This archive is retained to ensure existing URLs remain functional. It will not contain any emails sent to this mailing list after July 1, 2024. For all messages, including those sent before and after this date, please visit the new location of the archive at https://mailman.ripe.net/archives/list/[email protected]/

[anti-abuse-wg] working in new version of 2019-04 (Validation of "abuse-mailbox")

Previous message (by thread): [anti-abuse-wg] working in new version of 2019-04 (Validation of "abuse-mailbox")
Next message (by thread): [anti-abuse-wg] working in new version of 2019-04 (Validation of "abuse-mailbox")

Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Serge Droz serge.droz at first.org
Wed Jan 15 09:14:59 CET 2020

Hi All

So maybe a word from an "Incident Responder".

I do feel very much, that we should have an abuse conntact, and it
should be tested to wok, in the sense that some one reads the mail sent
there.

Here are my reasons:

- Having such a mailbox may increase the pressure for orgs to actually
do something. My experience from previous job showed, that keep sending
abuse reports, despite complaints about "spam" eventually convinced a
lot of orgs to act. Essentially you take away the excuste "Oh, but we
didn't know"

- Even for orgs that don't react having such a conntact helps, because
it allows us to build up a history of ignored requests, which cann then
be used to reminde these orgs that they actually are part of the
problem. It is a sad fact, that a threat to your reputation, even if
it's only in colsed community, seems to sometimes help convincing said
org to reract. Finally if, at some state more drastic action would be
necessary (Think Russian Bussines Network at the time), you can build a
case.

- Lastly: It makes our life as Incident responders easier to have a
uniform way of sending reports, even if not all of them are followed up.

I kind of don't buy into "There is no point on placing a burden on orgs
that choose not to act".

Best
Serge

On 15/01/2020 08:23, Carlos Friaças via anti-abuse-wg wrote:
> 
> Hi,
> 
> I obviously don't speak for the incident handling community, but i think
> this (making it optional) would be a serious step back. The current
> situation is already very bad when in some cases we know from the start
> that we are sending (automated) messages/notices to blackholes.
> 
> To an extreme, there should always be a known contact responsible for
> any network infrastructure. If this is not the case, what's the purpose
> of a registry then?
> 
> Regards,
> Carlos
> 
> 
> 
> On Tue, 14 Jan 2020, Leo Vegoda wrote:
> 
>> On Tue, Jan 14, 2020 at 1:48 AM Gert Doering <gert at space.net> wrote:
>>
>> [...]
>>
>>> A much simpler approach would be to make abuse-c: an optional attribute
>>> (basically, unrolling the "mandatory" part of the policy proposal that
>>> introduced it in the first place)
>>
>> This seems like a simple approach for letting network operators
>> indicate whether or not they will act on abuse reports. If there's no
>> way of reporting abuse then the operators clearly has no processes for
>> evaluating reports, or acting on them. This helps everyone save time.
>>
>> Regards,
>>
>> Leo Vegoda
>>
> 

-- 
Dr. Serge Droz
Chair, Forum of Incident Response and Security Teams (FIRST)
Phone +41 76 542 44 93 | serge.droz at first.org | https://www.first.org

Previous message (by thread): [anti-abuse-wg] working in new version of 2019-04 (Validation of "abuse-mailbox")
Next message (by thread): [anti-abuse-wg] working in new version of 2019-04 (Validation of "abuse-mailbox")

Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

[ anti-abuse-wg Archives ]