Re: [anti-abuse-wg] Correct info in RIPE-database - YES
Webservice wrote:
Now to tackle this problem: Shouldn't there be a phone-number or a hotline for BGP-issues? Especially with big problems it's a real problem to get to the right helpdesk/support. I know that some endusers who receive a spam email would contact that hotline also, however: is it possible to show that info only if a person is logged in into the LIR-portal?
Just what Im asking for years now for. More easier would be an anonymous abuse contact wich could only by emailed to from registered email addresses from other RIPE members. So: every member would simply enter too email addresses and one (or more) IPs into their basic data at the portal. - one abuse contact - one sender email address - one or more IP address of the own sending mailservers And the Mailserver at RIPE will e.g. redirected a general as1234@members.ripe.net to the right abuse contact of that member. And: RIPE could even monitor outbreaks to one or the other member address to get an indication if there is an eval or non-responsive member (e.g. with not working mail addresses, full mailboxes aso). RIPE NCC could also monitor if a member becomes a bit to active or tries to flood other members. Telephone numbers seem to spread, so they will not be hidden after a while, but email is cool, because the receiver could handle these emails much quicker, because they could be more sure, that its coming from qualified other members, hopefully resulting in a much quicker action. Just an example: we filed a report at the usual abuse address of a bigger server housing provider in Germany arround 3 weeks ago , that one of their servers seemed to be captured and started to guess passwords on some of our POP3 servers. Now: after 3 weeks, be received a note, that our report will now be analysed. Whats about all those spam, all those DDoS attacks, pishing sites, whatever abuse, this server was causing the last 3 weeks to others ? And: just fiddled with our firewalls and can see, that this server is still trying to attack us ! Kind regards, Frank
Best regards, Pascal Nobus -- www.webservice.be Amelsdorp 72, 3740 Bilzen, Belgium Tel: +32.89257404, Fax: +32.70423475
-- PHADE Software - PowerWeb http://www.powerweb.de Inh. Dipl.-Inform. Frank Gadegast mailto:frank@powerweb.de Schinkelstrasse 17 fon: +49 33200 52920 14558 Nuthetal OT Rehbruecke, Germany fax: +49 33200 52921 ====================================================================== Public PGP Key available for frank@powerweb.de
On 10 Aug 2011, at 10:54, Frank Gadegast wrote:
Just an example: we filed a report at the usual abuse address of a bigger server housing provider in Germany arround 3 weeks ago , that one of their servers seemed to be captured and started to guess passwords on some of our POP3 servers.
Now: after 3 weeks, be received a note, that our report will now be analysed.
Whats about all those spam, all those DDoS attacks, pishing sites, whatever abuse, this server was causing the last 3 weeks to others ? And: just fiddled with our firewalls and can see, that this server is still trying to attack us !
Frank So why don't you blackhole their network? You cannot force anyone to respond to abuse reports and you cannot force anyone to act on them either. All you can hope to do is educate people so that: - providers believe it's in their interest to act - buyers choose vendors (providers) who act I went into this during my presentation in Rome :) Regards Michele Mr Michele Neylon Blacknight Solutions Hosting & Colocation, Brand Protection ICANN Accredited Registrar http://www.blacknight.com/ http://blog.blacknight.com/ http://blacknight.mobi/ http://mneylon.tel Intl. +353 (0) 59 9183072 US: 213-233-1612 UK: 0844 484 9361 Locall: 1850 929 929 Direct Dial: +353 (0)59 9183090 Twitter: http://twitter.com/mneylon ------------------------------- Blacknight Internet Solutions Ltd, Unit 12A,Barrowside Business Park,Sleaty Road,Graiguecullen,Carlow,Ireland Company No.: 370845
Now: after 3 weeks, be received a note, that our report will now be analysed.
<..>
All you can hope to do is educate people so that: - providers believe it's in their interest to act
This is exactly the mechanism on which we (OPTA) recently developed an enforcement strategy; educate hosting ISP's in NL from which we see abuse that is within our enforcement range: spam and malware. If the normal abuse mechanisms do not work the way they should we start to use our LEA capabilities to apply pressure. This has proven to be very effective: lots of cases solved with small efforts. In most cases this pressure moved the ISPs started to gather reports on their own networks and act by themselves. Of course, we can only do this within our jurisdiction, but it would be nice if other spam/malware legislative bodies start doing this too, or any body that can apply some real pressure. Pepijn +++++++++++++++++++++++++++++++++++++++++++++ Disclaimer Dit e-mailbericht kan vertrouwelijke informatie bevatten of informatie die is beschermd door een beroepsgeheim. Indien dit bericht niet voor u is bestemd, wijzen wij u erop dat elke vorm van verspreiding, vermenigvuldiging of ander gebruik ervan niet is toegestaan. Indien dit bericht blijkbaar bij vergissing bij u terecht is gekomen, verzoeken wij u ons daarvan direct op de hoogte te stellen via tel.nr 070 315 3500 of e-mail mailto:mail@opta.nl en het bericht te vernietigen. Dit e-mailbericht is uitsluitend gecontroleerd op virussen. OPTA aanvaardt geen enkele aansprakelijkheid voor de feitelijke inhoud en juistheid van dit bericht en er kunnen geen rechten aan worden ontleend. This e-mail message may contain confidential information or information protected by professional privilege. If it is not intended for you, you should be aware that any distribution, copying or other form of use of this message is not permitted. If it has apparently reached you by mistake, we urge you to notify us by phone +31 70 315 3500 or e-mail mailto:mail@opta.nl and destroy the message immediately. This e-mail message has only been checked for viruses. The accuracy, relevance, timeliness or completeness of the information provided cannot be guaranteed. OPTA expressly disclaims any responsibility in relation to the information in this e-mail message. No rights can be derived from this message.
Pepijn
This is exactly the mechanism on which we (OPTA) recently developed an enforcement strategy; educate hosting ISP's in NL from which we see abuse that is within our enforcement range: spam and malware. If the normal abuse mechanisms do not work the way they should we start to use our LEA capabilities to apply pressure. This has proven to be very effective: lots of cases solved with small efforts. In most cases this pressure moved the ISPs started to gather reports on their own networks and act by themselves.
Of course, we can only do this within our jurisdiction, but it would be nice if other spam/malware legislative bodies start doing this too, or any body that can apply some real pressure.
