[anti-abuse-wg] Abuse Report ignored. What to do as next?

On Thu 30/Nov/2023 12:40:46 +0100 Laura Atkins wrote:
> What happens if / when someone doesn’t?


A minimal, yet useful reaction would be to remove their abuse PoC from RDAP 
pages.  If the convention is clear that network operators without abuse-c are 
non-responders, it is easy for all the others to add the corresponding IPs to 
their drop lists.  Ripe NCC could even distribute non-responders lists.

A motion to reclaim wasted resources can be set up at a later time.


Best
Ale

>> On 30 Nov 2023, at 10:47, Matthias Merkel <matthias.merkel at staclar.com> wrote:
>>
>> The proposal is to send verification emails to abuse mailboxes and have a 
>> link in them clicked, right? I would have no objection to that.
>>
>> Is there more that is being proposed in this proposal specifically?
>>
>> —
>> Maria Merkel
>>
>> This email was sent by [company]. Any statements contained in this email are 
>> personal to the author and are not necessarily the statements of the company 
>> unless specifically stated.
>>
>> Novecore and Staclar are collective trading names of Novecore Ltd., 
>> registered in England and Wales under company number 11748197, Novecore 
>> Licensing Ltd., registered in England and Wales under company number 
>> 11544982, Staclar Carrier Ltd., registered in England and Wales under company 
>> number 12219686, Staclar Financial Services Ltd., registered in England and 
>> Wales under company number 13843292 (registered offices 54 Portland Place, 
>> London, UK, W1B 1DY); Novecore Professional Services Ltd., registered in 
>> England and Wales under company number 13965912 (registered office 13 
>> Freeland Park, Wareham Road, Poole, UK, BH16 6FA); Novecore (Estonia) OÜ, 
>> registered in Estonia under registry code 16543205 (local contact Baltic 
>> Business Services OÜ, Narva mnt 5, 10117 Tallinn, Estonia); Novecore (USA) 
>> Inc., registered in Delaware under file number 6707907, Novecore Licensing 
>> (USA) LLC, registered in Delaware under file number 4030866, and Staclar, 
>> Inc., registered in Delaware under file number 7413401 (registered agents The 
>> Corporation Trust Company, Corporation Trust Center, 1209 Orange St, 
>> Wilmington DE 19801, USA). Novecore Licensing Ltd. is registered for VAT in 
>> the United Kingdom under VAT registration number 347 4545 80. Novecore 
>> (Estonia) OÜ is registered for VAT in the European Union under VAT 
>> registration number EE102518979. Novecore Professional Services Ltd. is a 
>> trust or company service provider registered with and supervised by HM 
>> Revenue & Customs under the Money Laundering, Terrorist Financing and 
>> Transfer of Funds (Information on the Payer) Regulations 2017 (registration 
>> number XMML00000178208). Staclar Financial Services Ltd. is an Annex 1 
>> financial institution registered with and supervised by the Financial Conduct 
>> Authority under the Money Laundering, Terrorist Financing and Transfer of 
>> Funds (Information on the Payer) Regulations 2017 (firm reference number 
>> 989521). Registration is not equivalent to authorisation and is not an 
>> endorsement to do business with a firm. Staclar Financial Services Ltd. is 
>> not an authorised person within the meaning of the Financial Services and 
>> Markets Act 2000 and does not review, approve, or endorse financial 
>> promotions for securities issues it is involved in or provide any form of 
>> investment advice.
>> Sent from Front
>>> On November 30, 2023 at 11:45 AM GMT+1 ops.lists at gmail.com 
>>> <mailto:ops.lists at gmail.com> wrote:
>>>
>>> There is somewhat more being proposed than that bare minimum of due 
>>> diligence but none of this makes ripe ncc a regulator any more than a 
>>> pharmacist verifying a prescription becomes the FDA
>>>
>>> --srs
>>> -------------------------------------------------------------------------------
>>> *From:* Matthias Merkel <matthias.merkel at staclar.com 
>>> <mailto:matthias.merkel at staclar.com>>
>>> *Sent:* Thursday, November 30, 2023 4:03:07 PM
>>> *To:* Suresh Ramasubramanian <ops.lists at gmail.com 
>>> <mailto:ops.lists at gmail.com>>; Leo Vegoda <leo at vegoda.org 
>>> <mailto:leo at vegoda.org>>
>>> *Cc:* anti-abuse-wg at ripe.net <mailto:anti-abuse-wg at ripe.net> 
>>> <anti-abuse-wg at ripe.net <mailto:anti-abuse-wg at ripe.net>>
>>> *Subject:* Re: [anti-abuse-wg] Abuse Report ignored. What to do as next?
>>> I have already noted that I have no objections to a proposal solely to 
>>> verify abuse mailbox functionality, but that we should be careful adding 
>>> anything further. Perhaps I wasn't clear enough in this:
>>>
>>>     Arguably a proposal to simply require verification of the abuse mailbox
