[anti-abuse-wg] How Not To Ask For A Website to Be taken Down

In message <201012231237.21841.kzorba at otenet.gr>, 
Kostas Zorbadelos <kzorba at otenet.gr> wrote:

>Now I get that you are saying that we should generally not use in the "real 
>world" abuse contacts to send reports or anything else related to abuse.

Actually, I never said anything remotely like that.  Not even close.

I merely noted all of the reasons why someone (or some company) trying to
protect their trademarks from being misused in conjunction with apparent
phishing sites might reasonably avoid even trying to file a report about
a problem like that with any abuse@ type e-mail address.

I didn't even say that I felt that BofA had done either the Right Thing
or the Best Thing in this case.  I was merely defending their choices as
probably being reasonable ones... even if perhaps not the best ones...
given the actual (sad) situation "on the ground" on the net these days.

>To me this doesn't make sense.

Indeed.  Had I in fact said what you thought I said, then I would agree
that what I said would not have made sense.  But I didn't, so I don't.

>Having said this, I consider the case closed. I think that we (as a group) 
>should try to produce more meaningful and actual work on anti-abuse.

Well now hold on just one moment.  As I said before, other people here
have previously noted that mandating abuse contact e-mail addresses in
RIPE whois may be a fruitless exercise in futility if there is nobody on
the other end of those e-mail addresses, reading the stuff sent there.
But that's only one of the many ways that such contact e-mail addresses
might be rendered less-than-useful, or at any rate less than as maximally
useful as they could potentially be.  Another thing that... as this BofA
example has shown... might cause those newly mandated abuse@ addresses to
be less than maximally useful is if the people sending to those addresses,
and the people who are reading the messages coming in to those addresses
have fundamental disagreements about what is or what is not an appropriate
kind of "abuse" that should be reported to said addresses.

In short, what I suspect we all might benefit from would be (a) a Best
Current Practices document which would clearly lay out what kinds of
"abuse" these newly mandated e-mail contact addresses should be handling
(and perhaps even an outline of what they should be doing to respond to
different kinds of reports, e.g. trademark infringment, with a possible
helping of phishing on the side).   Without such a BCP document, disagree-
ments, between sender and receivers, about where to send different kinds
of "abuse" reports (as illustrated by this BofA example) may continue and
even proliferate.  Furthermore, and again as this BofA example has helped
to illustrate, it seems to me that perhaps development of a community-
endorsed BCP for abuse _reporters_ would be just as useful and just as
important as a community-endorsed BCP for abuse report handlers.  In
the absence of both/either, the current plan to mandate abuse contacts
in RIPE records may in the end have little practical effect, i.e. if
it is still the case that nobody has any solid or commonly agreed ideas
about how or for what purposes such things might be used.

I disagree that discussion of such matters fails to constitute "meaningful
and actual work on anti-abuse."  In fact it might be argued that discussion
of such matters may go to the heart of net's abundant, multiple, and growing
abuse problems.  After all, if nobody even agrees on what abuse is, what
kinds should be reported, or where, or what reasonable ISPs should do about
"abuse", then it seems to me that everything else that we... the collective
we... might undertake "meaningful and actual work on" might in the end, be
rendered utterly superfluous by these more fundamental unresolved disagree-
ments.


Regards,
rfg