I'm a strong believer in self-regulation - so education is always going to be the preferred route for me - LEA can be too heavyhanded Regards Michele Mr Michele Neylon Blacknight Solutions Hosting & Colocation, Brand Protection ICANN Accredited Registrar http://www.blacknight.com/ http://blog.blacknight.com/ http://blacknight.mobi/ http://mneylon.tel Intl. +353 (0) 59 9183072 US: 213-233-1612 UK: 0844 484 9361 Locall: 1850 929 929 Direct Dial: +353 (0)59 9183090 Twitter: http://twitter.com/mneylon ------------------------------- Blacknight Internet Solutions Ltd, Unit 12A,Barrowside Business Park,Sleaty Road,Graiguecullen,Carlow,Ireland Company No.: 370845
Of course. Please do try to educate a botmaster, snowshoe spammer, nigerian scam artist etc. LEA has their place in the larger scheme of things. It wouldnt be a bright idea to underrate, or underestimate them. On Wed, Aug 10, 2011 at 4:12 PM, Michele Neylon :: Blacknight <michele@blacknight.ie> wrote:
I'm a strong believer in self-regulation - so education is always going to be the preferred route for me - LEA can be too heavyhanded
-- Suresh Ramasubramanian (ops.lists@gmail.com)
On 10 Aug 2011, at 11:46, Suresh Ramasubramanian wrote:
Of course. Please do try to educate a botmaster, snowshoe spammer, nigerian scam artist etc.
We are talking about ISPs and LIRs *not* about network abusers
LEA has their place in the larger scheme of things. It wouldnt be a bright idea to underrate, or underestimate them.
*Sigh*
On Wed, Aug 10, 2011 at 4:12 PM, Michele Neylon :: Blacknight <michele@blacknight.ie> wrote:
I'm a strong believer in self-regulation - so education is always going to be the preferred route for me - LEA can be too heavyhanded
-- Suresh Ramasubramanian (ops.lists@gmail.com)
Mr Michele Neylon Blacknight Solutions Hosting & Colocation, Brand Protection ICANN Accredited Registrar http://www.blacknight.com/ http://blog.blacknight.com/ http://blacknight.mobi/ http://mneylon.tel Intl. +353 (0) 59 9183072 US: 213-233-1612 UK: 0844 484 9361 Locall: 1850 929 929 Direct Dial: +353 (0)59 9183090 Twitter: http://twitter.com/mneylon ------------------------------- Blacknight Internet Solutions Ltd, Unit 12A,Barrowside Business Park,Sleaty Road,Graiguecullen,Carlow,Ireland Company No.: 370845
Michele Neylon :: Blacknight wrote:
On 10 Aug 2011, at 11:46, Suresh Ramasubramanian wrote:
Of course. Please do try to educate a botmaster, snowshoe spammer, nigerian scam artist etc.
We are talking about ISPs and LIRs *not* about network abusers
Disagreed. We have to talk about both, abusers and ISPs/LIRs. You cannot educate abusers, simply because they do it on effort. But we have to educate or raise the communication level between ISPs/LIRs. Like my example described: most abuse NOCs or very, very slow, uneducated, not interested, do not want to spend money aso. I system that raises the level or trusted report sources, that only works between LIRs, could help, because - any LIR could be force to enter his details, so he will READ any description, why this system was introduced - reports from other, experienced LIRs/ISPs could be trusted, simply because they are experienced, they will not behave like normal end users, will try to use standarized reporting formats, present all needed infos and detailed log excerpts e.g and simply because they also want the same kind of qualified reports from others An introduction of such a anonymous communication server via RIPE NCCs servers could also be accompanied with snail mail, email, announcements, in the regulary RIPE reports, meetings aso ...
LEA has their place in the larger scheme of things. It wouldnt be a bright idea to underrate, or underestimate them.
LEA actions only works, if the abusing server and the administrator of the attacked service are located in the same country and surely are last resort (well, works in Germany quite well, very ignorant ISPs could be brought to court, if they ignore reports, because everybody in Germany is urged to prevent crime from others, if he has knowledge and the possibility to prevent it). Kind regards, Frank
*Sigh*
On Wed, Aug 10, 2011 at 4:12 PM, Michele Neylon :: Blacknight <michele@blacknight.ie> wrote:
I'm a strong believer in self-regulation - so education is always going to be the preferred route for me - LEA can be too heavyhanded
-- Suresh Ramasubramanian (ops.lists@gmail.com)
Mr Michele Neylon Blacknight Solutions Hosting& Colocation, Brand Protection ICANN Accredited Registrar http://www.blacknight.com/ http://blog.blacknight.com/ http://blacknight.mobi/ http://mneylon.tel Intl. +353 (0) 59 9183072 US: 213-233-1612 UK: 0844 484 9361 Locall: 1850 929 929 Direct Dial: +353 (0)59 9183090 Twitter: http://twitter.com/mneylon ------------------------------- Blacknight Internet Solutions Ltd, Unit 12A,Barrowside Business Park,Sleaty Road,Graiguecullen,Carlow,Ireland Company No.: 370845
-- Mit freundlichen Gruessen, -- PHADE Software - PowerWeb http://www.powerweb.de Inh. Dipl.-Inform. Frank Gadegast mailto:frank@powerweb.de Schinkelstrasse 17 fon: +49 33200 52920 14558 Nuthetal OT Rehbruecke, Germany fax: +49 33200 52921 ====================================================================== Public PGP Key available for frank@powerweb.de
LEA actions only works, if the abusing server and the administrator of the attacked service are located in the same country and surely are last resort (well, works in Germany quite well, very ignorant ISPs could be brought to court, if they ignore reports, because everybody in Germany is urged to prevent crime from others, if he has knowledge and the possibility to prevent it).
Not every LEA operates in criminal law. OPTA works under administrative law as an *independent* regulatory body (but with serious capabilities, like 'subpoena' and 'search warrant' equivalents), and as such has several degrees of freedom more than 'the police'. That being said, the strategy I've talked about earlier could just as easy be deployed by a small 'internet police' team. It's about proactivity and education (which is fast), not about court cases (which are painfully slow). It is however not a way of working traditional LEA is accustomed to. Pepijn +++++++++++++++++++++++++++++++++++++++++++++ Disclaimer Dit e-mailbericht kan vertrouwelijke informatie bevatten of informatie die is beschermd door een beroepsgeheim. Indien dit bericht niet voor u is bestemd, wijzen wij u erop dat elke vorm van verspreiding, vermenigvuldiging of ander gebruik ervan niet is toegestaan. Indien dit bericht blijkbaar bij vergissing bij u terecht is gekomen, verzoeken wij u ons daarvan direct op de hoogte te stellen via tel.nr 070 315 3500 of e-mail mailto:mail@opta.nl en het bericht te vernietigen. Dit e-mailbericht is uitsluitend gecontroleerd op virussen. OPTA aanvaardt geen enkele aansprakelijkheid voor de feitelijke inhoud en juistheid van dit bericht en er kunnen geen rechten aan worden ontleend. This e-mail message may contain confidential information or information protected by professional privilege. If it is not intended for you, you should be aware that any distribution, copying or other form of use of this message is not permitted. If it has apparently reached you by mistake, we urge you to notify us by phone +31 70 315 3500 or e-mail mailto:mail@opta.nl and destroy the message immediately. This e-mail message has only been checked for viruses. The accuracy, relevance, timeliness or completeness of the information provided cannot be guaranteed. OPTA expressly disclaims any responsibility in relation to the information in this e-mail message. No rights can be derived from this message.
