Amazing Norman, Taking advantage of the good mood of Shane and plagiarizing Dr Seuss, I would say to you, Norman, Oh, the places you will go! Do not expect a future filled with unlimited potential as envisioned by Dr. Seuss. Unlike Dr. Seuss, me and Shane will not motivate you. I'll support you because, like you, I'm not an administrator, and Shane, despite being one of the fox caring the henhouse and work (volunteer) in the RIPE Programme Committee, he is reliable and cultivated. ;) First I would like to tell you that here is not the place to discuss abuse (I'm not joking) and much less to get policy to require abuse contacts to accept abuse reports. Where would be ?! There is no such place. And the reason is very simple: in 2014 were 162 billion spam PER DAY. Turn it into cash, jobs and taxes and you will understand why governments turn a blind eye. And most people in that group are here to ensure the continuity of the status quo. I'll give you a hint. Try to read between the lines of the answers you receive from this group. Eg .: read again the first response you received from co-chair Bryan and compare with the second after you say you're following a suggestion of an RIPE NCC IP resource analyst. And try to understand what motivates them. Norman, you wrote: “...But if the community really still favours spammers, I'm sorry I wasted your time too.” Yes, all over the world, this community not only favors as protect and hide spammers and scammers from their victims. Greed moves the wheels of the global economy. The agenda is: cheating, just try not to get caught. I'll tell you what Shane told you but with other words: You do not need any new policy or better definitions, or improving the existing Whois. As Shane said everything depends solely on the ISP and Registrars posture. The elements that are there are enough for you to build a complete complaint. More detailed information will not change the position of a provider. Even the identity of a spammer, with privacy protection service, is dispensable although there are ways to identify him. Shane was wrong when told you that the members of RIPE will say: “thank you for your e-mail, we will not act on it at this time.” The answer will be: “Sorry, this is not our function” If you insist they will rub on your face a convenient statute. And you will have the feeling that you are talking to mobsters. Shane sorry but you are wrong when you say: “...but to check that abuse complaints are actually handled is quite difficult.” In fact it's a bit laborious but very very EASY. Just report once, with evidence. If the spammer repeat, the Provider needs to be alerted, with evidence. If it happens a third time, the same spammer and same ISP, make no mistake - this Provider does not respect their AUPs and ASPs, does not respect those who denounce and should be treated as a criminal scoundrel he is. And Norman, from this third complaint all new complaints against this Provider should be copied to all Providers involved – relay, sender, host – and to the organizations that regulate these activities, to the media (I suggest WSJ, The Economist, The Guardian and local midia) and for scanners. Depending on the severity of the complaint, copy also to Anonymous. If a small percentage of victims of abuse act that way, will demonize the life of these scoundrels as they do to us - spam of denounce. They are thousands but we are billions. And Norman, you do not need anyone. “Jump, and you will find out how to unfold your wings as you fall.” (Ray Bradbury) Marilson -------------------------------------------------------------- From: anti-abuse-wg-request@ripe.net Sent: Saturday, September 24, 2016 7:00 AM To: anti-abuse-wg@ripe.net Subject: anti-abuse-wg Digest, Vol 59, Issue 23 Send anti-abuse-wg mailing list submissions to anti-abuse-wg@ripe.net To subscribe or unsubscribe via the World Wide Web, visit https://lists.ripe.net/mailman/listinfo/anti-abuse-wg or, via email, send a message with subject or body 'help' to anti-abuse-wg-request@ripe.net You can reach the person managing the list at anti-abuse-wg-owner@ripe.net When replying, please edit your Subject line so it is more specific than "Re: Contents of anti-abuse-wg digest..." Today's Topics: 1. Re: Need policy to require abuse contacts to accept abuse reports (Shane Kerr) ---------------------------------------------------------------------- Message: 1 Date: Fri, 23 Sep 2016 16:24:30 +0200 From: Shane Kerr <shane@time-travellers.org> To: Norman Diamond <n0diamond@yahoo.co.jp> Cc: "anti-abuse-wg@ripe.net" <anti-abuse-wg@ripe.net> Subject: Re: [anti-abuse-wg] Need policy to require abuse contacts to accept abuse reports Message-ID: <20160923162430.71adafcf@pallas.home.time-travellers.org> Content-Type: text/plain; charset="utf-8" Norman, At 2016-09-23 06:41:04 +0900 Norman Diamond <n0diamond@yahoo.co.jp> wrote:
Again, if you would like to proceed, I and the NCC would be very happy to help.
OK, if Mr. Nisbet and the NCC think it would be worth while to proceed, I will try to help.
Do you need copies of bounces?? Copies of the short e-mail discussion between me and the NCC?
I admire your willingness to help. In the words of Dr. Seuss, "?Unless someone like you cares a whole awful lot, Nothing is going to get better. It's not." Having said that, there are several very difficult issues to solve in making a policy as you describe. The first issue is that having a contact e-mail does not really help if the company does not do anything about an abuse report. Even if the policy says "each report must be seen by a human" then it will just mean that the RIPE members will have a person who's job it is to say "thank you for your e-mail, we will not act on it at this time". If you insist that a organization do something for an abuse report, then it becomes very difficult to define what must be done. A related issue is how you check any requirement to have contacts. It is easy to make an automated check that an abuse mail works. It is even easy to make a system where you insure that a human is checking the mailbox. But to check that abuse complaints are actually handled is quite difficult. Another issue is what should be done to organizations that do not implement such a policy properly. In principle it is possible to revoke number resources (IP addresses and autonomous system numbers). While this was always a difficult idea, it is even more difficult now, since people are trading IP addresses between each other for large amounts of money. I think that without any penalty for violating the policy, it will not make any difference. Good operators will continue to run their networks responsibly, and bad operators will not care. Cheers, -- Shane