<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
<style type="text/css" style="display:none;"> P {margin-top:0;margin-bottom:0;} </style>
</head>
<body dir="ltr">
<div style="font-family: Calibri, Arial, Helvetica, sans-serif; font-size: 12pt; color: rgb(0, 0, 0);">
Hello,</div>
<div style="font-family: Calibri, Arial, Helvetica, sans-serif; font-size: 12pt; color: rgb(0, 0, 0);">
<br>
</div>
<div style="font-family: Calibri, Arial, Helvetica, sans-serif; font-size: 12pt; color: rgb(0, 0, 0);">
The LIR in his logged in account will be able to create sub-users for specific ranges.</div>
<div style="font-family: Calibri, Arial, Helvetica, sans-serif; font-size: 12pt; color: rgb(0, 0, 0);">
<br>
</div>
<div style="font-family: Calibri, Arial, Helvetica, sans-serif; font-size: 12pt; color: rgb(0, 0, 0);">
The LIR will have an interest to do it because any unhandled abuse complaint (in the percentage statistics) will appear under the upper-LIR name.<br>
</div>
<div style="font-family: Calibri, Arial, Helvetica, sans-serif; font-size: 12pt; color: rgb(0, 0, 0);">
<br>
</div>
<div style="font-family: Calibri, Arial, Helvetica, sans-serif; font-size: 12pt; color: rgb(0, 0, 0);">
---</div>
<div style="font-family: Calibri, Arial, Helvetica, sans-serif; font-size: 12pt; color: rgb(0, 0, 0);">
<br>
</div>
<div style="font-family: Calibri, Arial, Helvetica, sans-serif; font-size: 12pt; color: rgb(0, 0, 0);">
Please excuse me for not replying at the time of the discussion, because Brian decided to moderate me.<br>
</div>
<div style="font-family: Calibri, Arial, Helvetica, sans-serif; font-size: 12pt; color: rgb(0, 0, 0);">
<br>
</div>
<div style="font-family: Calibri, Arial, Helvetica, sans-serif; font-size: 12pt; color: rgb(0, 0, 0);">
Respectfully,</div>
<div style="font-family: Calibri, Arial, Helvetica, sans-serif; font-size: 12pt; color: rgb(0, 0, 0);">
Elad<br>
</div>
<div id="appendonsend"></div>
<hr style="display:inline-block;width:98%" tabindex="-1">
<div id="divRplyFwdMsg" dir="ltr"><font face="Calibri, sans-serif" style="font-size:11pt" color="#000000"><b>From:</b> anti-abuse-wg <anti-abuse-wg-bounces@ripe.net> on behalf of Alistair Mackenzie via anti-abuse-wg <anti-abuse-wg@ripe.net><br>
<b>Sent:</b> Wednesday, April 29, 2020 3:46 PM<br>
<b>To:</b> anti-abuse-wg@ripe.net <anti-abuse-wg@ripe.net><br>
<b>Subject:</b> Re: [anti-abuse-wg] 2019-04 Discussion Phase (Validation of "abuse-mailbox")</font>
<div> </div>
</div>
<div class="BodyFragment"><font size="2"><span style="font-size:11pt;">
<div class="PlainText">Hi,<br>
<br>
With this solution how to you propose that sub-allocated networks manage<br>
the complaints? These networks are not typically and LIR so would have<br>
no such access to an LIR based system.<br>
<br>
The sub-allocated prefixes carry their own abuse-c which as pointed out<br>
by Gert, already gets validated by RIPE.<br>
<br>
<br>
On 29/04/2020 13:38, S�rgio Rocha wrote:<br>
> I like this approach, should be like what Elad Wrote:<br>
> <br>
> �<br>
> <br>
> To my opinion, Ripe should create its own anti-abuse system, each LIR<br>
> will have login access to it (LIR will be able to choose to receive<br>
> notifications through sms / email) and to mark each abuse complaint as<br>
> resolved or not (that system can also have an API so LIR's will be able<br>
> to pull their abuse complaints), the main issue is that complaints to<br>
> that system will not be able to be done automatically or by email - only<br>
> manually by form filling with captcha. (after the LIR will mark an abuse<br>
> complain as resolved - the complainer will receive an email address also<br>
> to confirm with him if issue is resolved or not, non-detailed statistics<br>
> will be able to be displayed to the whole community - to see the<br>
> percentage of how many manual complaints weren't handled by each LIR)�<br>
> <br>
> �<br>
> <br>
> No Spam, accountable, possible to integrate with LIR system, possible to<br>
> have public rate about �abuse dealing�<br>
> <br>
> �<br>
> <br>
> �<br>
> <br>
> �<br>
> <br>
> �<br>
> <br>
> �<br>
> <br>
> *De:* anti-abuse-wg <anti-abuse-wg-bounces@ripe.net> *Em Nome De *Elad Cohen<br>
> *Enviada:* 29 de abril de 2020 11:15<br>
> *Para:* anti-abuse-wg@ripe.net; Serge Droz <serge.droz@first.org><br>
> *Assunto:* Re: [anti-abuse-wg] 2019-04 Discussion Phase (Validation of<br>
> "abuse-mailbox")<br>
> <br>
> �<br>
> <br>
> What is this ?<br>
> <br>
> �<br>
> <br>
> "However, the community should report any situation to the RIPE NCC,<br>
> which can provide (anonymous) periodical statistics to the community,<br>
> which can take further decisions about that."<br>
> <br>
> �<br>
> <br>
> Ripe members are informers?<br>
> <br>
> �<br>
> <br>
> "divide and conquer" strategy ?<br>
> <br>
> �<br>
> <br>
> Abuse email addresses (just like any other email address) are being<br>