On 10 Aug 2011, at 12:21, Frank Gadegast wrote:
Michele Neylon :: Blacknight wrote:
On 10 Aug 2011, at 11:46, Suresh Ramasubramanian wrote:
Of course. Please do try to educate a botmaster, snowshoe spammer, nigerian scam artist etc.
We are talking about ISPs and LIRs *not* about network abusers
Disagreed. We have to talk about both, abusers and ISPs/LIRs.
I don't think you understood what I was talking about..
You cannot educate abusers, simply because they do it on effort.
But we have to educate or raise the communication level between ISPs/LIRs.
Like my example described: most abuse NOCs or very, very slow, uneducated, not interested, do not want to spend money aso.
Which isn't helped by a lot of the abuse reports that they get sent .. Something which could actually help would be work on better abuse report formats ..
I system that raises the level or trusted report sources, that only works between LIRs, could help, because - any LIR could be force to enter his details, so he will READ any description, why this system was introduced - reports from other, experienced LIRs/ISPs could be trusted, simply because they are experienced, they will not behave like normal end users, will try to use standarized reporting formats, present all needed infos and detailed log excerpts e.g and simply because they also want the same kind of qualified reports from others
There's a lot of this stuff going on already in "trusted" circles.
An introduction of such a anonymous communication server via RIPE NCCs servers could also be accompanied with snail mail, email, announcements, in the regulary RIPE reports, meetings aso …
You have to be very very careful how that is handled ..
LEA has their place in the larger scheme of things. It wouldnt be a bright idea to underrate, or underestimate them.
LEA actions only works, if the abusing server and the administrator of the attacked service are located in the same country
Not true Sure it's easier if they are in the same country, but if LEA works with their counterparts there's no reason why it cannot cross borders ..
Regards Michele Mr Michele Neylon Blacknight Solutions Hosting & Colocation, Brand Protection ICANN Accredited Registrar http://www.blacknight.com/ http://blog.blacknight.com/ http://blacknight.mobi/ http://mneylon.tel Intl. +353 (0) 59 9183072 US: 213-233-1612 UK: 0844 484 9361 Locall: 1850 929 929 Direct Dial: +353 (0)59 9183090 Twitter: http://twitter.com/mneylon ------------------------------- Blacknight Internet Solutions Ltd, Unit 12A,Barrowside Business Park,Sleaty Road,Graiguecullen,Carlow,Ireland Company No.: 370845
On Wed, Aug 10, 2011 at 4:27 PM, Michele Neylon :: Blacknight <michele@blacknight.ie> wrote:
On 10 Aug 2011, at 11:46, Suresh Ramasubramanian wrote:
Of course. Please do try to educate a botmaster, snowshoe spammer, nigerian scam artist etc.
We are talking about ISPs and LIRs *not* about network abusers
Au contraire. We are talking about one and the same thing, when you look at the sort of issue that's been plaguing RIPE over the past few years - fake LIRs, RBN fronts getting themselves PI / PA blocks etc. -- Suresh Ramasubramanian (ops.lists@gmail.com)
As for educating SPs, please do turn up at the upcoming MAAWG meeting in Paris - Oct 24-27. And before that, please talk, on a regular basis, to the people who actually run abuse desks in your organizations. On Wed, Aug 10, 2011 at 7:41 PM, Suresh Ramasubramanian <ops.lists@gmail.com> wrote:
On Wed, Aug 10, 2011 at 4:27 PM, Michele Neylon :: Blacknight <michele@blacknight.ie> wrote:
On 10 Aug 2011, at 11:46, Suresh Ramasubramanian wrote:
Of course. Please do try to educate a botmaster, snowshoe spammer, nigerian scam artist etc.
We are talking about ISPs and LIRs *not* about network abusers
Au contraire. We are talking about one and the same thing, when you look at the sort of issue that's been plaguing RIPE over the past few years - fake LIRs, RBN fronts getting themselves PI / PA blocks etc.
-- Suresh Ramasubramanian (ops.lists@gmail.com)
-- Suresh Ramasubramanian (ops.lists@gmail.com)
You wrote: [...]
Au contraire. We are talking about one and the same thing, when you look at the sort of issue that's been plaguing RIPE over the past few years - fake LIRs, RBN fronts getting themselves PI / PA blocks etc.
To be fair, I think it has been very hard to follow what has been written to the list over the last week or so. A significant number of messages have not been clearly written and may well not have been thought through before being sent. Focusing on the definitions issue, it would be useful to have an agreed set of definitions for some of the terms used. Is there a commonly agreed list? Thanks, Leo
Hi I would be happy to focus on what Pepijn proposed, and what Brian Nisbet promised to take to the NCC - detailed stats on LIR audits. I would also welcome some input from ICANN on (for example) the SSAC and other related work on whois accuracy, cooperation and engagement with the various registries on mitigating abuse .. thanks --srs On Wed, Aug 10, 2011 at 7:54 PM, Leo Vegoda <leo.vegoda@icann.org> wrote:
To be fair, I think it has been very hard to follow what has been written to the list over the last week or so. A significant number of messages have not been clearly written and may well not have been thought through before being sent.
Focusing on the definitions issue, it would be useful to have an agreed set of definitions for some of the terms used. Is there a commonly agreed list?
-- Suresh Ramasubramanian (ops.lists@gmail.com)
"Suresh Ramasubramanian" wrote the following on 10/08/2011 15:26:
Hi
I would be happy to focus on what Pepijn proposed, and what Brian Nisbet promised to take to the NCC - detailed stats on LIR audits.
In relation to this, as an update, I started talking to the NCC about this. I don't know when I'll have an answer right now, but hopefully I shall have some more information for you tomorrow.
On Wed, Aug 10, 2011 at 7:54 PM, Leo Vegoda<leo.vegoda@icann.org> wrote:
Focusing on the definitions issue, it would be useful to have an agreed set of definitions for some of the terms used. Is there a commonly agreed list?
Leo, that is a... complicated conversation at best. While I agree that more clarity and coherence would be very useful, what definitions are you actually looking for? Brian.
On 10 Aug 2011, at 15:30, Brian Nisbet wrote:
"Suresh Ramasubramanian" wrote the following on 10/08/2011 15:26:
Hi
I would be happy to focus on what Pepijn proposed, and what Brian Nisbet promised to take to the NCC - detailed stats on LIR audits.
In relation to this, as an update, I started talking to the NCC about this. I don't know when I'll have an answer right now, but hopefully I shall have some more information for you tomorrow.
On Wed, Aug 10, 2011 at 7:54 PM, Leo Vegoda<leo.vegoda@icann.org> wrote:
Focusing on the definitions issue, it would be useful to have an agreed set of definitions for some of the terms used. Is there a commonly agreed list?
Leo, that is a... complicated conversation at best. While I agree that more clarity and coherence would be very useful, what definitions are you actually looking for?
Odd that it came up here as well .. there's a similar-ish discussion about definitions going on in APWG as well ..
Brian.
