How Not To Ask For A Website to Be taken Down
Got this earlier today (not to our abuse contact of course .. ) Couple of things to note Unless you read it a few times it's not easy to work out what the hell they are actually asking about If your first language isn't English then I suspect you'll dismiss it as spam .. .. I know some of my staff did and they supposedly speak English! "Dear Sir or Madame, As a result of our activities, Bank of America and/or its affiliates have acquired significant reputations in the field of banking and financial services worldwide and our trademark and brand (the “Marks”) are registered and/or used in the United States as well as many countries globally. We have now detected a website, or a redirect to a website, hosted on your network that purports to be a Bank of America or a Bank of America affiliate* website. The referenced site(s) uses the Marks, leading visitors to believe it is a website sponsored or endorsed by Bank of America or a Bank of America affiliate* while no such sponsorship or endorsement actually exists. The site requests visitors to supply sensitive personal or financial information. We have confirmed that this webpage is NOT authorized or endorsed by Bank of America and/or its affiliates. The use of our Marks in this way is likely to cause confusion in the mind of the public, leading them to believe that the website is associated with Bank of America or that we are otherwise supplying goods and services through it. As you know, “Phishing” sites such as this usually are part of larger criminal schemes that violate a number of federal, state and international laws. We request your immediate assistance in stopping the continued operation of this website and its unauthorized use of our Marks. Continued operation of the website in this way is not only likely to result in substantial damage to our reputation and goodwill but also perpetuates the appearance that your network is cooperating with the fraudulent purpose behind the website. We request that you please assist us in shutting down the website immediately. URL - http://xxxxxxxxx IP Address - xxxxxx As part of this action we request that you redirect all traffic going to this website to the following URL: http://education.apwg.org/r/en?xxxxxxxxxxxx By doing this it will provide a way for consumers to educate themselves about phishing. Information about implementing a redirect to this page can be found here: http://education.apwg.org/r/how_to.html Please forward this message with your response, directly to anti-phishing@bankofamerica.com. We thank you in advance for assisting us in stopping phishing and refusing to allow your network to be used for illegal activity. Thank you, Abuse Team Bank of America Contact Email: anti-phishing@bankofamerica.com *Bank of America affiliates include the following brands: MBNA Merrill Lynch Countrywide Military Bank LaSalle Fleet" Mr Michele Neylon Blacknight Solutions Hosting & Colocation, Brand Protection ICANN Accredited Registrar http://www.blacknight.com/ http://blog.blacknight.com/ http://blacknight.mobi/ http://mneylon.tel Intl. +353 (0) 59 9183072 US: 213-233-1612 UK: 0844 484 9361 Locall: 1850 929 929 Direct Dial: +353 (0)59 9183090 Twitter: http://twitter.com/mneylon PS: Check out our latest offers on domains & hosting: http://domainoffers.me/ ------------------------------- Blacknight Internet Solutions Ltd, Unit 12A,Barrowside Business Park,Sleaty Road,Graiguecullen,Carlow,Ireland Company No.: 370845
In message <FF4A9252-C4E2-4918-8E27-8EA1D239C97B@blacknight.ie>, "Michele Neylon :: Blacknight" <michele@blacknight.ie> wrote:
Got this earlier today (not to our abuse contact of course .. )
Couple of things to note
Unless you read it a few times it's not easy to work out what the hell they= are actually asking about
I confess that I am utterly baffled by your comment. The message from BofA seemed altogether clear and entirely straightforward and unambiguous to me. What is it, exactly, about that message that caused you to have any difficulty in "working it out"?
If your first language isn't English then I suspect you'll dismiss it as spam .. .. I know some of my staff did and they supposedly speak English!
Again, I am utterly baffled by your comment. Can you explain why anyone would ever dismiss BofA's message to you as spam? I also occasionally send messages to various networks, generally regarding serious ongoing security issues. If I was BofA, and I had to draft an e-mail to your organization, asking you to remove a phishing site from your network, I think I would have phrased the e-mail almost exactly the way that BofA did. And if you were tempted to ignore & trash BofA's notification to you, then I really would like to understand why, because if I can understand that, then perhaps I might also be able to understand why various networks have utterly ignored various messages I have sent, over time, alerting them to, e.g., hacked machines on their respective networks. Regards, rfg P.S. I think that a discussion of the BofA message, and your comments about it, would be quite entierly apropos for this mailing list, because after all, hasn't this WG just been working (struggling?) to finalize/ formalize a proposal to get abuse contact e-mail addresses into all RIPE allocation records? As someone else pointed out, requiring those (abuse) e-mail contacts will really be utterly pointless if the folks on the receiving ends of those e-mail addresses regularly or routinely trash inbound messages sent to those addresses, e.g. because, in their opinions, said messages "look vaguely like spam".
