Hi Sara,

The issue with your statement below is that RIPE NCC cannot (legally, under Dutch contract law) disconnect resources if a resource holder (or more likely his customer) does not (properly) deal with abuse complaints. (for instance due to reasons of proportionality)
Currently RIPE NCC mandates an email address for receiving abuse notices (which is good, as companies can specify a specific address that is monitored by people who can take action, and notifiers have a way to find out where to sent notices for speedy resolution).

The availability of this address is checked by RIPE. So the current system basically works to enhance the infrastructure for those that are willing to deal with abuse notices.

Some within this community do feel this is not enough. That as RIPE controls resources, RIPE should be put in a position to leverage these resources in such a way as to ensure all  it's resource holders deal with abuse notice in a proper way. This would then lead to a crime free internet and everybody is happy.

Implementing this is a fundament shift in the role and responsibility of RIPE. A large and vocal group here, do not believe this "deputisation" is the direction RIPE should pursue. That does not mean they are in favour of a "un-safe, spam infested, crime ridden internet", they just feel this issue should be address via leveraging RIPE resouces.

​-- 
IDGARA | Alex de Joode | alex@idgara.nl | +31651108221 | Skype:adejoode

On Thu, 16-01-2020 14h 23min, "Marcolla, Sara Veronica" <Sara.Marcolla@europol.europa.eu> wrote:

Very well put, Sérgio. Thank you for voicing clearly the concern of (at least a part of) the community.

 

We should not forget that, according to the provisions of RIPE NCC audits, “every party that has entered into an agreement with the RIPE NCC is contractually obliged to provide the RIPE NCC with complete, updated and accurate information necessary for the provision of the RIPE NCC services and to assist the RIPE NCC with audits and security checks”.  Complete, accurate information goes hand in hand with a duty of care, of promptly taking actions against abuse, and should be accompanied by a social responsibility of trying to make the Internet a safe and secure place for everyone, thus not enabling actively DDoS, spammers, and criminals in general.  

 

If the community does not agree that everyone has the right to a safe, spam free, crime free Internet, maybe we have some issue to solve here first.

 

 

Kind regards,

 

Sara

 

Europol - O3 European Cyber Crime Centre (EC3)

 

Eisenhowerlaan 73, 2517 KK

The Hague, The Netherlands

www.europol.europa.eu

 

 

From: anti-abuse-wg <anti-abuse-wg-bounces@ripe.net> On Behalf Of Sérgio Rocha
Sent: 16 January 2020 13:38
To: anti-abuse-wg@ripe.net
Subject: Re: [anti-abuse-wg] working in new version of 2019-04 (Validation of "abuse-mailbox")

 

Hi,

 

Agree, This anti-abuse list seems the blocking group to any anit-abuse response measure.

It's amazing that nobody cant propose anything without receiving a shower of all sorts of arguments against

 

There is an idea that everyone has to hold, if as a community we cannot organize a policy, one of these days there will be a problem that will make governments take the opportunity to legislate and we will no longer have the free and open internet.

 

There are a feew ideas that is simple to understand:

 

1 - If you have been assigned a network you have responsibilities, paying should not be the only one.

2 - There is no problem with email, since ever are made solutions to integrate with emails. There is no need to invent a new protocol. Who has a lot of abuse, invests in integrating these emails.

3 - If you have no ability to manage abuse should not have addressing, leave it to professionals.

 

The internet is critical for everyone, the ability for actors to communicate with each other to respond to abuse must exist and RIPE must ensure that it exists.

It’s like the relation with local governments, there is a set of information that has to be kept up to date to avoid problems, in RIPE it must be the same.

 

Sergio

 

 

 

From: anti-abuse-wg [mailto:anti-abuse-wg-bounces@ripe.net] On Behalf Of Fi Shing
Sent: 16 de janeiro de 2020 04:55
To: anti-abuse-wg@ripe.net
Subject: Re: [anti-abuse-wg] working in new version of 2019-04 (Validation of "abuse-mailbox")

 

 

>> Best not to judge the race until it has been fully run.

 

I just do not understand how anyone on this list (other than a criminal or a business owner that wants to reduce over heads by abolishing an employee who has to sit and monitor an abuse desk) could be talking about making it easier for abuse to flourish.

 

It is idiotic and is not ad hominem.

 

This list is filled with people who argue for weeks, perhaps months, about the catastrophic world ending dangers of making an admin verify an abuse address ONCE a year .... and then someone says "let's abolish abuse desk all together" and these idiots emerge from the wood work like the termites that they are and there's no resistance?

 

The good news is that nothing talked about on this list is ever implemented, so .. talk away you criminals.

 

 

 

 

 

--------- Original Message ---------

Subject: Re: [anti-abuse-wg] working in new version of 2019-04 (Validation of "abuse-mailbox")
From: "Ronald F. Guilmette" <rfg@tristatelogic.com>
Date: 1/16/20 11:47 am
To: "anti-abuse-wg@ripe.net" <anti-abuse-wg@ripe.net>

In message <20200115155949.af7f9f79718891d8e76b551cf73e1563.e548b98006.mailapi@
email19.asia.godaddy.com>, "Fi Shing" <phishing@storey.xxx> wrote:

>That is the most stupid thing i've read on this list.

Well, I think you shouldn't be quite so harsh in your judgement. It is
not immediately apparent that you have been on the list for all that long.
So perhaps you should stick around for awhile longer before making such
comments. If you do, I feel sure that there will be any number of
stupider things that may come to your attention, including even a few
from your's truly.

Best not to judge the race until it has been fully run.

>Which criminal is paying you to say this nonsense, because no ordinary person
>that has ever received a spam email would ever say such crap.

I would also offer the suggestion that such inartful commentary, being as
it is, ad hominem, is not at all likely to advance your agenda. It may
have felt good, but I doubt that you have changed a single mind, other
than perhaps one or two who will now be persuaded to take the opposing
position, relative to whatever it was that you had hoped to achieve.


Regards,
rfg

*******************

DISCLAIMER : This message is sent in confidence and is only intended for the named recipient. If you receive this message by mistake, you may not use, copy, distribute or forward this message, or any part of its contents or rely upon the information contained in it.
Please notify the sender immediately by e-mail and delete the relevant e-mails from any computer. This message does not constitute a commitment by Europol unless otherwise indicated.

*******************