Mr Michele Neylon Blacknight Solutions Hosting & Colocation, Brand Protection ICANN Accredited Registrar http://www.blacknight.com/ http://blog.blacknight.com/ http://blacknight.mobi/ http://mneylon.tel Intl. +353 (0) 59 9183072 US: 213-233-1612 UK: 0844 484 9361 Locall: 1850 929 929 Direct Dial: +353 (0)59 9183090 Twitter: http://twitter.com/mneylon ------------------------------- Blacknight Internet Solutions Ltd, Unit 12A,Barrowside Business Park,Sleaty Road,Graiguecullen,Carlow,Ireland Company No.: 370845
On Wed, Aug 10, 2011 at 8:05 PM, Michele Neylon :: Blacknight <michele@blacknight.ie> wrote:
Odd that it came up here as well .. there's a similar-ish discussion about definitions going on in APWG as well ..
There have been periodic threads on this in just about every antispam mailing list and newsgroup that I have been part of, for over 15 years now. The more mature lists soon grow out of it, or at least reduce the frequency of this discussion which speedily goes into a quibbling and hair splitting exercise engaged in by like three or four people [often the same 3 or 4 people each time, go figure] -- Suresh Ramasubramanian (ops.lists@gmail.com)
"Suresh Ramasubramanian" wrote the following on 10/08/2011 15:38:
On Wed, Aug 10, 2011 at 8:05 PM, Michele Neylon :: Blacknight <michele@blacknight.ie> wrote:
Odd that it came up here as well .. there's a similar-ish discussion about definitions going on in APWG as well ..
There have been periodic threads on this in just about every antispam mailing list and newsgroup that I have been part of, for over 15 years now.
The more mature lists soon grow out of it, or at least reduce the frequency of this discussion which speedily goes into a quibbling and hair splitting exercise engaged in by like three or four people [often the same 3 or 4 people each time, go figure]
Thank you for answering that, Suresh. While I do wonder what definitions people are looking for, you have just said, in an excellent way, what I was thinking of saying. Brian.
So Brian, being the chair, is there any possibility to sum up few things here like the problem statement (I guess it was fake Whois initially) because as suresh said 3-4 ppl will always going to debate on the same issues again n again than why not these ppl can come up with a suggestion towards solution. M2C On Wednesday, August 10, 2011, Brian Nisbet <brian.nisbet@heanet.ie> wrote:
"Suresh Ramasubramanian" wrote the following on 10/08/2011 15:38:
On Wed, Aug 10, 2011 at 8:05 PM, Michele Neylon :: Blacknight <michele@blacknight.ie> wrote:
Odd that it came up here as well .. there's a similar-ish discussion about definitions going on in APWG as well ..
There have been periodic threads on this in just about every antispam mailing list and newsgroup that I have been part of, for over 15 years now.
The more mature lists soon grow out of it, or at least reduce the frequency of this discussion which speedily goes into a quibbling and hair splitting exercise engaged in by like three or four people [often the same 3 or 4 people each time, go figure]
Thank you for answering that, Suresh. While I do wonder what definitions people are looking for, you have just said, in an excellent way, what I was thinking of saying.
Brian.
-- Regards, Aftab A. Siddiqui
On 08/11/2011 03:05 AM, Aftab Siddiqui wrote:
So Brian, being the chair, is there any possibility to sum up few things here like the problem statement (I guess it was fake Whois initially) because as suresh said 3-4 ppl will always going to debate on the same issues again n again than why not these ppl can come up with a suggestion towards solution.
I totally agree with this one. A summary of the problem statement(s) would be a good thing because I think I am not the only one that lost track of the recent conversations. Kostas PS: Am I the only one that received some bounces from this list? Example follows: ------------------------------------------------------------------------ Return-Path: <> X-Original-To: kzorba@noc.otenet.gr Delivered-To: kzorba@noc.otenet.gr Received: from sirius.otenet.gr (sirius.otenet.gr [83.235.66.60]) by noc.otenet.gr (Postfix) with ESMTP id 22C568B8030 for <kzorba@noc.otenet.gr>; Wed, 10 Aug 2011 13:21:57 +0300 (EEST) Received: from postboy.ripe.net (postboy.ripe.net [193.0.19.3]) by sirius.otenet.gr (8.13.8/8.13.8) with ESMTP id p7AALq3C025591 for <kzorba@otenet.gr>; Wed, 10 Aug 2011 13:21:55 +0300 Received: by postboy.ripe.net (Postfix) id A01FE6A11F; Wed, 10 Aug 2011 12:21:52 +0200 (CEST) Date: Wed, 10 Aug 2011 12:21:52 +0200 (CEST) From: MAILER-DAEMON@ripe.net (Mail Delivery System) Subject: Undelivered Mail Returned to Sender To: kzorba@otenet.gr MIME-Version: 1.0 Content-Type: multipart/report; report-type=delivery-status; boundary="98DBC6A11C.1312971712/postboy.ripe.net" Message-Id: <20110810102152.A01FE6A11F@postboy.ripe.net> This is a MIME-encapsulated message. --98DBC6A11C.1312971712/postboy.ripe.net Content-Description: Notification Content-Type: text/plain This is the Postfix program at host postboy.ripe.net. I'm sorry to have to inform you that your message could not be delivered to one or more recipients. It's attached below. For further assistance, please send mail to <postmaster> If you do so, please include this problem report. You can delete your own text from the attached returned message. The Postfix program <anti-abuse-wg@lists.ripe.net>: mail forwarding loop for anti-abuse-wg@lists.ripe.net --98DBC6A11C.1312971712/postboy.ripe.net Content-Description: Delivery report Content-Type: message/delivery-status Reporting-MTA: dns; postboy.ripe.net X-Postfix-Queue-ID: 98DBC6A11C X-Postfix-Sender: rfc822; kzorba@otenet.gr Arrival-Date: Wed, 10 Aug 2011 12:21:52 +0200 (CEST) Final-Recipient: rfc822; anti-abuse-wg@lists.ripe.net Action: failed Status: 5.0.0 Diagnostic-Code: X-Postfix; mail forwarding loop for anti-abuse-wg@lists.ripe.net --98DBC6A11C.1312971712/postboy.ripe.net Content-Description: Undelivered