>>>     does not make the NCC a regulator (and, in fact, I think the NCC already
>>>     does this with ASNs), but I do not see how this would be an effective
>>>     measure.
>>>
>>>     Making further requirements would make the NCC a regulator, and this may
>>>     be dangerous precedent.
>>>
>>>
>>> Regarding the potential that government regulators will put rules in place 
>>> if we don't, I don't think this is a big concern here. Many governments 
>>> already do have those rules and already supervise network operators in their 
>>> countries. The issue in this specific case is that some countries simply 
>>> don't care, and do not have laws or regulations around the issue.
>>>
>>> —
>>> Maria Merkel
>>>
>>> This email was sent by [company]. Any statements contained in this email are 
>>> personal to the author and are not necessarily the statements of the company 
>>> unless specifically stated.
>>>
>>> Novecore and Staclar are collective trading names of Novecore Ltd., 
>>> registered in England and Wales under company number 11748197, Novecore 
>>> Licensing Ltd., registered in England and Wales under company number 
>>> 11544982, Staclar Carrier Ltd., registered in England and Wales under 
>>> company number 12219686, Staclar Financial Services Ltd., registered in 
>>> England and Wales under company number 13843292 (registered offices 54 
>>> Portland Place, London, UK, W1B 1DY); Novecore Professional Services Ltd., 
>>> registered in England and Wales under company number 13965912 (registered 
>>> office 13 Freeland Park, Wareham Road, Poole, UK, BH16 6FA); Novecore 
>>> (Estonia) OÜ, registered in Estonia under registry code 16543205 (local 
>>> contact Baltic Business Services OÜ, Narva mnt 5, 10117 Tallinn, Estonia); 
>>> Novecore (USA) Inc., registered in Delaware under file number 6707907, 
>>> Novecore Licensing (USA) LLC, registered in Delaware under file number 
>>> 4030866, and Staclar, Inc., registered in Delaware under file number 7413401 
>>> (registered agents The Corporation Trust Company, Corporation Trust Center, 
>>> 1209 Orange St, Wilmington DE 19801, USA). Novecore Licensing Ltd. is 
>>> registered for VAT in the United Kingdom under VAT registration number 347 
>>> 4545 80. Novecore (Estonia) OÜ is registered for VAT in the European Union 
>>> under VAT registration number EE102518979. Novecore Professional Services 
>>> Ltd. is a trust or company service provider registered with and supervised 
>>> by HM Revenue & Customs under the Money Laundering, Terrorist Financing and 
>>> Transfer of Funds (Information on the Payer) Regulations 2017 (registration 
>>> number XMML00000178208). Staclar Financial Services Ltd. is an Annex 1 
>>> financial institution registered with and supervised by the Financial 
>>> Conduct Authority under the Money Laundering, Terrorist Financing and 
>>> Transfer of Funds (Information on the Payer) Regulations 2017 (firm 
>>> reference number 989521). Registration is not equivalent to authorisation 
>>> and is not an endorsement to do business with a firm. Staclar Financial 
>>> Services Ltd. is not an authorised person within the meaning of the 
>>> Financial Services and Markets Act 2000 and does not review, approve, or 
>>> endorse financial promotions for securities issues it is involved in or 
>>> provide any form of investment advice.
>>> Sent from Front
>>>> On November 30, 2023 at 11:25 AM GMT+1 ops.lists at gmail.com 
>>>> <mailto:ops.lists at gmail.com> wrote:
>>>>
>>>> This is simply an ongoing verification that the justification and other 
>>>> paperwork which were used to allocate the numbers are reasonable and correct
>>>>
>>>> Consensus tends to work in strange ways - and room packing isn’t unknown if 
>>>> you see the example I cited
>>>>
>>>> --srs
>>>> -------------------------------------------------------------------------------
>>>> *From:* anti-abuse-wg <anti-abuse-wg-bounces at ripe.net 
>>>> <mailto:anti-abuse-wg-bounces at ripe.net>> on behalf of Matthias Merkel 
>>>> <matthias.merkel at staclar.com <mailto:matthias.merkel at staclar.com>>
>>>> *Sent:* Thursday, November 30, 2023 3:24:02 PM
>>>> *To:* Leo Vegoda <leo at vegoda.org <mailto:leo at vegoda.org>>; Suresh 
>>>> Ramasubramanian <ops.lists at gmail.com <mailto:ops.lists at gmail.com>>
>>>> *Cc:* anti-abuse-wg at ripe.net <mailto:anti-abuse-wg at ripe.net> 
>>>> <anti-abuse-wg at ripe.net <mailto:anti-abuse-wg at ripe.net>>
>>>> *Subject:* Re: [anti-abuse-wg] Abuse Report ignored. What to do as next?
>>>> Of course, this is not how consensus works.
>>>>
>>>> I also think you're misunderstanding my argument. I'm all for fighting 
>>>> abuse. A lot of my work is in abuse and fraud prevention and in the 
