Dear list,

 

On behalf of the Team Internetsafety of the Dutch Telecommunications Authority OPTA, I would like to comment on the draft proposal 2010-08. The Team Internetsafety conducts spam- and malware investigations related to the Netherlands. Almost all of these investigations have components which require us to use RIPE (or other RIRs) for several pieces of information, most commonly valid abuse contacts for a netblock or ASN.

 

We strongly support the mandatory addition of an abuse-mailbox: field in the irt object. However, we see several loopholes in the current contents of the proposal.

1. There is no mention in the policy about the validity of an abuse-mailbox: entry

2. There is no mention in the policy about the responsiveness of an abuse-mailbox: entry

3. There is (logically) no mention in the policy about a periodic check on (1) and (2)

4. There is no mitigating procedure in case of false/missing/invalid/... abuse-mailbox: information

 

Ad 1: What will stop a RIPE member from entering an invalid e-mail address? If the purpose of the policy is to ‘solve the problem of finding the right abuse contact’, some additional procedure should be in place to make sure mail to the mentioned abuse-mailbox: does actually arrive somewhere and does not bounce.

 

Ad 2: A valid e-mail address is no guarantee that abuse mail is being handled or even looked at. Although we recognize it might not be the responsibility of RIPE to ensure a maintainer has a proper abuse policy mechanism in place, we’d encourage some additional reflection on this issue.

 

Ad 3: Requiring a field update with each object update is a good idea, however with largely static objects it might be a good idea to periodically check at least (1) and preferably (2).

 

Ad 4: If a member (systematically) does not adhere to the mandatory policy, some kind of procedure should be in place to motivate the member to follow procedure. Without 'repercussions', a 'mandatory' policy becomes just mandatory in name, not in function.

 

Kind regards,

 

Pepijn Vissers

Team Internetsafety

OPTA

 

 

-

 

 

 




+++++++++++++++++++++++++++++++++++++++++++++
Disclaimer
Dit e-mailbericht kan vertrouwelijke informatie bevatten of informatie die is beschermd door een beroepsgeheim.
Indien dit bericht niet voor u is bestemd, wijzen wij u erop dat elke vorm van verspreiding, vermenigvuldiging
of ander gebruik ervan niet is toegestaan.
Indien dit bericht blijkbaar bij vergissing bij u terecht is gekomen, verzoeken wij u ons daarvan
direct op de hoogte te stellen via tel.nr 070 315 3500 of e-mail mailto:mail@opta.nl en het bericht te vernietigen.
Dit e-mailbericht is uitsluitend gecontroleerd op virussen.
OPTA aanvaardt geen enkele aansprakelijkheid voor de feitelijke inhoud en juistheid van dit bericht en er kunnen 
geen rechten aan worden ontleend.


This e-mail message may contain confidential information or information protected by professional privilege.
If it is not intended for you, you should be aware that any distribution, copying or other form of use of
this message is not permitted.
If it has apparently reached you by mistake, we urge you to notify us by phone +31 70 315 3500
or e-mail mailto:mail@opta.nl and destroy the message immediately.
This e-mail message has only been checked for viruses.
The accuracy, relevance, timeliness or completeness of the information provided cannot be guaranteed.
OPTA expressly disclaims any responsibility in relation to the information in this e-mail message.
No rights can be derived from this message.