@EXT: RE: working in new version of 2019-04 (Validation of "abuse-mailbox")
Alex, You say “they just feel this issue should be address via leveraging RIPE resouces”, but I do not see so far any concrete proposal in the sense of addressing issues, only shooting down proposals (for good or bad reasons, I am not entering into the merit here) one after the other. Let’s leverage any resource, but at the same let’s solve the problems – without deflecting the attention with every message. Cheers, Sara From: Alex de Joode <alex@idgara.nl> Sent: 16 January 2020 16:30 To: Marcolla, Sara Veronica <Sara.Marcolla@europol.europa.eu> Cc: 'Sérgio Rocha' <sergio.rocha@makeitsimple.pt>; 'anti-abuse-wg@ripe.net' <anti-abuse-wg@ripe.net> Subject: Re: [anti-abuse-wg] @EXT: RE: working in new version of 2019-04 (Validation of "abuse-mailbox") Hi Sara, The issue with your statement below is that RIPE NCC cannot (legally, under Dutch contract law) disconnect resources if a resource holder (or more likely his customer) does not (properly) deal with abuse complaints. (for instance due to reasons of proportionality) Currently RIPE NCC mandates an email address for receiving abuse notices (which is good, as companies can specify a specific address that is monitored by people who can take action, and notifiers have a way to find out where to sent notices for speedy resolution). The availability of this address is checked by RIPE. So the current system basically works to enhance the infrastructure for those that are willing to deal with abuse notices. Some within this community do feel this is not enough. That as RIPE controls resources, RIPE should be put in a position to leverage these resources in such a way as to ensure all it's resource holders deal with abuse notice in a proper way. This would then lead to a crime free internet and everybody is happy. Implementing this is a fundament shift in the role and responsibility of RIPE. A large and vocal group here, do not believe this "deputisation" is the direction RIPE should pursue. That does not mean they are in favour of a "un-safe, spam infested, crime ridden internet", they just feel this issue should be address via leveraging RIPE resouces. -- IDGARA | Alex de Joode | alex@idgara.nl<mailto:alex@idgara.nl> | +31651108221 | Skype:adejoode On Thu, 16-01-2020 14h 23min, "Marcolla, Sara Veronica" <Sara.Marcolla@europol.europa.eu<mailto:Sara.Marcolla@europol.europa.eu>> wrote: Very well put, Sérgio. Thank you for voicing clearly the concern of (at least a part of) the community. We should not forget that, according to the provisions of RIPE NCC audits, “every party that has entered into an agreement with the RIPE NCC is contractually obliged to provide the RIPE NCC with complete, updated and accurate information necessary for the provision of the RIPE NCC services and to assist the RIPE NCC with audits and security checks”. Complete, accurate information goes hand in hand with a duty of care, of promptly taking actions against abuse, and should be accompanied by a social responsibility of trying to make the Internet a safe and secure place for everyone, thus not enabling actively DDoS, spammers, and criminals in general. If the community does not agree that everyone has the right to a safe, spam free, crime free Internet, maybe we have some issue to solve here first. Kind regards, Sara Europol - O3 European Cyber Crime Centre (EC3) Eisenhowerlaan 73, 2517 KK The Hague, The Netherlands www.europol.europa.eu<http://www.europol.europa.eu> From: anti-abuse-wg <anti-abuse-wg-bounces@ripe.net<mailto:anti-abuse-wg-bounces@ripe.net>> On Behalf Of Sérgio Rocha Sent: 16 January 2020 13:38 To: anti-abuse-wg@ripe.net<mailto:anti-abuse-wg@ripe.net> Subject: Re: [anti-abuse-wg] working in new version of 2019-04 (Validation of "abuse-mailbox") Hi, Agree, This anti-abuse list seems the blocking group to any anit-abuse response measure. It's amazing that nobody cant propose anything without receiving a shower of all sorts of arguments against There is an idea that everyone has to hold, if as a community we cannot organize a policy, one of these days there will be a problem that will make governments take the opportunity to legislate and we will no longer have the free and open internet. There are a feew ideas that is simple to understand: 1 - If you have been assigned a network you have responsibilities, paying should not be the only one. 2 - There is no problem with email, since ever are made solutions to integrate with emails. There is no need to invent a new protocol. Who has a lot of abuse, invests in integrating these emails. 3 - If you have no ability to manage abuse should not have addressing, leave it to professionals. The internet is critical for everyone, the ability for actors to communicate with each other to respond to abuse must exist and RIPE must ensure that it exists. It’s like the relation with local governments, there is a set of information that has to be kept up to date to avoid problems, in RIPE it must be the same. Sergio From: anti-abuse-wg [mailto:anti-abuse-wg-bounces@ripe.net] On Behalf Of Fi Shing Sent: 16 de janeiro de 2020 04:55 To: anti-abuse-wg@ripe.net<mailto:anti-abuse-wg@ripe.net> Subject: Re: [anti-abuse-wg] working in new version of 2019-04 (Validation of "abuse-mailbox")
Best not to judge the race until it has been fully run.
