This archive is retained to ensure existing URLs remain functional. It will not contain any emails sent to this mailing list after July 1, 2024. For all messages, including those sent before and after this date, please visit the new location of the archive at https://mailman.ripe.net/archives/list/[email protected]/
[anti-abuse-wg] 2010-09 New Policy Proposal (Frequent Update Request)
- Previous message (by thread): [anti-abuse-wg] 2010-09 New Policy Proposal (Frequent Update Request)
- Next message (by thread): [anti-abuse-wg] Policies 2010-08 & 2010-09 at RIPE 61
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Shane Kerr
shane at time-travellers.org
Wed Nov 10 14:18:01 CET 2010
Hello, I recall when ARIN was discussing automatically marking non-responsive contacts in their database, a concern did come up. The concern was that address hijackers would have an excellent pre-filtered list of networks that are likely to be poorly maintained. A spammer could: 1. Download the latest list of non-responsive object owners. 2. Download the latest list of inetnum in the RIPE Database. 3. Extract out the network ranges with non-responsive object owners. 4. Find those network ranges that also happen to be missing from BGP. 5. Advertise those ranges. 6. Send spam from those ranges. 7. Profit! Since the spammer knows that the mail for these ranges don't work, she can be pretty sure that it will take a while for the good guys to figure out what is going on. By that time she's sipping cocktails on the beach. I am not opposed to having regular checks of contact information. I am not even opposed to providing a public view of the "quality" of contact information, as proposed in 2010-09. However, perhaps a better way forward would be to make this something handled in the context of the RIPE NCC/LIR relationship. Keeping in mind that these are people who have been contacted via the LIR Portal and e-mail, they need to be encouraged to care a bit. There are several ways this could be done: * Changing the contact information on the maintainers to the contact for the LIR, along with an appropriate message explaining it (I think the LIR contact information is corrected at least often enough to send an annual invoice) * Require checking of maintainer information before receiving future RIPE NCC registration services (this will probably be less important post-IPv4 runout... what services do I need after I get my IPv6 /32 block!?!) * Adding a penalty in the annual membership fees if maintainer information is not confirmed (I suppose this could be named a "Good Quality Discount" instead, but that amounts to the same thing) * Revoking the resources from the LIR The problem here, as always, is that LIRs set the policies, and I think they are unlikely to approve a policy that can be used against them. I doubt the RIPE NCC actually wants to enforce this kind of stuff either! -- Shane
- Previous message (by thread): [anti-abuse-wg] 2010-09 New Policy Proposal (Frequent Update Request)
- Next message (by thread): [anti-abuse-wg] Policies 2010-08 & 2010-09 at RIPE 61
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]