[anti-abuse-wg] [policy-announce] 2017-02 Review Phase (Regular abuse-c Validation)

Hi,

sorry, Brian, i posted before receiving your email :)

just to get back on topic then:

I have not seen any objections to the process of emailing a alpha
numeric number to abuse-c and then having that number entered into a
website (after solving a capcha) 

This would solve many problems as it would mean that the abuse-c exists
and is functional and not an auto-responder or other bot 

Kind Regards

Andre 

On Mon, 22 Jan 2018 13:31:00 +0000
Brian Nisbet <brian.nisbet at heanet.ie> wrote:

> Folks,
> 
> On 22/01/2018 13:19, Gert Doering wrote:
> > Hi,
> > 
> > On Mon, Jan 22, 2018 at 11:25:12AM +0000, Nick Hilliard wrote:  
> >> I have no problem with abuse-c validation, either via ARC, or the
> >> mechanism proposed in this policy, and probably not via a range of
> >> other mechanisms either.  But threatening to terminate the right
> >> of an organisation to continue to exist in the case of non
> >> compliance of the terms specified in 2017-02 is frankly absurd.  
> > 
> > I second this concern.
> > 
> > I do see the need for a working abuse contact, and I do see the
> > need of sanctions in case a policy is violated, but "deregister all
> > resources, because your mail server was broken when we tested" is
> > too extreme (exaggeration for emphasis).  
> 
> There's a lot more to discuss in Nick's email, but I want to talk
> about this point immediately.
> 
> I believe the NCC have stated very clearly how incredibly unlikely
> deregistration of resources would be and I honestly don't believe the
> exaggeration for emphasis or otherwise is useful.
> 
> Yes, it could happen, after many, many attempts to get in contact with
> the resource holder and lots of steps.
> 
> However this is not a set of actions restricted to 2017-02. This is
> part of the membership contracts and the interaction between this and
> RIPE policies. There was a lot of discussion at the GM in October on
> this topic.
> 
> If a member doesn't abide by RIPE policies then there is a danger that
> their resources could be deregistered. That's part of membership.
> 
> As per the NCC's impact analysis this is something they deal with
> regularly:
> 
> "The RIPE NCC has significant experience with resolving these kinds of
> situations. Over the past five years, it has investigated and resolved
> more than 1,000 external reports on incorrect “abuse-mailbox:”
> attributes, without ever needing to trigger the closure and
> deregistration procedure. Making unresponsive resource holders aware
> of this procedure has helped to ensure their cooperation."
> 
> and
> 
> "If the closure and deregistration procedure is triggered, the
> resource holder still has a further three months to resolve the
> problem before the actual LIR closure and/or resource deregistration
> takes place."
> 
> So please, can we moderate the fears and properly estimate the risks
> around de-registration in the case of an invalid abuse-mailbox
> attribute.
> 
> Thanks,
> 
> Brian
> Co-Chair, RIPE AA-WG
>