On 1 Dec 2023, at 13:22, U.Mutlu <security@mutluit.com> wrote:

Laura Atkins wrote on 12/01/23 13:22:
> None of this will make a company who doesn’t want to deal with abuse
> complaints deal with abuse complaints. It’s a total waste of resources.

Then RIPE has to sanction that member.

So we’re back to: how much will it cost to do this and how much will it actually improve anything?

Which ignores a lot of big questions like: does RIPE actually have the authority to sanction folks, who is going to sanction them, what is the appeals process, how do we get to the sanctioning decision, how are we going to pay for the inevitable lawsuit, and a bunch of other things. 

It’s clear, though, that this is actually a much older argument. I’m pretty sure I’m not the first person to ask HOW this will all be implemented. The fact that someone can’t point me to a FAQ or actual proposal addressing these questions tells me how seriously this is being taken by the folks who are proposing it.

laura 


Example of ignored Abuse Reports regarding email hacking attempts:

You get countless hacking attempts to your email server
(ie. brute-force attacks trying to login as a mail client
by using either a valid email login name or some random names;
they usually fail b/c of wrong password).
It all gets logged in the emailserver logs together with
exact timings, so there is enough evidence available for verification.

You send an Abuse Report to the owner of the IP from where
these hacking attempts occur.But there is no reaction,
the hacking attemps day and night continue. So, it's not just a one-time thing.
Even if you block that IP, it still generates traffic and eats-up resources on the server.

We need an effective solution to stop such abuses.
RIPE NCC should ask the client to fix the problem and
formally inform the RIPE NCC about the fix within 7 days.

If the Abuse Reports still get ignored, then RIPE NCC
should issue a 2nd warning and thereafter then terminate
or suspend the membership until the issue gets fixed.


Laura Atkins wrote on 12/01/23 13:22:
None of this will make a company who doesn’t want to deal with abuse
complaints deal with abuse complaints. It’s a total waste of resources.

laura

On 1 Dec 2023, at 10:53, U.Mutlu <security@mutluit.com> wrote:

For each complaint to RIPE NCC then such an
(automated) email should be sent by the RIPE NCC
to the abuse-c of that member.
This should be the absolute minimum that should be done by the RIPE NCC.


Matthias Merkel wrote on 11/30/23 11:47:
The proposal is to send verification emails to abuse mailboxes and have a link
in them clicked, right? I would have no objection to that.

Is there more that is being proposed in this proposal specifically?


Maria Merkel



--

To unsubscribe from this mailing list, get a password reminder, or change
your subscription options, please visit:
https://lists.ripe.net/mailman/listinfo/anti-abuse-wg

--
The Delivery Expert

Laura Atkins
Word to the Wise
laura@wordtothewise.com

Delivery hints and commentary: http://wordtothewise.com/blog











-- 
The Delivery Expert

Laura Atkins
Word to the Wise
laura@wordtothewise.com

Delivery hints and commentary: http://wordtothewise.com/blog