Message Content-Type: message/rfc822 Received: from postgirl.ripe.net (postgirl.ripe.net [193.0.19.66]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by postboy.ripe.net (Postfix) with ESMTP id 98DBC6A11C for <anti-abuse-wg@lists.ripe.net>; Wed, 10 Aug 2011 12:21:52 +0200 (CEST) Received: from r-mail1.rd.francetelecom.com ([217.108.152.41]) by postgirl.ripe.net with esmtp (Exim 4.72) (envelope-from <kzorba@otenet.gr>) id 1Qr5v4-0003JH-7T for anti-abuse-wg@ripe.net; Wed, 10 Aug 2011 12:21:52 +0200 Received: from r-mail1.rd.francetelecom.com (localhost.localdomain [127.0.0.1]) by localhost (Postfix) with SMTP id 8CC2A738009 for <anti-abuse-wg@ripe.net>; Wed, 10 Aug 2011 12:23:09 +0200 (CEST) Received: from ftrdsmtp1.rd.francetelecom.fr (unknown [10.192.128.46]) by r-mail1.rd.francetelecom.com (Postfix) with ESMTP id 83AE07B8010 for <anti-abuse-wg@ripe.net>; Wed, 10 Aug 2011 12:23:09 +0200 (CEST) Received: from ftrdsmtp4.rd.francetelecom.fr ([10.192.128.49]) by ftrdsmtp1.rd.francetelecom.fr with Microsoft SMTPSVC(6.0.3790.4675); Wed, 10 Aug 2011 11:57:46 +0200 Received: from mail pickup service by ftrdsmtp4.rd.francetelecom.fr with Microsoft SMTPSVC; Wed, 10 Aug 2011 02:13:41 +0200 Received: from omfeda08.si.francetelecom.fr ([10.98.3.82]) by ftrdsmtp4.rd.francetelecom.fr with Microsoft SMTPSVC(6.0.3790.4675); Tue, 9 Aug 2011 13:22:37 +0200 Received: from omfeda13.si.francetelecom.fr (unknown [10.98.77.165]) by omfeda08.si.francetelecom.fr (ESMTP service) with ESMTP id 1B72C38404A for <pierre.caron@orange-ftgroup.com>; Tue, 9 Aug 2011 13:22:07 +0200 (CEST) Received: from omfeda13.si.francetelecom.fr (localhost.localdomain [127.0.0.1]) by omfeda13.si.francetelecom.fr (ESMTP service) with SMTP id 07C411905F3 for <pierre.caron@orange-ftgroup.com>; Tue, 9 Aug 2011 13:22:07 +0200 (CEST) Received: from postboy.ripe.net (postboy.ripe.net [193.0.19.3]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by relais-inet.francetelecom.com (ESMTP service) with ESMTPS id 902A01905F0 for <pierre.caron@orange-ftgroup.com>; Tue, 9 Aug 2011 13:22:06 +0200 (CEST) Received: from postboy.ripe.net (localhost [127.0.0.1]) by postboy.ripe.net (Postfix) with ESMTP id BBDB36A09A; Tue, 9 Aug 2011 13:22:02 +0200 (CEST) X-Original-To: anti-abuse-wg@lists.ripe.net Delivered-To: anti-abuse-wg@lists.ripe.net Received: from postgirl.ripe.net (postgirl.ripe.net [193.0.19.66]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by postboy.ripe.net (Postfix) with ESMTP id AF9D06A099 for <anti-abuse-wg@lists.ripe.net>; Tue, 9 Aug 2011 13:21:34 +0200 (CEST) Received: from noc.otenet.gr ([195.170.0.29]) by postgirl.ripe.net with esmtp (Exim 4.72) (envelope-from <kzorba@otenet.gr>) id 1QqkNI-00040Y-JN for anti-abuse-wg@ripe.net; Tue, 09 Aug 2011 13:21:34 +0200 Received: from [212.205.221.137] (enigma.otenet.gr [212.205.221.137]) by noc.otenet.gr (Postfix) with ESMTP id A8ADB8B8030 for <anti-abuse-wg@ripe.net>; Tue, 9 Aug 2011 14:21:31 +0300 (EEST) Message-ID: <4E4118CF.2050201@otenet.gr> From: Kostas Zorbadelos <kzorba@otenet.gr> User-Agent: Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.2.18) Gecko/20110617 Lightning/1.0b2 Thunderbird/3.1.11 MIME-Version: 1.0 To: anti-abuse-wg@ripe.net Subject: Re: [anti-abuse-wg] Abuse report. References: <4e402a95.3020409@eunet.rs> <452d9c4ceeb.000000e3world.antispam.report@inbox.com> <459BAB01B7D.0000016Bworld.antispam.report@inbox.com> In-Reply-To: <459BAB01B7D.0000016Bworld.antispam.report@inbox.com> Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 7bit X-RIPE-Spam-Level: -- X-RIPE-Spam-Report: Spam Total Points: -2.7 points pts rule name description ---- ---------------------- ------------------------------------ -0.8 RP_MATCHES_RCVD Envelope sender domain matches handover relay domain -1.9 BAYES_00 BODY: Bayes spam probability is 0 to 1% [score: 0.0000] X-RIPE-Signature: e75c1e1f8fb33358b75e61b940efb654473ccce5d76a543f49de81d3f8adb7a7 Sender: anti-abuse-wg-admin@ripe.net Errors-To: anti-abuse-wg-admin@ripe.net X-BeenThere: anti-abuse-wg@ripe.net X-Mailman-Version: 2.0.13 Precedence: bulk List-Id: Discussion of anti-abuse measures <anti-abuse-wg.ripe.net> List-Post: <mailto:anti-abuse-wg@ripe.net> X-RIPE-Lists: Discussion of anti-abuse measures <anti-abuse-wg.ripe.net> List-Subscribe: <http://www.ripe.net/mailman/listinfo/anti-abuse-wg>, <mailto:anti-abuse-wg-request@ripe.net?subject=subscribe> List-Unsubscribe: <http://www.ripe.net/mailman/listinfo/anti-abuse-wg>, <mailto:anti-abuse-wg-request@ripe.net?subject=unsubscribe> List-Help: <mailto:anti-abuse-wg-request@ripe.net?subject=help> List-Archive: https://www.ripe.net/ripe/maillists/archives/ Date: Tue, 09 Aug 2011 14:23:59 +0300 X-PMX-Version: 5.5.9.395186, Antispam-Engine: 2.7.2.376379, Antispam-Data: 2011.8.9.111515 X-PerlMx-Spam: Gauge=X, Probability=10%, Report=' TO_IN_SUBJECT 0.5, BODYTEXTP_SIZE_3000_LESS 0, BODY_SIZE_1000_LESS 0, BODY_SIZE_2000_LESS 0, BODY_SIZE_400_499 0, BODY_SIZE_5000_LESS 0, BODY_SIZE_7000_LESS 0, SPF_NONE 0, __ANY_URI 0, __BOUNCE_CHALLENGE_SUBJ 0, __BOUNCE_NDR_SUBJ_EXEMPT 0, __CP_URI_IN_BODY 0, __CT 0, __CTE 0, __CT_TEXT_PLAIN 0, __DATE_TZ_RU 0, __HAS_LIST_HEADER 0, __HAS_LIST_HELP 0, __HAS_LIST_SUBSCRIBE 0, __HAS_LIST_UNSUBSCRIBE 0, __HAS_MSGID 0, __MIME_TEXT_ONLY 0, __MIME_VERSION 0, __MOZILLA_MSGID 0, __SANE_MSGID 0, __TO_MALFORMED_2 0, __TO_NO_NAME 0, __URI_NS , __USER_AGENT 0' X-OriginalArrivalTime: 09 Aug 2011 11:22:37.0321 (UTC) FILETIME=[A48CF790:01CC5686] X-RIPE-Spam-Level: - X-RIPE-Spam-Report: Spam Total Points: -1.9 points pts rule name description ---- ---------------------- ------------------------------------ -1.9 BAYES_00 BODY: Bayes spam probability is 0 to 1% [score: 0.0000] X-RIPE-Signature: e75c1e1f8fb33358b75e61b940efb654473ccce5d76a543f49de81d3f8adb7a7 On 08/09/2011 02:15 PM, abuse@localhost.com wrote:
James? Have you noticed the name of this present mailing list?\ Why would there be the word "anti-abuse" in it? Is an uncared for spam complaint "Off Topic"?
