This archive is retained to ensure existing URLs remain functional. It will not contain any emails sent to this mailing list after July 1, 2024. For all messages, including those sent before and after this date, please visit the new location of the archive at https://mailman.ripe.net/archives/list/anti-abuse-wg@ripe.net/
[anti-abuse-wg] On the abuse handling policy of manitu.net (AS34240)
- Previous message (by thread): [anti-abuse-wg] On the abuse handling policy of manitu.net (AS34240)
- Next message (by thread): [anti-abuse-wg] On the abuse handling policy of manitu.net (AS34240)
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Hans-Martin Mosner
hmm at heeg.de
Sat Feb 20 09:21:09 CET 2021
Am 20.02.21 um 01:39 schrieb Volker Greimann: > It sounds GDPR legal. After all, they are telling you exactly what will happen with anything that you send there, so > by sending it there in full knowledge, you are essentially consenting to that processing of your data. That may or may not be true, I'm not a legal expert. It sounds essentially like a protective clause that indemnifies them in case they've given your data to a criminal who then begins to harrass you. Note that the reasonability of such protective clauses may be dubious, and their legality tends to be undefined until they are tested in courts. Protective clauses often don't fully consider the rights of one side, for example I would be fairly sure that giving my private data to a spamming customer who stays anonymous to me would be a blatant violation of *my* rights. > Also, German courts have ruled that in-between service providers are only liable for taking action after the > complainant has raised the issue with the party that is directly violating the rights of the complainant, or their > hosting provider and those efforts have proven futile or can be objectively deemed to be futile from the outset. > And finally, who says their customers are the abusers? In many cases, their customers may be the victims as well, > without their knowledge, for example due to compromised CMS and would indeed be the best person to address the issue > you may want to see resolved. I have been working as a part-time postmaster for quite a bit over 30 years, and I'm am pretty capable of distinguishing between compromised resources (web sites or mail accounts) and spammer-owned resources in most cases, thank you very much :-) As an abuse reporter, I need to decide which parties I can or cannot trust in which respects. If a hosting company hosts customers for prolonged times that are to the best of my knowledge blatant abusers, I simply cannot trust that company to handle my abuse reports properly. Whether they claim to keep my personal data safe or give it to their customer doesn't really matter, I must assume that they are acting in the interests of their abusive customers and therefore not in my interest. The only sensible action is to block their network completely to protect my users. I'm not trying to talk to such a provider anymore. In the case of Manitu, I'd probably give them the benefit of the doubt as they are actively sponsoring a useful DNSBL and a spamfighting forum, and I'm not aware of any spammers hosted by them. When I see that abuse is most likely caused by compromised resources, I tend to send abuse reports through spamcop which should be delivered with enough technical info to analyze the problem but still somewhat shield my identity. Of course, dynamic IPs are a special case, they are blocked without discussion, and providers who don't respond to and act on abuse reports will be blocked, too. I just don't have enough time to play games with providers. We are doing them a favor by notifying them of problems in their network, we don't request a service. If they don't want to be notified, so be it. Cheers, Hans-Martin
- Previous message (by thread): [anti-abuse-wg] On the abuse handling policy of manitu.net (AS34240)
- Next message (by thread): [anti-abuse-wg] On the abuse handling policy of manitu.net (AS34240)
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]