On 21 Dec 2010, at 23:33, Ronald F. Guilmette wrote:
In message <FF4A9252-C4E2-4918-8E27-8EA1D239C97B@blacknight.ie>, "Michele Neylon :: Blacknight" <michele@blacknight.ie> wrote:
Got this earlier today (not to our abuse contact of course .. )
Couple of things to note
Unless you read it a few times it's not easy to work out what the hell they= are actually asking about
I confess that I am utterly baffled by your comment. The message from BofA seemed altogether clear and entirely straightforward and unambiguous to me.
What is it, exactly, about that message that caused you to have any difficulty in "working it out"?
To start with it was sent to just about every single contact point imaginable except our abuse contact. The only reason it made it to our abuse team at all was because one of our sales staff asked me to look at it.
If your first language isn't English then I suspect you'll dismiss it as spam .. .. I know some of my staff did and they supposedly speak English!
Again, I am utterly baffled by your comment. Can you explain why anyone would ever dismiss BofA's message to you as spam?
Read the message. Instead of simply stating that they are alerting us to an issue they start off with a long convoluted text about their trademarks, which is totally irrelevant to us. All we want to know is that someone is reporting abuse, what type of abuse it is and where it is located. You might not find this hard to understand, but I suspect this is because you are used to reading these kind of emails and might be immune to how badly worded they are. If your first language isn't English how are you expected to deal with this? A much simpler email with the type of abuse and its location at the TOP of the email would be a lot saner and more likely to be dealt with in a timely fashion If someone wants (or needs to) include a lot of boiler legal text etc., then put it further down the email.
I also occasionally send messages to various networks, generally regarding serious ongoing security issues. If I was BofA, and I had to draft an e-mail to your organization, asking you to remove a phishing site from your network, I think I would have phrased the e-mail almost exactly the way that BofA did.
Then it probably would have been greeted with the same level of disdain that the one we got today was,
And if you were tempted to ignore & trash BofA's notification to you, then I really would like to understand why, because if I can understand that, then perhaps I might also be able to understand why various networks have utterly ignored various messages I have sent, over time, alerting them to, e.g., hacked machines on their respective networks.
Regards, rfg
P.S. I think that a discussion of the BofA message, and your comments about it, would be quite entierly apropos for this mailing list, because after all, hasn't this WG just been working (struggling?) to finalize/ formalize a proposal to get abuse contact e-mail addresses into all RIPE allocation records?
As someone else pointed out, requiring those (abuse) e-mail contacts will really be utterly pointless if the folks on the receiving ends of those e-mail addresses regularly or routinely trash inbound messages sent to those addresses, e.g. because, in their opinions, said messages "look vaguely like spam".
I totally agree. I've been asking security companies / banks etc etc to send simpler and more accessible abuse reports for ages. Some do, but a lot of them still don't (And then there's the opposite end of the spectrum, where you get a vague message saying that an IP is abusing someone's system, but they fail to tell you what that system is or who they are .. ) Regards Michele Mr Michele Neylon Blacknight Solutions Hosting & Colocation, Brand Protection ICANN Accredited Registrar http://www.blacknight.com/ http://blog.blacknight.com/ http://blacknight.mobi/ http://mneylon.tel Intl. +353 (0) 59 9183072 US: 213-233-1612 UK: 0844 484 9361 Locall: 1850 929 929 Direct Dial: +353 (0)59 9183090 Twitter: http://twitter.com/mneylon ------------------------------- Blacknight Internet Solutions Ltd, Unit 12A,Barrowside Business Park,Sleaty Road,Graiguecullen,Carlow,Ireland Company No.: 370845
My apologies for not following up on this sooner. It's definitely the busy season... In message <97C58E22-A243-4A57-9602-7184B5D3522A@blacknight.ie>, "Michele Neylon :: Blacknight" <michele@blacknight.ie> wrote:
What is it, exactly, about that message that caused you to have any difficulty in "working it out"?
To start with it was sent to just about every single contact point imaginab le except our abuse contact. The only reason it made it to our abuse team a t all was because one of our sales staff asked me to look at it.
