Maybe there is a WHOIS or ASN error: Trying the following gives a different company for the said IP: $ whois 80.94.94.254 % Abuse contact for '80.94.92.0 - 80.94.95.255' is 'abuse@bunea.eu' I now have filed the AR also to that new address. Ángel González Berdasco via anti-abuse-wg wrote on 10/31/23 23:46:

John Levine wrote:

...

It appears that U.Mutlu <security@mutluit.com> said:

...

So, what to do if the hoster is uncooperative, like in this case? Where else to complain, what else to do?

If their ASN info is to be believed, they're in Bulgaria. It's unlikely anyone there cares.

Just block their network 80.94.95.0/24 and forget about it.

FWIW I got a spam blast from 80.94.95.59 a few weeks ago so it's not just that IP.

R's, John

Yes, this range is a source of other types of malicious activity.

The country in RIPE for 80.94.95.0/24 says Moldova, but the company address is in United Kingdom.

Their domain itself (bthoster.net) is suspiciously registered just a few months ago (Creation Date: 2023-07-31T09:22:59.00Z), showing a "This domain has recently been registered with Namecheap." parking page with no website.

But, interestingly, the whois data was updated *after* that, so it's not your typical case of a company that closes/bankrupts and their domain expires.

% Abuse contact for '80.94.95.0 - 80.94.95.255' is 'internethosting-ltd [] yandex.ru'

inetnum: 80.94.95.0 - 80.94.95.255 netname: Bthoster country: MD org: ORG-BA1515-RIPE admin-c: BL7954-RIPE tech-c: BL7954-RIPE status: ASSIGNED PA mnt-by: Internet-Transit-MNT created: 2019-09-10T20:41:19Z last-modified: 2023-10-10T10:54:46Z source: RIPE

organisation: ORG-BA1515-RIPE org-name: BtHoster LTD country: GB org-type: OTHER address: 26, New Kent Road, London, SE1 6TJ, UNITED KINGDOM e-mail: internethosting-ltd [] yandex.ru abuse-c: ACRO50561-RIPE mnt-ref: BtHoster-LTD-MNT mnt-by: BtHoster-LTD-MNT created: 2022-11-16T10:31:23Z last-modified: 2023-10-10T19:59:24Z source: RIPE

role: Internet Transit address: 26, New Kent Road, London, SE1 6TJ, UNITED KINGDOM e-mail: sales [] bthoster.net nic-hdl: BL7954-RIPE mnt-by: Internet-Transit-MNT created: 2022-11-16T10:29:38Z last-modified: 2023-09-22T18:36:26Z source: RIPE

% Information related to '80.94.95.0/24AS204428'

route: 80.94.95.0/24 origin: AS204428 mnt-by: UNMANAGED mnt-by: ro-btel2-1-mnt created: 2022-11-15T14:14:48Z last-modified: 2022-11-15T14:14:48Z source: RIPE

It appears that � ngel Gonzalez Berdasco via anti-abuse-wg <angel.gonzalez@incibe.es> said:

...

Just block their network 80.94.95.0/24 and forget about it.

organisation: ORG-BA1515-RIPE org-name: BtHoster LTD country: GB org-type: OTHER address: 26, New Kent Road, London, SE1 6TJ, UNITED KINGDOM

If you look at that address on Google stret view, you will see a late 2022 picture of a construction site. Unless you care enough to contact their transit providers and try and get them disconnected, I wouldn't waste more time on it. R's, John

Hi, On Wed, Nov 01, 2023 at 06:06:24PM +0000, Natale Maria Bianchi wrote:

RIPE NCC apparently noted a high number of ASNs being abandoned [https://www.ripe.net/ripe/mail/archives/address-policy-wg/2023-June/013757.h...] but does not seem to note the relation with abuse that should explain a fraction of them.

Unfortunately the RIPE members at the last general meeting still preferred to have ASNs free of charge... this would have helped at least get them back, without spending NCC people's lifetime in chasing them. But what do I know... Gert Doering -- NetMaster -- have you enabled IPv6 on something today...? SpaceNet AG Vorstand: Sebastian v. Bomhard, Michael Emmer Joseph-Dollinger-Bogen 14 Aufsichtsratsvors.: A. Grundner-Culemann D-80807 Muenchen HRB: 136055 (AG Muenchen) Tel: +49 (0)89/32356-444 USt-IdNr.: DE813185279

Hi, On Wed, Nov 01, 2023 at 01:45:03PM -0700, Leo Vegoda wrote:

The RIPE NCC periodically asks the community about the priority for cleaning up unused ASNs, e.g.

- https://www.ripe.net/participate/ripe/wg/active-wg/db/minutes/ripe-52 (item G), and - https://ripe82.ripe.net/presentations/7-RIPE82-Feeback-from-RS.pdf (slide 16)

So far, the answer has been that it is a low priority. Perhaps because there are about 4 billion left.

Low priority or not, the NCC is spending quite a bit of hostmaster time in talking to LIRs and trying to reclaim "looks unused" ASNs. Guess how I know. "Here's my 50 bucks, I claim I need this for another year" is so much less lifetime wasted on all sides. Gert Doering -- NetMaster -- have you enabled IPv6 on something today...? SpaceNet AG Vorstand: Sebastian v. Bomhard, Michael Emmer Joseph-Dollinger-Bogen 14 Aufsichtsratsvors.: A. Grundner-Culemann D-80807 Muenchen HRB: 136055 (AG Muenchen) Tel: +49 (0)89/32356-444 USt-IdNr.: DE813185279

Leo, On 01/11/2023 22.37, Leo Vegoda wrote:

On Wed, 1 Nov 2023 at 14:26, Gert Doering <gert@space.net> wrote:

...

On Wed, Nov 01, 2023 at 01:45:03PM -0700, Leo Vegoda wrote:

...

The RIPE NCC periodically asks the community about the priority for cleaning up unused ASNs, e.g.

- https://www.ripe.net/participate/ripe/wg/active-wg/db/minutes/ripe-52 (item G), and - https://ripe82.ripe.net/presentations/7-RIPE82-Feeback-from-RS.pdf (slide 16)

So far, the answer has been that it is a low priority. Perhaps because there are about 4 billion left.

Low priority or not, the NCC is spending quite a bit of hostmaster time in talking to LIRs and trying to reclaim "looks unused" ASNs. Guess how I know.

"Here's my 50 bucks, I claim I need this for another year" is so much less lifetime wasted on all sides.

Sure, but that's a membership decision and not a community decision.

My understanding of how this all works would be that if the anti-abuse community felt strongly that a fee for ASN would reduce abuse on the Internet, that it could put together a proposal saying just that. While this would ultimately have to be up to the members to approve (*), at least they would have a clear proposal with documented rational to discuss. (*) I guess? I admit to never having read the details of how charging is set, since I have never represented a RIPE NCC member. Cheers, -- Shane

Gert That’s a massive over simplification of what happened. The NCC proposed a number of charging schemes which *included* charges per ASN. The proposal was rejected by the majority of the members who voted because the changes would have cost a lot of us significantly more than what we currently pay. The charge per ASN was only one of multiple elements in the proposal – to characterise it that the members rejected charging per ASN is very misleading. Regards Michele -- Mr Michele Neylon Blacknight Solutions Hosting, Colocation & Domains https://www.blacknight.com/ https://blacknight.blog/ Intl. +353 (0) 59 9183072 Direct Dial: +353 (0)59 9183090 Personal blog: https://michele.blog/ Some thoughts: https://ceo.hosting/ ------------------------------- Blacknight Internet Solutions Ltd, Unit 12A,Barrowside Business Park,Sleaty Road,Graiguecullen,Carlow,R93 X265,Ireland Company No.: 370845 I have sent this email at a time that is convenient for me. I do not expect you to respond to it outside of your usual working hours. From: anti-abuse-wg <anti-abuse-wg-bounces@ripe.net> on behalf of Gert Doering <gert@space.net> Date: Thursday, 2 November 2023 at 09:30 To: Shane Kerr <shane@time-travellers.org> Cc: anti-abuse-wg@ripe.net <anti-abuse-wg@ripe.net> Subject: Re: [anti-abuse-wg] Abuse Report ignored. What to do as next? [EXTERNAL EMAIL] Please use caution when opening attachments from unrecognised sources. Hi, On Thu, Nov 02, 2023 at 09:21:01AM +0100, Shane Kerr wrote:

(*) I guess? I admit to never having read the details of how charging is set, since I have never represented a RIPE NCC member.

members vote at the RIPE AGM, to select one out of a number of possible charging schemes proposed by the board (or just "this is the new one, accept it or not?"). Since this is about money, it's real voting - and of course the members are free to ignore whatever arguments the community brings forward. Note that there *was* a fee for ASNs, which led to massive complaints by some people at an ENOG meeting, and then the NCC management promised "to do away with it" - so the next charging scheme proposed did not include the ASN fee anymore (and the members had the choice of "approve" or "keep the old one, which might not give us enough moneyz to fund all the toys, so drama"). Politics and smoke filled rooms at its best. Gert Doering -- NetMaster -- have you enabled IPv6 on something today...? SpaceNet AG Vorstand: Sebastian v. Bomhard, Michael Emmer Joseph-Dollinger-Bogen 14 Aufsichtsratsvors.: A. Grundner-Culemann D-80807 Muenchen HRB: 136055 (AG Muenchen) Tel: +49 (0)89/32356-444 USt-IdNr.: DE813185279

Gert The ASN cost for us would have had practically no impact – we only have two and I suspect we’re getting rid of one at some point. However the other costs that the charging schemes suggested would have cost us thousands – and that simply wasn’t acceptable Michele -- Mr Michele Neylon Blacknight Solutions Hosting, Colocation & Domains https://www.blacknight.com/ https://blacknight.blog/ Intl. +353 (0) 59 9183072 Direct Dial: +353 (0)59 9183090 Personal blog: https://michele.blog/ Some thoughts: https://ceo.hosting/ ------------------------------- Blacknight Internet Solutions Ltd, Unit 12A,Barrowside Business Park,Sleaty Road,Graiguecullen,Carlow,R93 X265,Ireland Company No.: 370845 I have sent this email at a time that is convenient for me. I do not expect you to respond to it outside of your usual working hours. On 02/11/2023, 10:28, "Gert Doering" <gert@space.net> wrote: Hi, On Thu, Nov 02, 2023 at 09:19:13AM +0000, Michele Neylon - Blacknight wrote:

That?s a massive over simplification of what happened.

The NCC proposed a number of charging schemes which *included* charges per ASN. The proposal was rejected by the majority of the members who voted because the changes would have cost a lot of us significantly more than what we currently pay. The charge per ASN was only one of multiple elements in the proposal ? to characterise it that the members rejected charging per ASN is very misleading.

I wasn't talking about the previous AGM but about the one where the pre-existing ASN charges got abandoned. Talking about the *last* meeting, I think most of the members are just not very good at math... introducing a charge for ASN *with a given total budget* would have *lowered* the overall bill for most members, holding only 1 or 2 ASNs (redistributing the overall budget differently). But "nah, can't have extra costs!!!!". Yes, a few would have had to pay way more, but I think that's legitimate - if your business is "doling out ASNs to end customers", you'd better have "oh, it might cost money at some point" in your contracts - and in that case, the extra costs directly go to the end customers wanting the ASN. Gert Doering -- NetMaster -- have you enabled IPv6 on something today...? SpaceNet AG Vorstand: Sebastian v. Bomhard, Michael Emmer Joseph-Dollinger-Bogen 14 Aufsichtsratsvors.: A. Grundner-Culemann D-80807 Muenchen HRB: 136055 (AG Muenchen) Tel: +49 (0)89/32356-444 USt-IdNr.: DE813185279

Gert I think a lot of us were not going to accept ANY changes to the charging scheme that time round. Anyway .. history now .. Michele -- Mr Michele Neylon Blacknight Solutions Hosting, Colocation & Domains https://www.blacknight.com/ https://blacknight.blog/ Intl. +353 (0) 59 9183072 Direct Dial: +353 (0)59 9183090 Personal blog: https://michele.blog/ Some thoughts: https://ceo.hosting/ ------------------------------- Blacknight Internet Solutions Ltd, Unit 12A,Barrowside Business Park,Sleaty Road,Graiguecullen,Carlow,R93 X265,Ireland Company No.: 370845 I have sent this email at a time that is convenient for me. I do not expect you to respond to it outside of your usual working hours. On 02/11/2023, 10:39, "Gert Doering" <gert@space.net> wrote: Hi, On Thu, Nov 02, 2023 at 09:29:52AM +0000, Michele Neylon - Blacknight wrote:

The ASN cost for us would have had practically no impact ? we only have two and I suspect we?re getting rid of one at some point.

However the other costs that the charging schemes suggested would have cost us thousands ? and that simply wasn?t acceptable

ASN charges yes/no were their own voting item, fully independent on the charging scheme A/B/C/D vote. (Resolution 4 vs. Resolution 3) https://www.ripe.net/participate/meetings/gm/meetings/may-2023/draft-minutes... But maybe the question itself was loaded and biased... "Resolution 4: "In addition to the RIPE NCC Charging Scheme adopted in Resolution 3, the General Meeting adopts an extra charge of EUR 50 per ASN as an integral part of the Charging Scheme 2024." naming this an "extra charge" *without* being very clear that it's not going to change the overall budget (= by implication, the individual charges on model A, B, C, D need to become lower) does, indeed, suggest that it will be "more expensive". *sigh* Time for retirement, Gert Doering -- NetMaster -- have you enabled IPv6 on something today...? SpaceNet AG Vorstand: Sebastian v. Bomhard, Michael Emmer Joseph-Dollinger-Bogen 14 Aufsichtsratsvors.: A. Grundner-Culemann D-80807 Muenchen HRB: 136055 (AG Muenchen) Tel: +49 (0)89/32356-444 USt-IdNr.: DE813185279

Peter Economic incentives make a lot of sense. In the domain space we’ve seen registries offering promotions that are linked to a registrar’s “rating” and it seems to work. Regards Michele -- Mr Michele Neylon Blacknight Solutions Hosting, Colocation & Domains https://www.blacknight.com/ https://blacknight.blog/ Intl. +353 (0) 59 9183072 Direct Dial: +353 (0)59 9183090 Personal blog: https://michele.blog/ Some thoughts: https://ceo.hosting/ ------------------------------- Blacknight Internet Solutions Ltd, Unit 12A,Barrowside Business Park,Sleaty Road,Graiguecullen,Carlow,R93 X265,Ireland Company No.: 370845 I have sent this email at a time that is convenient for me. I do not expect you to respond to it outside of your usual working hours. From: anti-abuse-wg <anti-abuse-wg-bounces@ripe.net> on behalf of Peter Koch <pk@denic.de> Date: Thursday, 2 November 2023 at 13:36 To: anti-abuse-wg@ripe.net <anti-abuse-wg@ripe.net> Subject: Re: [anti-abuse-wg] Abuse Report ignored. What to do as next? [EXTERNAL EMAIL] Please use caution when opening attachments from unrecognised sources. Moin, On Wed, Nov 01, 2023 at 02:37:27PM -0700, Leo Vegoda wrote:

Sure, but that's a membership decision and not a community decision.

this perceived disconnect is a re-occuring scheme and therefore deserves a bit more thought, albeit not in this WG but likely in NCC Services and/or Address Policy as well as within the membership. If (or "iff" for the formal reader) policy is helped by economic incentives or counter-incentives, then it could be a good thing to have a way of (conditional) policy making to solve the deadlock without stepping on each others' toes. Not saying that's a solution for the case that started this threat, also recognizing the emotional aspect of fee scheme decisions. -Peter -- To unsubscribe from this mailing list, get a password reminder, or change your subscription options, please visit: https://lists.ripe.net/mailman/listinfo/anti-abuse-wg

I think this community let's the perfect be the enemy of the possible. Just because there are traffic rules doesn't mean people don't violate them. But they violate them much less. See, what I fear is, that at some stage states will start to regulate, because the industry fails to do so. And usually that is not fun. So I support Jordi in that we should demand this. Yes there will be Bullet proof hosters, but maybe a lot of the others will actually comply, exactly because they are not bullet proof hosters. We do this in many other places, it's called voluntary norms for responsible behaviour, and is seen as a great tool to improve things. Happy to explain more if there is an interest. Best Serge On 01.11.23 10:21, Gert Doering wrote:

Hi,

On Wed, Nov 01, 2023 at 10:10:45AM +0100, jordi.palet--- via anti-abuse-wg wrote:

...

We had a policy proposal to ensure that the abuse mailbox was valid and monitored, but this community didn???t liked it. In other regions it works and it proven to be a very valid tool.

You failed to demonstrate why "the mailbox is monitored in a way that satisfies the proposed policy" would imply "the ISP in question suddenly gets interested in acting against abuse". Especially those that promote themselves as "bulletproof hosting".

This is what the community did not like - added bureaucracy with no provable gain.

Gert Doering -- NetMaster

-- Dr. Serge Droz Member, FIRST Board of Directors https://www.first.org

It's not like these norms do not exist today - abuse contacts have to be provided already today. Responsible ISPs read these mailboxes and act upon them.

Forcing everybody through a "you must click here to validate your abuse contact, otherwise bad things will happen to your resources" cycle in the vague hope that this is something irresponsible ISPs will fail to do so (or that it will magically turn them into responsible ISPs) is pure wishful thinking.

thanks for saying it simply randy

We have had 2017-02, which is basically the same as yours 2019-04, except the validation will be done 2x more often. But the abuse-c validation does work. What's the problem then? -- Sergey

On Nov 1, 2023, at 05:10, jordi.palet--- via anti-abuse-wg <anti-abuse-wg@ripe.net> wrote:

We had a policy proposal to ensure that the abuse mailbox was valid and monitored, but this community didn’t liked it. In other regions it works and it proven to be a very valid tool.

Should we restart that discussion? I’m happy to resubmit the proposal then.

Regards, Jordi

@jordipalet

...

El 31 oct 2023, a las 21:55, U.Mutlu <security@mutluit.com> escribió:

Hello,

the IP 80.94.95.181 is endlessly (ie. brute-force) trying to hack our emailserver by attempting to login as a user. The login attempts of course fail, and we have blocked that IP in the firewall.

But this IP still continues sending packets to our server, eventhough his packets get dropped/rejected by our firewall. This now of course constitutes a DoS attack.

10 days ago we filed an Abuse Report to the abuse address given in the WHOIS database for this IP: % Abuse contact for '80.94.95.0 - 80.94.95.255' is 'internethosting-ltd@yandex.ru'

But this hoster seems to ignore all Abuse Reports, b/c researching this IP on the web shows that it's a well known abuser IP and many people have reported and complained about this IP. For example see this: https://www.abuseipdb.com/check/80.94.95.181

So, what to do if the hoster is uncooperative, like in this case? Where else to complain, what else to do?

