This archive is retained to ensure existing URLs remain functional. It will not contain any emails sent to this mailing list after July 1, 2024. For all messages, including those sent before and after this date, please visit the new location of the archive at https://mailman.ripe.net/archives/list/anti-abuse-wg@ripe.net/
[anti-abuse-wg] [policy-announce] 2017-02 Review Phase (Regular abuse-c Validation)
- Previous message (by thread): [anti-abuse-wg] [policy-announce] 2017-02 Review Phase (Regular abuse-c Validation)
- Next message (by thread): [anti-abuse-wg] [policy-announce] 2017-02 Review Phase (Regular abuse-c Validation)
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Thomas Hungenberg
th at cert-bund.de
Fri Jan 19 09:52:41 CET 2018
I second Jordi's opinion that validation of the abuse-mailbox should require human interaction of the resource holder. In addition to solving a captcha the resource holder might need to confirm (click a checkbox) that he will monitor the abuse-mailbox account on a regular basis and take appropriate action to solve reported abuse cases. - Thomas CERT-Bund Incident Response & Malware Analysis Team On 18.01.2018 19:44, JORDI PALET MARTINEZ via anti-abuse-wg wrote: > I fully agree with this proposal and should be implemented ASAP. > > HOWEVER, I’ve a question regarding the impact analysis, and specially this sentence: > > “To increase efficiency, this process will use an automated solution that will allow the validation of “abuse-mailbox:” attributes without sending an email. No action will be needed by resource holders that have configured their “abuse-mailbox:” attribute correctly.” > > Reading the policy proposal, how the NCC concludes that it should be “without sending an email”? > > I will say that the right way to do a validation (at creation/modification and yearly) is, in a way that makes sense (having an email that nobody is processing is exactly the same as not having the abuse attribute at all): > 1) Send an email with a link that must be clicked by a human (so some kind of captcha-like mechanism should be followed) > 2) If this link is not clicked in a period of 48 hours (not including Saturday-Sunday), an alarm should be generated so the NCC can take the relevant actions and make sure that the mailbox is actively monitored by the LIR > > Regards, > Jordi
- Previous message (by thread): [anti-abuse-wg] [policy-announce] 2017-02 Review Phase (Regular abuse-c Validation)
- Next message (by thread): [anti-abuse-wg] [policy-announce] 2017-02 Review Phase (Regular abuse-c Validation)
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]