<html><head></head><body><div style="color:#000; background-color:#fff; font-family:Helvetica Neue, Helvetica, Arial, Lucida Grande, sans-serif;font-size:16px"><div id="yui_3_16_0_1_1490784988527_149778"><span>Hi Daniel</span></div><div id="yui_3_16_0_1_1490784988527_149800"><span><br></span></div><div id="yui_3_16_0_1_1490784988527_149805"><span id="yui_3_16_0_1_1490784988527_149887">Thanks for that suggestion. It has given me some ideas and I already have half a proposal in mind based on this....which I will submit when I fill in the other half...<br></span></div><div id="yui_3_16_0_1_1490784988527_149888"><span><br></span></div><div id="yui_3_16_0_1_1490784988527_149889"><span>cheers</span></div><div id="yui_3_16_0_1_1490784988527_149890"><span>denis</span></div><div id="yui_3_16_0_1_1490784988527_149891" dir="ltr"><span>co-chair DB-WG</span></div><div id="yui_3_16_0_1_1490784988527_149806" class="qtdSeparateBR"><br><br></div><div style="display: block;" id="yui_3_16_0_1_1490784988527_149812" class="yahoo_quoted"> <div id="yui_3_16_0_1_1490784988527_149811" style="font-family: Helvetica Neue, Helvetica, Arial, Lucida Grande, sans-serif; font-size: 16px;"> <div id="yui_3_16_0_1_1490784988527_149810" style="font-family: HelveticaNeue, Helvetica Neue, Helvetica, Arial, Lucida Grande, Sans-Serif; font-size: 16px;"> <div id="yui_3_16_0_1_1490784988527_149809" dir="ltr"> <font id="yui_3_16_0_1_1490784988527_149893" face="Arial" size="2"> <hr id="yui_3_16_0_1_1490784988527_149892" size="1"> <b><span style="font-weight:bold;">From:</span></b> Daniel Stolpe <stolpe@resilans.se><br> <b><span style="font-weight: bold;">To:</span></b> denis walker <ripedenis@yahoo.co.uk> <br><b><span style="font-weight: bold;">Cc:</span></b> "anti-abuse-wg@ripe.net" <anti-abuse-wg@ripe.net><br> <b id="yui_3_16_0_1_1490784988527_149935"><span id="yui_3_16_0_1_1490784988527_149934" style="font-weight: bold;">Sent:</span></b> Thursday, 30 March 2017, 16:10<br> <b><span style="font-weight: bold;">Subject:</span></b> Re: [anti-abuse-wg] "abuse-c:" - a question....with no answers?<br> </font> </div> <div class="y_msg_container"><br><div dir="ltr"><br clear="none"><br clear="none">Hi Denis,<br clear="none"><br clear="none">Maybe som kind of "abuse-org" would do the trick. I.e. the default <br clear="none">abuse contact goes via the normal "org" attribute, but if there exists an <br clear="none">"abuse-org" you can put different contact details there.<br clear="none"><br clear="none">Just a plain email address might become a little bit too anonymous.<br clear="none"><br clear="none">Cheers,<br clear="none">Daniel<br clear="none"><div class="yqt8766077638" id="yqtfd64712"><br clear="none">On Wed, 29 Mar 2017, denis walker wrote:<br clear="none"><br clear="none">> Colleagues<br clear="none">> <br clear="none">> A couple of weeks ago I asked the question below. No one has yet responded. We need to resolve the issues around "abuse-c:", which means we must make some software<br clear="none">> changes. In order to make the right changes we need your feedback. If "abuse-c:" is nothing more than an email address tagged on to a resource then the changes can be<br clear="none">> very simple. The working group chairs can't make these decisions. We need your input and direction...<br clear="none">> <br clear="none">> I understand that this issue has been talked about so many times over several years...with no solution. This time we are determined to take some action. Whilst<br clear="none">> nothing is ever final, lets make this the last discussion on "abuse-c:" for a while.<br clear="none">> <br clear="none">> cheers<br clear="none">> denis<br clear="none">> co-chair DB-WG<br clear="none">> <br clear="none">> <br clear="none">> ______________________________________________________________________________________________________________________________________________________________________<br clear="none">> From: "<a shape="rect" ymailto="mailto:ripedenis@yahoo.co.uk" href="mailto:ripedenis@yahoo.co.uk">ripedenis@yahoo.co.uk</a>" <<a shape="rect" ymailto="mailto:ripedenis@yahoo.co.uk" href="mailto:ripedenis@yahoo.co.uk">ripedenis@yahoo.co.uk</a>><br clear="none">> To: "<a shape="rect" ymailto="mailto:anti-abuse-wg@ripe.net" href="mailto:anti-abuse-wg@ripe.net">anti-abuse-wg@ripe.net</a>" <<a shape="rect" ymailto="mailto:anti-abuse-wg@ripe.net" href="mailto:anti-abuse-wg@ripe.net">anti-abuse-wg@ripe.net</a>><br clear="none">> Sent: Thursday, 16 March 2017, 18:14<br clear="none">> Subject: "abuse-c:" - a question....