Thx

U.Mutlu admin & hostmaster

--

To unsubscribe from this mailing list, get a password reminder, or change your subscription options, please visit: https://lists.ripe.net/mailman/listinfo/anti-abuse-wg

********************************************** IPv4 is over Are you ready for the new Internet ? http://www.theipv6company.com The IPv6 Company

This electronic message contains information which may be privileged or confidential. The information is intended to be for the exclusive use of the individual(s) named above and further non-explicilty authorized disclosure, copying, distribution or use of the contents of this information, even if partially, including attached files, is strictly prohibited and will be considered a criminal offense. If you are not the intended recipient be aware that any disclosure, copying, distribution or use of the contents of this information, even if partially, including attached files, is strictly prohibited, will be considered a criminal offense, so you must reply to the original sender to inform about this communication and delete it.

--

To unsubscribe from this mailing list, get a password reminder, or change your subscription options, please visit: https://lists.ripe.net/mailman/listinfo/anti-abuse-wg

Hi, On Wed, Nov 29, 2023 at 09:39:28AM +0100, jordi.palet--- via anti-abuse-wg wrote:

2017-02 doesn???t enforce people really using the abuse-c,

Neither does your proposal to require verification... all it does is require "if a mail from the NCC comes in, click on the confirmation button". People not interested in abuse handling will not magically become interested by having a regular check whether the mailbox is working - actually, to the contrary, if the abuse mailbox bounces, you know right away that they are not interested. *Should* they be? Of course! Will your proposal magically achieve that? no. Gert Doering -- NetMaster -- have you enabled IPv6 on something today...? SpaceNet AG Vorstand: Sebastian v. Bomhard, Michael Emmer Joseph-Dollinger-Bogen 14 Aufsichtsratsvors.: A. Grundner-Culemann D-80807 Muenchen HRB: 136055 (AG Muenchen) Tel: +49 (0)89/32356-444 USt-IdNr.: DE813185279

Hi Jordi, On Wed, 29 Nov 2023 at 10:12, jordi.palet--- via anti-abuse-wg <anti-abuse-wg@ripe.net> wrote: [...]

Is not magic, is ensuring that the NCC has the tools, dictated by a policy, to act against those not fulfilling their obligations.

Can you expand on this? What would you have the RIPE NCC do and when? Thanks, Leo

This would be a welcome move. A graded and transparent set of enforcement mechanisms is a good thing to have. —srs ________________________________ From: anti-abuse-wg <anti-abuse-wg-bounces@ripe.net> on behalf of jordi.palet--- via anti-abuse-wg <anti-abuse-wg@ripe.net> Sent: Wednesday, November 29, 2023 3:59:36 PM To: anti-abuse-wg@ripe.net <anti-abuse-wg@ripe.net> Subject: Re: [anti-abuse-wg] Abuse Report ignored. What to do as next? I agree that the carrot is better than the stick, but if the carrot doesn’t work, we need to use the stick. My original proposal was basically enforcing the NCC to reclaim the resources when there is a persistent violation of resolving abuse cases. This can be progressive, such as not allowing to update objects in the database, etc. No need to go with “a single failure means you lose your resources”. As said, this is working in other 2 regions, one more coming (pending of the AFRINIC board ratification). Why should not work in this region the same? Also the PoC in ARIN works in a similar way, and being non-responsive means you get some “members” rights restricted. Regards, Jordi @jordipalet

El 29 nov 2023, a las 10:51, Leo Vegoda <leo@vegoda.org> escribió:

Hi Jordi,

On Wed, 29 Nov 2023 at 10:12, jordi.palet--- via anti-abuse-wg <anti-abuse-wg@ripe.net> wrote:

[...]

...

Is not magic, is ensuring that the NCC has the tools, dictated by a policy, to act against those not fulfilling their obligations.

Can you expand on this? What would you have the RIPE NCC do and when?

Thanks,

Leo

********************************************** IPv4 is over Are you ready for the new Internet ? http://www.theipv6company.com The IPv6 Company This electronic message contains information which may be privileged or confidential. The information is intended to be for the exclusive use of the individual(s) named above and further non-explicilty authorized disclosure, copying, distribution or use of the contents of this information, even if partially, including attached files, is strictly prohibited and will be considered a criminal offense. If you are not the intended recipient be aware that any disclosure, copying, distribution or use of the contents of this information, even if partially, including attached files, is strictly prohibited, will be considered a criminal offense, so you must reply to the original sender to inform about this communication and delete it. -- To unsubscribe from this mailing list, get a password reminder, or change your subscription options, please visit: https://lists.ripe.net/mailman/listinfo/anti-abuse-wg

Yes, of course: LACNIC (note that it is a translation, the *applicable text* is always the original Spanish version, in case of discrepancies) https://www.lacnic.net/4419/2/lacnic/12-registration-and-validation-of-abuse-c-and-abuse-mailbox 12. Registration and validation of lacnic.net and revocation in general lack-of-compliance with policies comes via https://www.lacnic.net/687/2/lacnic/ 7. RESOURCE REVOCATION AND RETURN[2] lacnic.net APNIC https://www.apnic.net/wp-content/uploads/2018/08/prop-125-v001.txt prop-125-v001 Documento de texto · 10 KB AFRINIC https://www.afrinic.net/policy/proposals/2018-gen-001-d7#proposal Regards, Jordi @jordipalet

El 29 nov 2023, a las 12:32, Michele Neylon - Blacknight <michele@blacknight.com> escribió:

Jordi

Can you please provide links to the policies that were implemented elsewhere.

Regards

Michele

-- Mr Michele Neylon Blacknight Solutions Hosting, Colocation & Domains https://www.blacknight.com/ https://blacknight.blog/ Intl. +353 (0) 59 9183072 Direct Dial: +353 (0)59 9183090 Personal blog: https://michele.blog/ Some thoughts: https://ceo.hosting/ ------------------------------- Blacknight Internet Solutions Ltd, Unit 12A,Barrowside Business Park,Sleaty Road,Graiguecullen,Carlow,R93 X265,Ireland Company No.: 370845

I have sent this email at a time that is convenient for me. I do not expect you to respond to it outside of your usual working hours.

********************************************** IPv4 is over Are you ready for the new Internet ? http://www.theipv6company.com The IPv6 Company This electronic message contains information which may be privileged or confidential. The information is intended to be for the exclusive use of the individual(s) named above and further non-explicilty authorized disclosure, copying, distribution or use of the contents of this information, even if partially, including attached files, is strictly prohibited and will be considered a criminal offense. If you are not the intended recipient be aware that any disclosure, copying, distribution or use of the contents of this information, even if partially, including attached files, is strictly prohibited, will be considered a criminal offense, so you must reply to the original sender to inform about this communication and delete it.

Hi Leo, I don’t see it as a regulator, I see it as one of the functions of a RIR. Not just provide numbers, but also ensure that they are being used fairly and according community agreed policies. Otherwise we could also say that other reasons for recovery are invalid because we become a regulator, right? Each RIR has measured the “level of adoption” as they progressed with the initial verification (and this was presented at least a couple of times in every RIR), so there are slides in each of them, showing the progress. I can try to find them for you in the previous year's events if you can’t find them. Also my personal experience reporting over 1.500 abuse cases, average per day, shows that I get more “happy-ending” responses from those regions than before and keeps going better and better, which is not the case from RIPE unfortunately. Regards, Jordi @jordipalet

El 29 nov 2023, a las 16:09, Leo Vegoda <leo@vegoda.org> escribió:

Hi Jordi,

On Nov 29, 2023, at 11:29, jordi.palet--- via anti-abuse-wg <anti-abuse-wg@ripe.net> wrote:

...

I agree that the carrot is better than the stick, but if the carrot doesn’t work, we need to use the stick.

My original proposal was basically enforcing the NCC to reclaim the resources when there is a persistent violation of resolving abuse cases. This can be progressive, such as not allowing to update objects in the database, etc. No need to go with “a single failure means you lose your resources”.

How could we do this without the RIPE NCC becoming some kind of regulator? Or is the proposal to make the RIPE NCC a private sector regulator?

...

As said, this is working in other 2 regions, one more coming (pending of the AFRINIC board ratification). Why should not work in this region the same? Also the PoC in ARIN works in a similar way, and being non-responsive means you get some “members” rights restricted.

Who has been measuring the reduction is abuse? How tightly is that drop in abuse linked to this policy action rather than other factors?

Kind regards,

Leo

********************************************** IPv4 is over Are you ready for the new Internet ? http://www.theipv6company.com The IPv6 Company This electronic message contains information which may be privileged or confidential. The information is intended to be for the exclusive use of the individual(s) named above and further non-explicilty authorized disclosure, copying, distribution or use of the contents of this information, even if partially, including attached files, is strictly prohibited and will be considered a criminal offense. If you are not the intended recipient be aware that any disclosure, copying, distribution or use of the contents of this information, even if partially, including attached files, is strictly prohibited, will be considered a criminal offense, so you must reply to the original sender to inform about this communication and delete it.

We do that already. We setup rules and enforce them in all the 5 RIRs. Regards, Jordi @jordipalet

El 30 nov 2023, a las 9:39, Matthias Merkel <matthias.merkel@staclar.com> escribió:

Hi Leo,

The definition of a regulator is an entity that sets and enforces rules on the persons it supervises.

If the RIPE NCC goes further than just providing numbers, and instead enforces rules on usage associated with them (note that this doesn't even concern the use of the numbers themselves, but rather services addressed by them), it will, by definition, be a regulator.

I'm not sure that there will be consensus on wanting the NCC to become a regulator.

— Maria Merkel

This email was sent by Staclar, Inc. Any statements contained in this email are personal to the author and are not necessarily the statements of the company unless specifically stated.

Novecore and Staclar are collective trading names of Novecore Ltd., registered in England and Wales under company number 11748197, Novecore Licensing Ltd., registered in England and Wales under company number 11544982, Staclar Carrier Ltd., registered in England and Wales under company number 12219686, Staclar Financial Services Ltd., registered in England and Wales under company number 13843292 (registered offices 54 Portland Place, London, UK, W1B 1DY); Novecore Professional Services Ltd., registered in England and Wales under company number 13965912 (registered office 13 Freeland Park, Wareham Road, Poole, UK, BH16 6FA); Novecore (Estonia) OÜ, registered in Estonia under registry code 16543205 (local contact Baltic Business Services OÜ, Narva mnt 5, 10117 Tallinn, Estonia); Novecore (USA) Inc., registered in Delaware under file number 6707907, Novecore Licensing (USA) LLC, registered in Delaware under file number 4030866, and Staclar, Inc., registered in Delaware under file number 7413401 (registered agents The Corporation Trust Company, Corporation Trust Center, 1209 Orange St, Wilmington DE 19801, USA). Novecore Licensing Ltd. is registered for VAT in the United Kingdom under VAT registration number 347 4545 80. Novecore (Estonia) OÜ is registered for VAT in the European Union under VAT registration number EE102518979. Novecore Professional Services Ltd. is a trust or company service provider registered with and supervised by HM Revenue & Customs under the Money Laundering, Terrorist Financing and Transfer of Funds (Information on the Payer) Regulations 2017 (registration number XMML00000178208). Staclar Financial Services Ltd. is an Annex 1 financial institution registered with and supervised by the Financial Conduct Authority under the Money Laundering, Terrorist Financing and Transfer of Funds (Information on the Payer) Regulations 2017 (firm reference number 989521). Registration is not equivalent to authorisation and is not an endorsement to do business with a firm. Staclar Financial Services Ltd. is not an authorised person within the meaning of the Financial Services and Markets Act 2000 and does not review, approve, or endorse financial promotions for securities issues it is involved in or provide any form of investment advice.

...

On November 30, 2023 at 9:36 AM GMT+1 anti-abuse-wg@ripe.net <mailto:anti-abuse-wg@ripe.net> wrote:

Hi Leo,

I don’t see it as a regulator, I see it as one of the functions of a RIR. Not just provide numbers, but also ensure that they are being used fairly and according community agreed policies. Otherwise we could also say that other reasons for recovery are invalid because we become a regulator, right?

Each RIR has measured the “level of adoption” as they progressed with the initial verification (and this was presented at least a couple of times in every RIR), so there are slides in each of them, showing the progress. I can try to find them for you in the previous year's events if you can’t find them. Also my personal experience reporting over 1.500 abuse cases, average per day, shows that I get more “happy-ending” responses from those regions than before and keeps going better and better, which is not the case from RIPE unfortunately.

Regards, Jordi

@jordipalet

...

...

El 29 nov 2023, a las 16:09, Leo Vegoda <leo@vegoda.org <mailto:leo@vegoda.org>> escribió:

Hi Jordi,

On Nov 29, 2023, at 11:29, jordi.palet--- via anti-abuse-wg <anti-abuse-wg@ripe.net <mailto:anti-abuse-wg@ripe.net>> wrote:

...

I agree that the carrot is better than the stick, but if the carrot doesn’t work, we need to use the stick.

My original proposal was basically enforcing the NCC to reclaim the resources when there is a persistent violation of resolving abuse cases. This can be progressive, such as not allowing to update objects in the database, etc. No need to go with “a single failure means you lose your resources”.

How could we do this without the RIPE NCC becoming some kind of regulator? Or is the proposal to make the RIPE NCC a private sector regulator?

...

As said, this is working in other 2 regions, one more coming (pending of the AFRINIC board ratification). Why should not work in this region the same? Also the PoC in ARIN works in a similar way, and being non-responsive means you get some “members” rights restricted.

Who has been measuring the reduction is abuse? How tightly is that drop in abuse linked to this policy action rather than other factors?

Kind regards,

Leo

********************************************** IPv4 is over Are you ready for the new Internet ? http://www.theipv6company.com <http://www.theipv6company.com/> The IPv6 Company

This electronic message contains information which may be privileged or confidential. The information is intended to be for the exclusive use of the individual(s) named above and further non-explicilty authorized disclosure, copying, distribution or use of the contents of this information, even if partially, including attached files, is strictly prohibited and will be considered a criminal offense. If you are not the intended recipient be aware that any disclosure, copying, distribution or use of the contents of this information, even if partially, including attached files, is strictly prohibited, will be considered a criminal offense, so you must reply to the original sender to inform about this communication and delete it.

--

To unsubscribe from this mailing list, get a password reminder, or change your subscription options, please visit: https://lists.ripe.net/mailman/listinfo/anti-abuse-wg

********************************************** IPv4 is over Are you ready for the new Internet ? http://www.theipv6company.com The IPv6 Company This electronic message contains information which may be privileged or confidential. The information is intended to be for the exclusive use of the individual(s) named above and further non-explicilty authorized disclosure, copying, distribution or use of the contents of this information, even if partially, including attached files, is strictly prohibited and will be considered a criminal offense. If you are not the intended recipient be aware that any disclosure, copying, distribution or use of the contents of this information, even if partially, including attached files, is strictly prohibited, will be considered a criminal offense, so you must reply to the original sender to inform about this communication and delete it.

I do not agree Every organization has rules it enforces. That doesn't make it a regulator. The public transport here, where I live enforces that you have a valid ticket. That doesn't make it the transport regulator. In fact RIPE NCC will probably enforce that you pay your fees. The issue here is, that we have two subgroups: One that thinks we should try go a bit further to ensure that people do what can be expected they should be doing, and another fractions that feels every little bit of additional load is too much and will not solve the problem 100%. It's like saying we give up on speed limits because it doesn't prevent speeding. And as long as this group cannot come up with a compromise nothing will change, in essence the anti-abuse wg is taken hostage by the nay sayers. These discussions have been going on for years. Nothing new has come out. We don't even try. We could, and then see if it makes a difference. If not we go back. But nope. Best Serge On 30.11.23 09:39, Matthias Merkel wrote:

Hi Leo,

The definition of a regulator is an entity that sets and enforces rules on the persons it supervises.

If the RIPE NCC goes further than just providing numbers, and instead enforces rules on usage associated with them (note that this doesn't even concern the use of the numbers themselves, but rather services addressed by them), it will, by definition, be a regulator.

I'm not sure that there will be consensus on wanting the NCC to become a regulator.

— Maria Merkel

This email was sent by Staclar, Inc. Any statements contained in this email are personal to the author and are not necessarily the statements of the company unless specifically stated.

Novecore and Staclar are collective trading names of Novecore Ltd., registered in England and Wales under company number 11748197, Novecore Licensing Ltd., registered in England and Wales under company number 11544982, Staclar Carrier Ltd., registered in England and Wales under company number 12219686, Staclar Financial Services Ltd., registered in England and Wales under company number 13843292 (registered offices 54 Portland Place, London, UK, W1B 1DY); Novecore Professional Services Ltd., registered in England and Wales under company number 13965912 (registered office 13 Freeland Park, Wareham Road, Poole, UK, BH16 6FA); Novecore (Estonia) OÜ, registered in Estonia under registry code 16543205 (local contact Baltic Business Services OÜ, Narva mnt 5, 10117 Tallinn, Estonia); Novecore (USA) Inc., registered in Delaware under file number 6707907, Novecore Licensing (USA) LLC, registered in Delaware under file number 4030866, and Staclar, Inc., registered in Delaware under file number 7413401 (registered agents The Corporation Trust Company, Corporation Trust Center, 1209 Orange St, Wilmington DE 19801, USA). Novecore Licensing Ltd. is registered for VAT in the United Kingdom under VAT registration number 347 4545 80. Novecore (Estonia) OÜ is registered for VAT in the European Union under VAT registration number EE102518979. Novecore Professional Services Ltd. is a trust or company service provider registered with and supervised by HM Revenue & Customs under the Money Laundering, Terrorist Financing and Transfer of Funds (Information on the Payer) Regulations 2017 (registration number XMML00000178208). Staclar Financial Services Ltd. is an Annex 1 financial institution registered with and supervised by the Financial Conduct Authority under the Money Laundering, Terrorist Financing and Transfer of Funds (Information on the Payer) Regulations 2017 (firm reference number 989521). Registration is not equivalent to authorisation and is not an endorsement to do business with a firm. Staclar Financial Services Ltd. is not an authorised person within the meaning of the Financial Services and Markets Act 2000 and does not review, approve, or endorse financial promotions for securities issues it is involved in or provide any form of investment advice. Sent from Front

...

On November 30, 2023 at 9:36 AM GMT+1 anti-abuse-wg@ripe.net <mailto:anti-abuse-wg@ripe.net> wrote:

Hi Leo,

I don’t see it as a regulator, I see it as one of the functions of a RIR. Not just provide numbers, but also ensure that they are being used fairly and according community agreed policies. Otherwise we could also say that other reasons for recovery are invalid because we become a regulator, right?

