[anti-abuse-wg] working in new version of 2019-04 (Validation of "abuse-mailbox")

Hi,

a few points:

    The “abuse-mailbox:” attribute must be available in an unrestricted way
    via whois, APIs and future techniques.

I'd explicitly mention RDAP here.  It's not a future technique any more


    Confirm that the resource holder understands the procedure and the policy,
    that they regularly monitor the abuse-mailbox, that measures are taken,
    and that abuse reports receive a response.

I'd skip the last line.  In my automated abuse reports a add a header field
like "X-Auto-Response-Suppress: DR, OOF, AutoReply".  Yet, many abuse team send
automatic notifications that I have to skim, possibly hiding real replies that
need attention.  Responses are due only if needed.


Furthermore, couldn't the RIPE NCC have a web form, possibly advertised in RDAP
output, where receivers of NDNs from abuse-c contacts can notify that a given
mailbox bounces?  The effect of filling such form would be to advance the
mailbox position in the validation queue.


Finally, IMHO:

On Tue 14/Jan/2020 10:24:42 +0100 JORDI PALET MARTINEZ via anti-abuse-wg wrote:
> El 14/1/20 0:11, "Leo Vegoda" <leo at vegoda.org> escribió:
>   
>>     It creates hope for reporters and wastes the RIPE NCC's and the
>>     reporters' resources by forcing unwilling organizations to spend
>>     cycles on unproductive activity.
>>     
>>     Why not give networks two options?
>>     
>>     1. Publish a reliable method for people to submit abuse reports - and act on it
>>     2. Publish a statement to the effect that the network operator does
>>     not act on abuse reports
>>     
>>     This would save lots of wasted effort and give everyone more reliable
>>     information about the proportion of networks/operators who will and
>>     won't act on abuse reports.
>  
> Even if I think that the operators MUST process abuse cases, if the
> community thinks otherwise, I'm happy to support those two options in the
> proposal. For example, an autoresponder in the abuse-c mailbox for those
> that don't intend to process the abuse cases to option 2 above?

No, autoresponders waste even more resources.  In case, let's use a
conventional address like, say, noone at localhost to decline to receive abuse
reports.  There would be no attempt to validate such address.

There are a number of cases, especially in large organizations, where a mailbox
fails to work because email refurbishing resulted in mail loops, erroneous
forwarding, dead relays, and the like.  Having an alternative contact can bring
attention to the fact and reestablish the functionality.

There are cases where there is no abuse team and holders don't care.  Sooner or
later the community will find out how to set up some kind of Don't Route Or
Peer list of those.  However, forcing them to have a "working" abuse-c is
nonsensical.



Best
Ale




> 
>    
>     There might be some value in having the RIPE NCC cooperate with
>     networks who want help checking that their abuse-c is working. But
>     this proposal seems to move the RIPE NCC from the role of a helpful
>     coordinator towards that of an investigator and judge.
>     
> No, I don't think so, but I'm happy to modify the text if it looks like that.
> 
> 
> 
> 
> 
> **********************************************
> IPv4 is over
> Are you ready for the new Internet ?
> http://www.theipv6company.com
> The IPv6 Company
> 
> This electronic message contains information which may be privileged or confidential. The information is intended to be for the exclusive use of the individual(s) named above and further non-explicilty authorized disclosure, copying, distribution or use of the contents of this information, even if partially, including attached files, is strictly prohibited and will be considered a criminal offense. If you are not the intended recipient be aware that any disclosure, copying, distribution or use of the contents of this information, even if partially, including attached files, is strictly prohibited, will be considered a criminal offense, so you must reply to the original sender to inform about this communication and delete it.
> 
> 
> 
> 
>