This archive is retained to ensure existing URLs remain functional. It will not contain any emails sent to this mailing list after July 1, 2024. For all messages, including those sent before and after this date, please visit the new location of the archive at https://mailman.ripe.net/archives/list/[email protected]/
[anti-abuse-wg] How Not To Ask For A Website to Be taken Down
- Previous message (by thread): [anti-abuse-wg] How Not To Ask For A Website to Be taken Down
- Next message (by thread): [anti-abuse-wg] How Not To Ask For A Website to Be taken Down
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Ronald F. Guilmette
rfg at tristatelogic.com
Thu Dec 23 12:22:22 CET 2010
In message <201012231237.21841.kzorba at otenet.gr>, Kostas Zorbadelos <kzorba at otenet.gr> wrote: >Now I get that you are saying that we should generally not use in the "real >world" abuse contacts to send reports or anything else related to abuse. Actually, I never said anything remotely like that. Not even close. I merely noted all of the reasons why someone (or some company) trying to protect their trademarks from being misused in conjunction with apparent phishing sites might reasonably avoid even trying to file a report about a problem like that with any abuse@ type e-mail address. I didn't even say that I felt that BofA had done either the Right Thing or the Best Thing in this case. I was merely defending their choices as probably being reasonable ones... even if perhaps not the best ones... given the actual (sad) situation "on the ground" on the net these days. >To me this doesn't make sense. Indeed. Had I in fact said what you thought I said, then I would agree that what I said would not have made sense. But I didn't, so I don't. >Having said this, I consider the case closed. I think that we (as a group) >should try to produce more meaningful and actual work on anti-abuse. Well now hold on just one moment. As I said before, other people here have previously noted that mandating abuse contact e-mail addresses in RIPE whois may be a fruitless exercise in futility if there is nobody on the other end of those e-mail addresses, reading the stuff sent there. But that's only one of the many ways that such contact e-mail addresses might be rendered less-than-useful, or at any rate less than as maximally useful as they could potentially be. Another thing that... as this BofA example has shown... might cause those newly mandated abuse@ addresses to be less than maximally useful is if the people sending to those addresses, and the people who are reading the messages coming in to those addresses have fundamental disagreements about what is or what is not an appropriate kind of "abuse" that should be reported to said addresses. In short, what I suspect we all might benefit from would be (a) a Best Current Practices document which would clearly lay out what kinds of "abuse" these newly mandated e-mail contact addresses should be handling (and perhaps even an outline of what they should be doing to respond to different kinds of reports, e.g. trademark infringment, with a possible helping of phishing on the side). Without such a BCP document, disagree- ments, between sender and receivers, about where to send different kinds of "abuse" reports (as illustrated by this BofA example) may continue and even proliferate. Furthermore, and again as this BofA example has helped to illustrate, it seems to me that perhaps development of a community- endorsed BCP for abuse _reporters_ would be just as useful and just as important as a community-endorsed BCP for abuse report handlers. In the absence of both/either, the current plan to mandate abuse contacts in RIPE records may in the end have little practical effect, i.e. if it is still the case that nobody has any solid or commonly agreed ideas about how or for what purposes such things might be used. I disagree that discussion of such matters fails to constitute "meaningful and actual work on anti-abuse." In fact it might be argued that discussion of such matters may go to the heart of net's abundant, multiple, and growing abuse problems. After all, if nobody even agrees on what abuse is, what kinds should be reported, or where, or what reasonable ISPs should do about "abuse", then it seems to me that everything else that we... the collective we... might undertake "meaningful and actual work on" might in the end, be rendered utterly superfluous by these more fundamental unresolved disagree- ments. Regards, rfg
- Previous message (by thread): [anti-abuse-wg] How Not To Ask For A Website to Be taken Down
- Next message (by thread): [anti-abuse-wg] How Not To Ask For A Website to Be taken Down
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]