Each RIR has measured the “level of adoption” as they progressed with the initial verification (and this was presented at least a couple of times in every RIR), so there are slides in each of them, showing the progress. I can try to find them for you in the previous year's events if you can’t find them. Also my personal experience reporting over 1.500 abuse cases, average per day, shows that I get more “happy-ending” responses from those regions than before and keeps going better and better, which is not the case from RIPE unfortunately.

Regards, Jordi

@jordipalet

...

...

El 29 nov 2023, a las 16:09, Leo Vegoda <leo@vegoda.org <mailto:leo@vegoda.org>> escribió:

Hi Jordi,

On Nov 29, 2023, at 11:29, jordi.palet--- via anti-abuse-wg <anti-abuse-wg@ripe.net <mailto:anti-abuse-wg@ripe.net>> wrote:

...

I agree that the carrot is better than the stick, but if the

carrot doesn’t work, we need to use the stick.

...

My original proposal was basically enforcing the NCC to reclaim

the resources when there is a persistent violation of resolving abuse cases. This can be progressive, such as not allowing to update objects in the database, etc. No need to go with “a single failure means you lose your resources”.

How could we do this without the RIPE NCC becoming some kind of regulator? Or is the proposal to make the RIPE NCC a private sector regulator?

...

As said, this is working in other 2 regions, one more coming (pending of the AFRINIC board ratification). Why should not work in this region the same? Also the PoC in ARIN works in a similar way, and being non-responsive means you get some “members” rights restricted.

Who has been measuring the reduction is abuse? How tightly is that drop in abuse linked to this policy action rather than other factors?

Kind regards,

Leo

********************************************** IPv4 is over Are you ready for the new Internet ? http://www.theipv6company.com <http://www.theipv6company.com/> The IPv6 Company

This electronic message contains information which may be privileged or confidential. The information is intended to be for the exclusive use of the individual(s) named above and further non-explicilty authorized disclosure, copying, distribution or use of the contents of this information, even if partially, including attached files, is strictly prohibited and will be considered a criminal offense. If you are not the intended recipient be aware that any disclosure, copying, distribution or use of the contents of this information, even if partially, including attached files, is strictly prohibited, will be considered a criminal offense, so you must reply to the original sender to inform about this communication and delete it.

--

To unsubscribe from this mailing list, get a password reminder, or change your subscription options, please visit: https://lists.ripe.net/mailman/listinfo/anti-abuse-wg <https://lists.ripe.net/mailman/listinfo/anti-abuse-wg>

-- Dr. Serge Droz Member, FIRST Board of Directors https://www.first.org

In APNIC, LACNIC or AFRINIC, just to set an example, leasing of addresses (unless for “connected customers”) is not allowed. If you do so, and the staff realize it, or somebody reports it to the staff, then you will get a warning, or a few of them across a certain period of time, you will get probably other policy-compliance reviewed, and then if you still not correct the situation, there will be a reclamation process. So are the other RIRs regulators, and not RIPE NCC? I don’t think so, and I really don’t care if we call it regulator or not, it is a matter of ensuring that the resources are provided under certain rules and in the end, we enforce them. Regards, Jordi @jordipalet

El 30 nov 2023, a las 9:58, Matthias Merkel <matthias.merkel@staclar.com> escribió:

Hi Serge,

The difference is the scope of the rules.

All organizations, including the RIPE NCC, enforce rules as part of their own business, for example with customers, etc.

What is being proposed here is imposing rules on unrelated things. Abuse isn't inherently of the resources provided by RIPE, but rather of the services addressed by them. It's like the postal service making rules on what you can do at your house because it has an address assigned by them.

This is the difference between regulator or not. The definition I cited is from the dictionary.

— Maria Merkel

This email was sent by [company]. Any statements contained in this email are personal to the author and are not necessarily the statements of the company unless specifically stated.

Novecore and Staclar are collective trading names of Novecore Ltd., registered in England and Wales under company number 11748197, Novecore Licensing Ltd., registered in England and Wales under company number 11544982, Staclar Carrier Ltd., registered in England and Wales under company number 12219686, Staclar Financial Services Ltd., registered in England and Wales under company number 13843292 (registered offices 54 Portland Place, London, UK, W1B 1DY); Novecore Professional Services Ltd., registered in England and Wales under company number 13965912 (registered office 13 Freeland Park, Wareham Road, Poole, UK, BH16 6FA); Novecore (Estonia) OÜ, registered in Estonia under registry code 16543205 (local contact Baltic Business Services OÜ, Narva mnt 5, 10117 Tallinn, Estonia); Novecore (USA) Inc., registered in Delaware under file number 6707907, Novecore Licensing (USA) LLC, registered in Delaware under file number 4030866, and Staclar, Inc., registered in Delaware under file number 7413401 (registered agents The Corporation Trust Company, Corporation Trust Center, 1209 Orange St, Wilmington DE 19801, USA). Novecore Licensing Ltd. is registered for VAT in the United Kingdom under VAT registration number 347 4545 80. Novecore (Estonia) OÜ is registered for VAT in the European Union under VAT registration number EE102518979. Novecore Professional Services Ltd. is a trust or company service provider registered with and supervised by HM Revenue & Customs under the Money Laundering, Terrorist Financing and Transfer of Funds (Information on the Payer) Regulations 2017 (registration number XMML00000178208). Staclar Financial Services Ltd. is an Annex 1 financial institution registered with and supervised by the Financial Conduct Authority under the Money Laundering, Terrorist Financing and Transfer of Funds (Information on the Payer) Regulations 2017 (firm reference number 989521). Registration is not equivalent to authorisation and is not an endorsement to do business with a firm. Staclar Financial Services Ltd. is not an authorised person within the meaning of the Financial Services and Markets Act 2000 and does not review, approve, or endorse financial promotions for securities issues it is involved in or provide any form of investment advice.

...

On November 30, 2023 at 9:54 AM GMT+1 anti-abuse-wg@ripe.net <mailto:anti-abuse-wg@ripe.net> wrote:

I do not agree

Every organization has rules it enforces. That doesn't make it a regulator. The public transport here, where I live enforces that you have a valid ticket. That doesn't make it the transport regulator.

In fact RIPE NCC will probably enforce that you pay your fees.

The issue here is, that we have two subgroups:

One that thinks we should try go a bit further to ensure that people do what can be expected they should be doing, and another fractions that feels every little bit of additional load is too much and will not solve the problem 100%. It's like saying we give up on speed limits because it doesn't prevent speeding.

And as long as this group cannot come up with a compromise nothing will change, in essence the anti-abuse wg is taken hostage by the nay sayers. These discussions have been going on for years. Nothing new has come out.

We don't even try. We could, and then see if it makes a difference. If not we go back. But nope.

Best Serge

On 30.11.23 09:39, Matthias Merkel wrote:

...

...

Hi Leo,

The definition of a regulator is an entity that sets and enforces rules on the persons it supervises.

If the RIPE NCC goes further than just providing numbers, and instead enforces rules on usage associated with them (note that this doesn't even concern the use of the numbers themselves, but rather services addressed by them), it will, by definition, be a regulator.

I'm not sure that there will be consensus on wanting the NCC to become a regulator.

— Maria Merkel

This email was sent by Staclar, Inc. Any statements contained in this email are personal to the author and are not necessarily the statements of the company unless specifically stated.

Novecore and Staclar are collective trading names of Novecore Ltd., registered in England and Wales under company number 11748197, Novecore Licensing Ltd., registered in England and Wales under company number 11544982, Staclar Carrier Ltd., registered in England and Wales under company number 12219686, Staclar Financial Services Ltd., registered in England and Wales under company number 13843292 (registered offices 54 Portland Place, London, UK, W1B 1DY); Novecore Professional Services Ltd., registered in England and Wales under company number 13965912 (registered office 13 Freeland Park, Wareham Road, Poole, UK, BH16 6FA); Novecore (Estonia) OÜ, registered in Estonia under registry code 16543205 (local contact Baltic Business Services OÜ, Narva mnt 5, 10117 Tallinn, Estonia); Novecore (USA) Inc., registered in Delaware under file number 6707907, Novecore Licensing (USA) LLC, registered in Delaware under file number 4030866, and Staclar, Inc., registered in Delaware under file number 7413401 (registered agents The Corporation Trust Company, Corporation Trust Center, 1209 Orange St, Wilmington DE 19801, USA). Novecore Licensing Ltd. is registered for VAT in the United Kingdom under VAT registration number 347 4545 80. Novecore (Estonia) OÜ is registered for VAT in the European Union under VAT registration number EE102518979. Novecore Professional Services Ltd. is a trust or company service provider registered with and supervised by HM Revenue & Customs under the Money Laundering, Terrorist Financing and Transfer of Funds (Information on the Payer) Regulations 2017 (registration number XMML00000178208). Staclar Financial Services Ltd. is an Annex 1 financial institution registered with and supervised by the Financial Conduct Authority under the Money Laundering, Terrorist Financing and Transfer of Funds (Information on the Payer) Regulations 2017 (firm reference number 989521). Registration is not equivalent to authorisation and is not an endorsement to do business with a firm. Staclar Financial Services Ltd. is not an authorised person within the meaning of the Financial Services and Markets Act 2000 and does not review, approve, or endorse financial promotions for securities issues it is involved in or provide any form of investment advice. Sent from Front

...

On November 30, 2023 at 9:36 AM GMT+1 anti-abuse-wg@ripe.net <mailto:anti-abuse-wg@ripe.net> <mailto:anti-abuse-wg@ripe.net> wrote:

Hi Leo,

I don’t see it as a regulator, I see it as one of the functions of a RIR. Not just provide numbers, but also ensure that they are being used fairly and according community agreed policies. Otherwise we could also say that other reasons for recovery are invalid because we become a regulator, right?

Each RIR has measured the “level of adoption” as they progressed with the initial verification (and this was presented at least a couple of times in every RIR), so there are slides in each of them, showing the progress. I can try to find them for you in the previous year's events if you can’t find them. Also my personal experience reporting over 1.500 abuse cases, average per day, shows that I get more “happy-ending” responses from those regions than before and keeps going better and better, which is not the case from RIPE unfortunately.

Regards, Jordi

@jordipalet

...

> El 29 nov 2023, a las 16:09, Leo Vegoda <leo@vegoda.org <mailto:leo@vegoda.org> <mailto:leo@vegoda.org>> escribió: > > Hi Jordi, > > > On Nov 29, 2023, at 11:29, jordi.palet--- via anti-abuse-wg <anti-abuse-wg@ripe.net <mailto:anti-abuse-wg@ripe.net> <mailto:anti-abuse-wg@ripe.net>> wrote: >> >> I agree that the carrot is better than the stick, but if the carrot doesn’t work, we need to use the stick. >> >> My original proposal was basically enforcing the NCC to reclaim the resources when there is a persistent violation of resolving abuse cases. This can be progressive, such as not allowing to update objects in the database, etc. No need to go with “a single failure means you lose your resources”. > > How could we do this without the RIPE NCC becoming some kind of regulator? Or is the proposal to make the RIPE NCC a private sector regulator? > >> As said, this is working in other 2 regions, one more coming (pending of the AFRINIC board ratification). Why should not work in this region the same? Also the PoC in ARIN works in a similar way, and being non-responsive means you get some “members” rights restricted. > > Who has been measuring the reduction is abuse? How tightly is that drop in abuse linked to this policy action rather than other factors? > > Kind regards, > > Leo >

********************************************** IPv4 is over Are you ready for the new Internet ? http://www.theipv6company.com <http://www.theipv6company.com/> <http://www.theipv6company.com/> The IPv6 Company

This electronic message contains information which may be privileged or confidential. The information is intended to be for the exclusive use of the individual(s) named above and further non-explicilty authorized disclosure, copying, distribution or use of the contents of this information, even if partially, including attached files, is strictly prohibited and will be considered a criminal offense. If you are not the intended recipient be aware that any disclosure, copying, distribution or use of the contents of this information, even if partially, including attached files, is strictly prohibited, will be considered a criminal offense, so you must reply to the original sender to inform about this communication and delete it.

--

To unsubscribe from this mailing list, get a password reminder, or change your subscription options, please visit: https://lists.ripe.net/mailman/listinfo/anti-abuse-wg <https://lists.ripe.net/mailman/listinfo/anti-abuse-wg>

-- Dr. Serge Droz Member, FIRST Board of Directors https://www.first.org <https://www.first.org/>

--

To unsubscribe from this mailing list, get a password reminder, or change your subscription options, please visit: https://lists.ripe.net/mailman/listinfo/anti-abuse-wg

--

To unsubscribe from this mailing list, get a password reminder, or change your subscription options, please visit: https://lists.ripe.net/mailman/listinfo/anti-abuse-wg

********************************************** IPv4 is over Are you ready for the new Internet ? http://www.theipv6company.com The IPv6 Company This electronic message contains information which may be privileged or confidential. The information is intended to be for the exclusive use of the individual(s) named above and further non-explicilty authorized disclosure, copying, distribution or use of the contents of this information, even if partially, including attached files, is strictly prohibited and will be considered a criminal offense. If you are not the intended recipient be aware that any disclosure, copying, distribution or use of the contents of this information, even if partially, including attached files, is strictly prohibited, will be considered a criminal offense, so you must reply to the original sender to inform about this communication and delete it.

From the RIPE NCC LIR Account Agreement (the "Agreement”) https://www.ripe.net/about-us/legal/ripe-ncc-lir-account-agreement

3.6 If the Member fails to comply with the RIPE Policies and RIPE NCC procedures as outlined in Section B.1 of the RIPE NCC procedural document ‘Closure of Members, Deregistration of Internet Resources and Legacy Internet Resources’, the RIPE NCC may suspend the provision of RIPE NCC services to the Member and may deregister the Internet number resources registered to this LIR Account in accordance with the procedure outlined in Section B.2 of the RIPE NCC procedural document ‘Closure of Members, Deregistration of Internet Resources and Legacy Internet Resources’. The Member shall cooperate with the deregistration of the Internet Number Resources. The RIPE NCC may also terminate the RIPE NCC Standard Service Agreement in accordance with Article 5.4 of this Agreement. and from the RIPE NCC Standard Service Agreement https://www.ripe.net/publications/docs/ripe-812 6.1 The Member acknowledges applicability of, and adheres to, the RIPE Policies, the RIPE NCC procedural documents and the RIPE NCC LIR Account Agreement. The RIPE Policies and the RIPE NCC procedural documents are publicly available from the RIPE NCC Document Store. The RIPE NCC LIR Account Agreement is publicly available on the RIPE NCC website. These documents, which may be revised and updated from time to time, form an integral part of and apply fully to the RIPE NCC Standard Service Agreement. Each revised document will receive a new document number and can be found on https://www.ripe.net. All the RIRs have similar terms to ensure policy compliance, otherwise, if they can’t be enforced, why we have policies at all? Regards, Jordi @jordipalet

El 30 nov 2023, a las 10:07, jordi.palet--- via anti-abuse-wg <anti-abuse-wg@ripe.net> escribió:

In APNIC, LACNIC or AFRINIC, just to set an example, leasing of addresses (unless for “connected customers”) is not allowed.

If you do so, and the staff realize it, or somebody reports it to the staff, then you will get a warning, or a few of them across a certain period of time, you will get probably other policy-compliance reviewed, and then if you still not correct the situation, there will be a reclamation process.

So are the other RIRs regulators, and not RIPE NCC? I don’t think so, and I really don’t care if we call it regulator or not, it is a matter of ensuring that the resources are provided under certain rules and in the end, we enforce them.

Regards, Jordi

@jordipalet

...

El 30 nov 2023, a las 9:58, Matthias Merkel <matthias.merkel@staclar.com> escribió:

Hi Serge,

The difference is the scope of the rules.

All organizations, including the RIPE NCC, enforce rules as part of their own business, for example with customers, etc.

What is being proposed here is imposing rules on unrelated things. Abuse isn't inherently of the resources provided by RIPE, but rather of the services addressed by them. It's like the postal service making rules on what you can do at your house because it has an address assigned by them.

This is the difference between regulator or not. The definition I cited is from the dictionary.

— Maria Merkel

This email was sent by [company]. Any statements contained in this email are personal to the author and are not necessarily the statements of the company unless specifically stated.

Novecore and Staclar are collective trading names of Novecore Ltd., registered in England and Wales under company number 11748197, Novecore Licensing Ltd., registered in England and Wales under company number 11544982, Staclar Carrier Ltd., registered in England and Wales under company number 12219686, Staclar Financial Services Ltd., registered in England and Wales under company number 13843292 (registered offices 54 Portland Place, London, UK, W1B 1DY); Novecore Professional Services Ltd., registered in England and Wales under company number 13965912 (registered office 13 Freeland Park, Wareham Road, Poole, UK, BH16 6FA); Novecore (Estonia) OÜ, registered in Estonia under registry code 16543205 (local contact Baltic Business Services OÜ, Narva mnt 5, 10117 Tallinn, Estonia); Novecore (USA) Inc., registered in Delaware under file number 6707907, Novecore Licensing (USA) LLC, registered in Delaware under file number 4030866, and Staclar, Inc., registered in Delaware under file number 7413401 (registered agents The Corporation Trust Company, Corporation Trust Center, 1209 Orange St, Wilmington DE 19801, USA). Novecore Licensing Ltd. is registered for VAT in the United Kingdom under VAT registration number 347 4545 80. Novecore (Estonia) OÜ is registered for VAT in the European Union under VAT registration number EE102518979. Novecore Professional Services Ltd. is a trust or company service provider registered with and supervised by HM Revenue & Customs under the Money Laundering, Terrorist Financing and Transfer of Funds (Information on the Payer) Regulations 2017 (registration number XMML00000178208). Staclar Financial Services Ltd. is an Annex 1 financial institution registered with and supervised by the Financial Conduct Authority under the Money Laundering, Terrorist Financing and Transfer of Funds (Information on the Payer) Regulations 2017 (firm reference number 989521). Registration is not equivalent to authorisation and is not an endorsement to do business with a firm. Staclar Financial Services Ltd. is not an authorised person within the meaning of the Financial Services and Markets Act 2000 and does not review, approve, or endorse financial promotions for securities issues it is involved in or provide any form of investment advice.

...

On November 30, 2023 at 9:54 AM GMT+1 anti-abuse-wg@ripe.net <mailto:anti-abuse-wg@ripe.net> wrote:

I do not agree

Every organization has rules it enforces. That doesn't make it a regulator. The public transport here, where I live enforces that you have a valid ticket. That doesn't make it the transport regulator.

In fact RIPE NCC will probably enforce that you pay your fees.

The issue here is, that we have two subgroups:

One that thinks we should try go a bit further to ensure that people do what can be expected they should be doing, and another fractions that feels every little bit of additional load is too much and will not solve the problem 100%. It's like saying we give up on speed limits because it doesn't prevent speeding.

