This archive is retained to ensure existing URLs remain functional. It will not contain any emails sent to this mailing list after July 1, 2024. For all messages, including those sent before and after this date, please visit the new location of the archive at https://mailman.ripe.net/archives/list/[email protected]/
[anti-abuse-wg] [policy-announce] 2017-02 Review Phase (Regular abuse-c Validation)
- Previous message (by thread): [anti-abuse-wg] [policy-announce] 2017-02 Review Phase (Regular abuse-c Validation)
- Next message (by thread): [anti-abuse-wg] [policy-announce] 2017-02 Review Phase (Regular abuse-c Validation)
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Andreas Worbs
anw at artfiles.de
Fri Jan 19 10:23:27 CET 2018
I support the proposal in general and i also think a human interaction of the resource holder is required. Am 19.01.18 um 09:52 schrieb Thomas Hungenberg: > I second Jordi's opinion that validation of the abuse-mailbox should require > human interaction of the resource holder. In addition to solving a captcha > the resource holder might need to confirm (click a checkbox) that he will > monitor the abuse-mailbox account on a regular basis and take appropriate > action to solve reported abuse cases. > > > - Thomas > > CERT-Bund Incident Response & Malware Analysis Team > > > On 18.01.2018 19:44, JORDI PALET MARTINEZ via anti-abuse-wg wrote: >> I fully agree with this proposal and should be implemented ASAP. >> >> HOWEVER, I’ve a question regarding the impact analysis, and specially this sentence: >> >> “To increase efficiency, this process will use an automated solution that will allow the validation of “abuse-mailbox:” attributes without sending an email. No action will be needed by resource holders that have configured their “abuse-mailbox:” attribute correctly.” >> >> Reading the policy proposal, how the NCC concludes that it should be “without sending an email”? >> >> I will say that the right way to do a validation (at creation/modification and yearly) is, in a way that makes sense (having an email that nobody is processing is exactly the same as not having the abuse attribute at all): >> 1) Send an email with a link that must be clicked by a human (so some kind of captcha-like mechanism should be followed) >> 2) If this link is not clicked in a period of 48 hours (not including Saturday-Sunday), an alarm should be generated so the NCC can take the relevant actions and make sure that the mailbox is actively monitored by the LIR >> >> Regards, >> Jordi > -- Mit freundlichem Gruß Artfiles New Media GmbH Andreas Worbs Artfiles New Media GmbH | Zirkusweg 1 | 20359 Hamburg Tel: 040 - 32 02 72 90 | Fax: 040 - 32 02 72 95 E-Mail: support at artfiles.de | Web: http://www.artfiles.de Geschäftsführer: Harald Oltmanns | Tim Evers Eingetragen im Handelsregister Hamburg - HRB 81478 -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 522 bytes Desc: OpenPGP digital signature URL: </ripe/mail/archives/anti-abuse-wg/attachments/20180119/7f7ff937/attachment.sig>
- Previous message (by thread): [anti-abuse-wg] [policy-announce] 2017-02 Review Phase (Regular abuse-c Validation)
- Next message (by thread): [anti-abuse-wg] [policy-announce] 2017-02 Review Phase (Regular abuse-c Validation)
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]