Hello everybody, On 11/Nov/10 15:26, Tobias Knecht wrote:
- The IRT object underlies no whois server query restrictions.
Good! (Let me just note that preventing abuse to abuse contacts is a non-issue.)
What I have seen so far the majority is okay with having a "single" place for abuse contact information.
One of my ISPs defined an abuse-mailbox for me. I'm not sure that's good, because if I were a spammer I'd have the opportunity to hide complaints and preserve my reputation. However, what should ISPs do? An interesting idea is to establish *hierarchical abuse reporting*, whereby an abuse report addressed to my ISP's IRT would be forwarded to me, so that I'd be able to fix anything wrong on my side while still being traced. But then, why don't RIPE or IANA have regional or global abuse reporting contacts so as to start that hierarchy right at the top? Such hierarchical abuse reporting could be managed much the same way as Americans do feedback loops.
"If the IRT object will be made mandatory, data quality will change. Could get better, but could also get worse."
In case hierarchical forwarding of abuse reports will be adopted, I would like to test it. Periodic tests, e.g. yearly, coordinated among RIPE, ISPs, and interested end users --those who run mail servers on those IPs-- would result in a documented quality improvement. That is, a statistical quality document that can be consulted by end users for guiding their choice of an ISP or other service.
Are there any other questions or suggestions?
Yes, one. This is not directly related to IRTs, but goes in the direction of automating abuse-report handling, so I re-propose it here. European privacy rules apparently mandate opt-in. However, there is no mechanism to certify such practice. This can be accomplished by notifying a given mail domain whenever its users opt-in any mailing list, newsletter, advertising list, or similar. A signed ack from the relevant mail server would constitute the opt-in certification. Such mechanism would ease automation by making it possible to determine whether an abuse report is legitimate. I've kept the description to a minimum, slightly longer versions are here: http://www.ietf.org/mail-archive/web/domainrep/current/msg00270.html http://www.mail-archive.com/courier-users@lists.sourceforge.net/msg35311.htm... If anyone in this group would be interested in experimenting this, or can direct me to people who would, please speak up. Thanx Ale