This archive is retained to ensure existing URLs remain functional. It will not contain any emails sent to this mailing list after July 1, 2024. For all messages, including those sent before and after this date, please visit the new location of the archive at https://mailman.ripe.net/archives/list/anti-abuse-wg@ripe.net/
[anti-abuse-wg] 2019-04 Discussion Phase (Validation of "abuse-mailbox")
- Previous message (by thread): [anti-abuse-wg] 2019-04 Discussion Phase (Validation of "abuse-mailbox")
- Next message (by thread): [anti-abuse-wg] 2019-04 Discussion Phase (Validation of "abuse-mailbox")
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Ángel González Berdasco
angel.gonzalez at incibe.es
Fri May 8 21:30:14 CEST 2020
On 08-05-2020 20:17 +0200, Alessandro Vesely wrote: > On Fri 08/May/2020 13:28:10 +0200 JORDI PALET MARTINEZ wrote: > > Hi Alessandro, > > > > As I've indicated already several times (and not just in this > > discussion), all the RIRs have forms or other methods to escalate > > any issues. > > > > The proposal is only changing "let's have stats". > > > I read: > > The RIPE NCC will validate the “abuse-mailbox:” attribute at > least > annually. Where the attribute is deemed incorrect, it will follow > up in > compliance with relevant RIPE Policies and RIPE NCC procedures. > > https://www.ripe.net/participate/policies/proposals/2019-04 > > The anonymized statistics is mentioned afterward. It seems to result > from > community escalation and reporting, rather than from the abuse- > mailbox > validation itself. By my proposal, instead, the output of the > validation process is borne out when the abuse address is removed > from the database —and the corresponding IP ranges duly transmitted. > > > Best > Ale Currently there are already abuse contacts marked as having failed validation. Maybe it should be tagged in a different way. I do not think removing them would be the solution, as that would be ambiguous with not having been set at all. Plus, it is also possible that it is actually working, and the failure was just a transient error. Trying to suit everything, I would probably go for providing along the abuse contact when was the first and last known date it worked, and -if newer- they didn't. An individual could contribute to the contact being marked as failed (as it's already the case) by notifying RIPE. The rir owner could also trigger a new check to show that it is working again. And whatever you do with such information, is still up for local policy. If am abuse contact is known to have been working last Monday, but fails since yesterday, there's a good chance that it has been fixed or it will be shortly. If it has never been verified to work and it has been failing for seven years, well, there's probably no point in notifying them through that address. However, all of that would still be a local policy decision, which I suspect would be better received. You would set your own arbitrary thresholds there, rather than the discussion on after which X time should RIPE pull that entry from the db. Plus, not all purposes would treat them similarly. In case you are reporting an abuse from two hours ago, you may only care that it is working *right now*. However, if you were checking whether their abuse contact status, as one of multiple points evaluating a peering request, trying to guess how problematic your prospective neighbour may be, you might prefer seeing that their abuse mail has been reachable for the last 6 months. Best regards
- Previous message (by thread): [anti-abuse-wg] 2019-04 Discussion Phase (Validation of "abuse-mailbox")
- Next message (by thread): [anti-abuse-wg] 2019-04 Discussion Phase (Validation of "abuse-mailbox")
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]