I’ve been there … people using emails in the abuse “distribution list” that do not longer exist and anti-spam tools that filter the abuse emails because of course, they contain the info about the spam itself.

 

This bring me to further improvement in the policy proposal …

 

“the abuse-c mailbox, if forwarded to some re-distribution system, must contain valid and up-to-date mailboxes (or equivalent), so is reaching some actual human. In all the cases, the abuse-c and the re-distribution system (if exists), must not be filtered by anti-spam tools or whatever that avoids abuse reports being filtered and not reaching the end of the chain”

 

If we agree on the “human check” then the first part of that is not needed anymore, but it doesn’t harm.


Regards,

Jordi

De: anti-abuse-wg <anti-abuse-wg-bounces@ripe.net> en nombre de Name <phishing@storey.xxx>
Fecha: viernes, 19 de enero de 2018, 13:46
Para: <anti-abuse-wg@ripe.net>
Asunto: [anti-abuse-wg] [FWD: Re: [policy-announce] 2017-02 Review Phase (Regular abuse-c Validation)]

 

"IMHO the policy should only check if emails to the abuse contact are delivered, which can bei done with some HELO, MAIL FROM and RCPT TO magic on port 25."

 

Except that firstly, you get idiots who forward abuse complaints to distribution lists, and then shut down email accounts attached to that distribution list without updating the distribution list.

 

And secondly, you have anti-spam solutions (yes, there are admins who actually install anti-spam solutions on abuse inboxes!) that can potentially delete it after it's received (because it looks like a spam message..!! I wonder why a spam message would be sent to an abuse inbox?)

 

 

 

 

 

 

-------- Original Message --------
Subject: Re: [anti-abuse-wg] [policy-announce] 2017-02 Review Phase
(Regular abuse-c Validation)
From: Wolfgang Tremmel <wolfgang.tremmel@de-cix.net>
Date: Fri, January 19, 2018 9:21 pm
To: "anti-abuse-wg@ripe.net" <anti-abuse-wg@ripe.net>

Do you want to solve a problem or create one?

I can imagine as the "click here and solve captcha" emails will be standardized that a carefully crafted attack might lure fist line helpdesk people onto shady websides and making them click stuff.

So if I were a helpdesk manager I would order my team not to click on these....

IMHO the policy should only check if emails to the abuse contact are delivered, which can bei done with some HELO, MAIL FROM and RCPT TO magic on port 25.


best regards
Wolfgang

> On 19. Jan 2018, at 10:58, ox <andre@ox.co.za> wrote:
>
> you mean in practical "real life" work?
>
> practically, abuse admins and people that actually deal with abuse are
> able to solve a capcha and tick a box.

--
Wolfgang Tremmel

Phone +49 69 1730902 26 | Fax +49 69 4056 2716 | Mobile +49 171 8600 816 | wolfgang.tremmel@de-cix.net
Geschaeftsfuehrer Harald A. Summa | Registergericht AG Köln HRB 51135
DE-CIX Management GmbH | Lindleystrasse 12 | 60314 Frankfurt am Main | Germany | www.de-cix.net


**********************************************
IPv4 is over
Are you ready for the new Internet ?
http://www.consulintel.es
The IPv6 Company

This electronic message contains information which may be privileged or confidential. The information is intended to be for the exclusive use of the individual(s) named above and further non-explicilty authorized disclosure, copying, distribution or use of the contents of this information, even if partially, including attached files, is strictly prohibited and will be considered a criminal offense. If you are not the intended recipient be aware that any disclosure, copying, distribution or use of the contents of this information, even if partially, including attached files, is strictly prohibited, will be considered a criminal offense, so you must reply to the original sender to inform about this communication and delete it.