[anti-abuse-wg] 2010-08 New Policy Proposal (Abuse contact information)

Hi Frank,

On 10 Nov 2010, at 9:12, Frank Gadegast wrote:

[...]

>>> Imho you and Leo Vegoda are mixing up the data quality and the work
>>> quality. Data quality judges the quality and the accuracy of the data
>>> given in the object and has absolutely nothing to do with the abuse work
>>> done behind the email address.
>>> 
>>> We will never be able to judge the quality of abuse handling work by the
>>> existence or non-existence of an object.
>> 
>> I must not have written sufficiently clearly as you appear to have misunderstood me. I am not arguing that you can judge the quality of abuse handling by the presence or absence of the appropriate information in the database. I am arguing that its presence can help you judge the willingness of a network operators to take the reports seriously.
> 
> Only if you make it not mandatory.

Yes, I'm describing what we have now.

> But not making it mandatory stops you from having a contact for every
> IP, and that will keep the chaos we currently have.
> If there is no IRT object, you will still look through the whois,
> if there is another contact, and those whois lookups are restricted.
> 
> And detecting the quality by the absence of an IRT object does not
> work anyway, because every member could decide to keep the remarks
> or the abuse-mailbox-field like it is.
> It just says nothing, if a member can decide not to have an IRT
> object, so it HAS to be mandytory anyway.

I disagree. Right now, creating an IRT object tells you that people know what they are doing because they need to jump through hoops. 

[...]

>> I see the problem as a social one: many people do not want to receive reports or investigate them if they do.
> 
> So they will probably send them to /dev/null
> and there will be no response.
> But who cares ?
> I dont.
> As long as I can say:
> "the member got my complaint to the address he published".

I do not understand in one automatic system sending a message and another automatic system deleting it without a human intervening at any point. Maybe I am missing something but that just seems like a waste to me.

[...]

>> Your proposal would make it mandatory for people to publish abuse contact information but would do nothing to actually make people take the reports seriously. As such, I do not see it as significant element in making things better. Instead, I see it as a way of making lots of people do some extra administration that is unlikely to achieve anything significant.
>> 
>> Making things better will require the people running the networks to *want* to make things better. Unless you can come up with a proposal to change people's minds about taking abuse reports seriously I don't think this proposal can add any significant value. I suggest starting with solving the social element before moving on to a piece of mandatory mass administration exercise.
> 
> I personally do not care, if I have more work in publishing correct 
> abuse data, if there is the chance to delivered reports more
> accurate and if there is the possibility the detect good from
> "not-so-good" admins.
> 
> I will have to invest much less work for the publishing then
> to program our whois parsers and check a lot of things
> manually.
> 
> This proposal will SAVE me at lot of time !
> 
> I personally do not like to send reports to non-responsible
> persons, that another way of spamming. With that proposal I
> can be sure, that I got the responsible one, and thats a big step
> forward ...

I think you are conflating two things: a single syntax for publishing abuse contact information and making it mandatory.

You can alter the database syntax rules to have a just one official way of publishing abuse contact information but that won't stop people putting data in comments, too. And it certainly won't stop them updating the comments and not the (possibly bogus) address any the official publication place.

Having automated systems send each other e-mails that are never read or acted upon does not make sense. For that reason, I would suggest work goes in to efforts to explain why it is bad to host abusive systems rather than into lots of make-work that will have little actual impact.

Regards,

Leo