This archive is retained to ensure existing URLs remain functional. It will not contain any emails sent to this mailing list after July 1, 2024. For all messages, including those sent before and after this date, please visit the new location of the archive at https://mailman.ripe.net/archives/list/anti-abuse-wg@ripe.net/
[anti-abuse-wg] current business practices
- Previous message (by thread): [anti-abuse-wg] current business practices
- Next message (by thread): [anti-abuse-wg] current business practices
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Frank Gadegast
ripe-anti-spam-wg at powerweb.de
Wed Apr 11 15:48:02 CEST 2012
Vissers, Pepijn wrote: > Hi Frank, Hi, > > > > Interesting story. Here in NL, we act as LEA towards an ISP if the abuse we see is related to spam and/or malware (because that is our (OPTA) function as telco regulator). In most cases, abuse reports from a law enforcement agency tend to be picked up with a little more urgency so the strategy is quite effective. > > > > If the ISP is non-cooperative, we might choose to apply a little more pressure by a subpoena of some kind. Usually applying such pressure results in a positively correlated attitude towards handling said abuse tickets. The strategy is derived from the theory of 'responsive regulation' by Braithwait. > > > > Do you have such a regulator (with investigative capabilities) who you could team up with in DE? Surely not. Its the role of RIPE NCC (too my understanding) to keep their database up-to-date. subpoena by deleting the wrong AS object from the database ;o) Pretty simple ... Kind regards, Frank > > > > Kind regards, > > Pepijn > > > >> -----Oorspronkelijk bericht----- > >> Van: anti-abuse-wg-bounces at ripe.net [mailto:anti-abuse-wg- > >> bounces at ripe.net] Namens Frank Gadegast > >> Verzonden: woensdag 11 april 2012 15:18 > >> Aan: anti-abuse-wg at ripe.net > >> Onderwerp: Re: [anti-abuse-wg] current business practices > >> > >> Laura Cobley wrote: > >>> Dear Florian and all, > >> > >> Hi, > >> > >> (some details from our current experiences with RIPE NCC and accuracy > >> of the RIPE objects) > >> > >> we currently have one case where a really big German cablenet ISP is > >> having exacly one abuse-eMail address for their tech-c, abuse-mailbox > >> and admin-c, for all their objects. > >> > >> And this one email has a domain, what does not belong to the ISP > >> anymore, since November 2011, its currently owned by a domain grabber, > >> because the ISP deleted the domain on purpose (on behalf of a change in > >> the company name years ago). > >> There is no other working contact information (phone lets you end up at > >> their hotline where they have absolutly no idea about abuse), snail > >> mail is no option, fax number is not supplied. > >> > >> We tried mailing there peering contact, their normal customer email > >> from their website, filled their online feedback form and then opened a > >> normal ticket at RIPE NCC, were just told to open another ticket at > >> RIPE NCC and invested about 5 hours already describing the problem at > >> RIPE NCC. > >> Simply no chance, RIPE NCC is responding to tickets on a daily basis, > >> even during business hours (jesus, we will respond in about 5 minutes > >> if something serious like that will happen to our networks). > >> The interest at the RIPE NCC to fix database problems does not seem to > >> have any priority. > >> > >> Ah, I forgot: > >> the maillist server mamba.ripe.net has technical problems during the > >> last 3 weeks, we opened tickets for that as well and even got a > >> response once, still not fixed, the maillist server is probably not > >> reacheable for 90% of the members ... whoever will receives this could > >> please make a telnet mamba.ripe.net 25 from some IPs he own (best would > >> be not using his or her usual IP, if he or she likes, lets see how big > >> that problem really is, thats why I have to mail the most active people > >> directly). > >> > >> -------- > >> Little update: seems like RIPE NCC changed the maillist server to > >> postgirl.ripe.net and that one works. > >> Looks like they had to change this in a hurry, because the old server > >> did hang in the nameserver caches quite long (great, that I have to > >> find that out myself, instead that > >> somebody from the RIPE NCC is simply telling me that or posting > >> to the list). > >> -------- > >> Sorry, if nearly the same email comes twice now ... have to test it. > >> > >> So: abuse does not have priority in a lot of peoples heads those days, > >> even when they tell you that daily ... > >> > >> (we have about 100 abuse incidents with that ISP monthly and the ISP > >> even resides in the same country