Well, OK. Arguably that was bad form on their part. But having been "in the trenches" now myself for over 15 years, I can well and truly understand why they didn't even bother to CC: abuse@ (even though I myself would have done so). In fact there are many reasons why an intelligent and an _experienced_ person would never even waste the bits to even CC: abuse@. Here are justr a few of those reasons: #1) On a large number of commercial ISP networks, abuse@ has been aliased to /dev/null. This isn't speculation. This is fact. Certainly, a lot of commercial ISPs make a business of catering especially to the lucrative spamming trade. Thus, these ISPs in particular they have less than zero interest in _anything_ anybody might send to abuse@. (And some, like several in Russia... or that one in "Belize" I already posted about... are run by folks who are criminals themselves. So they don't even care even if you have a non-spam related "abuse" issue.) Even for the vast majority of commercial networks that are NOT specifically going out of their way to cater especially to spammers or other criminals, the decision has been made, long ago (and in many cases even BEFORE the advent of the Great Recession) that any sort of "abuse desk" type function is an unjustifiable "cost center" as opposed to a "profit center". Thus, with only rare exceptions, virtually every ISP that is any bigger than a small-time "mon and pop" operation has long ago aliased abuse@ to /dev/null because management sees no profit potential whatsoever is assigning even a fractional warm body to read that stuff. And of course, the advent of the Great Recession only speeded up the final (and now near total and global) aliasing of abuse@ to /dev/null. Even for those networks... a minority to begin with... where there existed some sense of public/community responsibility (e.g. to investigate & respond to network abuse reports) and/or a sense of the importantance and value of maintaining a good corporate reputation, the Great Recession has, for many, sharpened the coroprate focus on mere survival, while niceities like good corporate netizenship have, understandably I suppose, gone by the wayside. #2) Even for those networks where abuse@ is not aliased to /dev/null, sending anything other than a _spam_ report to that address will typically engender either (a) no response at all (with the message being silently discarded) or else (b) an irritated response of the form "Why are you sending this to abuse@??" or else (c) a more or less automated response (either from an actual program or else from a low-paid human who has been trained to act like one) the form "We're sorry, but we cannot accept abuse complaints without either (a) a full set of e-mail headers or else (b) a complete set of system intrusion logs." Obviously, in the case under discussion, which involved primarily violations of trademark rights (and with the high probability of associated phishing activity being only "unproven" and speculative) the party sending the report had no system logs nor any e-mail headers to send. #3) Although, for the various reasons noted above, and others, sending a report like this to an abuse@ address might yield no meaningful or useful action at all, the mere presence of the corporate abuse@ address, either in the To: header or in the Cc: header would most likely cause any and all other parties to whom such a report had been addressed (and who might otherwise potentially be more responsive/responsible than abuse@) to simply trash the message, e.g. because they might reasonably assume that "Oh! This was sent to abuse@ too, so the abuse department/person will surely handle it, and I don't need to get involved." #4) Last but not least, in the circles I travel in, a clear and unambiguous distinction is often drawn between "abuse ON the network" and "abuse OF the network". As we all know, the latter occurs almost every second of the day, somewhere on the Internet, and it can range from undeserved insults and slanders to sophisticated social engineering con games involving millions of dollars. But none of that "abuse ON the network" in any way threatens the operational status of any part of the net. Conversely, of course, spam and DoS attack directly threaten the operational status of either parts of the net or, in sum, even the whole thing, and thus, by tradition among the people I commonly hang out with, "abuse OF the net" is widley considered to be the only thing (a) that humans can reasonably fight and also (b) in many people's minds, it is the only thing that's _worth_ fighting for. (After all, the world and the net will go on even if you or I are heniously slandered or even defrauded, tomorrow, somewhere on the Internet.) The upshot of all this line of thinking is that some (many?) believe that it's not even the job of an ISP abuse desk to even delve into any matters that do not clearly affect network operational status. At any and all ISPs of this persuasion, a note to abuse@ regarding a clear trademark violation (and a plausible/possible phishing threat) would be discarded virtually the moment it was opened. _=_=_= I'm not saying that any if the above are ``good'' reasons why a report like the one sent to you from BofA _should_ be effectively ignored by the person or robot tasked with reading mail sent to abuse@ (at various ISPs). I am only saying that out here in the Real World, that is, alas, what often would (and does) happen.
If your first language isn't English then I suspect you'll dismiss it as spam .. .. I know some of my staff did and they supposedly speak English
Again, I am utterly baffled by your comment. Can you explain why anyone would ever dismiss BofA's message to you as spam?
Read the message. Instead of simply stating that they are alerting us to an issue they start off with a long convoluted text about their trademarks, w hich is totally irrelevant to us. All we want to know is that someone is re porting abuse, what type of abuse it is and where it is located.
