Re: [anti-abuse-wg] 2017-02 New Policy Proposal (Regular abuse-c Validation)
Hi, On Fri, Oct 06, 2017 at 08:54:14AM +0200, ox wrote:
+++++ requiring abuse email (RR data) to be valid and functional is a very basic tenet (as it relates to morality and ethics as well as RR "goals") +++++
True. This is the goal, and I share that. But I'm sceptic on whether the particular proposal on the table will do much to actually achieve this goal where change is needed - while at the same time imposing extra work on those that already do the right thing.
We can force people to have abuse mailboxes that trigger a response if a mail from the RIPE NCC is received.
this is perfectly fine, imnsho, as it indicates receipt of communications, even if it is autoresponded.
it just cannot autorespond: that this is a non monitored mailbox - as by definition, in this proposal, it has to be functional.
functional implies that it can receive and respond to communications and is not a "black hole" or dev/null
So, what have we achieved if there is someone who will personally reply to verification mails from the RIPE NCC, and throw away everything else? Yes, Mails will no longer bounce. Good. But will it magically make those networks not interested in handling abuse mails more interested in them? No. So, where's the gain in the larger picture "fight against abuse"? [..]
Thus, ambivalence on the policy.
is this a good thing? please reconsider your ambivalence? all it takes is for a few good people....(Edmond Burke...)
I see no positive effect. So I find it hard to support it. The negative effects are limited. So I find it hard to oppose it. Ambivalence. Gert Doering -- NetMaster -- have you enabled IPv6 on something today...? SpaceNet AG Vorstand: Sebastian v. Bomhard Joseph-Dollinger-Bogen 14 Aufsichtsratsvors.: A. Grundner-Culemann D-80807 Muenchen HRB: 136055 (AG Muenchen) Tel: +49 (0)89/32356-444 USt-IdNr.: DE813185279
On Fri, 6 Oct 2017 09:19:02 +0200 Gert Doering <gert@space.net> wrote:
On Fri, Oct 06, 2017 at 08:54:14AM +0200, ox wrote:
+++++ requiring abuse email (RR data) to be valid and functional is a very basic tenet (as it relates to morality and ethics as well as RR "goals") +++++
True. This is the goal, and I share that.
But I'm sceptic on whether the particular proposal on the table will do much to actually achieve this goal where change is needed - while at the same time imposing extra work on those that already do the right thing.
the core result or achievement would be: - a requirement for "real' data. the extra work is already done, if you have a functional abuse record, for example: abuse@hetzner.de - responding once or twice a year to an RR verification is the same effort as a .com domain registrant expends in confirming accuracy of registrant information and is hardly much 'extra work' regarding you saying 'where change is needed' - the actual change needed is that resource holders clean up their abuse. but, this is not the place of RIPE or a 'robust registry' - the place of an RR is to ensure valid, accurate and functional data. this includes abuse data, or any other data. I think I am missing what you are seeing? what do you think is inadequate in this specific proposal? Sometimes something that seems obvious to you, is not so obvious to someone else. you must remember Gert that you are very experienced and have a depth and POV that even any other experienced person may not see?
We can force people to have abuse mailboxes that trigger a response if a mail from the RIPE NCC is received.
this is perfectly fine, imnsho, as it indicates receipt of communications, even if it is autoresponded.
it just cannot autorespond: that this is a non monitored mailbox - as by definition, in this proposal, it has to be functional.
functional implies that it can receive and respond to communications and is not a "black hole" or dev/null
So, what have we achieved if there is someone who will personally reply to verification mails from the RIPE NCC, and throw away everything else?
Yes, Mails will no longer bounce. Good. But will it magically make those networks not interested in handling abuse mails more interested in them? No. So, where's the gain in the larger picture "fight against abuse"?
the gain in the big picture is that the recipient has received the communications. and any action or inaction enlightens the intent of the resource holder. any resource holder is completely free to do anything they wish or choose, but can no longer claim ignorance of their choices. plus, also see your own 'robust rr' para :)
[..]