I just do not understand how anyone on this list (other than a criminal or a business owner that wants to reduce over heads by abolishing an employee who has to sit and monitor an abuse desk) could be talking about making it easier for abuse to flourish. It is idiotic and is not ad hominem. This list is filled with people who argue for weeks, perhaps months, about the catastrophic world ending dangers of making an admin verify an abuse address ONCE a year .... and then someone says "let's abolish abuse desk all together" and these idiots emerge from the wood work like the termites that they are and there's no resistance? The good news is that nothing talked about on this list is ever implemented, so .. talk away you criminals. --------- Original Message --------- Subject: Re: [anti-abuse-wg] working in new version of 2019-04 (Validation of "abuse-mailbox") From: "Ronald F. Guilmette" <rfg@tristatelogic.com<mailto:rfg@tristatelogic.com>> Date: 1/16/20 11:47 am To: "anti-abuse-wg@ripe.net<mailto:anti-abuse-wg@ripe.net>" <anti-abuse-wg@ripe.net<mailto:anti-abuse-wg@ripe.net>> In message <20200115155949.af7f9f79718891d8e76b551cf73e1563.e548b98006.mailapi@ email19.asia.godaddy.com<mailto:20200115155949.af7f9f79718891d8e76b551cf73e1563.e548b98006.mailapi@%0bemail19.asia.godaddy.com>>, "Fi Shing" <phishing@storey.xxx<mailto:phishing@storey.xxx>> wrote:
That is the most stupid thing i've read on this list.
Well, I think you shouldn't be quite so harsh in your judgement. It is not immediately apparent that you have been on the list for all that long. So perhaps you should stick around for awhile longer before making such comments. If you do, I feel sure that there will be any number of stupider things that may come to your attention, including even a few from your's truly. Best not to judge the race until it has been fully run.
Which criminal is paying you to say this nonsense, because no ordinary person that has ever received a spam email would ever say such crap.
I would also offer the suggestion that such inartful commentary, being as it is, ad hominem, is not at all likely to advance your agenda. It may have felt good, but I doubt that you have changed a single mind, other than perhaps one or two who will now be persuaded to take the opposing position, relative to whatever it was that you had hoped to achieve. Regards, rfg ******************* DISCLAIMER : This message is sent in confidence and is only intended for the named recipient. If you receive this message by mistake, you may not use, copy, distribute or forward this message, or any part of its contents or rely upon the information contained in it. Please notify the sender immediately by e-mail and delete the relevant e-mails from any computer. This message does not constitute a commitment by Europol unless otherwise indicated. ******************* ******************* DISCLAIMER : This message is sent in confidence and is only intended for the named recipient. If you receive this message by mistake, you may not use, copy, distribute or forward this message, or any part of its contents or rely upon the information contained in it. Please notify the sender immediately by e-mail and delete the relevant e-mails from any computer. This message does not constitute a commitment by Europol unless otherwise indicated. *******************
On Thu, Jan 16, 2020 at 03:36:46PM +0000, Marcolla, Sara Veronica wrote:
Alex,
You say “they just feel this issue should be address via leveraging RIPE resouces”, but I do not see so far any concrete proposal in the sense of addressing issues, only shooting down proposals (for good or bad reasons, I am not entering into the merit here) one after the other. Let’s leverage any resource, but at the same let’s solve the problems – without deflecting the attention with every message.
Please show where, in ripe-710, it says that proposals pursuing a "noble goal" should be exempt from discussion and opposition. Kind Regards, Sascha Luck
I do not see so far any concrete proposal in the sense of addressing issues, only shooting down proposals (for good or bad reasons
the desire to stop a whack-a-mole does not imply a responsibility to make moles. a lot of folk here actually deal with spam, or likely they would not be on this list. this does not oblige them to support all proposals. randy
It’d be interesting to take individual names of the people most vocal in their objections and feed them through LinkedIn - that assumption you made about dealing with spam would soon be tested. --srs ________________________________ From: anti-abuse-wg <anti-abuse-wg-bounces@ripe.net> on behalf of Randy Bush <randy@psg.com> Sent: Thursday, January 16, 2020 9:44 PM To: Sara Veronica Marcolla Cc: anti-abuse-wg@ripe.net Subject: Re: [anti-abuse-wg] @EXT: RE: working in new version of 2019-04 (Validation of "abuse-mailbox")
I do not see so far any concrete proposal in the sense of addressing issues, only shooting down proposals (for good or bad reasons
the desire to stop a whack-a-mole does not imply a responsibility to make moles. a lot of folk here actually deal with spam, or likely they would not be on this list. this does not oblige them to support all proposals. randy
It’d be interesting to take individual names of the people most vocal in their objections and feed them through LinkedIn - that assumption you made about dealing with spam would soon be tested.
