<html><body><span style="font-family:Verdana; color:#000; font-size:12pt;"><div><i><span style="">"An autoresponder asking people to fill out a webform should not be </span><span style="">accepted as a valid solution"</span></i></div><div><i><span style=""><br></span></i></div><div>Autoresponders/webforms should actually be encouraged, because a stand alone email address means that all a spammer/attacker has to do to is flood that email account with bogus data and the valid reports will either get lost amongst the genuine ones, or the inbox will become full. A CAPTCHA can increase the reliability of reports.</div><div><br></div><div>A ticket/web-form solution also removes the possibility of what i spoke about before, where administrators install spam filters on their email system and don't exclude the abuse email box from the spam filter, resulting in spam complaints being rejected.</div><div><br></div><div><br></div><div><br></div>
<blockquote id="replyBlockquote" webmail="1" style="border-left: 2px solid blue; margin-left: 8px; padding-left: 8px; font-size:10pt; color:black; font-family:verdana;">
<div id="wmQuoteWrapper">
-------- Original Message --------<br>
Subject: Re: [anti-abuse-wg] [policy-announce] 2017-02 Review Phase<br>
(Regular abuse-c Validation)<br>
From: Thomas Hungenberg <<a href="mailto:th@cert-bund.de">th@cert-bund.de</a>><br>
Date: Tue, January 23, 2018 10:51 pm<br>
To: <a href="mailto:anti-abuse-wg@ripe.net">anti-abuse-wg@ripe.net</a><br>
<br>
On 22.01.2018 14:19, Gert Doering wrote:<br>
> I do see the need for a working abuse contact, and I do see the need of<br>
> sanctions in case a policy is violated, but "deregister all resources,<br>
> because your mail server was broken when we tested" is too extreme<br>
> (exaggeration for emphasis).<br>
<br>
I fully agree a resource should not be withdrawn just because the<br>
abuse-mailbox is (temporarily) invalid or the holder once misses<br>
to complete the verification process in time - if he otherwise takes<br>
care of malicious activity emerging from his resources.<br>
<br>
However, I think RIPE-563 (and related policies) should state that<br>
resource holders have to provide a valid abuse-mailbox which is<br>
monitored on a regular basis and have to take care of complaints<br>
regarding malicious activity reported to this mailbox.<br>
An autoresponder asking people to fill out a webform should not be<br>
accepted as a valid solution as this does not work for CERTs and<br>
other security teams reporting hundreds of abuse cases per day to<br>
the responsible resource owners (in an automated fashion).<br>
<br>
Also, irrespective of how the abuse-c verification process will be<br>
implemented, IMHO there is a need for a defined process on how resources<br>
can be withdrawn (as a last resort) if the holder is constantly ignoring<br>
abuse complaints or even wittingly accepts malicious activity emerging<br>
from his resources (e.g. bullet proof hosting).<br>
<br>
<br>
- Thomas<br>
<br>
CERT-Bund Incident Response & Malware Analysis Team<br>
<br>
</div>
</blockquote></span></body></html>