OK, now _here_ you have a point that I cannot reasonably take issue with. And your point is, I think, not only valid but also, potentially very useful. You're right. I think the way that people in the news business commonly express the point you just made is that it is bad practice to "bury the lead", i.e. its important to express the major point you are trying to make (in a news story or in an abuse report) clearly, concisely, and in the first sentence. That's a good lesson for all of us writers of abuse reports, and one I'll try, in future, never to forget myself.
You might not find this hard to understand, but I suspect this is because y ou are used to reading these kind of emails and might be immune to how badly worded they are.
No, actually, it is more because I have some extensive experience reading legal documents (e.g. court filings) and thus I'm already so adept at hacking through the thicket of words (to find the meat) that it's almost second nature (and automatic/subconcious) to me now, kind of like people who are so practiced that they can almost play a piano concerto in their sleep. That explains why, when I see something like that BofA e-mail you posted, its verbosity and/or failure to clearly and quickly come to the point doesn't faze me in the slightest. (I guess that I have been hanging out with lawyers too long. :-) Regards, rfg
On Thursday, December 23, 2010 08:59:43 am Ronald F. Guilmette wrote: Now, let me see if I get this right... This post contains more than a 1000 words, to argue about NOT using abuse contacts, in the real world, and this is how reports should be sent? I am definitely missing something here... Regards, Kostas
My apologies for not following up on this sooner. It's definitely the busy season...
In message <97C58E22-A243-4A57-9602-7184B5D3522A@blacknight.ie>,
"Michele Neylon :: Blacknight" <michele@blacknight.ie> wrote:
What is it, exactly, about that message that caused you to have any difficulty in "working it out"?
To start with it was sent to just about every single contact point imaginab le except our abuse contact. The only reason it made it to our abuse team a t all was because one of our sales staff asked me to look at it.
Well, OK. Arguably that was bad form on their part. But having been "in the trenches" now myself for over 15 years, I can well and truly understand why they didn't even bother to CC: abuse@ (even though I myself would have done so).
In fact there are many reasons why an intelligent and an _experienced_ person would never even waste the bits to even CC: abuse@. Here are justr a few of those reasons:
#1) On a large number of commercial ISP networks, abuse@ has been aliased to /dev/null. This isn't speculation. This is fact.
Certainly, a lot of commercial ISPs make a business of catering especially to the lucrative spamming trade. Thus, these ISPs in particular they have less than zero interest in _anything_ anybody might send to abuse@. (And some, like several in Russia... or that one in "Belize" I already posted about... are run by folks who are criminals themselves. So they don't even care even if you have a non-spam related "abuse" issue.)
Even for the vast majority of commercial networks that are NOT specifically going out of their way to cater especially to spammers or other criminals, the decision has been made, long ago (and in many cases even BEFORE the advent of the Great Recession) that any sort of "abuse desk" type function is an unjustifiable "cost center" as opposed to a "profit center". Thus, with only rare exceptions, virtually every ISP that is any bigger than a small-time "mon and pop" operation has long ago aliased abuse@ to /dev/null because management sees no profit potential whatsoever is assigning even a fractional warm body to read that stuff.
And of course, the advent of the Great Recession only speeded up the final (and now near total and global) aliasing of abuse@ to /dev/null.
Even for those networks... a minority to begin with... where there existed some sense of public/community responsibility (e.g. to investigate & respond to network abuse reports) and/or a sense of the importantance and value of maintaining a good corporate reputation, the Great Recession has, for many, sharpened the coroprate focus on mere survival, while niceities like good corporate netizenship have, understandably I suppose, gone by the wayside.
#2) Even for those networks where abuse@ is not aliased to /dev/null, sending anything other than a _spam_ report to that address will typically engender either (a) no response at all (with the message being silently discarded) or else (b) an irritated response of the form "Why are you sending this to abuse@??" or else (c) a more or less automated response (either from an actual program or else from a low-paid human who has been trained to act like one) the form "We're sorry, but we cannot accept abuse complaints without either (a) a full set of e-mail headers or else (b) a complete set of system intrusion logs."
Obviously, in the case under discussion, which involved primarily violations of trademark rights (and with the high probability of associated phishing activity being only "unproven" and speculative) the party sending the report had no system logs nor any e-mail headers to send.
#3) Although, for the various reasons noted above, and others, sending a report like this to an abuse@ address might yield no meaningful or useful action at all, the mere presence of the corporate abuse@ address, either in the To: header or in the Cc: header would most likely cause any and all other parties to whom such a report had been addressed (and who might otherwise potentially be more responsive/responsible than abuse@) to simply trash the message, e.g. because they might reasonably assume that "Oh! This was sent to abuse@ too, so the abuse department/person will surely handle it, and I don't need to get involved."
