This archive is retained to ensure existing URLs remain functional. It will not contain any emails sent to this mailing list after July 1, 2024. For all messages, including those sent before and after this date, please visit the new location of the archive at https://mailman.ripe.net/archives/list/anti-abuse-wg@ripe.net/
[anti-abuse-wg] [policy-announce] 2017-02 Review Phase (Regular abuse-c Validation)
- Previous message (by thread): [anti-abuse-wg] [policy-announce] 2017-02 Review Phase (Regular abuse-c Validation)
- Next message (by thread): [anti-abuse-wg] [policy-announce] 2017-02 Review Phase (Regular abuse-c Validation)
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
ox
andre at ox.co.za
Fri Jan 19 10:46:50 CET 2018
not sure that I know of any abuse@ email that is privacy.85o8095.849804938 at example.com (the privacy.xxx domain may exist and be a real domain - as such the "privacy.85o8095.849804938 at privacy.xxx" you used, in your example, may actually belong to someone...) But quick question: who decides what email address is "real" and what is not "real" If an abuse@ uses privacy.85o8095.849804938 at example.com then receives email and solves a capcha and then clicks a tickbox - the email address is functional / working and "real" ??? Regards Andre On Fri, 19 Jan 2018 10:40:40 +0100 JORDI PALET MARTINEZ via anti-abuse-wg <anti-abuse-wg at ripe.net> wrote: > One more thing I just realized ... > > I understand that the mailbox must be a "real" one, not the typical > "privacy.85o8095.849804938 at privacy.xxx" that is used often in whois > data ... > > Regards, > Jordi > > -----Mensaje original----- > De: anti-abuse-wg <anti-abuse-wg-bounces at ripe.net> en nombre de ox > <andre at ox.co.za> Organización: ox.co.za > Fecha: viernes, 19 de enero de 2018, 10:37 > Para: <anti-abuse-wg at ripe.net> > Asunto: Re: [anti-abuse-wg] [policy-announce] 2017-02 Review Phase > (Regular abuse-c Validation) > > > Yes, the idea Thomas had about human interaction, solving a > captcha and a tickbox is a great idea > my 1c > > Andre > > On Fri, 19 Jan 2018 10:29:42 +0100 > JORDI PALET MARTINEZ via anti-abuse-wg <anti-abuse-wg at ripe.net> > wrote: > > I also think that Thomas suggestion of a checkbox agreeing with > > regularly monitoring the abuse-mailbox is a wonderful > > suggestion. Regards, > > Jordi > > Para: <anti-abuse-wg at ripe.net> > > Asunto: Re: [anti-abuse-wg] [policy-announce] 2017-02 Review > > Phase (Regular abuse-c Validation) > > I support the proposal in general and i also think a human > > interaction of the resource holder is required. > > > > Am 19.01.18 um 09:52 schrieb Thomas Hungenberg: > > > I second Jordi's opinion that validation of the > > > abuse-mailbox should require human interaction of the > > > resource holder. In addition to solving a captcha the > > > resource holder might need to confirm (click a checkbox) > > > that he will monitor the abuse-mailbox account on a > > > regular basis and take appropriate action to solve > > > reported abuse cases. > > > > > > > > > - Thomas > > > > > > CERT-Bund Incident Response & Malware Analysis Team > > > > > > > > > On 18.01.2018 19:44, JORDI PALET MARTINEZ via > > > anti-abuse-wg wrote: > > >> I fully agree with this proposal and should be > > >> implemented ASAP. > > >> > > >> HOWEVER, I’ve a question regarding the impact analysis, > > >> and specially this sentence: > > >> > > >> “To increase efficiency, this process will use an > > >> automated solution that will allow the validation of > > >> “abuse-mailbox:” attributes without sending an email. No > > >> action will be needed by resource holders that have > > >> configured their “abuse-mailbox:” attribute correctly.” > > >> > > >> Reading the policy proposal, how the NCC concludes that > > >> it should be “without sending an email”? > > >> > > >> I will say that the right way to do a validation (at > > >> creation/modification and yearly) is, in a way that makes > > >> sense (having an email that nobody is processing is > > >> exactly the same as not having the abuse attribute at > > >> all): 1) Send an email with a link that must be clicked > > >> by a human (so some kind of captcha-like mechanism > > >> should be followed) 2) If this link is not clicked in a > > >> period of 48 hours (not including Saturday-Sunday), an > > >> alarm should be generated so the NCC can take the > > >> relevant actions and make sure that the mailbox is > > >> actively monitored by the LIR > > >> > > >> Regards, > > >> Jordi > > > > > > > -- > > Mit freundlichem Gruß > > > > Artfiles New Media GmbH > > > > Andreas Worbs > > > > > > Artfiles New Media GmbH | Zirkusweg 1 | 20359 Hamburg > > Tel: 040 - 32 02 72 90 | Fax: 040 - 32 02 72 95 > > E-Mail: support at artfiles.de | Web: http://www.artfiles.de > > Geschäftsführer: Harald Oltmanns | Tim Evers > > Eingetragen im Handelsregister Hamburg - HRB 81478 > > > > > > > > > > > > > > ********************************************** > > IPv4 is over > > Are you ready for the new Internet ? > > http://www.consulintel.es > > The IPv6 Company > > > > This electronic message contains information which may be > > privileged or confidential. The information is intended to be > > for the exclusive use of the individual(s) named above and > > further non-explicilty authorized disclosure, copying, > > distribution or use of the contents of this information, even > > if partially, including attached files, is strictly prohibited > > and will be considered a criminal offense. If you are not the > > intended recipient be aware that any disclosure, copying, > > distribution or use of the contents of this information, even > > if partially, including attached files, is strictly prohibited, > > will be considered a criminal offense, so you must reply to the > > original sender to inform about this communication and delete > > it. > > > > > > > > > > > > > > > > > ********************************************** > IPv4 is over > Are you ready for the new Internet ? > http://www.consulintel.es > The IPv6 Company > > This electronic message contains information which may be privileged > or confidential. The information is intended to be for the exclusive > use of the individual(s) named above and further non-explicilty > authorized disclosure, copying, distribution or use of the contents > of this information, even if partially, including attached files, is > strictly prohibited and will be considered a criminal offense. If you > are not the intended recipient be aware that any disclosure, copying, > distribution or use of the contents of this information, even if > partially, including attached files, is strictly prohibited, will be > considered a criminal offense, so you must reply to the original > sender to inform about this communication and delete it. > > > > >
- Previous message (by thread): [anti-abuse-wg] [policy-announce] 2017-02 Review Phase (Regular abuse-c Validation)
- Next message (by thread): [anti-abuse-wg] [policy-announce] 2017-02 Review Phase (Regular abuse-c Validation)
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]