And as long as this group cannot come up with a compromise nothing will change, in essence the anti-abuse wg is taken hostage by the nay sayers. These discussions have been going on for years. Nothing new has come out.

We don't even try. We could, and then see if it makes a difference. If not we go back. But nope.

Best Serge

On 30.11.23 09:39, Matthias Merkel wrote:

...

...

Hi Leo,

The definition of a regulator is an entity that sets and enforces rules on the persons it supervises.

If the RIPE NCC goes further than just providing numbers, and instead enforces rules on usage associated with them (note that this doesn't even concern the use of the numbers themselves, but rather services addressed by them), it will, by definition, be a regulator.

I'm not sure that there will be consensus on wanting the NCC to become a regulator.

— Maria Merkel

This email was sent by Staclar, Inc. Any statements contained in this email are personal to the author and are not necessarily the statements of the company unless specifically stated.

Novecore and Staclar are collective trading names of Novecore Ltd., registered in England and Wales under company number 11748197, Novecore Licensing Ltd., registered in England and Wales under company number 11544982, Staclar Carrier Ltd., registered in England and Wales under company number 12219686, Staclar Financial Services Ltd., registered in England and Wales under company number 13843292 (registered offices 54 Portland Place, London, UK, W1B 1DY); Novecore Professional Services Ltd., registered in England and Wales under company number 13965912 (registered office 13 Freeland Park, Wareham Road, Poole, UK, BH16 6FA); Novecore (Estonia) OÜ, registered in Estonia under registry code 16543205 (local contact Baltic Business Services OÜ, Narva mnt 5, 10117 Tallinn, Estonia); Novecore (USA) Inc., registered in Delaware under file number 6707907, Novecore Licensing (USA) LLC, registered in Delaware under file number 4030866, and Staclar, Inc., registered in Delaware under file number 7413401 (registered agents The Corporation Trust Company, Corporation Trust Center, 1209 Orange St, Wilmington DE 19801, USA). Novecore Licensing Ltd. is registered for VAT in the United Kingdom under VAT registration number 347 4545 80. Novecore (Estonia) OÜ is registered for VAT in the European Union under VAT registration number EE102518979. Novecore Professional Services Ltd. is a trust or company service provider registered with and supervised by HM Revenue & Customs under the Money Laundering, Terrorist Financing and Transfer of Funds (Information on the Payer) Regulations 2017 (registration number XMML00000178208). Staclar Financial Services Ltd. is an Annex 1 financial institution registered with and supervised by the Financial Conduct Authority under the Money Laundering, Terrorist Financing and Transfer of Funds (Information on the Payer) Regulations 2017 (firm reference number 989521). Registration is not equivalent to authorisation and is not an endorsement to do business with a firm. Staclar Financial Services Ltd. is not an authorised person within the meaning of the Financial Services and Markets Act 2000 and does not review, approve, or endorse financial promotions for securities issues it is involved in or provide any form of investment advice. Sent from Front

...

On November 30, 2023 at 9:36 AM GMT+1 anti-abuse-wg@ripe.net <mailto:anti-abuse-wg@ripe.net> <mailto:anti-abuse-wg@ripe.net> wrote:

Hi Leo,

I don’t see it as a regulator, I see it as one of the functions of a RIR. Not just provide numbers, but also ensure that they are being used fairly and according community agreed policies. Otherwise we could also say that other reasons for recovery are invalid because we become a regulator, right?

Each RIR has measured the “level of adoption” as they progressed with the initial verification (and this was presented at least a couple of times in every RIR), so there are slides in each of them, showing the progress. I can try to find them for you in the previous year's events if you can’t find them. Also my personal experience reporting over 1.500 abuse cases, average per day, shows that I get more “happy-ending” responses from those regions than before and keeps going better and better, which is not the case from RIPE unfortunately.

Regards, Jordi

@jordipalet

> > > El 29 nov 2023, a las 16:09, Leo Vegoda <leo@vegoda.org <mailto:leo@vegoda.org> > <mailto:leo@vegoda.org>> escribió: > > > > Hi Jordi, > > > > > > On Nov 29, 2023, at 11:29, jordi.palet--- via anti-abuse-wg > <anti-abuse-wg@ripe.net <mailto:anti-abuse-wg@ripe.net> <mailto:anti-abuse-wg@ripe.net>> wrote: > >> > >> I agree that the carrot is better than the stick, but if the > carrot doesn’t work, we need to use the stick. > >> > >> My original proposal was basically enforcing the NCC to reclaim > the resources when there is a persistent violation of resolving abuse > cases. This can be progressive, such as not allowing to update > objects in the database, etc. No need to go with “a single failure > means you lose your resources”. > > > > How could we do this without the RIPE NCC becoming some kind of > regulator? Or is the proposal to make the RIPE NCC a private sector > regulator? > > > >> As said, this is working in other 2 regions, one more coming > (pending of the AFRINIC board ratification). Why should not work in > this region the same? Also the PoC in ARIN works in a similar way, > and being non-responsive means you get some “members” rights restricted. > > > > Who has been measuring the reduction is abuse? How tightly is that > drop in abuse linked to this policy action rather than other factors? > > > > Kind regards, > > > > Leo > > > > ********************************************** > IPv4 is over > Are you ready for the new Internet ? > http://www.theipv6company.com <http://www.theipv6company.com/> <http://www.theipv6company.com/> > The IPv6 Company > > This electronic message contains information which may be privileged > or confidential. The information is intended to be for the exclusive > use of the individual(s) named above and further non-explicilty > authorized disclosure, copying, distribution or use of the contents > of this information, even if partially, including attached files, is > strictly prohibited and will be considered a criminal offense. If you > are not the intended recipient be aware that any disclosure, copying, > distribution or use of the contents of this information, even if > partially, including attached files, is strictly prohibited, will be > considered a criminal offense, so you must reply to the original > sender to inform about this communication and delete it. > > -- > > To unsubscribe from this mailing list, get a password reminder, or > change your subscription options, please visit: > https://lists.ripe.net/mailman/listinfo/anti-abuse-wg > <https://lists.ripe.net/mailman/listinfo/anti-abuse-wg>

-- Dr. Serge Droz Member, FIRST Board of Directors https://www.first.org <https://www.first.org/>

--

To unsubscribe from this mailing list, get a password reminder, or change your subscription options, please visit: https://lists.ripe.net/mailman/listinfo/anti-abuse-wg

--

To unsubscribe from this mailing list, get a password reminder, or change your subscription options, please visit: https://lists.ripe.net/mailman/listinfo/anti-abuse-wg

********************************************** IPv4 is over Are you ready for the new Internet ? http://www.theipv6company.com The IPv6 Company

This electronic message contains information which may be privileged or confidential. The information is intended to be for the exclusive use of the individual(s) named above and further non-explicilty authorized disclosure, copying, distribution or use of the contents of this information, even if partially, including attached files, is strictly prohibited and will be considered a criminal offense. If you are not the intended recipient be aware that any disclosure, copying, distribution or use of the contents of this information, even if partially, including attached files, is strictly prohibited, will be considered a criminal offense, so you must reply to the original sender to inform about this communication and delete it.

--

To unsubscribe from this mailing list, get a password reminder, or change your subscription options, please visit: https://lists.ripe.net/mailman/listinfo/anti-abuse-wg

********************************************** IPv4 is over Are you ready for the new Internet ? http://www.theipv6company.com The IPv6 Company This electronic message contains information which may be privileged or confidential. The information is intended to be for the exclusive use of the individual(s) named above and further non-explicilty authorized disclosure, copying, distribution or use of the contents of this information, even if partially, including attached files, is strictly prohibited and will be considered a criminal offense. If you are not the intended recipient be aware that any disclosure, copying, distribution or use of the contents of this information, even if partially, including attached files, is strictly prohibited, will be considered a criminal offense, so you must reply to the original sender to inform about this communication and delete it.

As I said I disagree. Gmail says what you can do with their accounts, that doesn't make them a regulator. But it doesn't matter: At the end of the day it's excuses to not do anything about a growing problem. And what typically happens in such cases is that states get upset and start dictating the rules, i.e. the real regulators come out. At this point the community has pretty much lost the ability to shape the rules. I bet a good bottle of you favorite drink, that this is what will happen. Best Serge On 30.11.23 09:58, Matthias Merkel wrote:

Hi Serge,

The difference is the scope of the rules.

All organizations, including the RIPE NCC, enforce rules as part of their own business, for example with customers, etc.

What is being proposed here is imposing rules on unrelated things. Abuse isn't inherently of the resources provided by RIPE, but rather of the services addressed by them. It's like the postal service making rules on what you can do at your house because it has an address assigned by them.

This is the difference between regulator or not. The definition I cited is from the dictionary.

— Maria Merkel

This email was sent by [company]. Any statements contained in this email are personal to the author and are not necessarily the statements of the company unless specifically stated.

Novecore and Staclar are collective trading names of Novecore Ltd., registered in England and Wales under company number 11748197, Novecore Licensing Ltd., registered in England and Wales under company number 11544982, Staclar Carrier Ltd., registered in England and Wales under company number 12219686, Staclar Financial Services Ltd., registered in England and Wales under company number 13843292 (registered offices 54 Portland Place, London, UK, W1B 1DY); Novecore Professional Services Ltd., registered in England and Wales under company number 13965912 (registered office 13 Freeland Park, Wareham Road, Poole, UK, BH16 6FA); Novecore (Estonia) OÜ, registered in Estonia under registry code 16543205 (local contact Baltic Business Services OÜ, Narva mnt 5, 10117 Tallinn, Estonia); Novecore (USA) Inc., registered in Delaware under file number 6707907, Novecore Licensing (USA) LLC, registered in Delaware under file number 4030866, and Staclar, Inc., registered in Delaware under file number 7413401 (registered agents The Corporation Trust Company, Corporation Trust Center, 1209 Orange St, Wilmington DE 19801, USA). Novecore Licensing Ltd. is registered for VAT in the United Kingdom under VAT registration number 347 4545 80. Novecore (Estonia) OÜ is registered for VAT in the European Union under VAT registration number EE102518979. Novecore Professional Services Ltd. is a trust or company service provider registered with and supervised by HM Revenue & Customs under the Money Laundering, Terrorist Financing and Transfer of Funds (Information on the Payer) Regulations 2017 (registration number XMML00000178208). Staclar Financial Services Ltd. is an Annex 1 financial institution registered with and supervised by the Financial Conduct Authority under the Money Laundering, Terrorist Financing and Transfer of Funds (Information on the Payer) Regulations 2017 (firm reference number 989521). Registration is not equivalent to authorisation and is not an endorsement to do business with a firm. Staclar Financial Services Ltd. is not an authorised person within the meaning of the Financial Services and Markets Act 2000 and does not review, approve, or endorse financial promotions for securities issues it is involved in or provide any form of investment advice. Sent from Front

...

On November 30, 2023 at 9:54 AM GMT+1 anti-abuse-wg@ripe.net <mailto:anti-abuse-wg@ripe.net> wrote:

I do not agree

Every organization has rules it enforces. That doesn't make it a regulator. The public transport here, where I live enforces that you have a valid ticket. That doesn't make it the transport regulator.

In fact RIPE NCC will probably enforce that you pay your fees.

The issue here is, that we have two subgroups:

One that thinks we should try go a bit further to ensure that people do what can be expected they should be doing, and another fractions that feels every little bit of additional load is too much and will not solve the problem 100%. It's like saying we give up on speed limits because it doesn't prevent speeding.

And as long as this group cannot come up with a compromise nothing will change, in essence the anti-abuse wg is taken hostage by the nay sayers. These discussions have been going on for years. Nothing new has come out.

We don't even try. We could, and then see if it makes a difference. If not we go back. But nope.

Best Serge

On 30.11.23 09:39, Matthias Merkel wrote:

...

...

Hi Leo,

The definition of a regulator is an entity that sets and enforces rules on the persons it supervises.

If the RIPE NCC goes further than just providing numbers, and instead enforces rules on usage associated with them (note that this doesn't even concern the use of the numbers themselves, but rather services addressed by them), it will, by definition, be a regulator.

I'm not sure that there will be consensus on wanting the NCC to become a regulator.

— Maria Merkel

This email was sent by Staclar, Inc. Any statements contained in this email are personal to the author and are not necessarily the statements of the company unless specifically stated.

Novecore and Staclar are collective trading names of Novecore Ltd., registered in England and Wales under company number 11748197, Novecore Licensing Ltd., registered in England and Wales under company number 11544982, Staclar Carrier Ltd., registered in England and Wales under company number 12219686, Staclar Financial Services Ltd., registered in England and Wales under company number 13843292 (registered offices 54 Portland Place, London, UK, W1B 1DY); Novecore Professional Services Ltd., registered in England and Wales under company number 13965912 (registered office 13 Freeland Park, Wareham Road, Poole, UK, BH16 6FA); Novecore (Estonia) OÜ, registered in Estonia under registry code 16543205 (local contact Baltic Business Services OÜ, Narva mnt 5, 10117 Tallinn, Estonia); Novecore (USA) Inc., registered in Delaware under file number 6707907, Novecore Licensing (USA) LLC, registered in Delaware under file number 4030866, and Staclar, Inc., registered in Delaware under file number 7413401 (registered agents The Corporation Trust Company, Corporation Trust Center, 1209 Orange St, Wilmington DE 19801, USA). Novecore Licensing Ltd. is registered for VAT in the United Kingdom under VAT registration number 347 4545 80. Novecore (Estonia) OÜ is registered for VAT in the European Union under VAT registration number EE102518979. Novecore Professional Services Ltd. is a trust or company service provider registered with and supervised by HM Revenue & Customs under the Money Laundering, Terrorist Financing and Transfer of Funds (Information on the Payer) Regulations 2017 (registration number XMML00000178208). Staclar Financial Services Ltd. is an Annex 1 financial institution registered with and supervised by the Financial Conduct Authority under the Money Laundering, Terrorist Financing and Transfer of Funds (Information on the Payer) Regulations 2017 (firm reference number 989521). Registration is not equivalent to authorisation and is not an endorsement to do business with a firm. Staclar Financial Services Ltd. is not an authorised person within the meaning of the Financial Services and Markets Act 2000 and does not review, approve, or endorse financial promotions for securities issues it is involved in or provide any form of investment advice. Sent from Front

...

On November 30, 2023 at 9:36 AM GMT+1 anti-abuse-wg@ripe.net <mailto:anti-abuse-wg@ripe.net> <mailto:anti-abuse-wg@ripe.net <mailto:anti-abuse-wg@ripe.net>> wrote:

Hi Leo,

I don’t see it as a regulator, I see it as one of the functions of a RIR. Not just provide numbers, but also ensure that they are being used fairly and according community agreed policies. Otherwise we could also say that other reasons for recovery are invalid because we become a regulator, right?

Each RIR has measured the “level of adoption” as they progressed with the initial verification (and this was presented at least a couple of times in every RIR), so there are slides in each of them, showing the progress. I can try to find them for you in the previous year's events if you can’t find them. Also my personal experience reporting over 1.500 abuse cases, average per day, shows that I get more “happy-ending” responses from those regions than before and keeps going better and better, which is not the case from RIPE unfortunately.

Regards, Jordi

@jordipalet

...

> El 29 nov 2023, a las 16:09, Leo Vegoda <leo@vegoda.org

<mailto:leo@vegoda.org>

...

<mailto:leo@vegoda.org <mailto:leo@vegoda.org>>> escribió: > > Hi Jordi, > > > On Nov 29, 2023, at 11:29, jordi.palet--- via anti-abuse-wg <anti-abuse-wg@ripe.net <mailto:anti-abuse-wg@ripe.net> <mailto:anti-abuse-wg@ripe.net <mailto:anti-abuse-wg@ripe.net>>> wrote: >> >> I agree that the carrot is better than the stick, but if the carrot doesn’t work, we need to use the stick. >> >> My original proposal was basically enforcing the NCC to reclaim the resources when there is a persistent violation of resolving abuse cases. This can be progressive, such as not allowing to update objects in the database, etc. No need to go with “a single failure means you lose your resources”. > > How could we do this without the RIPE NCC becoming some kind of regulator? Or is the proposal to make the RIPE NCC a private sector regulator? > >> As said, this is working in other 2 regions, one more coming (pending of the AFRINIC board ratification). Why should not work in this region the same? Also the PoC in ARIN works in a similar way, and being non-responsive means you get some “members” rights restricted. > > Who has been measuring the reduction is abuse? How tightly is that drop in abuse linked to this policy action rather than other factors? > > Kind regards, > > Leo >

********************************************** IPv4 is over Are you ready for the new Internet ? http://www.theipv6company.com <http://www.theipv6company.com/> <http://www.theipv6company.com/ <http://www.theipv6company.com/>> The IPv6 Company

This electronic message contains information which may be privileged or confidential. The information is intended to be for the exclusive use of the individual(s) named above and further non-explicilty authorized disclosure, copying, distribution or use of the contents of this information, even if partially, including attached files, is strictly prohibited and will be considered a criminal offense. If you are not the intended recipient be aware that any disclosure, copying, distribution or use of the contents of this information, even if partially, including attached files, is strictly prohibited, will be considered a criminal offense, so you must reply to the original sender to inform about this communication and delete it.

--

To unsubscribe from this mailing list, get a password reminder, or change your subscription options, please visit: https://lists.ripe.net/mailman/listinfo/anti-abuse-wg <https://lists.ripe.net/mailman/listinfo/anti-abuse-wg> <https://lists.ripe.net/mailman/listinfo/anti-abuse-wg <https://lists.ripe.net/mailman/listinfo/anti-abuse-wg>>

-- Dr. Serge Droz Member, FIRST Board of Directors https://www.first.org <https://www.first.org/>

--

To unsubscribe from this mailing list, get a password reminder, or change your subscription options, please visit: https://lists.ripe.net/mailman/listinfo/anti-abuse-wg <https://lists.ripe.net/mailman/listinfo/anti-abuse-wg>

-- Dr. Serge Droz Member, FIRST Board of Directors https://www.first.org

The funny part is that the abuse teams of the very same companies will be out there in other conferences working earnestly and well on best practices. If they were to turn up at a ripe meeting and provide consensus .. And before you accuse me of packing the room to generate artificial consensus please remember just how many ripe luminaries just happened to be in the room during an any other business segment of the wg a decade or so back, just so that Richard Cox could be ousted from the chair. --srs ________________________________ From: anti-abuse-wg <anti-abuse-wg-bounces@ripe.net> on behalf of Serge Droz via anti-abuse-wg <anti-abuse-wg@ripe.net> Sent: Thursday, November 30, 2023 2:23:54 PM To: anti-abuse-wg@ripe.net <anti-abuse-wg@ripe.net> Subject: Re: [anti-abuse-wg] Abuse Report ignored. What to do as next? I do not agree Every organization has rules it enforces. That doesn't make it a regulator. The public transport here, where I live enforces that you have a valid ticket. That doesn't make it the transport regulator. In fact RIPE NCC will probably enforce that you pay your fees. The issue here is, that we have two subgroups: One that thinks we should try go a bit further to ensure that people do what can be expected they should be doing, and another fractions that feels every little bit of additional load is too much and will not solve the problem 100%. It's like saying we give up on speed limits because it doesn't prevent speeding. And as long as this group cannot come up with a compromise nothing will change, in essence the anti-abuse wg is taken hostage by the nay sayers. These discussions have been going on for years. Nothing new has come out. We don't even try. We could, and then see if it makes a difference. If not we go back. But nope. Best Serge On 30.11.23 09:39, Matthias Merkel wrote:

Hi Leo,

The definition of a regulator is an entity that sets and enforces rules on the persons it supervises.