#4) Last but not least, in the circles I travel in, a clear and unambiguous distinction is often drawn between "abuse ON the network" and "abuse OF the network". As we all know, the latter occurs almost every second of the day, somewhere on the Internet, and it can range from undeserved insults and slanders to sophisticated social engineering con games involving millions of dollars. But none of that "abuse ON the network" in any way threatens the operational status of any part of the net. Conversely, of course, spam and DoS attack directly threaten the operational status of either parts of the net or, in sum, even the whole thing, and thus, by tradition among the people I commonly hang out with, "abuse OF the net" is widley considered to be the only thing (a) that humans can reasonably fight and also (b) in many people's minds, it is the only thing that's _worth_ fighting for. (After all, the world and the net will go on even if you or I are heniously slandered or even defrauded, tomorrow, somewhere on the Internet.)
The upshot of all this line of thinking is that some (many?) believe that it's not even the job of an ISP abuse desk to even delve into any matters that do not clearly affect network operational status. At any and all ISPs of this persuasion, a note to abuse@ regarding a clear trademark violation (and a plausible/possible phishing threat) would be discarded virtually the moment it was opened.
_=_=_=
I'm not saying that any if the above are ``good'' reasons why a report like the one sent to you from BofA _should_ be effectively ignored by the person or robot tasked with reading mail sent to abuse@ (at various ISPs). I am only saying that out here in the Real World, that is, alas, what often would (and does) happen.
If your first language isn't English then I suspect you'll dismiss it as spam .. .. I know some of my staff did and they supposedly speak English
Again, I am utterly baffled by your comment. Can you explain why anyone would ever dismiss BofA's message to you as spam?
Read the message. Instead of simply stating that they are alerting us to an
issue they start off with a long convoluted text about their trademarks, w
hich is totally irrelevant to us. All we want to know is that someone is re porting abuse, what type of abuse it is and where it is located.
OK, now _here_ you have a point that I cannot reasonably take issue with. And your point is, I think, not only valid but also, potentially very useful. You're right. I think the way that people in the news business commonly express the point you just made is that it is bad practice to "bury the lead", i.e. its important to express the major point you are trying to make (in a news story or in an abuse report) clearly, concisely, and in the first sentence.
That's a good lesson for all of us writers of abuse reports, and one I'll try, in future, never to forget myself.
You might not find this hard to understand, but I suspect this is because y ou are used to reading these kind of emails and might be immune to how badly worded they are.
No, actually, it is more because I have some extensive experience reading legal documents (e.g. court filings) and thus I'm already so adept at hacking through the thicket of words (to find the meat) that it's almost second nature (and automatic/subconcious) to me now, kind of like people who are so practiced that they can almost play a piano concerto in their sleep. That explains why, when I see something like that BofA e-mail you posted, its verbosity and/or failure to clearly and quickly come to the point doesn't faze me in the slightest. (I guess that I have been hanging out with lawyers too long. :-)
Regards, rfg
In message <201012230917.20959.kzorba@otenet.gr>, Kostas Zorbadelos <kzorba@otenet.gr> wrote:
On Thursday, December 23, 2010 08:59:43 am Ronald F. Guilmette wrote:
Now, let me see if I get this right... This post contains more than a 1000 words, to argue about NOT using abuse contacts, in the real world,
Yes.
and this is how reports should be sent?
This last part of your sentence seems entirely disconnected and unrelated to the first part. If there was in fact some connection between the two which you intended to convey, please do enlighten me about what that might be. The first part seems to be about a message I sent as part of a discussion (hopefully a detailed and intelligent one) here on the RIPE Anti-Abuse working group mailing list, while the latter part seems to be about how e-mails sent to ISP abuse@ contacts should or should not appear. Was there some rule somewhere that says that both types of communication should be of similar style and/or of equal length? If so, I missed that.
I am definitely missing something here...
Either you are or I am. One of the two. Regards, rfg
On Thursday, December 23, 2010 11:52:44 am Ronald F. Guilmette wrote:
In message <201012230917.20959.kzorba@otenet.gr>,
Kostas Zorbadelos <kzorba@otenet.gr> wrote:
On Thursday, December 23, 2010 08:59:43 am Ronald F. Guilmette wrote:
If I may use an "analogy" from the programming world you seem to quite overload the meaning of words. To me the thing is as clear as this: a discussion was raised because of an abuse report sent to someone and it was written and addressed in such a way that the recipient could have mistaken it as SPAM. Now I get that you are saying that we should generally not use in the "real world" abuse contacts to send reports or anything else related to abuse. To me this doesn't make sense. Having said this, I consider the case closed. I think that we (as a group) should try to produce more meaningful and actual work on anti-abuse. But this is the subject of a different mail I intend to send to the list a bit later... Regards, Kostas
Now, let me see if I get this right... This post contains more than a 1000 words, to argue about NOT using abuse contacts, in the real world,
Yes.
and this is how reports should be sent?