I don't think so. ==============================
http://www.ripe.net/ripe/groups/wg/anti-abuse Please, I think we should lower the noise of these threads. Regards, Kostas --98DBC6A11C.1312971712/postboy.ripe.net-- ------------------------------------------------------------------------
M2C
On Wednesday, August 10, 2011, Brian Nisbet<brian.nisbet@heanet.ie> wrote:
"Suresh Ramasubramanian" wrote the following on 10/08/2011 15:38:
On Wed, Aug 10, 2011 at 8:05 PM, Michele Neylon :: Blacknight <michele@blacknight.ie> wrote:
Odd that it came up here as well .. there's a similar-ish discussion about definitions going on in APWG as well ..
There have been periodic threads on this in just about every antispam mailing list and newsgroup that I have been part of, for over 15 years now.
The more mature lists soon grow out of it, or at least reduce the frequency of this discussion which speedily goes into a quibbling and hair splitting exercise engaged in by like three or four people [often the same 3 or 4 people each time, go figure]
Thank you for answering that, Suresh. While I do wonder what definitions people are looking for, you have just said, in an excellent way, what I was thinking of saying.
Brian.
Re bounces - I got them too Mr. Michele Neylon Blacknight http://Blacknight.tel Via iPhone so excuse typos and brevity On 11 Aug 2011, at 07:16, "Kostas Zorbadelos" <kzorba@otenet.gr> wrote:
On 08/11/2011 03:05 AM, Aftab Siddiqui wrote:
So Brian, being the chair, is there any possibility to sum up few things here like the problem statement (I guess it was fake Whois initially) because as suresh said 3-4 ppl will always going to debate on the same issues again n again than why not these ppl can come up with a suggestion towards solution.
I totally agree with this one. A summary of the problem statement(s) would be a good thing because I think I am not the only one that lost track of the recent conversations.
Kostas
PS: Am I the only one that received some bounces from this list? Example follows:
------------------------------------------------------------------------ Return-Path: <> X-Original-To: kzorba@noc.otenet.gr Delivered-To: kzorba@noc.otenet.gr Received: from sirius.otenet.gr (sirius.otenet.gr [83.235.66.60]) by noc.otenet.gr (Postfix) with ESMTP id 22C568B8030 for <kzorba@noc.otenet.gr>; Wed, 10 Aug 2011 13:21:57 +0300 (EEST) Received: from postboy.ripe.net (postboy.ripe.net [193.0.19.3]) by sirius.otenet.gr (8.13.8/8.13.8) with ESMTP id p7AALq3C025591 for <kzorba@otenet.gr>; Wed, 10 Aug 2011 13:21:55 +0300 Received: by postboy.ripe.net (Postfix) id A01FE6A11F; Wed, 10 Aug 2011 12:21:52 +0200 (CEST) Date: Wed, 10 Aug 2011 12:21:52 +0200 (CEST) From: MAILER-DAEMON@ripe.net (Mail Delivery System) Subject: Undelivered Mail Returned to Sender To: kzorba@otenet.gr MIME-Version: 1.0 Content-Type: multipart/report; report-type=delivery-status; boundary="98DBC6A11C.1312971712/postboy.ripe.net" Message-Id: <20110810102152.A01FE6A11F@postboy.ripe.net>
This is a MIME-encapsulated message.
--98DBC6A11C.1312971712/postboy.ripe.net Content-Description: Notification Content-Type: text/plain
This is the Postfix program at host postboy.ripe.net.
I'm sorry to have to inform you that your message could not be delivered to one or more recipients. It's attached below.
For further assistance, please send mail to <postmaster>
If you do so, please include this problem report. You can delete your own text from the attached returned message.
The Postfix program
<anti-abuse-wg@lists.ripe.net>: mail forwarding loop for anti-abuse-wg@lists.ripe.net
--98DBC6A11C.1312971712/postboy.ripe.net Content-Description: Delivery report Content-Type: message/delivery-status
Reporting-MTA: dns; postboy.ripe.net X-Postfix-Queue-ID: 98DBC6A11C X-Postfix-Sender: rfc822; kzorba@otenet.gr Arrival-Date: Wed, 10 Aug 2011 12:21:52 +0200 (CEST)
Final-Recipient: rfc822; anti-abuse-wg@lists.ripe.net Action: failed Status: 5.0.0 Diagnostic-Code: X-Postfix; mail forwarding loop for anti-abuse-wg@lists.ripe.net
--98DBC6A11C.1312971712/postboy.ripe.net Content-Description: Undelivered Message Content-Type: message/rfc822
Received: from postgirl.ripe.net (postgirl.ripe.net [193.0.19.66]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by postboy.ripe.net (Postfix) with ESMTP id 98DBC6A11C for <anti-abuse-wg@lists.ripe.net>; Wed, 10 Aug 2011 12:21:52 +0200 (CEST) Received: from r-mail1.rd.francetelecom.com ([217.108.152.41]) by postgirl.ripe.net with esmtp (Exim 4.72) (envelope-from <kzorba@otenet.gr>) id 1Qr5v4-0003JH-7T for anti-abuse-wg@ripe.net; Wed, 10 Aug 2011 12:21:52 +0200 Received: from r-mail1.rd.francetelecom.com (localhost.localdomain [127.0.0.1]) by localhost (Postfix) with SMTP id 8CC2A738009 for <anti-abuse-wg@ripe.net>; Wed, 10 Aug 2011 12:23:09 +0200 (CEST) Received: from ftrdsmtp1.rd.francetelecom.fr (unknown [10.192.128.46]) by r-mail1.rd.francetelecom.com (Postfix) with ESMTP id 83AE07B8010 for <anti-abuse-wg@ripe.net>; Wed, 10 Aug 2011 12:23:09 +0200 (CEST) Received: from ftrdsmtp4.rd.francetelecom.fr ([10.192.128.49]) by ftrdsmtp1.rd.francetelecom.fr with Microsoft