than we are, but its still, if they > >> reside on the other side of the moon, maybe I should demonstrate > >> if front of the office building with a big sign saying: > >> "you dont have a working abuse appartment") > >> > >> > >> Kind regards, Frank > >>> > >>> Over time, contact information in the RIPE Database can become > >>> outdated due to staffing changes, oversight and lack of knowledge on > >>> the part of the maintainer. Bringing the irregularity directly to the > >>> attention of this maintainer can be the quickest way to get it fixed. > >>> > >>> If you subsequently experience difficulties with this, we can help > >> you > >>> to get in touch with the maintainer by forwarding your report to the > >>> person responsible for the Internet number resource registration. > >>> Handling reports is a normal part of our operations within the RIPE > >>> NCC and the report form makes it easier to get in touch with us. > >>> > >>> We ask you to include information such as mail delivery failure > >>> notices and copies of emails with headers, which clearly show the > >>> problem and the subsequent difficulties you are having. These help to > >>> substantiate the report. Our aim is to work together with you to > >>> further improve the quality of the data in the Internet number > >> resource registry. > >>> > >>> Best regards, > >>> > >>> Laura Cobley > >>> RIPE NCC > >>> > >>> On 4/6/12 8:45 PM, Florian Weimer wrote: > >>>> * Laura Cobley: > >>>> > >>>>> Using this form, you can now easily report various issues, > >> including > >>>>> abnormalities in Internet number resource registrations, to us for > >>>>> further investigation. > >>>> > >>>> I looked at "Incorrect contact information in the RIPE Database", > >> and > >>>> "I confirm that I have reported the incorrect information to all of > >>>> the contacts listed in the relevant object" is a required checkbox. > >>>> > >>>> This seems to require that complainants try postal addresses, phone > >>>> and fax numbers before reporting errors in email addresses. Is this > >>>> really your goal? Isn't this a step backwards? > >>>> > >>> > >>> > >>> > >> > >> > >> -- > >> > >> Mit freundlichen Gruessen, > >> -- > >> MOTD: "have you enabled SSL on a website or mailbox today ?" > >> -- > >> PHADE Software - PowerWeb http://www.powerweb.de > >> Inh. Dipl.-Inform. Frank Gadegast mailto:frank at powerweb.de > >> Schinkelstrasse 17 fon: +49 33200 52920 > >> 14558 Nuthetal OT Rehbruecke, Germany fax: +49 33200 52921 > >> ====================================================================== > >> > >> > > > > +++++++++++++++++++++++++++++++++++++++++++++ > > Disclaimer > > Dit e-mailbericht kan vertrouwelijke informatie bevatten of informatie die is beschermd door een beroepsgeheim. > > Indien dit bericht niet voor u is bestemd, wijzen wij u erop dat elke vorm van verspreiding, vermenigvuldiging > > of ander gebruik ervan niet is toegestaan. > > Indien dit bericht blijkbaar bij vergissing bij u terecht is gekomen, verzoeken wij u ons daarvan > > direct op de hoogte te stellen via tel.nr 070 315 3500 of e-mail mailto:mail at opta.nl en het bericht te vernietigen. > > Dit e-mailbericht is uitsluitend gecontroleerd op virussen. > > OPTA aanvaardt geen enkele aansprakelijkheid voor de feitelijke inhoud en juistheid van dit bericht en er kunnen > > geen rechten aan worden ontleend. > > > > > > This e-mail message may contain confidential information or information protected by professional privilege. > > If it is not intended for you, you should be aware that any distribution, copying or other form of use of > > this message is not permitted. > > If it has apparently reached you by mistake, we urge you to notify us by phone +31 70 315 3500 > > or e-mail mailto:mail at opta.nl and destroy the message immediately. > > This e-mail message has only been checked for viruses. > > The accuracy, relevance, timeliness or completeness of the information provided cannot be guaranteed. > > OPTA expressly disclaims any responsibility in relation to the information in this e-mail message. > > No rights can be derived from this message. > > > > > -- Mit freundlichen Gruessen, -- MOTD: "have you enabled SSL on a website or mailbox today ?" -- PHADE Software - PowerWeb http://www.powerweb.de Inh. Dipl.-Inform. Frank Gadegast mailto:frank at powerweb.de Schinkelstrasse 17 fon: +49 33200 52920 14558 Nuthetal OT Rehbruecke, Germany fax: +49 33200 52921 ======================================================================
- Previous message (by thread): [anti-abuse-wg] current business practices
- Next message (by thread): [anti-abuse-wg] current business practices
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]