A case can be made that lax "not the internet police" policies that earlier allowed a single shady LIR to get multiple /14s and now, as per Furio, allows serial registration of bogus LIRs to gather up IP space is actually making abuse and security teams worldwide expend rather more man hours than they would spend in a lifetime of engaging in this sort of occasional compliance. --srs ________________________________ From: anti-abuse-wg <anti-abuse-wg-bounces@ripe.net> on behalf of JORDI PALET MARTINEZ via anti-abuse-wg <anti-abuse-wg@ripe.net> Sent: Saturday, May 18, 2019 1:59 PM To: anti-abuse-wg@ripe.net Subject: Re: [anti-abuse-wg] 2019-04 New Policy Proposal (Validation of "abuse-mailbox") El 18/5/19 9:56, "anti-abuse-wg en nombre de Gert Doering" <anti-abuse-wg-bounces@ripe.net en nombre de gert@space.net> escribió: Hi, On Sat, May 18, 2019 at 12:02:48AM +0100, Carlos Friaças wrote:
There is no indication that the complications Jordi is proposing are an actual improvement in any metric, except "human life time wasted".
Starting with "complications" is really not that constructive.
If the process is too complex let's work on it, and make it simpler where it is possible.
We have an existing process that is the result of a PDP discussed in this very working group, reflecting community consensus on the balance between checking and annoyance. Nobody has made a convincing argument why this needs to be made stricter and more time consuming.
Trying to build a softer approach, maybe the NCC doesn't need to send _everyone_ a message twice a year, but if someone finds an abuse-mailbox to be unresponsive, then if it is mandatory to have a working contact/mailbox, the NCC could only get into the picture when someone detects that is not in place.
Or is _that_ already in place...?
We *HAVE* a process to check abuse contacts. We *HAVE* ARCs. So, please state *first* what is wrong or insufficient with the current process, and why these added complications would improve the end goal: abuse reports sent to ISPs are handled "better" (in a to-be-defined metric). A process that allows to use emails from other random people is not a *real validation* it looks closer to a joke. Note: taking away lifetime from the people doing abuse mail handling is not going to make them more enthusiastic about doing their job. Gert Doering -- NetMaster -- have you enabled IPv6 on something today...? SpaceNet AG Vorstand: Sebastian v. Bomhard, Michael Emmer Joseph-Dollinger-Bogen 14 Aufsichtsratsvors.: A. Grundner-Culemann D-80807 Muenchen HRB: 136055 (AG Muenchen) Tel: +49 (0)89/32356-444 USt-IdNr.: DE813185279 ********************************************** IPv4 is over Are you ready for the new Internet ? http://www.theipv6company.com The IPv6 Company This electronic message contains information which may be privileged or confidential. The information is intended to be for the exclusive use of the individual(s) named above and further non-explicilty authorized disclosure, copying, distribution or use of the contents of this information, even if partially, including attached files, is strictly prohibited and will be considered a criminal offense. If you are not the intended recipient be aware that any disclosure, copying, distribution or use of the contents of this information, even if partially, including attached files, is strictly prohibited, will be considered a criminal offense, so you must reply to the original sender to inform about this communication and delete it.