Re: [anti-abuse-wg] Verifiability (was: WHOIS (AS204224))
Hi Jeffrey, On Tue, 3 Nov 2015 at 13:21 Jeffrey Race <jrace@attglobal.net> wrote:
This is trivially and virtually costlessly done in an automated way, taking about a day of a good programmer's time. Thereafter zero/minimal maintenance except for 'exception' followups.
One informs registrants that CONTINUOUSLY working contact modes (e-mail, fax, phone, postal, say at least three of four) are mandatory to avoid suspension/rescission.
Then one automates a routine to transmit tokenized letters/faxes/ calls/e-mails on a periodic but random basis, with the covering message stating that the token must be returned on a website within x days according to the terms of registration. If sufficient tokens to not appear, suspension occurs automatically, just as if you don't pay your credit card bill or pay your phone bill.
This is easy stuff.
Yes it is easy.. but not scalable, exception rate would be very high.. multiply that with 7000+ (members) -- Best Wishes, Aftab A. Siddiqui
It needn't be done except as an additional verification step for new asns and suspect ones --srs
On 03-Nov-2015, at 8:01 AM, Aftab Siddiqui <aftab.siddiqui@gmail.com> wrote:
Yes it is easy.. but not scalable, exception rate would be very high.. multiply that with 7000+ (members)
On Tue, Nov 03, 2015 at 08:06:56AM +0530, Suresh Ramasubramanian wrote:
It needn't be done except as an additional verification step for new asns and suspect ones
Sigh. Having an ASN assigned involves exchange of signed contracts between sponsoring LIR and end-user. These, as well as company registration papers or passport copies(!) have to be approved by the NCC before assignment takes place. Exactly *what* purpose would a phone call or fax (why not TELEX if we're doing retro tech?) serve? rgds, Sascha Luck
It hasn't worked worth being able to trust any LIR fed data so far over the past few years that we've had iterations of this discussion on this wg I will let Ron continue repeating himself and you can continue to advocate for "we are not the Internet police" --srs
On 03-Nov-2015, at 8:12 AM, Sascha Luck [ml] <aawg@c4inet.net> wrote:
On Tue, Nov 03, 2015 at 08:06:56AM +0530, Suresh Ramasubramanian wrote:
It needn't be done except as an additional verification step for new asns and suspect ones
Sigh. Having an ASN assigned involves exchange of signed contracts between sponsoring LIR and end-user. These, as well as company registration papers or passport copies(!) have to be approved by the NCC before assignment takes place. Exactly *what* purpose would a phone call or fax (why not TELEX if we're doing retro tech?) serve?
rgds, Sascha Luck
On Tue, 3 Nov 2015 02:42:33 +0000, Sascha Luck [ml] wrote:
Exactly *what* purpose would a phone call or fax (why not TELEX if we're doing retro tech?) serve?
Precisely to establish that the registrant humanly responds to messages at its published addresses. The registrar would have to employ a CAPTCHA on his token-accepting site; otherwise clever rogues would automate the token-submission process:) But this is all trivial and done daily by numerous institutions. Sascha perhaps your question arose because I was imprecise in my brief earlier message; this procedure would not be an anti-spam measure, but it would greatly simplify the next steps in anti-spam processes if the registrar community ever becomes serious about halting spam (itself again easy to do but that is the subject of another message). Kind regards to all Jeffrey Race
In message <CAK5YLge94OTETmzt_9hMPphrkYJB0SJ_q87aFPPHmRuSYMrVJg@mail.gmail.com> Aftab Siddiqui <aftab.siddiqui@gmail.com> wrote:
Yes it is easy.. but not scalable, exception rate would be very high..
Forgive me, but this opinion is based on what, exactly? And what exactly are we talking about when we say "exception"? Are we talking about contact phone numbers that don't work anymore because of the unfortunate tendency of company PBX systems to be located in precarious proxmity to Tesla Coils? Or are we taking about organizations and individuals that use cell phones as their primary contact numbers, where said cell phones have been re-materized in another dimension, e.g. while their owners were on the subway, or perhaps ones that were unwisely taken out on hunting trips with Dick Cheney? Regards, rfg
Yes it is easy.. but not scalable, exception rate would be very high..
Forgive me, but this opinion is based on what, exactly?
And what exactly are we talking about when we say "exception"?
I could be wrong in this assumption. So lets ask RIPE NCC (secretariat) how many bounce email they get for membership renewal notices every year? Billing contact is suppose to be the most up to date contact and failing to pay may suspend/cancel your membership (after 120 days).
Are we talking about contact phone numbers that don't work anymore because of the unfortunate tendency of company PBX systems to be located in precarious proxmity to Tesla Coils? Or are we taking about organizations and individuals that use cell phones as their primary contact numbers, where said cell phones have been re-materized in another dimension, e.g. while their owners were on the subway, or perhaps ones that were unwisely taken out on hunting trips with Dick Cheney?
Quite Ingenious I would say :)
Regards, rfg
--
Best Wishes, Aftab A. Siddiqui
On Tue, 03 Nov 2015 02:31:26 +0000, Aftab Siddiqui wrote:
Yes it is easy.. but not scalable, exception rate would be very high.. multiply that with 7000+ (members)
It's not a problem for the registrar!! No human effort is required at all so the registrar incurs no costs except setting the system up. The registrant has to cure the failure to submit the tokens. (My bank uses tokenized messages to permit access to my account; their system surely processes thousands of messages daily but no human intervention is involved. )
participants (5)
-
Aftab Siddiqui -
Jeffrey Race -
Ronald F. Guilmette -
Sascha Luck [ml] -
Suresh Ramasubramanian