[anti-abuse-wg] working in new version of 2019-04 (Validation of "abuse-mailbox")

Hi Warren,

When some operators aren't responding to abuse cases, or when they are bouncing emails, or you get a response from someone telling "sorry I'm not the right contact for this, the email is mistaken", and many other similar situations ... the operator is telling you "we don't care about abuse from our customer to other networks".

There is not different to say that explicitly by making the abuse-c optional, so those that don't want to handle the abuse reports, just don't have it.

There is no difference in having the email bouncing than having an autoresponder saying "we don't care" ... 
 

El 15/1/20 21:15, "anti-abuse-wg en nombre de Warren Kumari" <anti-abuse-wg-bounces at ripe.net en nombre de warren at kumari.net> escribió:

    On Wed, Jan 15, 2020 at 2:46 PM Leo Vegoda <leo at vegoda.org> wrote:
    >
    > On Wed, Jan 15, 2020 at 11:02 AM Jeffrey Race <jrace at post.harvard.edu> wrote:
    >
    > [...]
    >
    > > Aside from the reciprocity issue, it's a basic engineering rule
    > > that systems target their goal only when a corrective
    > > feedback path exists.
    >
    > That feedback path does not need to be a personally written e-mail.
    > Instead, it is possible to use signals like the absence of a reliable
    > reporting mechanism to make decisions about not accepting some or all
    > traffic from an abusing network.
    >
    > My main concern with proposal 2019-04 is that it would make everyone
    > look the same. It then takes time and effort to distinguish the
    > networks that will actually use abuse reports to fix problems from
    > those that won't or just don't have the ability to do so.
    >
    > While I would accept Gert's proposal for making abuse-c an optional
    > attribute, the reason I offered a counter proposal for publishing "a
    > statement to the effect that the network operator does not act on
    > abuse reports" is to add clarity at a high level.
    >
    > In the first case, it avoids wasting resources lodging reports that
    > will be ignored. Secondly, it provides reliable statistical
    > information about the networks whose operators claim to use abuse
    > reports to clean things up. This would provide a metric that could be
    > used both by other network operators to guide operational policies and
    > governments or regulators to set theirs.
    
    I suspect I'm somewhat confused / have lost the thread somewhere.
    
    I really don't think that any network is likely to advertise that they
    are not dealing with abuse -- it gives a bad impression, and the
    marketing droids will likely want *something* listed. The same goes
    for legal - saying "Meh, don't bother sending us abuse reports, we
    ignore them" doesn't seem to have any PR / marketing / legal upside,
    and has many downsides...
    
    Pretend that you are a network that (largely) ignores abuse reports --
    your current solution of throwing these mails away costs you nothing;
    what's the upside to telling everyone that you are doing this?
    
    I suspect that people will continue to have abuse@, hostmaster@,
    abuse-c,and any other conventions filled in -- and many will just
    continue to shuffle these into self-closing ticket systems / mailboxes
    which never get read and / or /dev/null...
    
    W
    
    
    >
    > Finally, we don't yet know what the RIPE Database Requirements TF will
    > recommend. But I think that building a new business process on the
    > existing model for publishing contact information assumes they won't
    > recommend changes. Let's wait until they report before asking the RIPE
    > NCC to build new workflows on a model that the community might want to
    > change.
    >
    > Kind regards,
    >
    > Leo Vegoda
    >
    
    
    -- 
    I don't think the execution is relevant when it was obviously a bad
    idea in the first place.
    This is like putting rabid weasels in your pants, and later expressing
    regret at having chosen those particular rabid weasels and that pair
    of pants.
       ---maf
    
    



**********************************************
IPv4 is over
Are you ready for the new Internet ?
http://www.theipv6company.com
The IPv6 Company

This electronic message contains information which may be privileged or confidential. The information is intended to be for the exclusive use of the individual(s) named above and further non-explicilty authorized disclosure, copying, distribution or use of the contents of this information, even if partially, including attached files, is strictly prohibited and will be considered a criminal offense. If you are not the intended recipient be aware that any disclosure, copying, distribution or use of the contents of this information, even if partially, including attached files, is strictly prohibited, will be considered a criminal offense, so you must reply to the original sender to inform about this communication and delete it.