[anti-abuse-wg] [policy-announce] 2017-02 Review Phase (Regular abuse-c Validation)

I think we are talking about the same, 48 hours (not including weekends, as indicated in my email), is 2 working days.

 

I don’t think more is needed, this is the explanation:
If you are monitoring an abuse-inbox, you should make this in a daily basis
I agree that it may happen that one day you have a trouble, but two consecutive days?
Typically, this mailbox should be a list of people handling it, so even if one of them is ill or whatever, someone else will do the job
Typically, this mailbox should have VERY FEW emails, otherwise, you have a big problem in your network, maybe allowing customers to use it for spam, criminal activities, etc.
 

Even more than that, if you’re a LIR, typically you have also people working on weekends and bank holidays, so not including the weekend in the 48 hours is already something that should not be necessary, but I thing is fair for LIRs which are SMEs, or that don’t offer services to third parties, so they don’t have 24-365 staff taking care of their network.


Regards,

Jordi

De: Arash Naderpour <arash.naderpour at gmail.com>
Fecha: viernes, 19 de enero de 2018, 10:28
Para: JORDI PALET MARTINEZ <jordi.palet at consulintel.es>
CC: <anti-abuse-wg at ripe.net>
Asunto: Re: [anti-abuse-wg] [policy-announce] 2017-02 Review Phase (Regular abuse-c Validation)

 

Hi Jordi,

 

A period of 48 hours looks too short to me, I suggest something like within a period of 2 working days (or even more).

 

Regards,

 

Arash

 

 

 

On Fri, Jan 19, 2018 at 5:44 AM, JORDI PALET MARTINEZ via anti-abuse-wg <anti-abuse-wg at ripe.net> wrote:

I fully agree with this proposal and should be implemented ASAP.

HOWEVER, I’ve a question regarding the impact analysis, and specially this sentence:

“To increase efficiency, this process will use an automated solution that will allow the validation of “abuse-mailbox:” attributes without sending an email. No action will be needed by resource holders that have configured their “abuse-mailbox:” attribute correctly.”

Reading the policy proposal, how the NCC concludes that it should be “without sending an email”?

I will say that the right way to do a validation (at creation/modification and yearly) is, in a way that makes sense (having an email that nobody is processing is exactly the same as not having the abuse attribute at all):
1) Send an email with a link that must be clicked by a human (so some kind of captcha-like mechanism should be followed)
2) If this link is not clicked in a period of 48 hours (not including Saturday-Sunday), an alarm should be generated so the NCC can take the relevant actions and make sure that the mailbox is actively monitored by the LIR

Regards,
Jordi

-----Mensaje original-----
De: policy-announce <policy-announce-bounces at ripe.net> en nombre de Marco Schmidt <mschmidt at ripe.net>
Fecha: jueves, 18 de enero de 2018, 12:23
Para: <policy-announce at ripe.net>
Asunto: [policy-announce] 2017-02 Review Phase (Regular abuse-c Validation)








        Dear colleagues,

          Policy proposal 2017-02, "Regular abuse-c Validation" is now in
          the Review Phase.

          The goal of this proposal is to give the RIPE NCC a mandate to
          regularly validate "abuse-c:" information and to follow up in
          cases where the attribute is deemed to be incorrect.

          This proposal has been updated following the last round of
          discussion and is now at version v2.0. Some of the differences
          from version v1.0 include:
          - A focus on validating the "abuse-mailbox:" attribute and fixing
          incorrect contact information
          - Added references to RIPE Policies and RIPE NCC procedures

          The RIPE NCC has prepared an impact analysis on this latest
          proposal version to support the community’s discussion. You can
          find the full proposal and impact analysis at:
          https://www.ripe.net/participate/policies/proposals/2017-02

          And the draft documents at:
          https://www.ripe.net/participate/policies/proposals/2017-02/draft

          As per the RIPE Policy Development Process (PDP), the purpose of
          this four-week Review Phase is to continue discussing the
          proposal, taking the impact analysis into consideration, and to
          review the full draft policy document.

          At the end of the Review Phase, the WG Chairs will determine
          whether the WG has reached rough consensus. It is therefore
          important to provide your opinion, even if it is simply a
          restatement of your input from the previous phase.

          We encourage you to read the proposal, impact analysis and draft

          document, and share your comments on <anti-abuse-wg at ripe.net> <mailto:anti-abuse-wg at ripe.net>
          before 16 February 2018.

          Kind regards,

          Marco Schmidt
          Policy Development Officer
          RIPE NCC










**********************************************
IPv4 is over
Are you ready for the new Internet ?
http://www.consulintel.es
The IPv6 Company

This electronic message contains information which may be privileged or confidential. The information is intended to be for the exclusive use of the individual(s) named above and further non-explicilty authorized disclosure, copying, distribution or use of the contents of this information, even if partially, including attached files, is strictly prohibited and will be considered a criminal offense. If you are not the intended recipient be aware that any disclosure, copying, distribution or use of the contents of this information, even if partially, including attached files, is strictly prohibited, will be considered a criminal offense, so you must reply to the original sender to inform about this communication and delete it.





 



**********************************************
IPv4 is over
Are you ready for the new Internet ?
http://www.consulintel.es
The IPv6 Company

This electronic message contains information which may be privileged or confidential. The information is intended to be for the exclusive use of the individual(s) named above and further non-explicilty authorized disclosure, copying, distribution or use of the contents of this information, even if partially, including attached files, is strictly prohibited and will be considered a criminal offense. If you are not the intended recipient be aware that any disclosure, copying, distribution or use of the contents of this information, even if partially, including attached files, is strictly prohibited, will be considered a criminal offense, so you must reply to the original sender to inform about this communication and delete it.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: </ripe/mail/archives/anti-abuse-wg/attachments/20180119/1febadf8/attachment.html>