If the RIPE NCC goes further than just providing numbers, and instead enforces rules on usage associated with them (note that this doesn't even concern the use of the numbers themselves, but rather services addressed by them), it will, by definition, be a regulator.

I'm not sure that there will be consensus on wanting the NCC to become a regulator.

— Maria Merkel

This email was sent by Staclar, Inc. Any statements contained in this email are personal to the author and are not necessarily the statements of the company unless specifically stated.

Novecore and Staclar are collective trading names of Novecore Ltd., registered in England and Wales under company number 11748197, Novecore Licensing Ltd., registered in England and Wales under company number 11544982, Staclar Carrier Ltd., registered in England and Wales under company number 12219686, Staclar Financial Services Ltd., registered in England and Wales under company number 13843292 (registered offices 54 Portland Place, London, UK, W1B 1DY); Novecore Professional Services Ltd., registered in England and Wales under company number 13965912 (registered office 13 Freeland Park, Wareham Road, Poole, UK, BH16 6FA); Novecore (Estonia) OÜ, registered in Estonia under registry code 16543205 (local contact Baltic Business Services OÜ, Narva mnt 5, 10117 Tallinn, Estonia); Novecore (USA) Inc., registered in Delaware under file number 6707907, Novecore Licensing (USA) LLC, registered in Delaware under file number 4030866, and Staclar, Inc., registered in Delaware under file number 7413401 (registered agents The Corporation Trust Company, Corporation Trust Center, 1209 Orange St, Wilmington DE 19801, USA). Novecore Licensing Ltd. is registered for VAT in the United Kingdom under VAT registration number 347 4545 80. Novecore (Estonia) OÜ is registered for VAT in the European Union under VAT registration number EE102518979. Novecore Professional Services Ltd. is a trust or company service provider registered with and supervised by HM Revenue & Customs under the Money Laundering, Terrorist Financing and Transfer of Funds (Information on the Payer) Regulations 2017 (registration number XMML00000178208). Staclar Financial Services Ltd. is an Annex 1 financial institution registered with and supervised by the Financial Conduct Authority under the Money Laundering, Terrorist Financing and Transfer of Funds (Information on the Payer) Regulations 2017 (firm reference number 989521). Registration is not equivalent to authorisation and is not an endorsement to do business with a firm. Staclar Financial Services Ltd. is not an authorised person within the meaning of the Financial Services and Markets Act 2000 and does not review, approve, or endorse financial promotions for securities issues it is involved in or provide any form of investment advice. Sent from Front

...

On November 30, 2023 at 9:36 AM GMT+1 anti-abuse-wg@ripe.net <mailto:anti-abuse-wg@ripe.net> wrote:

Hi Leo,

I don’t see it as a regulator, I see it as one of the functions of a RIR. Not just provide numbers, but also ensure that they are being used fairly and according community agreed policies. Otherwise we could also say that other reasons for recovery are invalid because we become a regulator, right?

Each RIR has measured the “level of adoption” as they progressed with the initial verification (and this was presented at least a couple of times in every RIR), so there are slides in each of them, showing the progress. I can try to find them for you in the previous year's events if you can’t find them. Also my personal experience reporting over 1.500 abuse cases, average per day, shows that I get more “happy-ending” responses from those regions than before and keeps going better and better, which is not the case from RIPE unfortunately.

Regards, Jordi

@jordipalet

...

...

El 29 nov 2023, a las 16:09, Leo Vegoda <leo@vegoda.org <mailto:leo@vegoda.org>> escribió:

Hi Jordi,

On Nov 29, 2023, at 11:29, jordi.palet--- via anti-abuse-wg <anti-abuse-wg@ripe.net <mailto:anti-abuse-wg@ripe.net>> wrote:

...

I agree that the carrot is better than the stick, but if the

carrot doesn’t work, we need to use the stick.

...

My original proposal was basically enforcing the NCC to reclaim

the resources when there is a persistent violation of resolving abuse cases. This can be progressive, such as not allowing to update objects in the database, etc. No need to go with “a single failure means you lose your resources”.

How could we do this without the RIPE NCC becoming some kind of regulator? Or is the proposal to make the RIPE NCC a private sector regulator?

...

As said, this is working in other 2 regions, one more coming (pending of the AFRINIC board ratification). Why should not work in this region the same? Also the PoC in ARIN works in a similar way, and being non-responsive means you get some “members” rights restricted.

Who has been measuring the reduction is abuse? How tightly is that drop in abuse linked to this policy action rather than other factors?

Kind regards,

Leo

********************************************** IPv4 is over Are you ready for the new Internet ? http://www.theipv6company.com <http://www.theipv6company.com/> The IPv6 Company

This electronic message contains information which may be privileged or confidential. The information is intended to be for the exclusive use of the individual(s) named above and further non-explicilty authorized disclosure, copying, distribution or use of the contents of this information, even if partially, including attached files, is strictly prohibited and will be considered a criminal offense. If you are not the intended recipient be aware that any disclosure, copying, distribution or use of the contents of this information, even if partially, including attached files, is strictly prohibited, will be considered a criminal offense, so you must reply to the original sender to inform about this communication and delete it.

--

To unsubscribe from this mailing list, get a password reminder, or change your subscription options, please visit: https://lists.ripe.net/mailman/listinfo/anti-abuse-wg <https://lists.ripe.net/mailman/listinfo/anti-abuse-wg>

-- Dr. Serge Droz Member, FIRST Board of Directors https://www.first.org -- To unsubscribe from this mailing list, get a password reminder, or change your subscription options, please visit: https://lists.ripe.net/mailman/listinfo/anti-abuse-wg

Of course, this is not how consensus works. I also think you're misunderstanding my argument. I'm all for fighting abuse. A lot of my work is in abuse and fraud prevention and in the prevention of financial crime. I'm not arguing against preventing abuse, only against adding even more regulators where they aren't needed. The Gmail example still does not address my concern. They say what you can do with Gmail, which is the service. An IP address itself is not an abusable service, the systems addressed by them are. Gmail doesn't tell you what to do on third party services you sign up to with your gmail.com<http://gmail.com> address. Google is responsible for Gmail. The RIPE NCC is responsible for the IP addresses. The network operator is responsible for the systems. — Maria Merkel [https://cdn.staclar.com/logos/novecore/newlogo.png] This email was sent by [company]. Any statements contained in this email are personal to the author and are not necessarily the statements of the company unless specifically stated. Novecore and Staclar are collective trading names of Novecore Ltd., registered in England and Wales under company number 11748197, Novecore Licensing Ltd., registered in England and Wales under company number 11544982, Staclar Carrier Ltd., registered in England and Wales under company number 12219686, Staclar Financial Services Ltd., registered in England and Wales under company number 13843292 (registered offices 54 Portland Place, London, UK, W1B 1DY); Novecore Professional Services Ltd., registered in England and Wales under company number 13965912 (registered office 13 Freeland Park, Wareham Road, Poole, UK, BH16 6FA); Novecore (Estonia) OÜ, registered in Estonia under registry code 16543205 (local contact Baltic Business Services OÜ, Narva mnt 5, 10117 Tallinn, Estonia); Novecore (USA) Inc., registered in Delaware under file number 6707907, Novecore Licensing (USA) LLC, registered in Delaware under file number 4030866, and Staclar, Inc., registered in Delaware under file number 7413401 (registered agents The Corporation Trust Company, Corporation Trust Center, 1209 Orange St, Wilmington DE 19801, USA). Novecore Licensing Ltd. is registered for VAT in the United Kingdom under VAT registration number 347 4545 80. Novecore (Estonia) OÜ is registered for VAT in the European Union under VAT registration number EE102518979. Novecore Professional Services Ltd. is a trust or company service provider registered with and supervised by HM Revenue & Customs under the Money Laundering, Terrorist Financing and Transfer of Funds (Information on the Payer) Regulations 2017 (registration number XMML00000178208). Staclar Financial Services Ltd. is an Annex 1 financial institution registered with and supervised by the Financial Conduct Authority under the Money Laundering, Terrorist Financing and Transfer of Funds (Information on the Payer) Regulations 2017 (firm reference number 989521). Registration is not equivalent to authorisation and is not an endorsement to do business with a firm. Staclar Financial Services Ltd. is not an authorised person within the meaning of the Financial Services and Markets Act 2000 and does not review, approve, or endorse financial promotions for securities issues it is involved in or provide any form of investment advice. [Sent from Front] On November 30, 2023 at 10:48 AM GMT+1 leo@vegoda.org<mailto:leo@vegoda.org> wrote: On Thu, 30 Nov 2023 at 10:44, Suresh Ramasubramanian <ops.lists@gmail.com<mailto:ops.lists@gmail.com>> wrote:

The funny part is that the abuse teams of the very same companies will be out there in other conferences working earnestly and well on best practices. If they were to turn up at a ripe meeting and provide consensus ..

And before you accuse me of packing the room to generate artificial consensus

Consensus isn't a numbers thing. I think you've misunderstood the process. Regards, Leo -- To unsubscribe from this mailing list, get a password reminder, or change your subscription options, please visit: https://lists.ripe.net/mailman/listinfo/anti-abuse-wg

I have already noted that I have no objections to a proposal solely to verify abuse mailbox functionality, but that we should be careful adding anything further. Perhaps I wasn't clear enough in this: Arguably a proposal to simply require verification of the abuse mailbox does not make the NCC a regulator (and, in fact, I think the NCC already does this with ASNs), but I do not see how this would be an effective measure. Making further requirements would make the NCC a regulator, and this may be dangerous precedent. Regarding the potential that government regulators will put rules in place if we don't, I don't think this is a big concern here. Many governments already do have those rules and already supervise network operators in their countries. The issue in this specific case is that some countries simply don't care, and do not have laws or regulations around the issue. — Maria Merkel [https://cdn.staclar.com/logos/novecore/newlogo.png] This email was sent by [company]. Any statements contained in this email are personal to the author and are not necessarily the statements of the company unless specifically stated. Novecore and Staclar are collective trading names of Novecore Ltd., registered in England and Wales under company number 11748197, Novecore Licensing Ltd., registered in England and Wales under company number 11544982, Staclar Carrier Ltd., registered in England and Wales under company number 12219686, Staclar Financial Services Ltd., registered in England and Wales under company number 13843292 (registered offices 54 Portland Place, London, UK, W1B 1DY); Novecore Professional Services Ltd., registered in England and Wales under company number 13965912 (registered office 13 Freeland Park, Wareham Road, Poole, UK, BH16 6FA); Novecore (Estonia) OÜ, registered in Estonia under registry code 16543205 (local contact Baltic Business Services OÜ, Narva mnt 5, 10117 Tallinn, Estonia); Novecore (USA) Inc., registered in Delaware under file number 6707907, Novecore Licensing (USA) LLC, registered in Delaware under file number 4030866, and Staclar, Inc., registered in Delaware under file number 7413401 (registered agents The Corporation Trust Company, Corporation Trust Center, 1209 Orange St, Wilmington DE 19801, USA). Novecore Licensing Ltd. is registered for VAT in the United Kingdom under VAT registration number 347 4545 80. Novecore (Estonia) OÜ is registered for VAT in the European Union under VAT registration number EE102518979. Novecore Professional Services Ltd. is a trust or company service provider registered with and supervised by HM Revenue & Customs under the Money Laundering, Terrorist Financing and Transfer of Funds (Information on the Payer) Regulations 2017 (registration number XMML00000178208). Staclar Financial Services Ltd. is an Annex 1 financial institution registered with and supervised by the Financial Conduct Authority under the Money Laundering, Terrorist Financing and Transfer of Funds (Information on the Payer) Regulations 2017 (firm reference number 989521). Registration is not equivalent to authorisation and is not an endorsement to do business with a firm. Staclar Financial Services Ltd. is not an authorised person within the meaning of the Financial Services and Markets Act 2000 and does not review, approve, or endorse financial promotions for securities issues it is involved in or provide any form of investment advice. [Sent from Front] On November 30, 2023 at 11:25 AM GMT+1 ops.lists@gmail.com<mailto:ops.lists@gmail.com> wrote: This is simply an ongoing verification that the justification and other paperwork which were used to allocate the numbers are reasonable and correct Consensus tends to work in strange ways - and room packing isn’t unknown if you see the example I cited --srs ________________________________ From: anti-abuse-wg <anti-abuse-wg-bounces@ripe.net<mailto:anti-abuse-wg-bounces@ripe.net>> on behalf of Matthias Merkel <matthias.merkel@staclar.com<mailto:matthias.merkel@staclar.com>> Sent: Thursday, November 30, 2023 3:24:02 PM To: Leo Vegoda <leo@vegoda.org<mailto:leo@vegoda.org>>; Suresh Ramasubramanian <ops.lists@gmail.com<mailto:ops.lists@gmail.com>> Cc: anti-abuse-wg@ripe.net<mailto:anti-abuse-wg@ripe.net> <anti-abuse-wg@ripe.net<mailto:anti-abuse-wg@ripe.net>> Subject: Re: [anti-abuse-wg] Abuse Report ignored. What to do as next? Of course, this is not how consensus works. I also think you're misunderstanding my argument. I'm all for fighting abuse. A lot of my work is in abuse and fraud prevention and in the prevention of financial crime. I'm not arguing against preventing abuse, only against adding even more regulators where they aren't needed. The Gmail example still does not address my concern. They say what you can do with Gmail, which is the service. An IP address itself is not an abusable service, the systems addressed by them are. Gmail doesn't tell you what to do on third party services you sign up to with your gmail.com<http://gmail.com/> address. Google is responsible for Gmail. The RIPE NCC is responsible for the IP addresses. The network operator is responsible for the systems. — Maria Merkel [https://cdn.staclar.com/logos/novecore/newlogo.png] This email was sent by [company]. Any statements contained in this email are personal to the author and are not necessarily the statements of the company unless specifically stated. Novecore and Staclar are collective trading names of Novecore Ltd., registered in England and Wales under company number 11748197, Novecore Licensing Ltd., registered in England and Wales under company number 11544982, Staclar Carrier Ltd., registered in England and Wales under company number 12219686, Staclar Financial Services Ltd., registered in England and Wales under company number 13843292 (registered offices 54 Portland Place, London, UK, W1B 1DY); Novecore Professional Services Ltd., registered in England and Wales under company number 13965912 (registered office 13 Freeland Park, Wareham Road, Poole, UK, BH16 6FA); Novecore (Estonia) OÜ, registered in Estonia under registry code 16543205 (local contact Baltic Business Services OÜ, Narva mnt 5, 10117 Tallinn, Estonia); Novecore (USA) Inc., registered in Delaware under file number 6707907, Novecore Licensing (USA) LLC, registered in Delaware under file number 4030866, and Staclar, Inc., registered in Delaware under file number 7413401 (registered agents The Corporation Trust Company, Corporation Trust Center, 1209 Orange St, Wilmington DE 19801, USA). Novecore Licensing Ltd. is registered for VAT in the United Kingdom under VAT registration number 347 4545 80. Novecore (Estonia) OÜ is registered for VAT in the European Union under VAT registration number EE102518979. Novecore Professional Services Ltd. is a trust or company service provider registered with and supervised by HM Revenue & Customs under the Money Laundering, Terrorist Financing and Transfer of Funds (Information on the Payer) Regulations 2017 (registration number XMML00000178208). Staclar Financial Services Ltd. is an Annex 1 financial institution registered with and supervised by the Financial Conduct Authority under the Money Laundering, Terrorist Financing and Transfer of Funds (Information on the Payer) Regulations 2017 (firm reference number 989521). Registration is not equivalent to authorisation and is not an endorsement to do business with a firm. Staclar Financial Services Ltd. is not an authorised person within the meaning of the Financial Services and Markets Act 2000 and does not review, approve, or endorse financial promotions for securities issues it is involved in or provide any form of investment advice. [Sent from Front] On November 30, 2023 at 10:48 AM GMT+1 leo@vegoda.org<mailto:leo@vegoda.org> wrote: On Thu, 30 Nov 2023 at 10:44, Suresh Ramasubramanian <ops.lists@gmail.com<mailto:ops.lists@gmail.com>> wrote:

The funny part is that the abuse teams of the very same companies will be out there in other conferences working earnestly and well on best practices. If they were to turn up at a ripe meeting and provide consensus ..

