[anti-abuse-wg] 2010-08 New Policy Proposal (Abuse contact information)

Hello everybody,

first of all thank you for all your feedback on this proposal. It is
great to see so many people joining and supporting or opposing the
policy proposal. Thanks for that again.

I think Denis did a great job yesterday bringing up some clarification
about some issues. And I have seen that some people are still having a
hard time to understand the idea of the proposal and some of them having
a hard time to understand the proposal text, So I want to try to give
some clarification and I hope I can do it as well as Denis did yesterday.


* Why should we use the IRT-Object?

- The IRT object is already existing, it is easy to implement for RIPE.
- The IRT object underlies no whois server query restrictions.
- The IRT object gives more flexibility. It is possible to monitore
abuse, even if the inet(6)num is handled by your customer.
- The IRT objects intend was similar to the intend of this proposal.
- The IRT object is used by APNIC.


* Why is an abuse-c a bad idea?

Using an abuse-c would link the abuse-c field to already existing role,
person, or org objects. Those objects are underlying query restrictions.
If for example a person handle (including an abuse-mailbox attribute) is
linked to abuse-c and to admin-c, two possibly different abuse-mailbox
attributes are in one inetnum.


* Why making the IRT Object mandatory?

One of the main intentions of this proposal is to keep and make things
simple and clean up. By making the IRT Object mandatory, there is a
clear and understandable definition. Communicating that the IRT Object
is mandatory is much more easy too understand than communication, that
the IRT should be used and still having other options (remarks).


* The abuse-mailbox attribute will be mandatory in the IRT Object. Why?

Abuse departments are also receiving personal emails. Communication
between different abuse departments or even automatic mail notification
from for example blacklist providers. Offering 2 email addresses makes
much sense in this case. "e-mail" attribute for personal communication
and the "abuse-mailbox attribute for complaints.


* How will this proposal clean up?

By having a clear and understandable definition all in future created
inet(6)nums and aut-nums will have an IRT Object with the abuse-contacts
included. There is no need for remark fields or anything else.

The already existing mess can be solved by, not letting people create
abuse-mailbox attributes in non IRT objects anymore. That will solve the
abuse-mailbox problem. I would not migrate these things, I would ask the
maintainer as often as necessary to create an IRT Object and delete the
abuse-mailbox attributes in all other handles.

The problem with remark fields is quit bigger, but will not be a problem
as long as the IRT object will be mandatory. Why care about remark
fields? If the correct information is published in the IRT object.
Nevertheless RIPE could contact maintainers with abuse@ or other
keywords in remark fields and ask them to clean up. Another idea was to
ask for a cleanup why being logged in the LIR portal. I think RIPE NCC
will be able to find a good way.


* What other impacts does this proposal have?

I do just know about the impacts RIPE told me while working on the
proposal and the things Denis Walker explained yesterday. So I hope that
Denis can and is allowed to make a more general statement about this
proposal in ways of other impacts.




What I have seen so far the majority is okay with having a "single"
place for abuse contact information. The main purpose is the question if
this place should be mandatory or not.

Leo Vegoda and Jorgen Hovland mentioned their concerns about the data
quality. I can't see these problems coming up. I even see the opposite,
having better data quality. But I can not prove Leo and Jorgen wrong,
and so can't they. So I would outline this as:

"If the IRT object will be made mandatory, data quality will change.
Could get better, but could also get worse."

So believe what you believe, we can not argue about that.

But nevertheless:

Is there any other concern or positive feedback about making the IRT
Object mandatory?

Is there any other concern or positive feedback using the IRT Object?

Are there any other concerns or positive feedback?


Are there any other questions or suggestions?


Please ask yourself the above mentioned questions and let us all know,
so we have the chance to explain and find a fair way.


Thanks again for the great discussion

Tobias

abusix.org
















-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 262 bytes
Desc: OpenPGP digital signature
URL: </ripe/mail/archives/anti-abuse-wg/attachments/20101111/f9616433/attachment.sig>