[anti-abuse-wg] 2019-04 Discussion Phase (Validation of "abuse-mailbox")

Hi Alessandro,

I just read Marco response to this thread (Marco thanks for the quick reaction on it!), and also Angel response (so to avoid answering to several emails about the same).

I guess all your other inputs are also relevant for the NCC.

In principle, I don't think all that should be part of the policy proposal, but if the NCC seems otherwise, I'm happy to work with you/Angel/others to make sure that we have captured correctly that and see what the WG believes.

Thanks!

Regards,
Jordi
@jordipalet
 
 

El 13/5/20 13:02, "anti-abuse-wg en nombre de Alessandro Vesely" <anti-abuse-wg-bounces at ripe.net en nombre de vesely at tana.it> escribió:

    Hi Jordy,

    On Tue 12/May/2020 22:21:11 +0200 JORDI PALET MARTINEZ via anti-abuse-wg wrote:
    > El 12/5/20 19:26, "anti-abuse-wg en nombre de Alessandro Vesely" <anti-abuse-wg-bounces at ripe.net en nombre de vesely at tana.it> escribió:
    > 
    > I think it is more useful instead of removing the address, marking the
    > record as invalid, and this is being done if I recall correctly from RIPE
    > NCC presentations. Because it may be a temporary failure of the address, so
    > *not removing it* may bring it back in a subsequent verification.

    If at all possible, I'd suggest to register a suitable RDAP JSON value for the
    relevant remark type, at IANA[*].  That would allow automated tools to discard
    the corresponding vcard entry.

    ARIN write a remark, like so:

     "remarks" : [
        {
           "description" : [
              "ARIN has attempted to validate the data for this POC, but has
    received no response from the POC since 2011-06-07"
           ],
           "title" : "Unvalidated POC"
        }
     ],


    Such remark is not quite actionable, as it doesn't say which POC does not work
    (recall there are various arrays of vcards, only some of which are tagged with
    the "abuse" role.)  Perhaps more importantly, it doesn't say if the invalid
    nature of the mailbox was notified to the responsible organization, and such
    notification acknowledged.


    > [Jordi] I think both [actual validity and statistics] are useful to know. Is
    > the address valid/invalid. If valid, is this LIR processing abuse reports or
    > there is information escalated from the community that is not?

    The latter datum is much more difficult to get right.  I'd stick with an
    invalid mark.  If, say, email messages bounced since 2011, and the organization
    was promptly notified and shrugged, a loud and clear mark is well deserved.


    > [Jordi] Totally agree. I still think ideally, we should have X-ARF as the
    > single way to do all the abuse reporting. Not sure if this could be also
    > connected to provide feedback to DNSBL, but I'm not convinced RIPE NCC (or
    > any other RIR) could do that ... very difficult to reach consensus on that
    > at the time being. The stats might prove that on the long term and then we
    > can change our minds.

    The format, like the actual handling of reports, is one or more levels above.

    As for a DNSBL, I keep reading that most data in the RIPE Database is public.
    Are there API to browse its content?  Is it possible to maintain a (filtered)
    copy of it?  If one could collect all the blocks whose abuse-c is marked as
    invalid, she could then run a corresponding DNSBL.  However, article 3 of the
    Terms and Conditions for Data Access[†] seems to disallow just that.


    Best
    Ale
    -- 

    [*] https://www.iana.org/assignments/rdap-json-values/rdap-json-values.xhtml
    [†] https://labs.ripe.net/datarepository/conditions/basic













































**********************************************
IPv4 is over
Are you ready for the new Internet ?
http://www.theipv6company.com
The IPv6 Company

This electronic message contains information which may be privileged or confidential. The information is intended to be for the exclusive use of the individual(s) named above and further non-explicilty authorized disclosure, copying, distribution or use of the contents of this information, even if partially, including attached files, is strictly prohibited and will be considered a criminal offense. If you are not the intended recipient be aware that any disclosure, copying, distribution or use of the contents of this information, even if partially, including attached files, is strictly prohibited, will be considered a criminal offense, so you must reply to the original sender to inform about this communication and delete it.