This archive is retained to ensure existing URLs remain functional. It will not contain any emails sent to this mailing list after July 1, 2024. For all messages, including those sent before and after this date, please visit the new location of the archive at https://mailman.ripe.net/archives/list/[email protected]/
[anti-abuse-wg] Decision on Proposal 2017-02
- Previous message (by thread): [anti-abuse-wg] SPAMHAUS SBL team contacts
- Next message (by thread): [anti-abuse-wg] Decision on Proposal 2017-02
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Thomas Hungenberg
th at cert-bund.de
Tue Feb 19 12:56:12 CET 2019
FYI: Some longer-term statistics on this:
Since January 2018, we have identified 157 invalid abuse contacts
(our abuse reports bounced) for network objects registered with
country code "DE" which we reported to RIPE NCC.
RIPE NCC reached out to their members responsible for the
respective objects.
150 cases have been solved by updating the abuse contact or correcting
the mail server configuration - usually within only a few days.
There are only 2 cases older than four weeks still unresolved.
Thanks again to RIPE NCC for their great assistance!
- Thomas
CERT-Bund Incident Response & Malware Analysis Team
On 23.03.18 10:39, Thomas Hungenberg wrote:
> We had to deal with 40+ invalid abuse contacts only for resources
> registered to German holders in the past three months.
> Most messages bounced with "user unknown".
>
> We tried to reach out to the resource holders to get the invalid
> abuse contacts fixed. If that failed, we reported the case to
> RIPE NCC. With their assistance, a lot of additional cases could
> be solved (thanks!).
>
> It turned out that most of the contacts were not invalid because
> the resource holders wanted to ignore reporting of abuse but due to
> technical problems or the contact set to a personal mailbox of
> someone who had left the organization. Many resource holders were
> glad to be notified of the problem.
>
> So while I'd still prefer a validation process that requires
> human interaction to make sure messages sent to the abuse contacts
> are actually read and processed, an automated check if the mailbox
> exists at all would already help a lot.
> I'd be glad if this automated check just for the existence of the
> abuse mailbox could be done not only annually but probably even
> twice or four times a year.
>
>
> - Thomas
>
> CERT-Bund Incident Response & Malware Analysis Team
>
>
> On 20.03.2018 13:54, Gert Doering wrote:
>> Hi,
>>
>> On Tue, Mar 20, 2018 at 01:23:18PM +0100, Janos Zsako wrote:
>>> At the same time, I do see some benefit in checking regularly the provided
>>> e-mail address, because I am convinced that there will always be cases where
>>> people simply forget to update the database. If they are reminded, they will
>>> be happy to correct it.
>>
>> This is actually some benefit I see here - the NCC already does the
>> ARC in regular intervals, so including abuse-c: in "please check that
>> these are still correct" would be useful to help "those that do care but
>> overlooked a necessary update".
>>
>> (Right now, the NCC will already ensure that contacts are correct if they
>> receive a complaint from someone that contact data is wrong)
>>
>> So, still not really able to make up my mind whether I support or oppose
>> this - staying neutral.
>>
>> Gert Doering
>> -- NetMaster
>>
>
- Previous message (by thread): [anti-abuse-wg] SPAMHAUS SBL team contacts
- Next message (by thread): [anti-abuse-wg] Decision on Proposal 2017-02
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]