And before you accuse me of packing the room to generate artificial consensus

Consensus isn't a numbers thing. I think you've misunderstood the process. Regards, Leo -- To unsubscribe from this mailing list, get a password reminder, or change your subscription options, please visit: https://lists.ripe.net/mailman/listinfo/anti-abuse-wg

The proposal is to send verification emails to abuse mailboxes and have a link in them clicked, right? I would have no objection to that. Is there more that is being proposed in this proposal specifically? — Maria Merkel [https://cdn.staclar.com/logos/novecore/newlogo.png] This email was sent by [company]. Any statements contained in this email are personal to the author and are not necessarily the statements of the company unless specifically stated. Novecore and Staclar are collective trading names of Novecore Ltd., registered in England and Wales under company number 11748197, Novecore Licensing Ltd., registered in England and Wales under company number 11544982, Staclar Carrier Ltd., registered in England and Wales under company number 12219686, Staclar Financial Services Ltd., registered in England and Wales under company number 13843292 (registered offices 54 Portland Place, London, UK, W1B 1DY); Novecore Professional Services Ltd., registered in England and Wales under company number 13965912 (registered office 13 Freeland Park, Wareham Road, Poole, UK, BH16 6FA); Novecore (Estonia) OÜ, registered in Estonia under registry code 16543205 (local contact Baltic Business Services OÜ, Narva mnt 5, 10117 Tallinn, Estonia); Novecore (USA) Inc., registered in Delaware under file number 6707907, Novecore Licensing (USA) LLC, registered in Delaware under file number 4030866, and Staclar, Inc., registered in Delaware under file number 7413401 (registered agents The Corporation Trust Company, Corporation Trust Center, 1209 Orange St, Wilmington DE 19801, USA). Novecore Licensing Ltd. is registered for VAT in the United Kingdom under VAT registration number 347 4545 80. Novecore (Estonia) OÜ is registered for VAT in the European Union under VAT registration number EE102518979. Novecore Professional Services Ltd. is a trust or company service provider registered with and supervised by HM Revenue & Customs under the Money Laundering, Terrorist Financing and Transfer of Funds (Information on the Payer) Regulations 2017 (registration number XMML00000178208). Staclar Financial Services Ltd. is an Annex 1 financial institution registered with and supervised by the Financial Conduct Authority under the Money Laundering, Terrorist Financing and Transfer of Funds (Information on the Payer) Regulations 2017 (firm reference number 989521). Registration is not equivalent to authorisation and is not an endorsement to do business with a firm. Staclar Financial Services Ltd. is not an authorised person within the meaning of the Financial Services and Markets Act 2000 and does not review, approve, or endorse financial promotions for securities issues it is involved in or provide any form of investment advice. [Sent from Front] On November 30, 2023 at 11:45 AM GMT+1 ops.lists@gmail.com<mailto:ops.lists@gmail.com> wrote: There is somewhat more being proposed than that bare minimum of due diligence but none of this makes ripe ncc a regulator any more than a pharmacist verifying a prescription becomes the FDA --srs ________________________________ From: Matthias Merkel <matthias.merkel@staclar.com<mailto:matthias.merkel@staclar.com>> Sent: Thursday, November 30, 2023 4:03:07 PM To: Suresh Ramasubramanian <ops.lists@gmail.com<mailto:ops.lists@gmail.com>>; Leo Vegoda <leo@vegoda.org<mailto:leo@vegoda.org>> Cc: anti-abuse-wg@ripe.net<mailto:anti-abuse-wg@ripe.net> <anti-abuse-wg@ripe.net<mailto:anti-abuse-wg@ripe.net>> Subject: Re: [anti-abuse-wg] Abuse Report ignored. What to do as next? I have already noted that I have no objections to a proposal solely to verify abuse mailbox functionality, but that we should be careful adding anything further. Perhaps I wasn't clear enough in this: Arguably a proposal to simply require verification of the abuse mailbox does not make the NCC a regulator (and, in fact, I think the NCC already does this with ASNs), but I do not see how this would be an effective measure. Making further requirements would make the NCC a regulator, and this may be dangerous precedent. Regarding the potential that government regulators will put rules in place if we don't, I don't think this is a big concern here. Many governments already do have those rules and already supervise network operators in their countries. The issue in this specific case is that some countries simply don't care, and do not have laws or regulations around the issue. — Maria Merkel [https://cdn.staclar.com/logos/novecore/newlogo.png] This email was sent by [company]. Any statements contained in this email are personal to the author and are not necessarily the statements of the company unless specifically stated. Novecore and Staclar are collective trading names of Novecore Ltd., registered in England and Wales under company number 11748197, Novecore Licensing Ltd., registered in England and Wales under company number 11544982, Staclar Carrier Ltd., registered in England and Wales under company number 12219686, Staclar Financial Services Ltd., registered in England and Wales under company number 13843292 (registered offices 54 Portland Place, London, UK, W1B 1DY); Novecore Professional Services Ltd., registered in England and Wales under company number 13965912 (registered office 13 Freeland Park, Wareham Road, Poole, UK, BH16 6FA); Novecore (Estonia) OÜ, registered in Estonia under registry code 16543205 (local contact Baltic Business Services OÜ, Narva mnt 5, 10117 Tallinn, Estonia); Novecore (USA) Inc., registered in Delaware under file number 6707907, Novecore Licensing (USA) LLC, registered in Delaware under file number 4030866, and Staclar, Inc., registered in Delaware under file number 7413401 (registered agents The Corporation Trust Company, Corporation Trust Center, 1209 Orange St, Wilmington DE 19801, USA). Novecore Licensing Ltd. is registered for VAT in the United Kingdom under VAT registration number 347 4545 80. Novecore (Estonia) OÜ is registered for VAT in the European Union under VAT registration number EE102518979. Novecore Professional Services Ltd. is a trust or company service provider registered with and supervised by HM Revenue & Customs under the Money Laundering, Terrorist Financing and Transfer of Funds (Information on the Payer) Regulations 2017 (registration number XMML00000178208). Staclar Financial Services Ltd. is an Annex 1 financial institution registered with and supervised by the Financial Conduct Authority under the Money Laundering, Terrorist Financing and Transfer of Funds (Information on the Payer) Regulations 2017 (firm reference number 989521). Registration is not equivalent to authorisation and is not an endorsement to do business with a firm. Staclar Financial Services Ltd. is not an authorised person within the meaning of the Financial Services and Markets Act 2000 and does not review, approve, or endorse financial promotions for securities issues it is involved in or provide any form of investment advice. [Sent from Front] On November 30, 2023 at 11:25 AM GMT+1 ops.lists@gmail.com<mailto:ops.lists@gmail.com> wrote: This is simply an ongoing verification that the justification and other paperwork which were used to allocate the numbers are reasonable and correct Consensus tends to work in strange ways - and room packing isn’t unknown if you see the example I cited --srs ________________________________ From: anti-abuse-wg <anti-abuse-wg-bounces@ripe.net<mailto:anti-abuse-wg-bounces@ripe.net>> on behalf of Matthias Merkel <matthias.merkel@staclar.com<mailto:matthias.merkel@staclar.com>> Sent: Thursday, November 30, 2023 3:24:02 PM To: Leo Vegoda <leo@vegoda.org<mailto:leo@vegoda.org>>; Suresh Ramasubramanian <ops.lists@gmail.com<mailto:ops.lists@gmail.com>> Cc: anti-abuse-wg@ripe.net<mailto:anti-abuse-wg@ripe.net> <anti-abuse-wg@ripe.net<mailto:anti-abuse-wg@ripe.net>> Subject: Re: [anti-abuse-wg] Abuse Report ignored. What to do as next? Of course, this is not how consensus works. I also think you're misunderstanding my argument. I'm all for fighting abuse. A lot of my work is in abuse and fraud prevention and in the prevention of financial crime. I'm not arguing against preventing abuse, only against adding even more regulators where they aren't needed. The Gmail example still does not address my concern. They say what you can do with Gmail, which is the service. An IP address itself is not an abusable service, the systems addressed by them are. Gmail doesn't tell you what to do on third party services you sign up to with your gmail.com<http://gmail.com/> address. Google is responsible for Gmail. The RIPE NCC is responsible for the IP addresses. The network operator is responsible for the systems. — Maria Merkel [https://cdn.staclar.com/logos/novecore/newlogo.png] This email was sent by [company]. Any statements contained in this email are personal to the author and are not necessarily the statements of the company unless specifically stated. Novecore and Staclar are collective trading names of Novecore Ltd., registered in England and Wales under company number 11748197, Novecore Licensing Ltd., registered in England and Wales under company number 11544982, Staclar Carrier Ltd., registered in England and Wales under company number 12219686, Staclar Financial Services Ltd., registered in England and Wales under company number 13843292 (registered offices 54 Portland Place, London, UK, W1B 1DY); Novecore Professional Services Ltd., registered in England and Wales under company number 13965912 (registered office 13 Freeland Park, Wareham Road, Poole, UK, BH16 6FA); Novecore (Estonia) OÜ, registered in Estonia under registry code 16543205 (local contact Baltic Business Services OÜ, Narva mnt 5, 10117 Tallinn, Estonia); Novecore (USA) Inc., registered in Delaware under file number 6707907, Novecore Licensing (USA) LLC, registered in Delaware under file number 4030866, and Staclar, Inc., registered in Delaware under file number 7413401 (registered agents The Corporation Trust Company, Corporation Trust Center, 1209 Orange St, Wilmington DE 19801, USA). Novecore Licensing Ltd. is registered for VAT in the United Kingdom under VAT registration number 347 4545 80. Novecore (Estonia) OÜ is registered for VAT in the European Union under VAT registration number EE102518979. Novecore Professional Services Ltd. is a trust or company service provider registered with and supervised by HM Revenue & Customs under the Money Laundering, Terrorist Financing and Transfer of Funds (Information on the Payer) Regulations 2017 (registration number XMML00000178208). Staclar Financial Services Ltd. is an Annex 1 financial institution registered with and supervised by the Financial Conduct Authority under the Money Laundering, Terrorist Financing and Transfer of Funds (Information on the Payer) Regulations 2017 (firm reference number 989521). Registration is not equivalent to authorisation and is not an endorsement to do business with a firm. Staclar Financial Services Ltd. is not an authorised person within the meaning of the Financial Services and Markets Act 2000 and does not review, approve, or endorse financial promotions for securities issues it is involved in or provide any form of investment advice. [Sent from Front] On November 30, 2023 at 10:48 AM GMT+1 leo@vegoda.org<mailto:leo@vegoda.org> wrote: On Thu, 30 Nov 2023 at 10:44, Suresh Ramasubramanian <ops.lists@gmail.com<mailto:ops.lists@gmail.com>> wrote:

The funny part is that the abuse teams of the very same companies will be out there in other conferences working earnestly and well on best practices. If they were to turn up at a ripe meeting and provide consensus ..

And before you accuse me of packing the room to generate artificial consensus

Consensus isn't a numbers thing. I think you've misunderstood the process. Regards, Leo -- To unsubscribe from this mailing list, get a password reminder, or change your subscription options, please visit: https://lists.ripe.net/mailman/listinfo/anti-abuse-wg

On Thu 30/Nov/2023 12:40:46 +0100 Laura Atkins wrote:

What happens if / when someone doesn’t?

A minimal, yet useful reaction would be to remove their abuse PoC from RDAP pages. If the convention is clear that network operators without abuse-c are non-responders, it is easy for all the others to add the corresponding IPs to their drop lists. Ripe NCC could even distribute non-responders lists. A motion to reclaim wasted resources can be set up at a later time. Best Ale

...

On 30 Nov 2023, at 10:47, Matthias Merkel <matthias.merkel@staclar.com> wrote:

The proposal is to send verification emails to abuse mailboxes and have a link in them clicked, right? I would have no objection to that.

Is there more that is being proposed in this proposal specifically?

— Maria Merkel

This email was sent by [company]. Any statements contained in this email are personal to the author and are not necessarily the statements of the company unless specifically stated.

Novecore and Staclar are collective trading names of Novecore Ltd., registered in England and Wales under company number 11748197, Novecore Licensing Ltd., registered in England and Wales under company number 11544982, Staclar Carrier Ltd., registered in England and Wales under company number 12219686, Staclar Financial Services Ltd., registered in England and Wales under company number 13843292 (registered offices 54 Portland Place, London, UK, W1B 1DY); Novecore Professional Services Ltd., registered in England and Wales under company number 13965912 (registered office 13 Freeland Park, Wareham Road, Poole, UK, BH16 6FA); Novecore (Estonia) OÜ, registered in Estonia under registry code 16543205 (local contact Baltic Business Services OÜ, Narva mnt 5, 10117 Tallinn, Estonia); Novecore (USA) Inc., registered in Delaware under file number 6707907, Novecore Licensing (USA) LLC, registered in Delaware under file number 4030866, and Staclar, Inc., registered in Delaware under file number 7413401 (registered agents The Corporation Trust Company, Corporation Trust Center, 1209 Orange St, Wilmington DE 19801, USA). Novecore Licensing Ltd. is registered for VAT in the United Kingdom under VAT registration number 347 4545 80. Novecore (Estonia) OÜ is registered for VAT in the European Union under VAT registration number EE102518979. Novecore Professional Services Ltd. is a trust or company service provider registered with and supervised by HM Revenue & Customs under the Money Laundering, Terrorist Financing and Transfer of Funds (Information on the Payer) Regulations 2017 (registration number XMML00000178208). Staclar Financial Services Ltd. is an Annex 1 financial institution registered with and supervised by the Financial Conduct Authority under the Money Laundering, Terrorist Financing and Transfer of Funds (Information on the Payer) Regulations 2017 (firm reference number 989521). Registration is not equivalent to authorisation and is not an endorsement to do business with a firm. Staclar Financial Services Ltd. is not an authorised person within the meaning of the Financial Services and Markets Act 2000 and does not review, approve, or endorse financial promotions for securities issues it is involved in or provide any form of investment advice. Sent from Front

...

On November 30, 2023 at 11:45 AM GMT+1 ops.lists@gmail.com <mailto:ops.lists@gmail.com> wrote:

There is somewhat more being proposed than that bare minimum of due diligence but none of this makes ripe ncc a regulator any more than a pharmacist verifying a prescription becomes the FDA

--srs ------------------------------------------------------------------------------- *From:* Matthias Merkel <matthias.merkel@staclar.com <mailto:matthias.merkel@staclar.com>> *Sent:* Thursday, November 30, 2023 4:03:07 PM *To:* Suresh Ramasubramanian <ops.lists@gmail.com <mailto:ops.lists@gmail.com>>; Leo Vegoda <leo@vegoda.org <mailto:leo@vegoda.org>> *Cc:* anti-abuse-wg@ripe.net <mailto:anti-abuse-wg@ripe.net> <anti-abuse-wg@ripe.net <mailto:anti-abuse-wg@ripe.net>> *Subject:* Re: [anti-abuse-wg] Abuse Report ignored. What to do as next? I have already noted that I have no objections to a proposal solely to verify abuse mailbox functionality, but that we should be careful adding anything further. Perhaps I wasn't clear enough in this:

Arguably a proposal to simply require verification of the abuse mailbox does not make the NCC a regulator (and, in fact, I think the NCC already does this with ASNs), but I do not see how this would be an effective measure.

Making further requirements would make the NCC a regulator, and this may be dangerous precedent.

Regarding the potential that government regulators will put rules in place if we don't, I don't think this is a big concern here. Many governments already do have those rules and already supervise network operators in their countries. The issue in this specific case is that some countries simply don't care, and do not have laws or regulations around the issue.

— Maria Merkel

This email was sent by [company]. Any statements contained in this email are personal to the author and are not necessarily the statements of the company unless specifically stated.

Novecore and Staclar are collective trading names of Novecore Ltd., registered in England and Wales under company number 11748197, Novecore Licensing Ltd., registered in England and Wales under company number 11544982, Staclar Carrier Ltd., registered in England and Wales under company number 12219686, Staclar Financial Services Ltd., registered in England and Wales under company number 13843292 (registered offices 54 Portland Place, London, UK, W1B 1DY); Novecore Professional Services Ltd., registered in England and Wales under company number 13965912 (registered office 13 Freeland Park, Wareham Road, Poole, UK, BH16 6FA); Novecore (Estonia) OÜ, registered in Estonia under registry code 16543205 (local contact Baltic Business Services OÜ, Narva mnt 5, 10117 Tallinn, Estonia); Novecore (USA) Inc., registered in Delaware under file number 6707907, Novecore Licensing (USA) LLC, registered in Delaware under file number 4030866, and Staclar, Inc., registered in Delaware under file number 7413401 (registered agents The Corporation Trust Company, Corporation Trust Center, 1209 Orange St, Wilmington DE 19801, USA). Novecore Licensing Ltd. is registered for VAT in the United Kingdom under VAT registration number 347 4545 80. Novecore (Estonia) OÜ is registered for VAT in the European Union under VAT registration number EE102518979. Novecore Professional Services Ltd. is a trust or company service provider registered with and supervised by HM Revenue & Customs under the Money Laundering, Terrorist Financing and Transfer of Funds (Information on the Payer) Regulations 2017 (registration number XMML00000178208). Staclar Financial Services Ltd. is an Annex 1 financial institution registered with and supervised by the Financial Conduct Authority under the Money Laundering, Terrorist Financing and Transfer of Funds (Information on the Payer) Regulations 2017 (firm reference number 989521). Registration is not equivalent to authorisation and is not an endorsement to do business with a firm. Staclar Financial Services Ltd. is not an authorised person within the meaning of the Financial Services and Markets Act 2000 and does not review, approve, or endorse financial promotions for securities issues it is involved in or provide any form of investment advice. Sent from Front

...

On November 30, 2023 at 11:25 AM GMT+1 ops.lists@gmail.com <mailto:ops.lists@gmail.com> wrote:

This is simply an ongoing verification that the justification and other paperwork which were used to allocate the numbers are reasonable and correct

Consensus tends to work in strange ways - and room packing isn’t unknown if you see the example I cited

--srs ------------------------------------------------------------------------------- *From:* anti-abuse-wg <anti-abuse-wg-bounces@ripe.net <mailto:anti-abuse-wg-bounces@ripe.net>> on behalf of Matthias Merkel <matthias.merkel@staclar.com <mailto:matthias.merkel@staclar.com>> *Sent:* Thursday, November 30, 2023 3:24:02 PM *To:* Leo Vegoda <leo@vegoda.org <mailto:leo@vegoda.org>>; Suresh Ramasubramanian <ops.lists@gmail.com <mailto:ops.lists@gmail.com>> *Cc:* anti-abuse-wg@ripe.net <mailto:anti-abuse-wg@ripe.net> <anti-abuse-wg@ripe.net <mailto:anti-abuse-wg@ripe.net>> *Subject:* Re: [anti-abuse-wg] Abuse Report ignored. What to do as next? Of course, this is not how consensus works.

I also think you're misunderstanding my argument. I'm all for fighting abuse. A lot of my work is in abuse and fraud prevention and in the prevention of financial crime. I'm not arguing against preventing abuse, only against adding even more regulators where they aren't needed.

The Gmail example still does not address my concern. They say what you can do with Gmail, which is the service. An IP address itself is not an abusable service, the systems addressed by them are. Gmail doesn't tell you what to do on third party services you sign up to with your gmail.com <http://gmail.com/> address. Google is responsible for Gmail. The RIPE NCC is responsible for the IP addresses. The network operator is responsible for the systems.

— Maria Merkel

This email was sent by [company]. Any statements contained in this email are personal to the author and are not necessarily the statements of the company unless specifically stated.