This last part of your sentence seems entirely disconnected and unrelated to the first part. If there was in fact some connection between the two which you intended to convey, please do enlighten me about what that might be.
The first part seems to be about a message I sent as part of a discussion (hopefully a detailed and intelligent one) here on the RIPE Anti-Abuse working group mailing list, while the latter part seems to be about how e-mails sent to ISP abuse@ contacts should or should not appear.
Was there some rule somewhere that says that both types of communication should be of similar style and/or of equal length? If so, I missed that.
I am definitely missing something here...
Either you are or I am. One of the two.
Regards, rfg
In message <201012231237.21841.kzorba@otenet.gr>, Kostas Zorbadelos <kzorba@otenet.gr> wrote:
Now I get that you are saying that we should generally not use in the "real world" abuse contacts to send reports or anything else related to abuse.
Actually, I never said anything remotely like that. Not even close. I merely noted all of the reasons why someone (or some company) trying to protect their trademarks from being misused in conjunction with apparent phishing sites might reasonably avoid even trying to file a report about a problem like that with any abuse@ type e-mail address. I didn't even say that I felt that BofA had done either the Right Thing or the Best Thing in this case. I was merely defending their choices as probably being reasonable ones... even if perhaps not the best ones... given the actual (sad) situation "on the ground" on the net these days.
To me this doesn't make sense.
Indeed. Had I in fact said what you thought I said, then I would agree that what I said would not have made sense. But I didn't, so I don't.
Having said this, I consider the case closed. I think that we (as a group) should try to produce more meaningful and actual work on anti-abuse.
Well now hold on just one moment. As I said before, other people here have previously noted that mandating abuse contact e-mail addresses in RIPE whois may be a fruitless exercise in futility if there is nobody on the other end of those e-mail addresses, reading the stuff sent there. But that's only one of the many ways that such contact e-mail addresses might be rendered less-than-useful, or at any rate less than as maximally useful as they could potentially be. Another thing that... as this BofA example has shown... might cause those newly mandated abuse@ addresses to be less than maximally useful is if the people sending to those addresses, and the people who are reading the messages coming in to those addresses have fundamental disagreements about what is or what is not an appropriate kind of "abuse" that should be reported to said addresses. In short, what I suspect we all might benefit from would be (a) a Best Current Practices document which would clearly lay out what kinds of "abuse" these newly mandated e-mail contact addresses should be handling (and perhaps even an outline of what they should be doing to respond to different kinds of reports, e.g. trademark infringment, with a possible helping of phishing on the side). Without such a BCP document, disagree- ments, between sender and receivers, about where to send different kinds of "abuse" reports (as illustrated by this BofA example) may continue and even proliferate. Furthermore, and again as this BofA example has helped to illustrate, it seems to me that perhaps development of a community- endorsed BCP for abuse _reporters_ would be just as useful and just as important as a community-endorsed BCP for abuse report handlers. In the absence of both/either, the current plan to mandate abuse contacts in RIPE records may in the end have little practical effect, i.e. if it is still the case that nobody has any solid or commonly agreed ideas about how or for what purposes such things might be used. I disagree that discussion of such matters fails to constitute "meaningful and actual work on anti-abuse." In fact it might be argued that discussion of such matters may go to the heart of net's abundant, multiple, and growing abuse problems. After all, if nobody even agrees on what abuse is, what kinds should be reported, or where, or what reasonable ISPs should do about "abuse", then it seems to me that everything else that we... the collective we... might undertake "meaningful and actual work on" might in the end, be rendered utterly superfluous by these more fundamental unresolved disagree- ments. Regards, rfg
-----Original Message----- From: anti-abuse-wg-admin@ripe.net [mailto:anti-abuse-wg- admin@ripe.net] On Behalf Of Ronald F. Guilmette Sent: Thursday, December 23, 2010 9:00 AM To: <anti-abuse-wg@ripe.net>
In message <97C58E22-A243-4A57-9602-7184B5D3522A@blacknight.ie>, "Michele Neylon :: Blacknight" <michele@blacknight.ie> wrote:
Instead of simply stating that they are alerting us to an issue they start off with a long convoluted text about their trademarks, w hich is totally irrelevant to us.
