Marco Schmidt wrote on 01/10/2019 13:18:

As per the RIPE Policy Development Process (PDP), the purpose of this four-week Discussion Phase is to discuss the proposal and provide feedback to the proposer.

This version addresses none of the issues I brought up with the previous version in May:

https://www.ripe.net/ripe/mail/archives/anti-abuse-wg/2019-May/005120.html

There isn't a major problem with the RIPE NCC testing abuse mailboxes on a purely advisory basis, but the RIPE abuse working group has no authority to dictate to internet resource holders how to perform their abuse management workflow, with an explicit threat that their businesses will be ruined unless they comply to the letter. Alex de Joode pointed out on May 17th that the proposal also lacks proportionality and would be unlikely to be upheld in court. It seems inadvisable that the RIPE NCC should implement a policy with such poor legal basis. The policy is fundamentally broken and should be withdrawn. Nick

Hi, After reviewing version 2, i'm not very sure about: 1) "Require intervention by the recipient" Some reports will not require intervention, they work only as a warning for a possible device infection. Some incident response teams may also decide not to process certain categories of reports/incidents. One of our examples is the huge set of reports we receive related to the webcrawling activity that feeds into the portuguese web archive (arquivo.pt). Some networks/servers are more sensible to webcrawling and have automated report generation mechanisms. That's also something that must be considered. We can't expect a manual intervention by the recipient if the sender has an automated process... 2) "Must guarantee that abuse reports and related logs, examples, or email headers are received". I think this one can be tweaked: The recipient domain's policy might be to discard messages bigger than <N> megabytes (we have that in my org's domain, but not on the CSIRT's domain). Hence, i would say to add ", upto a reasonable limit in size" to the sentence. 3) About "5.0 Escalation to the RIPE NCC" It's also important to note that a domain is entirely free to block incoming messages from another given domain. So, if someone receives 500 reports/day from the same mailbox, or from several mailboxes of the same domain, it's perfectly normal to blacklist the sending domain locally... 4) About the 1 year to 6 months change, i'm OK with it as long as it's feasible for the NCC's system -- but i guess the I.A. might clarify that. Final comments: I think the proposal is useful, and it's important to note that if something de-rails (abuse-wise), then the most probable line of action seems to be an ARC, which is already part of the NCC's duties anyway. Regards, Carlos On Tue, 1 Oct 2019, Marco Schmidt wrote:

Dear colleagues,

A new version of RIPE Policy proposal, 2019-04, "Validation of "abuse-mailbox"", is now available for discussion.

This proposal aims to have the RIPE NCC validate "abuse-c:" information more often, and introduces a new validation process that requires input from resource holders.

The proposal has been updated following the last round of discussion and is now at version v2.0. Some of the differences from version v1.0 include: - Removes ambiguous examples from the policy text - Defines mandatory elements of the abuse handling procedures - Removes the prohibtion of automated processing of the abuse reports

You can find the full proposal at: https://www.ripe.net/participate/policies/proposals/2019-04

As per the RIPE Policy Development Process (PDP), the purpose of this four-week Discussion Phase is to discuss the proposal and provide feedback to the proposer.

At the end of the Discussion Phase, the proposer, with the agreement of the Anti-Abuse Working Group Chairs, decides how to proceed with the proposal.

We encourage you to review this proposal and send your comments to <anti-abuse-wg@ripe.net> before 30 October 2019.

Kind regards,

Marco Schmidt Policy Officer RIPE NCC