[anti-abuse-wg] Proposal: Publish effective users' abuse-c

Hi Michele

Yes you can allow any customer with an assignment to have their own
abuse-c contact. But the database query will only return a single
abuse contact for any IP address. If the assignment object has an
abuse-c then a query on any IP address in the range of that assignment
will only return the customer's abuse contact details. If an
assignment does not have an abuse-c then such a query will return the
resource holder's abuse-contact details. A query will not return both
the customer's and the resource holder's details.

However, this can be changed if the community wants something
different. We can make abuse-c a multiple attribute so the resource
holder can add the customer's and their own abuse-c to an assignment.
Or we can change the default behaviour of the query so when an abuse-c
is found in an assignment it always returns the resource holder's
abuse-c as well. Or we can add a new query flag to return both abuse-c
details when available. Or we can modify the abuse-c attribute in some
way so the resource holder can choose what a query returns.  Any
behaviour is possible as long as you define what behaviour you want
and the community finds it useful.

chears
denis
co-chair DB-WG

On Thu, 10 Feb 2022 at 11:54, Michele Neylon - Blacknight
<michele at blacknight.com> wrote:
>
> That’s not entirely true.
>
>
>
> It’ll depend on how granular the LIR is with their allocations to their clients.
>
>
>
> Speaking on behalf of my company we do assign blocks and abuse-c contacts to quite a few of our clients.
>
> However we wouldn’t do that for every single IP address and due to the nature of some of the services we provide a single IP address is going to be linked to multiple clients.
>
>
>
> The main issue we run into is with some reporters using a scatter gun approach with reporting abuse, which is just a waste of everyone’s time. (Basically sending notices to every single contact they can find – not just the abuse-c)
>
>
>
> Regards
>
>
>
> Michele
>
>
>
>
>
>
>
> --
>
> Mr Michele Neylon
>
> Blacknight Solutions
>
> Hosting, Colocation & Domains
>
> https://www.blacknight.com/
>
> https://blacknight.blog/
>
> Intl. +353 (0) 59  9183072
>
> Direct Dial: +353 (0)59 9183090
>
> Personal blog: https://michele.blog/
>
> Some thoughts: https://ceo.hosting/
>
> -------------------------------
>
> Blacknight Internet Solutions Ltd, Unit 12A,Barrowside Business Park,Sleaty
>
> Road,Graiguecullen,Carlow,R93 X265,Ireland  Company No.: 370845
>
>
>
>
>
> From: anti-abuse-wg <anti-abuse-wg-bounces at ripe.net> on behalf of Ángel González Berdasco <angel.gonzalez at incibe.es>
> Date: Saturday, 22 January 2022 at 23:12
> To: denis walker <ripedenis at gmail.com>
> Cc: anti-abuse-wg at ripe.net <anti-abuse-wg at ripe.net>
> Subject: Re: [anti-abuse-wg] Proposal: Publish effective users' abuse-c
>
> [EXTERNAL EMAIL] Please use caution when opening attachments from unrecognised sources.
>
> > This bit is not possible. The "abuse-c:" attribute is 'single'. So the
>
> > resource object can only ever reference one abuse contact.
>
>
>
> Thanks Denis. abuse-c arity is a point I was dubious about.
>
>
>
> Thus, it is not currently possible to publish an abuse-c with the customer address and keep the ISP copied at the same time, as desired.
>
> In order to know what is being sent thete, the ISP needs to provide its own address and (if appropriate) forward complaints received there to the customer.
>
>
>
>
>
> Best regards
>
>
>
> --
>
> INCIBE-CERT - Spanish National CSIRT
>
> https://www.incibe-cert.es/
>
>
>
> PGP keys: https://www.incibe-cert.es/en/what-is-incibe-cert/pgp-public-keys
>
>
>
> ====================================================================
>
>
>
> INCIBE-CERT is the Spanish National CSIRT designated for citizens,
>
> private law entities, other entities not included in the subjective
>
> scope of application of the "Ley 40/2015, de 1 de octubre, de Régimen
>
> Jurídico del Sector Público", as well as digital service providers,
>
> operators of essential services and critical operators under the terms
>
> of the "Real Decreto-ley 12/2018, de 7 de septiembre, de seguridad de
>
> las redes y sistemas de información" that transposes the Directive (EU)
>
> 2016/1148 of the European Parliament and of the Council of 6 July 2016
>
> concerning measures for a high common level of security of network and
>
> information systems across the Union.
>
>
>
> ====================================================================
>
>
>
> In compliance with the General Data Protection Regulation of the EU
>
> (Regulation EU 2016/679, of 27 April 2016) we inform you that your
>
> personal and corporate data (as well as those included in attached
>
> documents); and e-mail address, may be included in our records
>
> for the purpose derived from legal, contractual or pre-contractual
>
> obligations or in order to respond to your queries. You may exercise
>
> your rights of access, correction, cancellation, portability,
>
> limitationof processing and opposition under the terms established by
>
> current legislation and free of charge by sending an e-mail to
>
> dpd at incibe.es. The Data Controller is S.M.E. Instituto Nacional de
>
> Ciberseguridad de España, M.P., S.A. More information is available
>
> on our website: https://www.incibe.es/proteccion-datos-personales
>
> and https://www.incibe.es/registro-actividad.
>
>
>
> ====================================================================
>
>
>
>
>
>
>
>
>
>
>
>