Norman, At 2016-09-23 06:41:04 +0900 Norman Diamond <n0diamond@yahoo.co.jp> wrote:
Again, if you would like to proceed, I and the NCC would be very happy to help.
OK, if Mr. Nisbet and the NCC think it would be worth while to proceed, I will try to help.
Do you need copies of bounces? Copies of the short e-mail discussion between me and the NCC?
I admire your willingness to help. In the words of Dr. Seuss, "“Unless someone like you cares a whole awful lot, Nothing is going to get better. It's not." Having said that, there are several very difficult issues to solve in making a policy as you describe. The first issue is that having a contact e-mail does not really help if the company does not do anything about an abuse report. Even if the policy says "each report must be seen by a human" then it will just mean that the RIPE members will have a person who's job it is to say "thank you for your e-mail, we will not act on it at this time". If you insist that a organization do something for an abuse report, then it becomes very difficult to define what must be done. A related issue is how you check any requirement to have contacts. It is easy to make an automated check that an abuse mail works. It is even easy to make a system where you insure that a human is checking the mailbox. But to check that abuse complaints are actually handled is quite difficult. Another issue is what should be done to organizations that do not implement such a policy properly. In principle it is possible to revoke number resources (IP addresses and autonomous system numbers). While this was always a difficult idea, it is even more difficult now, since people are trading IP addresses between each other for large amounts of money. I think that without any penalty for violating the policy, it will not make any difference. Good operators will continue to run their networks responsibly, and bad operators will not care. Cheers, -- Shane