give me a hand here. how is this construcive and helpful for the internet operations community? randy
Database and routing people who haven’t worked security or don’t want security roles trying to lecture people who work cert and abuse roles on why something abuse mitigation related won’t work is always interesting. Not you Randy but many other posters in this thread. --srs ________________________________ From: anti-abuse-wg <anti-abuse-wg-bounces@ripe.net> on behalf of Randy Bush <randy@psg.com> Sent: Friday, January 17, 2020 5:21 AM To: Suresh Ramasubramanian Cc: anti-abuse-wg@ripe.net Subject: Re: [anti-abuse-wg] @EXT: RE: working in new version of 2019-04 (Validation of "abuse-mailbox")
Itʼd be interesting to take individual names of the people most vocal in their objections and feed them through LinkedIn - that assumption you made about dealing with spam would soon be tested.
give me a hand here. how is this construcive and helpful for the internet operations community? randy
Database and routing people who haven’t worked security or don’t want security roles trying to lecture people who work cert and abuse roles on why something abuse mitigation related won’t work is always interesting. Not you Randy but many other posters in this thread.
lecturing such bs at folk who have been doing routing, database, and security since before you discovered the internet is part of what i meant by not being constructive. vigilantes seem to lack stewardship. qed plonk randy, with apologies to the audience
Stewardship and fiduciary responsibility for IP space. Now that’s a much needed and sadly lacking thing. --srs ________________________________ From: anti-abuse-wg <anti-abuse-wg-bounces@ripe.net> on behalf of Randy Bush <randy@psg.com> Sent: Friday, January 17, 2020 8:33 AM To: Suresh Ramasubramanian Cc: anti-abuse-wg@ripe.net Subject: Re: [anti-abuse-wg] @EXT: RE: working in new version of 2019-04 (Validation of "abuse-mailbox")
Database and routing people who havenʼt worked security or donʼt want security roles trying to lecture people who work cert and abuse roles on why something abuse mitigation related wonʼt work is always interesting. Not you Randy but many other posters in this thread.
lecturing such bs at folk who have been doing routing, database, and security since before you discovered the internet is part of what i meant by not being constructive. vigilantes seem to lack stewardship. qed plonk randy, with apologies to the audience
Hi, On Fri, Jan 17, 2020 at 02:44:30AM +0000, Suresh Ramasubramanian wrote:
Database and routing people who haven???t worked security or don???t want security roles trying to lecture people who work cert and abuse roles on why something abuse mitigation related won???t work is always interesting. Not you Randy but many other posters in this thread.
I do receive mail to abuse@space.net and ensure that it's being worked on. Just this morning I clicked a RIPE abuse-c: mail address verification URL... Gert Doering -- NetMaster -- have you enabled IPv6 on something today...? SpaceNet AG Vorstand: Sebastian v. Bomhard, Michael Emmer Joseph-Dollinger-Bogen 14 Aufsichtsratsvors.: A. Grundner-Culemann D-80807 Muenchen HRB: 136055 (AG Muenchen) Tel: +49 (0)89/32356-444 USt-IdNr.: DE813185279
Not you either. There are many others vocally arguing for complete inaction. —srs ________________________________ From: Gert Doering <gert@space.net> Sent: Friday, January 17, 2020 1:34 PM To: Suresh Ramasubramanian Cc: Randy Bush; anti-abuse-wg@ripe.net Subject: Re: [anti-abuse-wg] @EXT: RE: working in new version of 2019-04 (Validation of "abuse-mailbox") Hi, On Fri, Jan 17, 2020 at 02:44:30AM +0000, Suresh Ramasubramanian wrote:
Database and routing people who haven???t worked security or don???t want security roles trying to lecture people who work cert and abuse roles on why something abuse mitigation related won???t work is always interesting. Not you Randy but many other posters in this thread.
I do receive mail to abuse@space.net and ensure that it's being worked on. Just this morning I clicked a RIPE abuse-c: mail address verification URL... Gert Doering -- NetMaster -- have you enabled IPv6 on something today...? SpaceNet AG Vorstand: Sebastian v. Bomhard, Michael Emmer Joseph-Dollinger-Bogen 14 Aufsichtsratsvors.: A. Grundner-Culemann D-80807 Muenchen HRB: 136055 (AG Muenchen) Tel: +49 (0)89/32356-444 USt-IdNr.: DE813185279
participants (5)
-
Gert Doering -
Marcolla, Sara Veronica -
Randy Bush -
Sascha Luck [ml] -
Suresh Ramasubramanian