[anti-abuse-wg] [policy-announce] 2017-02 Review Phase (Regular abuse-c Validation)

Thomas,

Just to be very clear, the current proposal is only in relation to 
verification.

If the community wish for other processes to be put in place in regards 
to lack of action on abuse or similar, then that would require a wholly 
different proposal.

Thanks,

Brian
Co-Chair, RIPE AA-W
Thomas Hungenberg wrote on 23/01/2018 11:51:
> On 22.01.2018 14:19, Gert Doering wrote:
>> I do see the need for a working abuse contact, and I do see the need of
>> sanctions in case a policy is violated, but "deregister all resources,
>> because your mail server was broken when we tested" is too extreme
>> (exaggeration for emphasis).
>
> I fully agree a resource should not be withdrawn just because the
> abuse-mailbox is (temporarily) invalid or the holder once misses
> to complete the verification process in time - if he otherwise takes
> care of malicious activity emerging from his resources.
>
> However, I think RIPE-563 (and related policies) should state that
> resource holders have to provide a valid abuse-mailbox which is
> monitored on a regular basis and have to take care of complaints
> regarding malicious activity reported to this mailbox.
> An autoresponder asking people to fill out a webform should not be
> accepted as a valid solution as this does not work for CERTs and
> other security teams reporting hundreds of abuse cases per day to
> the responsible resource owners (in an automated fashion).
>
> Also, irrespective of how the abuse-c verification process will be
> implemented, IMHO there is a need for a defined process on how resources
> can be withdrawn (as a last resort) if the holder is constantly ignoring
> abuse complaints or even wittingly accepts malicious activity emerging
> from his resources (e.g. bullet proof hosting).
>
>
>      - Thomas
>
> CERT-Bund Incident Response & Malware Analysis Team
>