 62.67.231.254, and 62.67.255.254, respectively, get a bit upset that their businesses have RPSLy fallen off the Internet. Ooops. A merry round of "A sues B" follows. Anybody in this game who you think should be idemnified at this point? The RIPE NCC for example? How? Shifting the focus away from "forced policies" towards "useful tools": Any well-intentioned LIR/ISP will happily use whatever tools it can get its hands to be aware of any abuse of its network. It appears to me that simply monitoring your network ranges on various DNSBLs is achieving pretty much the same benefits (for the ISP/LIR) as your proposol does, without inflicting any work on the RIPE NCC to forward spam complaints and to collect statistics. You're kinda reinventing wheels many folks already use. You do seem to have a valid point about educating new LIRs/ISPs. Martin
- Previous message (by thread): [anti-abuse-wg] DRAFT: RIPE proposal - implementation of an abuse
- Next message (by thread): [anti-abuse-wg] DRAFT: RIPE proposal - implementation of an abuse monitor system
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]