SMTPSVC(6.0.3790.4675); Wed, 10 Aug 2011 11:57:46 +0200 Received: from mail pickup service by ftrdsmtp4.rd.francetelecom.fr with Microsoft SMTPSVC; Wed, 10 Aug 2011 02:13:41 +0200 Received: from omfeda08.si.francetelecom.fr ([10.98.3.82]) by ftrdsmtp4.rd.francetelecom.fr with Microsoft SMTPSVC(6.0.3790.4675); Tue, 9 Aug 2011 13:22:37 +0200 Received: from omfeda13.si.francetelecom.fr (unknown [10.98.77.165]) by omfeda08.si.francetelecom.fr (ESMTP service) with ESMTP id 1B72C38404A for <pierre.caron@orange-ftgroup.com>; Tue, 9 Aug 2011 13:22:07 +0200 (CEST) Received: from omfeda13.si.francetelecom.fr (localhost.localdomain [127.0.0.1]) by omfeda13.si.francetelecom.fr (ESMTP service) with SMTP id 07C411905F3 for <pierre.caron@orange-ftgroup.com>; Tue, 9 Aug 2011 13:22:07 +0200 (CEST) Received: from postboy.ripe.net (postboy.ripe.net [193.0.19.3]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by relais-inet.francetelecom.com (ESMTP service) with ESMTPS id 902A01905F0 for <pierre.caron@orange-ftgroup.com>; Tue, 9 Aug 2011 13:22:06 +0200 (CEST) Received: from postboy.ripe.net (localhost [127.0.0.1]) by postboy.ripe.net (Postfix) with ESMTP id BBDB36A09A; Tue, 9 Aug 2011 13:22:02 +0200 (CEST) X-Original-To: anti-abuse-wg@lists.ripe.net Delivered-To: anti-abuse-wg@lists.ripe.net Received: from postgirl.ripe.net (postgirl.ripe.net [193.0.19.66]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by postboy.ripe.net (Postfix) with ESMTP id AF9D06A099 for <anti-abuse-wg@lists.ripe.net>; Tue, 9 Aug 2011 13:21:34 +0200 (CEST) Received: from noc.otenet.gr ([195.170.0.29]) by postgirl.ripe.net with esmtp (Exim 4.72) (envelope-from <kzorba@otenet.gr>) id 1QqkNI-00040Y-JN for anti-abuse-wg@ripe.net; Tue, 09 Aug 2011 13:21:34 +0200 Received: from [212.205.221.137] (enigma.otenet.gr [212.205.221.137]) by noc.otenet.gr (Postfix) with ESMTP id A8ADB8B8030 for <anti-abuse-wg@ripe.net>; Tue, 9 Aug 2011 14:21:31 +0300 (EEST) Message-ID: <4E4118CF.2050201@otenet.gr> From: Kostas Zorbadelos <kzorba@otenet.gr> User-Agent: Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.2.18) Gecko/20110617 Lightning/1.0b2 Thunderbird/3.1.11 MIME-Version: 1.0 To: anti-abuse-wg@ripe.net Subject: Re: [anti-abuse-wg] Abuse report. References: <4e402a95.3020409@eunet.rs> <452d9c4ceeb.000000e3world.antispam.report@inbox.com> <459BAB01B7D.0000016Bworld.antispam.report@inbox.com> In-Reply-To: <459BAB01B7D.0000016Bworld.antispam.report@inbox.com> Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 7bit X-RIPE-Spam-Level: -- X-RIPE-Spam-Report: Spam Total Points: -2.7 points pts rule name description ---- ---------------------- ------------------------------------ -0.8 RP_MATCHES_RCVD Envelope sender domain matches handover relay domain -1.9 BAYES_00 BODY: Bayes spam probability is 0 to 1% [score: 0.0000] X-RIPE-Signature: e75c1e1f8fb33358b75e61b940efb654473ccce5d76a543f49de81d3f8adb7a7 Sender: anti-abuse-wg-admin@ripe.net Errors-To: anti-abuse-wg-admin@ripe.net X-BeenThere: anti-abuse-wg@ripe.net X-Mailman-Version: 2.0.13 Precedence: bulk List-Id: Discussion of anti-abuse measures <anti-abuse-wg.ripe.net> List-Post: <mailto:anti-abuse-wg@ripe.net> X-RIPE-Lists: Discussion of anti-abuse measures <anti-abuse-wg.ripe.net> List-Subscribe: <http://www.ripe.net/mailman/listinfo/anti-abuse-wg>, <mailto:anti-abuse-wg-request@ripe.net?subject=subscribe> List-Unsubscribe: <http://www.ripe.net/mailman/listinfo/anti-abuse-wg>, <mailto:anti-abuse-wg-request@ripe.net?subject=unsubscribe> List-Help: <mailto:anti-abuse-wg-request@ripe.net?subject=help> List-Archive: https://www.ripe.net/ripe/maillists/archives/ Date: Tue, 09 Aug 2011 14:23:59 +0300 X-PMX-Version: 5.5.9.395186, Antispam-Engine: 2.7.2.376379, Antispam-Data: 2011.8.9.111515 X-PerlMx-Spam: Gauge=X, Probability=10%, Report=' TO_IN_SUBJECT 0.5, BODYTEXTP_SIZE_3000_LESS 0, BODY_SIZE_1000_LESS 0, BODY_SIZE_2000_LESS 0, BODY_SIZE_400_499 0, BODY_SIZE_5000_LESS 0, BODY_SIZE_7000_LESS 0, SPF_NONE 0, __ANY_URI 0, __BOUNCE_CHALLENGE_SUBJ 0, __BOUNCE_NDR_SUBJ_EXEMPT 0, __CP_URI_IN_BODY 0, __CT 0, __CTE 0, __CT_TEXT_PLAIN 0, __DATE_TZ_RU 0, __HAS_LIST_HEADER 0, __HAS_LIST_HELP 0, __HAS_LIST_SUBSCRIBE 0, __HAS_LIST_UNSUBSCRIBE 0, __HAS_MSGID 0, __MIME_TEXT_ONLY 0, __MIME_VERSION 0, __MOZILLA_MSGID 0, __SANE_MSGID 0, __TO_MALFORMED_2 0, __TO_NO_NAME 0, __URI_NS , __USER_AGENT 0' X-OriginalArrivalTime: 09 Aug 2011 11:22:37.0321 (UTC) FILETIME=[A48CF790:01CC5686] X-RIPE-Spam-Level: - X-RIPE-Spam-Report: Spam Total Points: -1.9 points pts rule name description ---- ---------------------- ------------------------------------ -1.9 BAYES_00 BODY: Bayes spam probability is 0 to 1% [score: 0.0000] X-RIPE-Signature: e75c1e1f8fb33358b75e61b940efb654473ccce5d76a543f49de81d3f8adb7a7
On 08/09/2011 02:15 PM, abuse@localhost.com wrote:
James? Have you noticed the name of this present mailing list?\ Why would there be the word "anti-abuse" in it? Is an uncared for spam complaint "Off Topic"?
I don't think so. ==============================
http://www.ripe.net/ripe/groups/wg/anti-abuse
Please, I think we should lower the noise of these threads.
