[anti-abuse-wg] 2019-04 Discussion Phase (Validation of "abuse-mailbox")

In relation to the policy, where it says: "must not force the sender to use
a form."

as someone that reports phishing websites, I find the use of forms helpful,
as it ensures the company receives the report, particularly where they
implement a CAPTCHA.

To require the resource to only accept abuse reports via email, means all
the criminals have to do is flood the mailbox, making it physically
impossible to receive the abuse reports.

If the policy could be amended to include a suggestion that the abuse
mailbox contain a verification procedure (such as "your email has been
received. Please "click here" to confirm you sent it") it would improve
efficiency all around.


In relation to Nick Hilliard's email, where they say:

" it is beyond inappropriate for this working group to expect the RIPE NCC
to withdraw numbering resources if member organisations  don't comply with
an arbitrary policy which forces the use of SMTP email like this."

This is, in a nutshell, what is wrong with this RIR, and others, such as
ARIN. Often I will look up abuse contacts on ARIN, to find that the abuse
mailbox bounces, and a message such as "ARIN has attempted to verify this
email address since 10-11-2010" - almost 10 YEARS!

So, what are you seriously suggesting? Because these people that become
offended at the suggestion that it's unreasonable for someone to ensure an
email address is valid once per year (very onerous i'm sure), never really
say what they really mean, which is really what is inappropriate: that
criminals should be able to use a resource indefinitely to pump out spam,
host phishing websites, co-ordinate botnets etc... and that the person that
receives this crap is not even entitled to let the resource owner know?

----






On Wed, Apr 29, 2020 at 12:01 AM Petrit Hasani <phasani at ripe.net> wrote:

> Dear colleagues,
>
> A new version of RIPE policy proposal, 2019-04, "Validation of
> "abuse-mailbox"", is now available for discussion.
>
> This proposal aims to have the RIPE NCC validate "abuse-c:" information
> more often and introduces a new validation process.
>
> Most of the text has been rewritten following the last round of
> discussion and the proposal is now at version 3.0. Some key points in
> this version:
>
> - The abuse-mailbox should not force the sender to use a form
> - The validation process must ensure that the abuse mailbox is able to
> receive messages
> - The validation should happen at least every six months
>
> You can find the full proposal at:
> https://www.ripe.net/participate/policies/proposals/2019-04
>
> As per the RIPE Policy Development Process (PDP), the purpose of this
> four-week Discussion Phase is to discuss the proposal and provide
> feedback to the proposer.
>
> At the end of the Discussion Phase, the proposer, with the agreement of
> the Anti-Abuse Working Group Chairs, will decide how to proceed with the
> proposal.
>
> We encourage you to review this proposal and send your comments to
> <anti-abuse-wg at ripe.net> before 27 May 2020.
>
> Kind regards,
> --
> Petrit Hasani
> Policy Officer
> RIPE NCC
>
>
>
>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: </ripe/mail/archives/anti-abuse-wg/attachments/20200429/277e6eee/attachment.html>