-------- Original Message --------
Subject: Re: [anti-abuse-wg] Decision on Proposal 2017-02
From: Janos Zsako <
zsako@iszt.hu>
Date: Tue, March 20, 2018 11:23 pm
To: Name <
phishing@storey.xxx>,
anti-abuse-wg@ripe.net
Dear Anonymous Name,
> /"And an annual checking would ensure that the contacts remain more up-to-date."/
>
> Yes, an annual checking would do that. This isn't an annual checking. It involves checking if a mail server exists.
I am afraid I was not clear last time. I wrote:
"One can determine with a high degree of confidence whether mail sent to a
given address is accepted for delivery by the mail server specified as MX
in the DNS for the given e-mail address. To me it is a good start and
much more than not checking anything."
The acceptance of the mail is slightly more than the existence of the
mail server. In particular, in one of your previous e-mails you state:
'If a resource owner sets their abuse mailbox to "Ronald.McDonald@hotmail.com",
they will be deemed to have a valid abuse contact, because
hotmail.com has a
valid email server associated.'
In the light of my clarification above, this is not the case, as the mail
server (which by the way does exist), does not accept mail for this recipient:
5.5.0 Requested action not taken: mailbox unavailable. [
BL2NAM02FT023.eop-nam02.prod.protection.outlook.com]
Ronald.McDonald@hotmail.com ... User unknown
> Mail server exists ≠ update-to-date contact
> Mail server exists ≠ valid abuse mailbox
At the same time, I agree that the above holds even if you replace
"Mail server exists" with "Mail server accepts mail for given recipient".
Unfortunately, as it has already been pointed out, the fact that a human does
reply to a mail sent by the NCC during the annual check (assuming for a moment
they do send such mail), it does not prove at all that abuse reported to
this address will be handled or acted upon in any way.
Unfortunately I agree with Gert Doering who said:
"I maintain the position that those that do care can be reached today, and
those that do not care will find ways to fulfill the letter of the policy,
and not change their ways."
At the same time, I do see some benefit in checking regularly the provided
e-mail address, because I am convinced that there will always be cases where
people simply forget to update the database. If they are reminded, they will
be happy to correct it.
On the other hand, most probably there will also be people who - for some reason -
will not want to handle abuse e-mails. They will certainly find a way to ignore
such mail whatever policies we put in place.
Best regards,
Janos