Regards,
Kostas
--98DBC6A11C.1312971712/postboy.ripe.net-- ------------------------------------------------------------------------
M2C
On Wednesday, August 10, 2011, Brian Nisbet<brian.nisbet@heanet.ie> wrote:
"Suresh Ramasubramanian" wrote the following on 10/08/2011 15:38:
On Wed, Aug 10, 2011 at 8:05 PM, Michele Neylon :: Blacknight <michele@blacknight.ie> wrote:
Odd that it came up here as well .. there's a similar-ish discussion about definitions going on in APWG as well ..
There have been periodic threads on this in just about every antispam mailing list and newsgroup that I have been part of, for over 15 years now.
The more mature lists soon grow out of it, or at least reduce the frequency of this discussion which speedily goes into a quibbling and hair splitting exercise engaged in by like three or four people [often the same 3 or 4 people each time, go figure]
Thank you for answering that, Suresh. While I do wonder what definitions people are looking for, you have just said, in an excellent way, what I was thinking of saying.
Brian.
I would be happy to focus on what Pepijn proposed,
...erm... what did I propose? :) +++++++++++++++++++++++++++++++++++++++++++++ Disclaimer Dit e-mailbericht kan vertrouwelijke informatie bevatten of informatie die is beschermd door een beroepsgeheim. Indien dit bericht niet voor u is bestemd, wijzen wij u erop dat elke vorm van verspreiding, vermenigvuldiging of ander gebruik ervan niet is toegestaan. Indien dit bericht blijkbaar bij vergissing bij u terecht is gekomen, verzoeken wij u ons daarvan direct op de hoogte te stellen via tel.nr 070 315 3500 of e-mail mailto:mail@opta.nl en het bericht te vernietigen. Dit e-mailbericht is uitsluitend gecontroleerd op virussen. OPTA aanvaardt geen enkele aansprakelijkheid voor de feitelijke inhoud en juistheid van dit bericht en er kunnen geen rechten aan worden ontleend. This e-mail message may contain confidential information or information protected by professional privilege. If it is not intended for you, you should be aware that any distribution, copying or other form of use of this message is not permitted. If it has apparently reached you by mistake, we urge you to notify us by phone +31 70 315 3500 or e-mail mailto:mail@opta.nl and destroy the message immediately. This e-mail message has only been checked for viruses. The accuracy, relevance, timeliness or completeness of the information provided cannot be guaranteed. OPTA expressly disclaims any responsibility in relation to the information in this e-mail message. No rights can be derived from this message.
Suresh Ramasubramanian wrote: [...]
I would also welcome some input from ICANN on (for example) the SSAC and other related work on whois accuracy, cooperation and engagement with the various registries on mitigating abuse ..
As an aside and fyi, I *may* and hope to be in a position to report about the state of affairs and issues, or even emerging results, of ICANN's RT4 on "whois policy"[1] at RIPE63. While this activity is primarily targetting the names whois, my expectation is that some of the findings (and inputs, like from LEA and data protection support) may also be of interest to the IP resource registry whois environment. The target date for delivery of the RT's report is before the end of 2011. I am on this RT as endorsed by the Address Council, as well as trying to contribute my experience with registry issues from the RIPE DB-WG and some CERT stuff. The RT's next major F2F meeting is scheduled for September in Los Angeles.
thanks --srs
On Wed, Aug 10, 2011 at 7:54 PM, Leo Vegoda <leo.vegoda@icann.org> wrote:
To be fair, I think it has been very hard to follow what has been written to the list over the last week or so. A significant number of messages have not been clearly written and may well not have been thought through before being sent.
Focusing on the definitions issue, it would be useful to have an agreed set of definitions for some of the terms used. Is there a commonly agreed list?
Regards, Wilfried. [1] https://community.icann.org/display/whoisreview/WHOIS+Policy+Review+Team
I'm a strong believer in self-regulation - so education is always going to be the preferred route for me - LEA can be too heavyhanded
Agreed. That is why the strategy is based on education, not on enforcement. But it is clear from the beginning that if the right lessons are not learnt, enforcement is a very real option. But in practice we rarely meet uncooperative 'students'; most of them are eager to learn.
Of course. Please do try to educate a botmaster, snowshoe spammer, nigerian scam artist etc.
That is exactly why we focus on the facilitators, in this case the hosting providers, and their need to act quickly on badness in their networks. And that is why we badly need correct WHOIS records, to bring the discussion back to that topic. Although we can mostly work around incorrect WHOIS records, it is annoying. Pepijn +++++++++++++++++++++++++++++++++++++++++++++ Disclaimer Dit e-mailbericht kan vertrouwelijke informatie bevatten of informatie die is beschermd door een beroepsgeheim. Indien dit bericht niet voor u is bestemd, wijzen wij u erop dat elke vorm van verspreiding, vermenigvuldiging of ander gebruik ervan niet is toegestaan. Indien dit bericht blijkbaar bij vergissing bij u terecht is gekomen, verzoeken wij u ons daarvan direct op de hoogte te stellen via tel.nr 070 315 3500 of e-mail mailto:mail@opta.nl en het bericht te vernietigen. Dit e-mailbericht is uitsluitend gecontroleerd op virussen. OPTA aanvaardt geen enkele aansprakelijkheid voor de feitelijke inhoud en juistheid van dit bericht en er kunnen geen rechten aan worden ontleend. This e-mail message may contain confidential information or information protected by professional privilege. If it is not intended for you, you should be aware that any distribution, copying or other form of use of this message is not permitted. If it has apparently reached you by mistake, we urge you to notify us by phone +31 70 315 3500 or e-mail mailto:mail@opta.nl and destroy the message immediately. This e-mail message has only been checked for viruses. The accuracy, relevance, timeliness or completeness of the information provided cannot be guaranteed. OPTA expressly disclaims any responsibility in relation to the information in this e-mail message. No rights can be derived from this message.
Vissers, Pepijn wrote: [...]
This is exactly the mechanism on which we (OPTA) recently developed an enforcement strategy; educate hosting ISP's in NL from which we see abuse that is within our enforcement range: spam and malware. If the normal abuse mechanisms do not work the way they should we start to use our LEA capabilities to apply pressure. This has proven to be very effective: lots of cases solved with small efforts. In most cases this pressure moved the ISPs started to gather reports on their own networks and act by themselves.
Of course, we can only do this within our jurisdiction, but it would be nice if other spam/malware legislative bodies start doing this too, or any body that can apply some real pressure.
I think the FICORA approach and environment would be another good example.
Pepijn
Such activities are probably considerably more successful than trying to turn the RIPE NCC into a "Super-NOC" or Incident Coordination HotSpot. Wilfried.
participants (10)
-
Aftab Siddiqui -
Brian Nisbet -
Frank Gadegast -
Kostas Zorbadelos -
Leo Vegoda -
Michele Neylon :: Blacknight -
Sander Steffann -
Suresh Ramasubramanian -
Vissers, Pepijn -
Wilfried Woeber, UniVie/ACOnet