>>>> prevention of financial crime. I'm not arguing against preventing abuse, 
>>>> only against adding even more regulators where they aren't needed.
>>>>
>>>> The Gmail example still does not address my concern. They say what you can 
>>>> do with Gmail, which is the service. An IP address itself is not an 
>>>> abusable service, the systems addressed by them are. Gmail doesn't tell you 
>>>> what to do on third party services you sign up to with your gmail.com 
>>>> <http://gmail.com/> address. Google is responsible for Gmail. The RIPE NCC 
>>>> is responsible for the IP addresses. The network operator is responsible 
>>>> for the systems.
>>>>
>>>> —
>>>> Maria Merkel
>>>>
>>>> This email was sent by [company]. Any statements contained in this email 
>>>> are personal to the author and are not necessarily the statements of the 
>>>> company unless specifically stated.
>>>>
>>>> Novecore and Staclar are collective trading names of Novecore Ltd., 
>>>> registered in England and Wales under company number 11748197, Novecore 
>>>> Licensing Ltd., registered in England and Wales under company number 
>>>> 11544982, Staclar Carrier Ltd., registered in England and Wales under 
>>>> company number 12219686, Staclar Financial Services Ltd., registered in 
>>>> England and Wales under company number 13843292 (registered offices 54 
>>>> Portland Place, London, UK, W1B 1DY); Novecore Professional Services Ltd., 
>>>> registered in England and Wales under company number 13965912 (registered 
>>>> office 13 Freeland Park, Wareham Road, Poole, UK, BH16 6FA); Novecore 
>>>> (Estonia) OÜ, registered in Estonia under registry code 16543205 (local 
>>>> contact Baltic Business Services OÜ, Narva mnt 5, 10117 Tallinn, Estonia); 
>>>> Novecore (USA) Inc., registered in Delaware under file number 6707907, 
>>>> Novecore Licensing (USA) LLC, registered in Delaware under file number 
>>>> 4030866, and Staclar, Inc., registered in Delaware under file number 
>>>> 7413401 (registered agents The Corporation Trust Company, Corporation Trust 
>>>> Center, 1209 Orange St, Wilmington DE 19801, USA). Novecore Licensing Ltd. 
>>>> is registered for VAT in the United Kingdom under VAT registration number 
>>>> 347 4545 80. Novecore (Estonia) OÜ is registered for VAT in the European 
>>>> Union under VAT registration number EE102518979. Novecore Professional 
>>>> Services Ltd. is a trust or company service provider registered with and 
>>>> supervised by HM Revenue & Customs under the Money Laundering, Terrorist 
>>>> Financing and Transfer of Funds (Information on the Payer) Regulations 2017 
>>>> (registration number XMML00000178208). Staclar Financial Services Ltd. is 
>>>> an Annex 1 financial institution registered with and supervised by the 
>>>> Financial Conduct Authority under the Money Laundering, Terrorist Financing 
>>>> and Transfer of Funds (Information on the Payer) Regulations 2017 (firm 
>>>> reference number 989521). Registration is not equivalent to authorisation 
>>>> and is not an endorsement to do business with a firm. Staclar Financial 
>>>> Services Ltd. is not an authorised person within the meaning of the 
>>>> Financial Services and Markets Act 2000 and does not review, approve, or 
>>>> endorse financial promotions for securities issues it is involved in or 
>>>> provide any form of investment advice.
>>>> Sent from Front
>>>>> On November 30, 2023 at 10:48 AM GMT+1 leo at vegoda.org 
>>>>> <mailto:leo at vegoda.org> wrote:
>>>>>
>>>>> On Thu, 30 Nov 2023 at 10:44, Suresh Ramasubramanian
>>>>> <ops.lists at gmail.com <mailto:ops.lists at gmail.com>> wrote:
>>>>>>
>>>>>> >
>>>>>> > The funny part is that the abuse teams of the very same companies will 
>>>>>> be out there in other conferences working earnestly and well on best 
>>>>>> practices. If they were to turn up at a ripe meeting and provide 
>>>>>> consensus ..
>>>>>> >
>>>>>> > And before you accuse me of packing the room to generate artificial 
>>>>>> consensus
>>>>>>
>>>>>> Consensus isn't a numbers thing. I think you've misunderstood the process.
>>>>>>
>>>>>> Regards,
>>>>>>
>>>>>> Leo
>>>>>>
>>>>>> -- 
>>>>>>
>>>>>> To unsubscribe from this mailing list, get a password reminder, or change 
>>>>>> your subscription options, please visit: 
>>>>>> https://mailman.ripe.net/ 
>>>>>> <https://mailman.ripe.net/>
>> -- 
>>
>> To unsubscribe from this mailing list, get a password reminder, or change 
>> your subscription options, please visit: 
>> https://mailman.ripe.net/
> 
> -- 
> The Delivery Expert
> 
> Laura Atkins
> Word to the Wise
> laura at wordtothewise.com
> 
> Delivery hints and commentary: http://wordtothewise.com/blog
> 
> 
> 
> 
> 
> 
>