This archive is retained to ensure existing URLs remain functional. It will not contain any emails sent to this mailing list after July 1, 2024. For all messages, including those sent before and after this date, please visit the new location of the archive at https://mailman.ripe.net/archives/list/anti-abuse-wg@ripe.net/
[anti-abuse-wg] Support of, and comments on, proposal 2010-08
- Previous message (by thread): [anti-abuse-wg] Support of, and comments on, proposal 2010-08
- Next message (by thread): [anti-abuse-wg] Support of, and comments on, proposal 2010-08
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Michele Neylon :: Blacknight
michele at blacknight.ie
Wed Nov 17 14:45:58 CET 2010
I originally had the same queries, but not anymore. If an abuse contact becomes standardized and mandatory then it will be easier to consistently contact the correct contact in organizations that take abuse seriously. Unfortunately not all operators take abuse seriously, but that us not going to change anytime soon ( the presentation on reputation at RIPE 61 makes for an interesting read and possible way forward) While it would be wonderful if ALL operators took abuse seriously it is futile for the purposes of this proposal. Maybe there is an opportunity for this WG to work on operator education, though I am unsure as to the correct protocols and procedures for same Regards Michele Mr. Michele Neylon Blacknight http://Blacknight.tel Via iPhone so excuse typos and brevity On 17 Nov 2010, at 13:59, "Vissers, Pepijn" <P.Vissers at opta.nl<mailto:P.Vissers at opta.nl>> wrote: Dear list, On behalf of the Team Internetsafety of the Dutch Telecommunications Authority OPTA, I would like to comment on the draft proposal 2010-08. The Team Internetsafety conducts spam- and malware investigations related to the Netherlands. Almost all of these investigations have components which require us to use RIPE (or other RIRs) for several pieces of information, most commonly valid abuse contacts for a netblock or ASN. We strongly support the mandatory addition of an abuse-mailbox: field in the irt object. However, we see several loopholes in the current contents of the proposal. 1. There is no mention in the policy about the validity of an abuse-mailbox: entry 2. There is no mention in the policy about the responsiveness of an abuse-mailbox: entry 3. There is (logically) no mention in the policy about a periodic check on (1) and (2) 4. There is no mitigating procedure in case of false/missing/invalid/... abuse-mailbox: information Ad 1: What will stop a RIPE member from entering an invalid e-mail address? If the purpose of the policy is to ‘solve the problem of finding the right abuse contact’, some additional procedure should be in place to make sure mail to the mentioned abuse-mailbox: does actually arrive somewhere and does not bounce. Ad 2: A valid e-mail address is no guarantee that abuse mail is being handled or even looked at. Although we recognize it might not be the responsibility of RIPE to ensure a maintainer has a proper abuse policy mechanism in place, we’d encourage some additional reflection on this issue. Ad 3: Requiring a field update with each object update is a good idea, however with largely static objects it might be a good idea to periodically check at least (1) and preferably (2). Ad 4: If a member (systematically) does not adhere to the mandatory policy, some kind of procedure should be in place to motivate the member to follow procedure. Without 'repercussions', a 'mandatory' policy becomes just mandatory in name, not in function. Kind regards, Pepijn Vissers Team Internetsafety OPTA - +++++++++++++++++++++++++++++++++++++++++++++ Disclaimer Dit e-mailbericht kan vertrouwelijke informatie bevatten of informatie die is beschermd door een beroepsgeheim. Indien dit bericht niet voor u is bestemd, wijzen wij u erop dat elke vorm van verspreiding, vermenigvuldiging of ander gebruik ervan niet is toegestaan. Indien dit bericht blijkbaar bij vergissing bij u terecht is gekomen, verzoeken wij u ons daarvan direct op de hoogte te stellen via tel.nr 070 315 3500 of e-mail mailto:mail at opta.nl en het bericht te vernietigen. Dit e-mailbericht is uitsluitend gecontroleerd op virussen. OPTA aanvaardt geen enkele aansprakelijkheid voor de feitelijke inhoud en juistheid van dit bericht en er kunnen geen rechten aan worden ontleend. This e-mail message may contain confidential information or information protected by professional privilege. If it is not intended for you, you should be aware that any distribution, copying or other form of use of this message is not permitted. If it has apparently reached you by mistake, we urge you to notify us by phone +31 70 315 3500 or e-mail mailto:mail at opta.nl and destroy the message immediately. This e-mail message has only been checked for viruses. The accuracy, relevance, timeliness or completeness of the information provided cannot be guaranteed. OPTA expressly disclaims any responsibility in relation to the information in this e-mail message. No rights can be derived from this message. -------------- next part -------------- An HTML attachment was scrubbed... URL: </ripe/mail/archives/anti-abuse-wg/attachments/20101117/4fc4c7f8/attachment.html>
- Previous message (by thread): [anti-abuse-wg] Support of, and comments on, proposal 2010-08
- Next message (by thread): [anti-abuse-wg] Support of, and comments on, proposal 2010-08
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]