<div dir="ltr">In relation to the policy, where it says: "must not force the sender to use a form."<br><div><br></div><div>as someone that reports phishing websites, I find the use of forms helpful, as it ensures the company receives the report, particularly where they implement a CAPTCHA. </div><div><br></div><div>To require the resource to only accept abuse reports via email, means all the criminals have to do is flood the mailbox, making it physically impossible to receive the abuse reports.</div><div><br></div><div>If the policy could be amended to include a suggestion that the abuse mailbox contain a verification procedure (such as "your email has been received. Please "click here" to confirm you sent it") it would improve efficiency all around.</div><div><br></div><div><br></div><div>In relation to Nick Hilliard's email, where they say:</div><div><br></div><div>" it is beyond inappropriate for this working group to expect the RIPE NCC to withdraw numbering resources if member organisations don't comply with an arbitrary policy which forces the use of SMTP email like this."<br></div><div><br></div><div>This is, in a nutshell, what is wrong with this RIR, and others, such as ARIN. Often I will look up abuse contacts on ARIN, to find that the abuse mailbox bounces, and a message such as "ARIN has attempted to verify this email address since 10-11-2010" - almost 10 YEARS!</div><div><br></div><div>So, what are you seriously suggesting? Because these people that become offended at the suggestion that it's unreasonable for someone to ensure an email address is valid once per year (very onerous i'm sure), never really say what they really mean, which is really what is inappropriate: that criminals should be able to use a resource indefinitely to pump out spam, host phishing websites, co-ordinate botnets etc... and that the person that receives this crap is not even entitled to let the resource owner know?</div><div><br></div><div>----</div><div><br></div><div><br></div><div><br></div><div><br></div><div><br></div></div><br><div class="gmail_quote"><div dir="ltr" class="gmail_attr">On Wed, Apr 29, 2020 at 12:01 AM Petrit Hasani <<a href="mailto:phasani@ripe.net">phasani@ripe.net</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">Dear colleagues,<br>
<br>
A new version of RIPE policy proposal, 2019-04, "Validation of<br>
"abuse-mailbox"", is now available for discussion.<br>
<br>
This proposal aims to have the RIPE NCC validate "abuse-c:" information<br>
more often and introduces a new validation process.<br>
<br>
Most of the text has been rewritten following the last round of<br>
discussion and the proposal is now at version 3.0. Some key points in<br>
this version:<br>
<br>
- The abuse-mailbox should not force the sender to use a form<br>
- The validation process must ensure that the abuse mailbox is able to<br>
receive messages<br>
- The validation should happen at least every six months<br>
<br>
You can find the full proposal at:<br>
<a href="https://www.ripe.net/participate/policies/proposals/2019-04" rel="noreferrer" target="_blank">https://www.ripe.net/participate/policies/proposals/2019-04</a><br>
<br>
As per the RIPE Policy Development Process (PDP), the purpose of this<br>
four-week Discussion Phase is to discuss the proposal and provide<br>
feedback to the proposer.<br>
<br>
At the end of the Discussion Phase, the proposer, with the agreement of<br>
the Anti-Abuse Working Group Chairs, will decide how to proceed with the<br>
proposal.<br>
<br>
We encourage you to review this proposal and send your comments to<br>
<<a href="mailto:anti-abuse-wg@ripe.net" target="_blank">anti-abuse-wg@ripe.net</a>> before 27 May 2020.<br>
<br>
Kind regards,<br>
--<br>
Petrit Hasani<br>
Policy Officer<br>
RIPE NCC<br>
<br>
<br>
<br>
<br>
<br>
</blockquote></div>