Novecore and Staclar are collective trading names of Novecore Ltd., registered in England and Wales under company number 11748197, Novecore Licensing Ltd., registered in England and Wales under company number 11544982, Staclar Carrier Ltd., registered in England and Wales under company number 12219686, Staclar Financial Services Ltd., registered in England and Wales under company number 13843292 (registered offices 54 Portland Place, London, UK, W1B 1DY); Novecore Professional Services Ltd., registered in England and Wales under company number 13965912 (registered office 13 Freeland Park, Wareham Road, Poole, UK, BH16 6FA); Novecore (Estonia) OÜ, registered in Estonia under registry code 16543205 (local contact Baltic Business Services OÜ, Narva mnt 5, 10117 Tallinn, Estonia); Novecore (USA) Inc., registered in Delaware under file number 6707907, Novecore Licensing (USA) LLC, registered in Delaware under file number 4030866, and Staclar, Inc., registered in Delaware under file number 7413401 (registered agents The Corporation Trust Company, Corporation Trust Center, 1209 Orange St, Wilmington DE 19801, USA). Novecore Licensing Ltd. is registered for VAT in the United Kingdom under VAT registration number 347 4545 80. Novecore (Estonia) OÜ is registered for VAT in the European Union under VAT registration number EE102518979. Novecore Professional Services Ltd. is a trust or company service provider registered with and supervised by HM Revenue & Customs under the Money Laundering, Terrorist Financing and Transfer of Funds (Information on the Payer) Regulations 2017 (registration number XMML00000178208). Staclar Financial Services Ltd. is an Annex 1 financial institution registered with and supervised by the Financial Conduct Authority under the Money Laundering, Terrorist Financing and Transfer of Funds (Information on the Payer) Regulations 2017 (firm reference number 989521). Registration is not equivalent to authorisation and is not an endorsement to do business with a firm. Staclar Financial Services Ltd. is not an authorised person within the meaning of the Financial Services and Markets Act 2000 and does not review, approve, or endorse financial promotions for securities issues it is involved in or provide any form of investment advice. Sent from Front

...

On November 30, 2023 at 10:48 AM GMT+1 leo@vegoda.org <mailto:leo@vegoda.org> wrote:

On Thu, 30 Nov 2023 at 10:44, Suresh Ramasubramanian <ops.lists@gmail.com <mailto:ops.lists@gmail.com>> wrote:

...

> > The funny part is that the abuse teams of the very same companies will be out there in other conferences working earnestly and well on best practices. If they were to turn up at a ripe meeting and provide consensus .. > > And before you accuse me of packing the room to generate artificial consensus

Consensus isn't a numbers thing. I think you've misunderstood the process.

Regards,

Leo

--

To unsubscribe from this mailing list, get a password reminder, or change your subscription options, please visit: https://lists.ripe.net/mailman/listinfo/anti-abuse-wg <https://lists.ripe.net/mailman/listinfo/anti-abuse-wg>

--

To unsubscribe from this mailing list, get a password reminder, or change your subscription options, please visit: https://lists.ripe.net/mailman/listinfo/anti-abuse-wg

-- The Delivery Expert

Laura Atkins Word to the Wise laura@wordtothewise.com

Delivery hints and commentary: http://wordtothewise.com/blog

As long as you publish it --srs ________________________________ From: anti-abuse-wg <anti-abuse-wg-bounces@ripe.net> on behalf of Leo Vegoda <leo@vegoda.org> Sent: Thursday, November 30, 2023 6:08:59 PM To: Alessandro Vesely <vesely@tana.it> Cc: anti-abuse-wg@ripe.net <anti-abuse-wg@ripe.net> Subject: Re: [anti-abuse-wg] Abuse Report ignored. What to do as next? On Thu, 30 Nov 2023 at 13:16, Alessandro Vesely <vesely@tana.it> wrote:

On Thu 30/Nov/2023 12:40:46 +0100 Laura Atkins wrote:

...

What happens if / when someone doesn’t?

A minimal, yet useful reaction would be to remove their abuse PoC from RDAP pages. If the convention is clear that network operators without abuse-c are non-responders, it is easy for all the others to add the corresponding IPs to their drop lists. Ripe NCC could even distribute non-responders lists.

A motion to reclaim wasted resources can be set up at a later time.

Publishing factual data that others can use to inform their own decision making processes seems quite different from reclaiming resources. A more productive path to evaluate. Thanks, Leo -- To unsubscribe from this mailing list, get a password reminder, or change your subscription options, please visit: https://lists.ripe.net/mailman/listinfo/anti-abuse-wg

For each complaint to RIPE NCC then such an (automated) email should be sent by the RIPE NCC to the abuse-c of that member. This should be the absolute minimum that should be done by the RIPE NCC. Matthias Merkel wrote on 11/30/23 11:47:

The proposal is to send verification emails to abuse mailboxes and have a link in them clicked, right? I would have no objection to that.

Is there more that is being proposed in this proposal specifically?

— Maria Merkel

It will make some organizations start handling reports that didn't do it before. We tried this in Switzerland, sending all ISPs abuse data asking them to deal with it. In the beginning, very little enthusiasm, today most do. None of these proposals have ever been tries, yet your you insist on knowing they don't work. Let's try it and see what happens. If you insist on 100% guarantees you'll never change anything. This is, why in the IETF you can't simply say no, but you have to come with an alternative. So to that I challenge you. With this attitude the internet wouldn't exist. Sounds like the "Seat belts don't work" fraction back in the day. But I'll shut up now and focus on more constructive discussions elsewhere. Best Serge On 01.12.23 13:22, Laura Atkins wrote:

None of this will make a company who doesn’t want to deal with abuse complaints deal with abuse complaints. It’s a total waste of resources.

laura

...

On 1 Dec 2023, at 10:53, U.Mutlu <security@mutluit.com> wrote:

For each complaint to RIPE NCC then such an (automated) email should be sent by the RIPE NCC to the abuse-c of that member. This should be the absolute minimum that should be done by the RIPE NCC.

Matthias Merkel wrote on 11/30/23 11:47:

...

The proposal is to send verification emails to abuse mailboxes and have a link in them clicked, right? I would have no objection to that.

Is there more that is being proposed in this proposal specifically?

— Maria Merkel

--

To unsubscribe from this mailing list, get a password reminder, or change your subscription options, please visit: https://lists.ripe.net/mailman/listinfo/anti-abuse-wg

-- The Delivery Expert

Laura Atkins Word to the Wise laura@wordtothewise.com

Delivery hints and commentary: http://wordtothewise.com/blog

-- Dr. Serge Droz Member, FIRST Board of Directors https://www.first.org

If sending notifications is so effective and you already have the infrastructure in place to do it, then why involve RIPE? Can’t you just send the notices? laura

On 1 Dec 2023, at 12:52, Serge Droz via anti-abuse-wg <anti-abuse-wg@ripe.net> wrote:

It will make some organizations start handling reports that didn't do it before.

We tried this in Switzerland, sending all ISPs abuse data asking them to deal with it. In the beginning, very little enthusiasm, today most do.

None of these proposals have ever been tries, yet your you insist on knowing they don't work. Let's try it and see what happens. If you insist on 100% guarantees you'll never change anything. This is, why in the IETF you can't simply say no, but you have to come with an alternative. So to that I challenge you.

With this attitude the internet wouldn't exist. Sounds like the "Seat belts don't work" fraction back in the day.

But I'll shut up now and focus on more constructive discussions elsewhere.

Best Serge

On 01.12.23 13:22, Laura Atkins wrote:

...

None of this will make a company who doesn’t want to deal with abuse complaints deal with abuse complaints. It’s a total waste of resources. laura

...

On 1 Dec 2023, at 10:53, U.Mutlu <security@mutluit.com> wrote:

For each complaint to RIPE NCC then such an (automated) email should be sent by the RIPE NCC to the abuse-c of that member. This should be the absolute minimum that should be done by the RIPE NCC.

Matthias Merkel wrote on 11/30/23 11:47:

...

The proposal is to send verification emails to abuse mailboxes and have a link in them clicked, right? I would have no objection to that.

Is there more that is being proposed in this proposal specifically?

— Maria Merkel

--

To unsubscribe from this mailing list, get a password reminder, or change your subscription options, please visit: https://lists.ripe.net/mailman/listinfo/anti-abuse-wg -- The Delivery Expert Laura Atkins Word to the Wise laura@wordtothewise.com Delivery hints and commentary: http://wordtothewise.com/blog

-- Dr. Serge Droz Member, FIRST Board of Directors https://www.first.org

--

To unsubscribe from this mailing list, get a password reminder, or change your subscription options, please visit: https://lists.ripe.net/mailman/listinfo/anti-abuse-wg

-- The Delivery Expert Laura Atkins Word to the Wise laura@wordtothewise.com Delivery hints and commentary: http://wordtothewise.com/blog

On 1 Dec 2023, at 13:22, U.Mutlu <security@mutluit.com> wrote:

Laura Atkins wrote on 12/01/23 13:22:

...

None of this will make a company who doesn’t want to deal with abuse complaints deal with abuse complaints. It’s a total waste of resources.

Then RIPE has to sanction that member.

So we’re back to: how much will it cost to do this and how much will it actually improve anything? Which ignores a lot of big questions like: does RIPE actually have the authority to sanction folks, who is going to sanction them, what is the appeals process, how do we get to the sanctioning decision, how are we going to pay for the inevitable lawsuit, and a bunch of other things. It’s clear, though, that this is actually a much older argument. I’m pretty sure I’m not the first person to ask HOW this will all be implemented. The fact that someone can’t point me to a FAQ or actual proposal addressing these questions tells me how seriously this is being taken by the folks who are proposing it. laura

Example of ignored Abuse Reports regarding email hacking attempts:

You get countless hacking attempts to your email server (ie. brute-force attacks trying to login as a mail client by using either a valid email login name or some random names; they usually fail b/c of wrong password). It all gets logged in the emailserver logs together with exact timings, so there is enough evidence available for verification.

You send an Abuse Report to the owner of the IP from where these hacking attempts occur.But there is no reaction, the hacking attemps day and night continue. So, it's not just a one-time thing. Even if you block that IP, it still generates traffic and eats-up resources on the server.

We need an effective solution to stop such abuses. RIPE NCC should ask the client to fix the problem and formally inform the RIPE NCC about the fix within 7 days.

If the Abuse Reports still get ignored, then RIPE NCC should issue a 2nd warning and thereafter then terminate or suspend the membership until the issue gets fixed.

Laura Atkins wrote on 12/01/23 13:22:

...

None of this will make a company who doesn’t want to deal with abuse complaints deal with abuse complaints. It’s a total waste of resources.

laura

...

On 1 Dec 2023, at 10:53, U.Mutlu <security@mutluit.com> wrote:

For each complaint to RIPE NCC then such an (automated) email should be sent by the RIPE NCC to the abuse-c of that member. This should be the absolute minimum that should be done by the RIPE NCC.

Matthias Merkel wrote on 11/30/23 11:47:

...

The proposal is to send verification emails to abuse mailboxes and have a link in them clicked, right? I would have no objection to that.

Is there more that is being proposed in this proposal specifically?

— Maria Merkel

--

To unsubscribe from this mailing list, get a password reminder, or change your subscription options, please visit: https://lists.ripe.net/mailman/listinfo/anti-abuse-wg

-- The Delivery Expert

Laura Atkins Word to the Wise laura@wordtothewise.com

Delivery hints and commentary: http://wordtothewise.com/blog

-- The Delivery Expert Laura Atkins Word to the Wise laura@wordtothewise.com Delivery hints and commentary: http://wordtothewise.com/blog

Please provide actual data. Numbers -- Mr Michele Neylon Blacknight Solutions Hosting, Colocation & Domains https://www.blacknight.com/ https://blacknight.blog/ Intl. +353 (0) 59 9183072 Direct Dial: +353 (0)59 9183090 Personal blog: https://michele.blog/ Some thoughts: https://ceo.hosting/ ------------------------------- Blacknight Internet Solutions Ltd, Unit 12A,Barrowside Business Park,Sleaty Road,Graiguecullen,Carlow,R93 X265,Ireland Company No.: 370845 I have sent this email at a time that is convenient for me. I do not expect you to respond to it outside of your usual working hours. From: anti-abuse-wg <anti-abuse-wg-bounces@ripe.net> on behalf of jordi.palet--- via anti-abuse-wg <anti-abuse-wg@ripe.net> Date: Friday, 1 December 2023 at 13:38 To: anti-abuse-wg@ripe.net <anti-abuse-wg@ripe.net> Subject: Re: [anti-abuse-wg] Abuse Report ignored. What to do as next? [EXTERNAL EMAIL] Please use caution when opening attachments from unrecognised sources. Well … exactly the same way it has been already implemented in 2 other RIRs, working and no issues. Regards, Jordi @jordipalet

El 1 dic 2023, a las 14:28, Laura Atkins <laura@wordtothewise.com> escribió:

...

On 1 Dec 2023, at 13:22, U.Mutlu <security@mutluit.com> wrote:

Laura Atkins wrote on 12/01/23 13:22:

...

None of this will make a company who doesn’t want to deal with abuse complaints deal with abuse complaints. It’s a total waste of resources.

Then RIPE has to sanction that member.

So we’re back to: how much will it cost to do this and how much will it actually improve anything?

Which ignores a lot of big questions like: does RIPE actually have the authority to sanction folks, who is going to sanction them, what is the appeals process, how do we get to the sanctioning decision, how are we going to pay for the inevitable lawsuit, and a bunch of other things.

It’s clear, though, that this is actually a much older argument. I’m pretty sure I’m not the first person to ask HOW this will all be implemented. The fact that someone can’t point me to a FAQ or actual proposal addressing these questions tells me how seriously this is being taken by the folks who are proposing it.

laura

...

Example of ignored Abuse Reports regarding email hacking attempts:

You get countless hacking attempts to your email server (ie. brute-force attacks trying to login as a mail client by using either a valid email login name or some random names; they usually fail b/c of wrong password). It all gets logged in the emailserver logs together with exact timings, so there is enough evidence available for verification.

You send an Abuse Report to the owner of the IP from where these hacking attempts occur.But there is no reaction, the hacking attemps day and night continue. So, it's not just a one-time thing. Even if you block that IP, it still generates traffic and eats-up resources on the server.

We need an effective solution to stop such abuses. RIPE NCC should ask the client to fix the problem and formally inform the RIPE NCC about the fix within 7 days.

If the Abuse Reports still get ignored, then RIPE NCC should issue a 2nd warning and thereafter then terminate or suspend the membership until the issue gets fixed.

Laura Atkins wrote on 12/01/23 13:22:

...

None of this will make a company who doesn’t want to deal with abuse complaints deal with abuse complaints. It’s a total waste of resources.

laura

...

On 1 Dec 2023, at 10:53, U.Mutlu <security@mutluit.com> wrote:

For each complaint to RIPE NCC then such an (automated) email should be sent by the RIPE NCC to the abuse-c of that member. This should be the absolute minimum that should be done by the RIPE NCC.

Matthias Merkel wrote on 11/30/23 11:47:

...

The proposal is to send verification emails to abuse mailboxes and have a link in them clicked, right? I would have no objection to that.

Is there more that is being proposed in this proposal specifically?

— Maria Merkel

--

To unsubscribe from this mailing list, get a password reminder, or change your subscription options, please visit: https://lists.ripe.net/mailman/listinfo/anti-abuse-wg

-- The Delivery Expert

Laura Atkins Word to the Wise laura@wordtothewise.com

Delivery hints and commentary: http://wordtothewise.com/blog

-- The Delivery Expert

Laura Atkins Word to the Wise laura@wordtothewise.com

Delivery hints and commentary: http://wordtothewise.com/blog

--

To unsubscribe from this mailing list, get a password reminder, or change your subscription options, please visit: https://lists.ripe.net/mailman/listinfo/anti-abuse-wg

********************************************** IPv4 is over Are you ready for the new Internet ? http://www.theipv6company.com The IPv6 Company This electronic message contains information which may be privileged or confidential. The information is intended to be for the exclusive use of the individual(s) named above and further non-explicilty authorized disclosure, copying, distribution or use of the contents of this information, even if partially, including attached files, is strictly prohibited and will be considered a criminal offense. If you are not the intended recipient be aware that any disclosure, copying, distribution or use of the contents of this information, even if partially, including attached files, is strictly prohibited, will be considered a criminal offense, so you must reply to the original sender to inform about this communication and delete it. -- To unsubscribe from this mailing list, get a password reminder, or change your subscription options, please visit: https://lists.ripe.net/mailman/listinfo/anti-abuse-wg

Reminds me of this past situation from 2008 https://circleid.com/posts/hk_the_most_unsafe_domains From: anti-abuse-wg <anti-abuse-wg-bounces@ripe.net> on behalf of Serge Droz via anti-abuse-wg <anti-abuse-wg@ripe.net> Date: Sunday, 3 December 2023 at 4:26 PM To: anti-abuse-wg@ripe.net <anti-abuse-wg@ripe.net> Subject: Re: [anti-abuse-wg] Abuse Report ignored. What to do as next? Maybe it's time to measure these numbers in the RIPE region by trying a time limit experiment. If it doesn't work, we stop it again. We would have to discuss criteria for what "it work" means. That's a discussion I'd like to see on this list. By never trying anything concrete it's easy saying it doesn't work. Fact is, that other players have changed once pressure has been upped. Cheers Serge On 3 December 2023 09:48:43 UTC, Michele Neylon - Blacknight via anti-abuse-wg <anti-abuse-wg@ripe.net> wrote: Please provide actual data. Numbers -- Mr Michele Neylon Blacknight Solutions Hosting, Colocation & Domains https://www.blacknight.com/ https://blacknight.blog/ Intl. +353 (0) 59 9183072 Direct Dial: +353 (0)59 9183090 Personal blog: https://michele.blog/ Some thoughts: https://ceo.hosting/ ------------------------------- Blacknight Internet Solutions Ltd, Unit 12A,Barrowside Business Park,Sleaty Road,Graiguecullen,Carlow,R93 X265,Ireland Company No.: 370845 I have sent this email at a time that is convenient for me. I do not expect you to respond to it outside of your usual working hours. From: anti-abuse-wg <anti-abuse-wg-bounces@ripe.net> on behalf of jordi.palet--- via anti-abuse-wg <anti-abuse-wg@ripe.net> Date: Friday, 1 December 2023 at 13:38 To: anti-abuse-wg@ripe.net <anti-abuse-wg@ripe.net> Subject: Re: [anti-abuse-wg] Abuse Report ignored. What to do as next? [EXTERNAL EMAIL] Please use caution when opening attachments from unrecognised sources. Well … exactly the same way it has been already implemented in 2 other RIRs, working and no issues. Regards, Jordi @jordipalet

El 1 dic 2023, a las 14:28, Laura Atkins <laura@wordtothewise.com> escribió:

...

On 1 Dec 2023, at 13:22, U.Mutlu <security@mutluit.com> wrote:

Laura Atkins wrote on 12/01/23 13:22:

...

None of this will make a company who doesn’t want to deal with abuse complaints deal with abuse complaints. It’s a total waste of resources.

Then RIPE has to sanction that member.

So we’re back to: how much will it cost to do this and how much will it actually improve anything?

Which ignores a lot of big questions like: does RIPE actually have the authority to sanction folks, who is going to sanction them, what is the appeals process, how do we get to the sanctioning decision, how are we going to pay for the inevitable lawsuit, and a bunch of other things.

It’s clear, though, that this is actually a much older argument. I’m pretty sure I’m not the first person to ask HOW this will all be implemented. The fact that someone can’t point me to a FAQ or actual proposal addressing these questions tells me how seriously this is being taken by the folks who are proposing it.

laura

...

