Hello,
frank@powerweb.de wrote:
No, because the system generates email addresses [1.2.3.4@abuse.ripe.net] only related to the IP address that causes the abuse.
No, it doesn't. The mail will go to wherever some human or robot *assumes* the spam cause to be. Never seen a complaint which was mis-directed to because some bozo fell prey to faked headers?
Sure, thats what the backlink idea is for. So the member is free to categorize the report himself (where it would be detectable, if one member simply sets all his reports always to "false report, started not from our network" without any more details".
If I understood your draft section 5 correctly, you think that there are actually people who consider researching "whois" records too complicated
Sure, no normal mail user in Germany I know about knows what RIPE is or whois, they even do not know what a domain whois and e.g. the DENIC is, even if they have a own domainname. And that normal end user is not different in other coutries ...
but, at the same time, are able to do a decent analysis of email headers?
Point for you.
I've never met members of this species. And I'd be afraid if I were
Hm, maybe the system should be enhanced to that the system tracks the source doing it self, complicated but possible, like spamhaus or spamcop are doing it ... But then we have a real clearing system that has to be reliable (instead of just forwarding spam). In the end, this is the really first point against a system I described. Anybody ideas to solve that ? Otherwise the system will only good for professional and they know what whois is (even its still more complicated and non-mandatory information is still missing).
*forced* (by RIPE) to read and repsond to their spam reports.
Your policy draft is extremely week on th only policy point it contains:
Section 5 "Advantages": [...] RIPE NCC can ensure that all allocations have a working abuse address. [...]
Like, how? As someone else has already pointed out: redirecting all reports to /dev/null would make your control system happy -- no bounces.
Well, not that bad in the first step. They work, ok, there are not read, but the exist and work. These days we have thousand of abuse addresses that do not work, intentionally or not. It would be helpful to find those, that should work, but dont and warn the ISP about it on time ...
It all gets back to human checks: Internet user U complaints (at the RIPE) about LIR L, saying something like "unrepsonsive LIR, restract its allocation containing 62.67.229.200". Your proposal would have to
Funny IP :o)
state the further course of action (i.e., "the policy"). In particular, please be clear on legal issues. When U complains about "the contact for 62.67.229.200", the RIPE NCC should do what? Snail-mail two warnings, then "pull the plug" for 62.67.228.0/20 (or would it be the 62.67.0.0/16, because of "remarks: all abuse reports to abuse@level3.com")? The very next day, the three distinct end users of, say, 62.67.1.1, 62.67.231.254, and 62.67.255.254, respectively, get a bit upset that their businesses have RPSLy fallen off the Internet. Ooops. A merry round of "A sues B" follows. Anybody in this game who you think should be idemnified at this point? The RIPE NCC for example? How?
Hm, your a bit too quick here ... but I get the point.
Shifting the focus away from "forced policies" towards "useful tools":
Any well-intentioned LIR/ISP will happily use whatever tools it can get its hands to be aware of any abuse of its network. It appears to me that simply monitoring your network ranges on various DNSBLs is achieving pretty much the same benefits (for the ISP/LIR) as your
But there are that many ...
proposol does, without inflicting any work on the RIPE NCC to forward spam complaints and to collect statistics. You're kinda reinventing wheels many folks already use.
Yes, but I started a discussion of really important points I think (where this list was kind of sleeping for a while). My main question from today is still not answered (by nobody so far): If the community willing to accept, that RIPE members cause harm to other members without any consequences simply because they are lazy, uneducated, ignorant or without resources to prevent problem or maybe even because they provit or intended the problem ? Does "free internet" means that we have to live with that ?
You do seem to have a valid point about educating new LIRs/ISPs.
Well then ... Kind regards, Frank -- PHADE Software - PowerWeb http://www.powerweb.de Inh. Dipl.-Inform. Frank Gadegast mailto:frank@powerweb.de Schinkelstrasse 17 fon: +49 33200 52920 14558 Nuthetal OT Rehbruecke, Germany fax: +49 33200 52921 ====================================================================== Public PGP Key available for frank@powerweb.de
Martin