You're right. I think the way that people in the news business commonly express the point you just made is that it is bad practice to "bury the lead", i.e. its important to express the major point you are trying to make (in a news story or in an abuse report) clearly, concisely, and in the first sentence.
What was the "Subject:" line of the takedown request? (My apologies if it was already mentioned. The archive at http://www.ripe.net/ripe/maillists/archives/anti-abuse-wg/2010/ seems to be broken. "Archive Last Changed: 01 December 2010 17:58 CET") -- Thor Kottelin http://www.anta.net/
"Thor Kottelin" wrote the following on 23/12/2010 07:59:
-----Original Message----- From: anti-abuse-wg-admin@ripe.net [mailto:anti-abuse-wg- admin@ripe.net] On Behalf Of Ronald F. Guilmette Sent: Thursday, December 23, 2010 9:00 AM To:<anti-abuse-wg@ripe.net>
In message<97C58E22-A243-4A57-9602-7184B5D3522A@blacknight.ie>, "Michele Neylon :: Blacknight"<michele@blacknight.ie> wrote:
Instead of simply stating that they are alerting us to an issue they start off with a long convoluted text about their trademarks, w hich is totally irrelevant to us.
You're right. I think the way that people in the news business commonly express the point you just made is that it is bad practice to "bury the lead", i.e. its important to express the major point you are trying to make (in a news story or in an abuse report) clearly, concisely, and in the first sentence.
What was the "Subject:" line of the takedown request?
(My apologies if it was already mentioned. The archive at http://www.ripe.net/ripe/maillists/archives/anti-abuse-wg/2010/ seems to be broken. "Archive Last Changed: 01 December 2010 17:58 CET")
The lovely people in the NCC tell me this should now be fixed. Brian.
On Wed, Dec 22, 2010 at 12:33 AM, Ronald F. Guilmette <rfg@tristatelogic.com
wrote:
I confess that I am utterly baffled by your comment. The message from BofA seemed altogether clear and entirely straightforward and unambiguous to me.
What is it, exactly, about that message that caused you to have any difficulty in "working it out"?
Well, I for one had hard time to find the beef, and I'm language skills are reasonably good. The language is IMHO appropriate for letters sent to a lawyer, but doesn't necessarily properly communicate to anybody else. -- Mr. Esa Laitinen Tel. +41 76 200 2870 skype/yahoo: reunaesa
In message <AANLkTi=pcQVGC3gut2saQ3McwzJrs=CNF_1dNjw6Hny1@mail.gmail.com>, Esa Laitinen <esa.laitinen@iki.fi> wrote:
On Wed, Dec 22, 2010 at 12:33 AM, Ronald F. Guilmette <rfg@tristatelogic.com
wrote:
I confess that I am utterly baffled by your comment. The message from BofA seemed altogether clear and entirely straightforward and unambiguous to me.
What is it, exactly, about that message that caused you to have any difficulty in "working it out"?
Well, I for one had hard time to find the beef, and I'm language skills are reasonably good.
Assuming that the above was not a veiled attempt at humor, allow me to say that some might find cause to question your assertion, embedded within the assertion itself. But yes, as I previously agreed (in another posting), the language of the notice from BofA was indeed verbose, prolix, and failed to clarify the issue that prompted the e-mail within the first sentence, as it should have. Regards, rfg
On Dec 21, 2010, at 11:34 PM, "Ronald F. Guilmette" <rfg@tristatelogic.com> wrote:
In message <FF4A9252-C4E2-4918-8E27-8EA1D239C97B@blacknight.ie>, "Michele Neylon :: Blacknight" <michele@blacknight.ie> wrote:
Got this earlier today (not to our abuse contact of course .. )
Couple of things to note
Unless you read it a few times it's not easy to work out what the hell they= are actually asking about
I confess that I am utterly baffled by your comment. The message from BofA seemed altogether clear and entirely straightforward and unambiguous to me.
A few years back there was a movie called “The Front Page”. In it, the reporter played by Jack Lemmon filed a story about the execution of a criminal. His editor asked where some of the details were. “It’s in the second paragraph,” replied Lemmon. “Nobody reads the second paragraph!” barked the editor.
