This archive is retained to ensure existing URLs remain functional. It will not contain any emails sent to this mailing list after July 1, 2024. For all messages, including those sent before and after this date, please visit the new location of the archive at https://mailman.ripe.net/archives/list/[email protected]/

[anti-abuse-wg] [policy-announce] 2017-02 Review Phase (Regular abuse-c Validation)

Previous message (by thread): [anti-abuse-wg] [policy-announce] 2017-02 Review Phase (Regular abuse-c Validation)
Next message (by thread): [anti-abuse-wg] [policy-announce] 2017-02 Review Phase (Regular abuse-c Validation)

Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Brian Nisbet brian.nisbet at heanet.ie
Mon Jan 22 14:31:00 CET 2018

Folks,

On 22/01/2018 13:19, Gert Doering wrote:
> Hi,
> 
> On Mon, Jan 22, 2018 at 11:25:12AM +0000, Nick Hilliard wrote:
>> I have no problem with abuse-c validation, either via ARC, or the
>> mechanism proposed in this policy, and probably not via a range of other
>> mechanisms either.  But threatening to terminate the right of an
>> organisation to continue to exist in the case of non compliance of the
>> terms specified in 2017-02 is frankly absurd.
> 
> I second this concern.
> 
> I do see the need for a working abuse contact, and I do see the need of
> sanctions in case a policy is violated, but "deregister all resources,
> because your mail server was broken when we tested" is too extreme
> (exaggeration for emphasis).

There's a lot more to discuss in Nick's email, but I want to talk about
this point immediately.

I believe the NCC have stated very clearly how incredibly unlikely
deregistration of resources would be and I honestly don't believe the
exaggeration for emphasis or otherwise is useful.

Yes, it could happen, after many, many attempts to get in contact with
the resource holder and lots of steps.

However this is not a set of actions restricted to 2017-02. This is part
of the membership contracts and the interaction between this and RIPE
policies. There was a lot of discussion at the GM in October on this topic.

If a member doesn't abide by RIPE policies then there is a danger that
their resources could be deregistered. That's part of membership.

As per the NCC's impact analysis this is something they deal with regularly:

"The RIPE NCC has significant experience with resolving these kinds of
situations. Over the past five years, it has investigated and resolved
more than 1,000 external reports on incorrect “abuse-mailbox:”
attributes, without ever needing to trigger the closure and
deregistration procedure. Making unresponsive resource holders aware of
this procedure has helped to ensure their cooperation."

and

"If the closure and deregistration procedure is triggered, the resource
holder still has a further three months to resolve the problem before
the actual LIR closure and/or resource deregistration takes place."

So please, can we moderate the fears and properly estimate the risks
around de-registration in the case of an invalid abuse-mailbox attribute.

Thanks,

Brian
Co-Chair, RIPE AA-WG

Previous message (by thread): [anti-abuse-wg] [policy-announce] 2017-02 Review Phase (Regular abuse-c Validation)
Next message (by thread): [anti-abuse-wg] [policy-announce] 2017-02 Review Phase (Regular abuse-c Validation)

Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

[ anti-abuse-wg Archives ]