"IMHO the policy should only check if emails to the abuse contact are delivered, which can bei done with some HELO, MAIL FROM and RCPT TO magic on port 25."

Except that firstly, you get idiots who forward abuse complaints to distribution lists, and then shut down email accounts attached to that distribution list without updating the distribution list.

And secondly, you have anti-spam solutions (yes, there are admins who actually install anti-spam solutions on abuse inboxes!) that can potentially delete it after it's received (because it looks like a spam message..!! I wonder why a spam message would be sent to an abuse inbox?)






-------- Original Message --------
Subject: Re: [anti-abuse-wg] [policy-announce] 2017-02 Review Phase
(Regular abuse-c Validation)
From: Wolfgang Tremmel <wolfgang.tremmel@de-cix.net>
Date: Fri, January 19, 2018 9:21 pm
To: "anti-abuse-wg@ripe.net" <anti-abuse-wg@ripe.net>

Do you want to solve a problem or create one?

I can imagine as the "click here and solve captcha" emails will be standardized that a carefully crafted attack might lure fist line helpdesk people onto shady websides and making them click stuff.

So if I were a helpdesk manager I would order my team not to click on these....

IMHO the policy should only check if emails to the abuse contact are delivered, which can bei done with some HELO, MAIL FROM and RCPT TO magic on port 25.


best regards
Wolfgang

> On 19. Jan 2018, at 10:58, ox <andre@ox.co.za> wrote:
>
> you mean in practical "real life" work?
>
> practically, abuse admins and people that actually deal with abuse are
> able to solve a capcha and tick a box.

--
Wolfgang Tremmel

Phone +49 69 1730902 26 | Fax +49 69 4056 2716 | Mobile +49 171 8600 816 | wolfgang.tremmel@de-cix.net
Geschaeftsfuehrer Harald A. Summa | Registergericht AG Köln HRB 51135
DE-CIX Management GmbH | Lindleystrasse 12 | 60314 Frankfurt am Main | Germany | www.de-cix.net