This archive is retained to ensure existing URLs remain functional. It will not contain any emails sent to this mailing list after July 1, 2024. For all messages, including those sent before and after this date, please visit the new location of the archive at https://mailman.ripe.net/archives/list/[email protected]/
[anti-abuse-wg] New Abuse Regulations
- Previous message (by thread): [anti-abuse-wg] New Abuse Regulations
- Next message (by thread): [anti-abuse-wg] New Abuse Regulations
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Frank Gadegast
ripe-anti-spam-wg at powerweb.de
Fri Jun 28 17:14:13 CEST 2013
Leo Vegoda wrote: > Frank Gadegast wrote: > > [...] > >> For a start I would like to force resource holders to actually >> read the mail arriving under their abuse address. >> This will not force anybody to control all the traffic. > > Can you describe the incentive that would force this? Could be a step-by-step educational/regulation process. First, when NCC gets a complaint about a netblock, they could check if the abuse address is working at all. Or they send an email ordering a return receipt (might indicate something, but is probably no proof). NCC could also check regulary of they exist. (I know, it could also be filtered or faked at the receivers side) Or it could be a regulation, that such an address has to return something (email, ticket). Or abuse reports should always be sent with a CC to an ripe address, where the NCC does some counting. Or the abuse-c has to send a CC to the NCC when replying ... or both together ... When an netblock is suspiscous, these "sums" could be looked at (going up, going down, short outbreak or beeing very high all the time compared to others with that size of allocations aso). Or trusted blacklist could prepare some kind of counting and forward this to the NCC (we can tell quite a lot about non-existing, not-working or non-reponsive addresses and also about spam-per-networksize ratios, just looked into our database: some ISPs in Poland, Ukraine and Spain are still at the top, then a lot of nothing, but Kazachstan is moving, aehm, forward). All this is a kind of "indirect force". When there are audits, no network admin likes to have a bad reputation, right ? If I knew how to start an audit process, I would have a few nice candidates, that did nothing during the last years to get their complaint ratio down. Another example: we also have some netblock from another LIR not belonging to our AS. Surely this LIR forwards complaints to us and we are forced to reply, because its his abuse-c address visible through whois. The LIR is always pretty happy, when we reply and audits this again after a while, if the complaints stopped or not. If not, they will start to look closer at us and maybe revoke our netblocks ... NCC could do the same, it only depends on what kind of regulations we want, what kind of framework, rules, values, whatever. I know, that there are lots of holes we could fall into (like faked reports to kill somebodies reputation, automatic replies that look, if everything is good aso), but we cannot get this going, if we do not collect ideas, how it could work ... But I guess, it would be pretty easy to find and seperate the really bad ones from the ones, that only sometimes have a problem and those, that have never a problem. Kind regards, Frank > > Regards, > > Leo Vegoda >
- Previous message (by thread): [anti-abuse-wg] New Abuse Regulations
- Next message (by thread): [anti-abuse-wg] New Abuse Regulations
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]