At the risk of breaking the rule, I think it is reasonable to ask people sending abuse reports to put the details of the abuse and the requested action first and to put waffle at the end, if they feel they have to include it at all. The BoA message started with waffle and it would be perfectly reasonable to not read past that to the meat of the report. Regards, Leo
All, On Tue, 2010-12-21 at 17:36 +0000, Michele Neylon :: Blacknight wrote:
Got this earlier today (not to our abuse contact of course .. )
Couple of things to note
Unless you read it a few times it's not easy to work out what the hell they are actually asking about
Does it make any sense to produce a RIPE document suggesting the proper way to report abuse? This document can be short & sweet, just like the reports should be. A few good ideas are already in this thread: report to the right people, say the important bits up-front, and so on. -- Shane
On 23 Dec 2010, at 11:38, Shane Kerr wrote:
All,
On Tue, 2010-12-21 at 17:36 +0000, Michele Neylon :: Blacknight wrote:
Got this earlier today (not to our abuse contact of course .. )
Couple of things to note
Unless you read it a few times it's not easy to work out what the hell they are actually asking about
Does it make any sense to produce a RIPE document suggesting the proper way to report abuse?
This document can be short & sweet, just like the reports should be. A few good ideas are already in this thread: report to the right people, say the important bits up-front, and so on.
-- Shane
Shane That would make a lot of sense to me :) Regards Michele Mr Michele Neylon Blacknight Solutions Hosting & Colocation, Brand Protection ICANN Accredited Registrar http://www.blacknight.com/ http://blog.blacknight.com/ http://blacknight.mobi/ http://mneylon.tel Intl. +353 (0) 59 9183072 US: 213-233-1612 UK: 0844 484 9361 Locall: 1850 929 929 Direct Dial: +353 (0)59 9183090 Twitter: http://twitter.com/mneylon ------------------------------- Blacknight Internet Solutions Ltd, Unit 12A,Barrowside Business Park,Sleaty Road,Graiguecullen,Carlow,Ireland Company No.: 370845
"Shane Kerr" wrote the following on 23/12/2010 11:38:
All,
On Tue, 2010-12-21 at 17:36 +0000, Michele Neylon :: Blacknight wrote:
Got this earlier today (not to our abuse contact of course .. )
Couple of things to note
Unless you read it a few times it's not easy to work out what the hell they are actually asking about
Does it make any sense to produce a RIPE document suggesting the proper way to report abuse?
This document can be short& sweet, just like the reports should be. A few good ideas are already in this thread: report to the right people, say the important bits up-front, and so on.
It makes a lot of sense. The BCP on how to report and act on abuse/avoid abuse has been a headline action for the group. I haven't done enough on this and I'm not sure I'm going to be able to in the short term. I am hoping that adding a co-chair to the group will help on this, but either way, if someone is willing to lead this piece of work, I will assist them in any way I can (both with wording, resources and process). There are people willing to help, but the project needs someone to head it up. Thanks, Brian. Chair, AA-WG
Hi all,
Does it make any sense to produce a RIPE document suggesting the proper way to report abuse?
This document can be short & sweet, just like the reports should be. A few good ideas are already in this thread: report to the right people, say the important bits up-front, and so on.
We are already working on a format, that is used by more and more people. It is meant as an extension to the well known RFC 5965 ARF. Called X-ARF. http://xarf.org Everybody who is interested in helping and using it, let us know and we can subscribe you to the mailinglist. Some tools are already available here: https://github.com/xarf Thank you everybody and Merry Christmas Tobias -- abusix
On Dec 23, 2010, at 3:38 AM, Shane Kerr wrote:
Does it make any sense to produce a RIPE document suggesting the proper way to report abuse?
This document can be short & sweet, just like the reports should be. A few good ideas are already in this thread: report to the right people, say the important bits up-front, and so on.
Similar documents were written in years past, but something up to date would be very welcome. On Dec 23, 2010, at 7:30 AM, Tobias Knecht wrote:
We are already working on a format, that is used by more and more people. It is meant as an extension to the well known RFC 5965 ARF. Called X-ARF. http://xarf.org
When will your proposed extension be brought to the IETF, so it can be made an official standard?
On Dec 23, 2010, at 7:30 AM, Tobias Knecht wrote:
We are already working on a format, that is used by more and more people. It is meant as an extension to the well known RFC 5965 ARF. Called X-ARF. http://xarf.org
When will your proposed extension be brought to the IETF, so it can be made an official standard?
At the moment there is no such plan in our pocket. We are trying to figure out what helps people and how we can use the possibilities of the xarf idea best. Tobias -- abusix
participants (10)
-
Brian Nisbet -
Esa Laitinen -
J.D. Falk -
Kostas Zorbadelos -
Leo Vegoda -
Michele Neylon :: Blacknight -
Ronald F. Guilmette -
Shane Kerr -
Thor Kottelin -
Tobias Knecht