Example of ignored Abuse Reports regarding email hacking attempts:

You get countless hacking attempts to your email server (ie. brute-force attacks trying to login as a mail client by using either a valid email login name or some random names; they usually fail b/c of wrong password). It all gets logged in the emailserver logs together with exact timings, so there is enough evidence available for verification.

You send an Abuse Report to the owner of the IP from where these hacking attempts occur.But there is no reaction, the hacking attemps day and night continue. So, it's not just a one-time thing. Even if you block that IP, it still generates traffic and eats-up resources on the server.

We need an effective solution to stop such abuses. RIPE NCC should ask the client to fix the problem and formally inform the RIPE NCC about the fix within 7 days.

If the Abuse Reports still get ignored, then RIPE NCC should issue a 2nd warning and thereafter then terminate or suspend the membership until the issue gets fixed.

Laura Atkins wrote on 12/01/23 13:22:

...

None of this will make a company who doesn’t want to deal with abuse complaints deal with abuse complaints. It’s a total waste of resources.

laura

...

On 1 Dec 2023, at 10:53, U.Mutlu <security@mutluit.com> wrote:

For each complaint to RIPE NCC then such an (automated) email should be sent by the RIPE NCC to the abuse-c of that member. This should be the absolute minimum that should be done by the RIPE NCC.

Matthias Merkel wrote on 11/30/23 11:47:

...

The proposal is to send verification emails to abuse mailboxes and have a link in them clicked, right? I would have no objection to that.

Is there more that is being proposed in this proposal specifically?

— Maria Merkel

--

To unsubscribe from this mailing list, get a password reminder, or change your subscription options, please visit: https://lists.ripe.net/mailman/listinfo/anti-abuse-wg

-- The Delivery Expert

Laura Atkins Word to the Wise laura@wordtothewise.com

Delivery hints and commentary: http://wordtothewise.com/blog

-- The Delivery Expert

Laura Atkins Word to the Wise laura@wordtothewise.com

Delivery hints and commentary: http://wordtothewise.com/blog

--

To unsubscribe from this mailing list, get a password reminder, or change your subscription options, please visit: https://lists.ripe.net/mailman/listinfo/anti-abuse-wg

********************************************** IPv4 is over Are you ready for the new Internet ? http://www.theipv6company.com The IPv6 Company This electronic message contains information which may be privileged or confidential. The information is intended to be for the exclusive use of the individual(s) named above and further non-explicilty authorized disclosure, copying, distribution or use of the contents of this information, even if partially, including attached files, is strictly prohibited and will be considered a criminal offense. If you are not the intended recipient be aware that any disclosure, copying, distribution or use of the contents of this information, even if partially, including attached files, is strictly prohibited, will be considered a criminal offense, so you must reply to the original sender to inform about this communication and delete it. -- To unsubscribe from this mailing list, get a password reminder, or change your subscription options, please visit: https://lists.ripe.net/mailman/listinfo/anti-abuse-wg -- Dr. Serge Droz Director, Forum of Incident Response and Security Teams https://first.org

Serge The claim is that the change in policy had an impact in other regions. If that is true then where is the data to backup that assertion? Policy changes that have an impact on the NCC's resources and budget and RIPE members should be data driven where possible. Regards Michele -- Mr Michele Neylon Blacknight Solutions Hosting, Colocation & Domains https://www.blacknight.com/ https://blacknight.blog/ Intl. +353 (0) 59 9183072 Direct Dial: +353 (0)59 9183090 Personal blog: https://michele.blog/ Some thoughts: https://ceo.hosting/ ------------------------------- Blacknight Internet Solutions Ltd, Unit 12A,Barrowside Business Park,Sleaty Road,Graiguecullen,Carlow,R93 X265,Ireland Company No.: 370845 I have sent this email at a time that is convenient for me. I do not expect you to respond to it outside of your usual working hours. From: anti-abuse-wg <anti-abuse-wg-bounces@ripe.net> on behalf of Serge Droz via anti-abuse-wg <anti-abuse-wg@ripe.net> Date: Sunday, 3 December 2023 at 10:57 To: anti-abuse-wg@ripe.net <anti-abuse-wg@ripe.net> Subject: Re: [anti-abuse-wg] Abuse Report ignored. What to do as next? [EXTERNAL EMAIL] Please use caution when opening attachments from unrecognised sources. Maybe it's time to measure these numbers in the RIPE region by trying a time limit experiment. If it doesn't work, we stop it again. We would have to discuss criteria for what "it work" means. That's a discussion I'd like to see on this list. By never trying anything concrete it's easy saying it doesn't work. Fact is, that other players have changed once pressure has been upped. Cheers Serge On 3 December 2023 09:48:43 UTC, Michele Neylon - Blacknight via anti-abuse-wg <anti-abuse-wg@ripe.net> wrote: Please provide actual data. Numbers -- Mr Michele Neylon Blacknight Solutions Hosting, Colocation & Domains https://www.blacknight.com/ https://blacknight.blog/ Intl. +353 (0) 59 9183072 Direct Dial: +353 (0)59 9183090 Personal blog: https://michele.blog/ Some thoughts: https://ceo.hosting/ ------------------------------- Blacknight Internet Solutions Ltd, Unit 12A,Barrowside Business Park,Sleaty Road,Graiguecullen,Carlow,R93 X265,Ireland Company No.: 370845 I have sent this email at a time that is convenient for me. I do not expect you to respond to it outside of your usual working hours. From: anti-abuse-wg <anti-abuse-wg-bounces@ripe.net> on behalf of jordi.palet--- via anti-abuse-wg <anti-abuse-wg@ripe.net> Date: Friday, 1 December 2023 at 13:38 To: anti-abuse-wg@ripe.net <anti-abuse-wg@ripe.net> Subject: Re: [anti-abuse-wg] Abuse Report ignored. What to do as next? [EXTERNAL EMAIL] Please use caution when opening attachments from unrecognised sources. Well … exactly the same way it has been already implemented in 2 other RIRs, working and no issues. Regards, Jordi @jordipalet

El 1 dic 2023, a las 14:28, Laura Atkins <laura@wordtothewise.com> escribió:

...

On 1 Dec 2023, at 13:22, U.Mutlu <security@mutluit.com> wrote:

Laura Atkins wrote on 12/01/23 13:22:

...

None of this will make a company who doesn’t want to deal with abuse complaints deal with abuse complaints. It’s a total waste of resources.

Then RIPE has to sanction that member.

So we’re back to: how much will it cost to do this and how much will it actually improve anything?

Which ignores a lot of big questions like: does RIPE actually have the authority to sanction folks, who is going to sanction them, what is the appeals process, how do we get to the sanctioning decision, how are we going to pay for the inevitable lawsuit, and a bunch of other things.

It’s clear, though, that this is actually a much older argument. I’m pretty sure I’m not the first person to ask HOW this will all be implemented. The fact that someone can’t point me to a FAQ or actual proposal addressing these questions tells me how seriously this is being taken by the folks who are proposing it.

laura

...

Example of ignored Abuse Reports regarding email hacking attempts:

You get countless hacking attempts to your email server (ie. brute-force attacks trying to login as a mail client by using either a valid email login name or some random names; they usually fail b/c of wrong password). It all gets logged in the emailserver logs together with exact timings, so there is enough evidence available for verification.

You send an Abuse Report to the owner of the IP from where these hacking attempts occur.But there is no reaction, the hacking attemps day and night continue. So, it's not just a one-time thing. Even if you block that IP, it still generates traffic and eats-up resources on the server.

We need an effective solution to stop such abuses. RIPE NCC should ask the client to fix the problem and formally inform the RIPE NCC about the fix within 7 days.

If the Abuse Reports still get ignored, then RIPE NCC should issue a 2nd warning and thereafter then terminate or suspend the membership until the issue gets fixed.

Laura Atkins wrote on 12/01/23 13:22:

...

None of this will make a company who doesn’t want to deal with abuse complaints deal with abuse complaints. It’s a total waste of resources.

laura

...

On 1 Dec 2023, at 10:53, U.Mutlu <security@mutluit.com> wrote:

For each complaint to RIPE NCC then such an (automated) email should be sent by the RIPE NCC to the abuse-c of that member. This should be the absolute minimum that should be done by the RIPE NCC.

Matthias Merkel wrote on 11/30/23 11:47:

...

The proposal is to send verification emails to abuse mailboxes and have a link in them clicked, right? I would have no objection to that.

Is there more that is being proposed in this proposal specifically?

— Maria Merkel

--

To unsubscribe from this mailing list, get a password reminder, or change your subscription options, please visit: https://lists.ripe.net/mailman/listinfo/anti-abuse-wg

-- The Delivery Expert

Laura Atkins Word to the Wise laura@wordtothewise.com

Delivery hints and commentary: http://wordtothewise.com/blog

-- The Delivery Expert

Laura Atkins Word to the Wise laura@wordtothewise.com

Delivery hints and commentary: http://wordtothewise.com/blog

--

To unsubscribe from this mailing list, get a password reminder, or change your subscription options, please visit: https://lists.ripe.net/mailman/listinfo/anti-abuse-wg

********************************************** IPv4 is over Are you ready for the new Internet ? http://www.theipv6company.com The IPv6 Company This electronic message contains information which may be privileged or confidential. The information is intended to be for the exclusive use of the individual(s) named above and further non-explicilty authorized disclosure, copying, distribution or use of the contents of this information, even if partially, including attached files, is strictly prohibited and will be considered a criminal offense. If you are not the intended recipient be aware that any disclosure, copying, distribution or use of the contents of this information, even if partially, including attached files, is strictly prohibited, will be considered a criminal offense, so you must reply to the original sender to inform about this communication and delete it. -- To unsubscribe from this mailing list, get a password reminder, or change your subscription options, please visit: https://lists.ripe.net/mailman/listinfo/anti-abuse-wg -- Dr. Serge Droz Director, Forum of Incident Response and Security Teams https://first.org

On Tue 05/Dec/2023 15:17:59 +0100 Gert Doering wrote:

On Mon, Dec 04, 2023 at 09:40:22AM +0000, Michele Neylon - Blacknight via anti-abuse-wg wrote:

...

The claim is that the change in policy had an impact in other regions. If that is true then where is the data to backup that assertion?

Especially: saying "it feels less painful to send abuse complaints", aka "there is less bounces" is not the same as "there is less abuse" or "more people properly handle abuse requests directed to them now"

"Getting a bounce from an ill-maintained abuse mailbox" might actually be more insightful than "the mail is delivered just fine, but then ignored" - nothing in these proposals will force the receiver to deal with the mail properly, so getting abounce actually sends a clear signal "please just block this target network" instead of raising hopes.

That's right. Rather than having, for example: Responsible organisation: Oliv Evelyn Abuse contact info: noreply@lighost.com inetnum: 162.19.141.192 - 162.19.141.195 netname: OVH_293642614 where the address obviously bounces, it would be clearer to have an established way to say there is no abuse team. Empty, noservice@. or anything definite. Publishing a database containing rubbish is not a good service to the Internet community anyway. Whether that checking can lead to a characterization, via listing, that mail or web operators can use when vetting external input can be established at a further time. Best Ale --

have you enabled IPv6 on something today...?

On it, but will take a while...

A lot of what is being requested in this thread seems outside of RIPEs remit and raises endless questions about responsibility / overreach. RIPEs job is to manage the distribution and registration of resources across members as efficiently and fairly as possible - I've only been a member for a few years but it seems to be doing a pretty good job at that. The stated goal of the organisation is not to police and rule on the activities of those using the resources and take unilateral action against them if they break a law. I also reject the notion that this is what they should be doing - having a central authority to police internet activity seems to run contrary to the idea of an open internet and raises numerous questions. Who makes the rules? What level of evidence is needed? How do you accurately validate evidence? What is the process? What if there is some miscarriage of justice? Furthermore, the practicality of basing security on relying on a RIR correctly policing resource usage and preventing things like hacking attempts is ineffective and will lead to issues. There are multiple RIRs that would all need to work effectively to do this and even then, most hacking attempts are made through botnets anyways. In my experience, blacklists are effective and simple to set up so I don't understand how this isn't the easy solution here. All that being said, if RIPE wants to begin sending email notifications and checking whether abuse contact information is up to date / being replied to and publish that list then I think that is reasonable but it should be purely educational and made available for stakeholders to act independently with no central authority recommending any kind of action using the list. Again, practically speaking here.. I think all you'd find there would be a huge number of non-respondents and having to make a decision whether or not to block millions of european internet resources from your network just because the owner didn't click a email button. Timur Gok Managing Director [image: Logo] <https://www.pingproxies.com/> admin@pinglabs.co.uk - www.pinglabs.co.uk International House, 12 Constance Street, London, United Kingdom, E16 2DQ [image: LinkedIn icon] <https://www.linkedin.com/in/timur-gok-6a7074159/> [image: Twitter icon] <https://twitter.com/pingproxies> On Fri, Dec 1, 2023 at 1:23 PM U.Mutlu <security@mutluit.com> wrote:

Laura Atkins wrote on 12/01/23 13:22:

...

None of this will make a company who doesn’t want to deal with abuse complaints deal with abuse complaints. It’s a total waste of resources.

Then RIPE has to sanction that member.

Example of ignored Abuse Reports regarding email hacking attempts:

You get countless hacking attempts to your email server (ie. brute-force attacks trying to login as a mail client by using either a valid email login name or some random names; they usually fail b/c of wrong password). It all gets logged in the emailserver logs together with exact timings, so there is enough evidence available for verification.

You send an Abuse Report to the owner of the IP from where these hacking attempts occur.But there is no reaction, the hacking attemps day and night continue. So, it's not just a one-time thing. Even if you block that IP, it still generates traffic and eats-up resources on the server.

We need an effective solution to stop such abuses. RIPE NCC should ask the client to fix the problem and formally inform the RIPE NCC about the fix within 7 days.

If the Abuse Reports still get ignored, then RIPE NCC should issue a 2nd warning and thereafter then terminate or suspend the membership until the issue gets fixed.

Laura Atkins wrote on 12/01/23 13:22:

...

None of this will make a company who doesn’t want to deal with abuse complaints deal with abuse complaints. It’s a total waste of resources.

laura

...

On 1 Dec 2023, at 10:53, U.Mutlu <security@mutluit.com> wrote:

For each complaint to RIPE NCC then such an (automated) email should be sent by the RIPE NCC to the abuse-c of that member. This should be the absolute minimum that should be done by the RIPE NCC.

Matthias Merkel wrote on 11/30/23 11:47:

...

The proposal is to send verification emails to abuse mailboxes and have a link in them clicked, right? I would have no objection to that.

Is there more that is being proposed in this proposal specifically?

— Maria Merkel

--

To unsubscribe from this mailing list, get a password reminder, or change your subscription options, please visit: https://lists.ripe.net/mailman/listinfo/anti-abuse-wg

-- The Delivery Expert

Laura Atkins Word to the Wise laura@wordtothewise.com

Delivery hints and commentary: http://wordtothewise.com/blog

--

To unsubscribe from this mailing list, get a password reminder, or change your subscription options, please visit: https://lists.ripe.net/mailman/listinfo/anti-abuse-wg

I would never say you didn’t handle abuse reports. The question is whether that applies to each and every member in the ripe region. Even if a fraction of a percent of members or LIRs are affected by such a policy .. that is like saying there mustn’t be any speed limit because you are a careful and safe driver. --srs ________________________________ From: anti-abuse-wg <anti-abuse-wg-bounces@ripe.net> on behalf of Gert Doering <gert@space.net> Sent: Thursday, November 30, 2023 7:51:20 PM To: Serge Droz <serge.droz@first.org> Cc: anti-abuse-wg@ripe.net <anti-abuse-wg@ripe.net> Subject: Re: [anti-abuse-wg] Abuse Report ignored. What to do as next? Hi, On Thu, Nov 30, 2023 at 09:53:54AM +0100, Serge Droz via anti-abuse-wg wrote:

And as long as this group cannot come up with a compromise nothing will change, in essence the anti-abuse wg is taken hostage by the nay sayers. These discussions have been going on for years. Nothing new has come out.

I'd argue the attention budget of the anti-abuse WG is taken hostage by people bringing the same non-acceptable proposal back again and again... Let me repeat that we *do* handle our abuse reports, man our abuse mail address, and *do* like having working abuse contacts in the RIPE DB - it's just that this proposal at hand will do just plain nothing to improve the situation, while at the same hand annoying (and putting at potential risk if something slips) those that already do the right thing. No positive effect, but measurable drawbacks, so not a good way forward, no matter how often this is re-started. Gert Doering -- NetMaster -- have you enabled IPv6 on something today...? SpaceNet AG Vorstand: Sebastian v. Bomhard, Michael Emmer Joseph-Dollinger-Bogen 14 Aufsichtsratsvors.: A. Grundner-Culemann D-80807 Muenchen HRB: 136055 (AG Muenchen) Tel: +49 (0)89/32356-444 USt-IdNr.: DE813185279

Well, I can personally feel it when comparing abuse reporting in those regions (before and after the policy implementation) vs RIPE. That’s sufficient for me. I call it results. Also, when the LIRs don’t respond to abuse cases or abuse-c emails bounce, I can ask the relevant RIR to resolve it, and if they can’t, they must enforce the policy. Again, I call it a very noticeable result, vs this region where I have nothing to do. Regards, Jordi @jordipalet

El 30 nov 2023, a las 9:53, Leo Vegoda <leo@vegoda.org> escribió:

Hi Jordi,

On Thu, 30 Nov 2023 at 09:36, jordi.palet--- via anti-abuse-wg <anti-abuse-wg@ripe.net> wrote:

[...]

...

Each RIR has measured the “level of adoption” as they progressed with the initial verification (and this was presented at least a couple of times in every RIR), so there are slides in each of them, showing the progress. I can try to find them for you in the previous year's events if you can’t find them. Also my personal experience reporting over 1.500 abuse cases, average per day, shows that I get more “happy-ending” responses from those regions than before and keeps going better and better, which is not the case from RIPE unfortunately.

I was hoping for measurements showing an actual reduction in abuse. If there is no reduction in abuse that can be tightly linked to abuse-c verification etc... then what value does it bring?

Kind regards,

Leo

********************************************** IPv4 is over Are you ready for the new Internet ? http://www.theipv6company.com The IPv6 Company This electronic message contains information which may be privileged or confidential. The information is intended to be for the exclusive use of the individual(s) named above and further non-explicilty authorized disclosure, copying, distribution or use of the contents of this information, even if partially, including attached files, is strictly prohibited and will be considered a criminal offense. If you are not the intended recipient be aware that any disclosure, copying, distribution or use of the contents of this information, even if partially, including attached files, is strictly prohibited, will be considered a criminal offense, so you must reply to the original sender to inform about this communication and delete it.