<br clear="none">> <br clear="none">> Colleagues<br clear="none">> <br clear="none">> I would like to ask the community a question that looks at a wider picture than the "abuse-c:" attribute itself. Depending on how people react to this question, it<br clear="none">> may impact the chosen path to solving the issue with documenting abuse contact details in the RIPE Database.<br clear="none">> <br clear="none">> The current implementation for "abuse-c:" documents the default contact details for who handles abuse issues within an organisation that holds resources. If the email<br clear="none">> address is invalid or there is no response to a complaint sent to that address it is clear who the organisation is and there are other contacts related to this<br clear="none">> organisation.<br clear="none">> <br clear="none">> Sometimes a resource holder delegates some responsibility for the management of (one or more of) their resource(s) to another person/organisation. This may be just<br clear="none">> the abuse handling. With the current database semantics it is not always possible to create a separate ORGANISATION object to document this responsibility. This issue<br clear="none">> has been described as 'How to reference the email address for the abuse reports for this resource?'.<br clear="none">> <br clear="none">> The simple version of my question is 'Is it enough to only know the email address and an un-validated postal address for the abuse handler?'. An email address can be<br clear="none">> '<a shape="rect" ymailto="mailto:anyone@anybody.com" href="mailto:anyone@anybody.com">anyone@anybody.com</a>'. This tells you nothing about 'anyone' or 'anybody'. It is a one directional channel to throw something down that may end in a black hole. If<br clear="none">> nothing happens, who was supposed to have this responsibility? Not everyone who uses this abuse contact information understands the RIPE Database structure, the<br clear="none">> resource hierarchy or the contractual responsibilities of the related parties. They may have searched online for who to complain to, got this email address and got no<br clear="none">> response. How do you take further action against an email address?<br clear="none">> <br clear="none">> What I am working round to is explaining why the "abuse-c:" was designed the way it is. Where responsibility for handling abuse was delegated to another party<br clear="none">> (separate organisation or another internal department) we wanted to maintain a closely coupled link between the resource listing a contact and an organisation<br clear="none">> responsible or accountable for abuse handling. As it turned out this created the need for repetitive data in some cases and not being able to record the right details<br clear="none">> in some other cases.<br clear="none">> <br clear="none">> The simplest solution that has been discussed in the past is to allow the "abuse-c:" attribute in resource objects. This does create some resource and data management<br clear="none">> issues. But these can be solved by providing resource managers with the right software tools. Now we get to the in depth version of my question. Do we need to<br clear="none">> maintain that close coupling in the database between who is responsible or accountable for handling abuse for a resource and their correct and validated (by the<br clear="none">> resource holder) contact details?<br clear="none">> <br clear="none">> If the answer to this question is a simple 'no' then we can easily add "abuse-c:" attributes anywhere pointing to an email address and provide the resource managers<br clear="none">> with tools to maintain the data....job done.<br clear="none">> <br clear="none">> If the answer is anything other than a simple 'no' and we believe abuse information consumers without an in depth knowledge of the database or industry need to easily<br clear="none">> understand 'who' claims to be behind an email address then we may need a more complex solution.<br clear="none">> <br clear="none">> I hope this makes sense and look forward to comments and questions.<br clear="none">> <br clear="none">> cheers<br clear="none">> denis<br clear="none">> co-chair DB-WG</div><br clear="none"><br clear="none">_________________________________________________________________________________<br clear="none">Daniel Stolpe Tel: 08 - 688 11 81 <a shape="rect" ymailto="mailto:stolpe@resilans.se" href="mailto:stolpe@resilans.se">stolpe@resilans.se</a><br clear="none">Resilans AB Fax: 08 - 55 00 21 63 <a shape="rect" href="http://www.resilans.se/" target="_blank">http://www.resilans.se/</a><br clear="none">Box 45 094 556741-1193<br clear="none">104 30 Stockholm<div class="yqt8766077638" id="yqtfd69259"><br clear="none"></div></div><br><br></div> </div> </div> </div></div></body></html>