Thus, ambivalence on the policy.
is this a good thing? please reconsider your ambivalence? all it takes is for a few good people....(Edmond Burke ...)
I see no positive effect. So I find it hard to support it.
positive effect is the actual requirement of real data by rr
The negative effects are limited. So I find it hard to oppose it.
indeed.
Ambivalence.
again: Edmond Burke
Gert Doering -- NetMaster
Gert The current situation is that abuse-c can be populated with rubbish. The email addresses can be completely non-functioning. That is the real and current issue. Whether organisations will start actually acting on abuse reports etc., is a whole other issue and while it definitely merits discussion I suspect that any such discussion will be interminable. Having an abuse-c email address that is known to work as in not bounce is a move in the right direction. So I think we should accept this proposal. Will it fix abuse? No. But it's not meant to. Regards Michele -- Mr Michele Neylon Blacknight Solutions Hosting, Colocation & Domains https://www.blacknight.com/ http://blacknight.blog/ Intl. +353 (0) 59 9183072 Direct Dial: +353 (0)59 9183090 Personal blog: https://michele.blog/ Some thoughts: https://ceo.hosting/ ------------------------------- Blacknight Internet Solutions Ltd, Unit 12A,Barrowside Business Park,Sleaty Road,Graiguecullen,Carlow,R93 X265,Ireland Company No.: 370845
Michele Neylon - Blacknight wrote:
The current situation is that abuse-c can be populated with rubbish. The email addresses can be completely non-functioning. That is the real and current issue.
the real issue is that this is a complex layer 9 problem inside each organisation, and although creating technological tickbox policies will provide a veneer of doing something, that veneer is very thin. The RIPE NCC already has a mechanism for information consistency audits, namely the Assisted Registry Check. Has anyone talked to the RIPE NCC about including abuse contacts in the ARC, and been given credible reasons as to why this wouldn't be a simpler, better and more effective way of dealing with issue of stale / inaccurate details? Nick
Hello Nick, We have already talked with the RIPE NCC about ARC. If the ARC would include actual contact validation, a same LIR would be contacted less frequently for a global audit. Dealing specifically with abuse-c validation, RIPE NCC Impact Analysis will answer the question of extra work evaluation. Hervé -----Message d'origine----- De : anti-abuse-wg [mailto:anti-abuse-wg-bounces@ripe.net] De la part de Nick Hilliard Envoyé : lundi 9 octobre 2017 13:01 À : Michele Neylon - Blacknight Cc : ox; Gert Doering; anti-abuse-wg@ripe.net Objet : Re: [anti-abuse-wg] 2017-02 New Policy Proposal (Regular abuse-c Validation) Michele Neylon - Blacknight wrote:
The current situation is that abuse-c can be populated with rubbish.
The email addresses can be completely non-functioning.
That is the real and current issue.
the real issue is that this is a complex layer 9 problem inside each organisation, and although creating technological tickbox policies will provide a veneer of doing something, that veneer is very thin. The RIPE NCC already has a mechanism for information consistency audits, namely the Assisted Registry Check. Has anyone talked to the RIPE NCC about including abuse contacts in the ARC, and been given credible reasons as to why this wouldn't be a simpler, better and more effective way of dealing with issue of stale / inaccurate details? Nick _________________________________________________________________________________________________________________________ Ce message et ses pieces jointes peuvent contenir des informations confidentielles ou privilegiees et ne doivent donc pas etre diffuses, exploites ou copies sans autorisation. Si vous avez recu ce message par erreur, veuillez le signaler a l'expediteur et le detruire ainsi que les pieces jointes. Les messages electroniques etant susceptibles d'alteration, Orange decline toute responsabilite si ce message a ete altere, deforme ou falsifie. Merci. This message and its attachments may contain confidential or privileged information that may be protected by law; they should not be distributed, used or copied without authorisation. If you have received this email in error, please notify the sender and delete this message and its attachments. As emails may be altered, Orange is not liable for messages that have been modified, changed or falsified. Thank you.
participants (5)
-
Gert Doering -
herve.clement@orange.com -
Michele Neylon - Blacknight -
Nick Hilliard -
ox