> spammed, not only by non-relevant spammers but also by automatic useless<br>
> services that are installed at servers that don't take themselves any<br>
> measure of proper configuration to avoid the automatic useless services.<br>
> <br>
> �<br>
> <br>
> To my opinion, Ripe should create its own anti-abuse system, each LIR<br>
> will have login access to it (LIR will be able to choose to receive<br>
> notifications through sms / email) and to mark each abuse complaint as<br>
> resolved or not (that system can also have an API so LIR's will be able<br>
> to pull their abuse complaints), the main issue is that complaints to<br>
> that system will not be able to be done automatically or by email - only<br>
> manually by form filling with captcha. (after the LIR will mark an abuse<br>
> complain as resolved - the complainer will receive an email address also<br>
> to confirm with him if issue is resolved or not, non-detailed statistics<br>
> will be able to be displayed to the whole community - to see the<br>
> percentage of how many manual complaints weren't handled by each LIR)<br>
> <br>
> �<br>
> <br>
> ---<br>
> <br>
> �<br>
> <br>
> Besides the above, I also believe that we as a community should not<br>
> accept complainers which are not taking the most basic configuration<br>
> actions to protect their systems, and would consider these complaints as<br>
> spam. In order for abuse complaints not to be abused.<br>
> <br>
> �<br>
> <br>
> Respectfully,<br>
> <br>
> Elad<br>
> <br>
> �<br>
> <br>
> �<br>
> <br>
> ------------------------------------------------------------------------<br>
> <br>
> *From:*anti-abuse-wg on behalf of Serge Droz via anti-abuse-wg<br>
> *Sent:* Wednesday, April 29, 2020 11:22 AM<br>
> *To:* anti-abuse-wg@ripe.net <<a href="mailto:anti-abuse-wg@ripe.net">mailto:anti-abuse-wg@ripe.net</a>><br>
> *Subject:* Re: [anti-abuse-wg] 2019-04 Discussion Phase (Validation of<br>
> "abuse-mailbox")<br>
> <br>
> �<br>
> <br>
> Hi All<br>
> <br>
> I think this is a good policy.<br>
> <br>
> We can always find use cases where it fails, but it will help in some<br>
> cases.<br>
> <br>
> And if some one is not able to answer an e-mail every six month, there<br>
> are probably underlying issues. Also the argument, that the bad guys<br>
> flood the mailbox is not really acceptable. It just means you can't<br>
> filter spam.<br>
> <br>
> The proposal does not check how the reports are used. But it helps us to<br>
> enumerate organizations, that don't act, coming up with various excuses,<br>
> along the lines the best problems are some one else's problems, so let's<br>
> make it some on else's problem.<br>
> <br>
> The fact is: Most mature organizations are perfectly capable of handling<br>
> such mail boxes, even if they have a high load.<br>
> <br>
> Coming from the incident response side, I'm tiered of people constantly<br>
> telling me, that issues are not their problem<br>
> <br>
> Best<br>
> Serge<br>
> <br>
> <br>
> <br>
> <br>
> <br>
> On 28.04.20 16:01, Petrit Hasani wrote:<br>
>> Dear colleagues,<br>
>><br>
>> A new version of RIPE policy proposal, 2019-04, "Validation of<br>
>> "abuse-mailbox"", is now available for discussion.<br>
>><br>
>> This proposal aims to have the RIPE NCC validate "abuse-c:" information<br>
>> more often and introduces a new validation process.<br>
>><br>
>> Most of the text has been rewritten following the last round of<br>
>> discussion and the proposal is now at version 3.0. Some key points in<br>
>> this version:<br>
>><br>
>> - The abuse-mailbox should not force the sender to use a form<br>
>> - The validation process must ensure that the abuse mailbox is able to<br>
>> receive messages<br>
>> - The validation should happen at least every six months<br>
>><br>
>> You can find the full proposal at:<br>
>> <a href="https://www.ripe.net/participate/policies/proposals/2019-04">https://www.ripe.net/participate/policies/proposals/2019-04</a><br>
>><br>
>> As per the RIPE Policy Development Process (PDP), the purpose of this<br>
>> four-week Discussion Phase is to discuss the proposal and provide<br>
>> feedback to the proposer.<br>
>><br>
>> At the end of the Discussion Phase, the proposer, with the agreement of<br>
>> the Anti-Abuse Working Group Chairs, will decide how to proceed with the<br>
>> proposal.<br>
>><br>
>> We encourage you to review this proposal and send your comments to<br>
>> <anti-abuse-wg@ripe.net <<a href="mailto:anti-abuse-wg@ripe.net">mailto:anti-abuse-wg@ripe.net</a>>> before 27 May<br>
> 2020.<br>
>><br>
>> Kind regards,<br>
>> --<br>
>> Petrit Hasani<br>
>> Policy Officer<br>
>> RIPE NCC<br>
>><br>
>><br>
>><br>
>><br>
>><br>
> <br>
> -- <br>
> Dr. Serge Droz<br>
> Chair of the FIRST Board of Directors<br>
> <a href="https://www.first.org">https://www.first.org</a><br>
> <br>
<br>
</div>
</span></font></div>
</body>
</html>