Gert Doering wrote on 16/05/2019 21:47:

No positive effect, but lots of negative side-effects.

Abuse mailboxes are already checked. What matters for abuse management is whether reports are acted on. This policy doesn't address that. If the RIPE NCC is instructed to send 6-monthly reminders to all abuse contacts with the implicit threat that if they aren't acted on in the way specified in this policy, that the organisation in question can look forward to having their addressing resources vapourised, this will aggravate the RIPE NCC membership and corrode community trust in the organisation. The one thing it won't do is make abuse management better. Internet abuse management is not something that you're going to fix by beating LIRs with sticks, and if they don't react, that you threaten to beat them harder. Separate to this, it's inappropriate to micromanage the NCC in RIPE policy. It would be good if the RIPE working groups stopped trying to tell the RIPE NCC people how to do their jobs. Nick

Hi Nick, As it has been observed several times, the actual validation system is extremely weak and very easy to avoid, so 99% useless. If I put in my abuse-c your email (just an example). The validation will pass, and you will never notice that I've used your email to fake the system. So, clearly is the wrong way. If two validations are done per year, I don't think this is significant overhead for any resource holder vs the benefits of the time saving for the same resource holders that need to use the abuse mailbox of a counterparty that today is escaping from a real validation and creating troubles with abuse emails to someone else. Anyone failing in repetitive ocassions to comply with policies is subjected to further NCC scrutiny, including account closure. This is a different policy already in place. If we don't like that, we should change that policy, but then we don't need policies anymore. Policies are the rules for the community to be respected by all, and not having an administrative enforcement by the NCC is the wilde west. Regards, Jordi El 16/5/19 23:38, "anti-abuse-wg en nombre de Nick Hilliard" <anti-abuse-wg-bounces@ripe.net en nombre de nick@foobar.org> escribió: Gert Doering wrote on 16/05/2019 21:47: > No positive effect, but lots of negative side-effects. Abuse mailboxes are already checked. What matters for abuse management is whether reports are acted on. This policy doesn't address that. If the RIPE NCC is instructed to send 6-monthly reminders to all abuse contacts with the implicit threat that if they aren't acted on in the way specified in this policy, that the organisation in question can look forward to having their addressing resources vapourised, this will aggravate the RIPE NCC membership and corrode community trust in the organisation. The one thing it won't do is make abuse management better. Internet abuse management is not something that you're going to fix by beating LIRs with sticks, and if they don't react, that you threaten to beat them harder. Separate to this, it's inappropriate to micromanage the NCC in RIPE policy. It would be good if the RIPE working groups stopped trying to tell the RIPE NCC people how to do their jobs. Nick ********************************************** IPv4 is over Are you ready for the new Internet ? http://www.theipv6company.com The IPv6 Company This electronic message contains information which may be privileged or confidential. The information is intended to be for the exclusive use of the individual(s) named above and further non-explicilty authorized disclosure, copying, distribution or use of the contents of this information, even if partially, including attached files, is strictly prohibited and will be considered a criminal offense. If you are not the intended recipient be aware that any disclosure, copying, distribution or use of the contents of this information, even if partially, including attached files, is strictly prohibited, will be considered a criminal offense, so you must reply to the original sender to inform about this communication and delete it.

This "proportionality" test you speak of, has as much relevance to the regulating of internet resources, as "freedom of speech" does to regulating internet forum membership (no relevance at all). --------- Original Message --------- Subject: Re: [anti-abuse-wg] 2019-04 New Policy Proposal (Validation of "abuse-mailbox") From: "Alex de Joode" <alex@idgara.nl> Date: 5/16/19 4:56 pm To: "JORDI PALET MARTINEZ" <jordi.palet@consulintel.es> Cc: anti-abuse-wg@ripe.net ​On Fri, 17-05-2019 1h 45min, JORDI PALET MARTINEZ via anti-abuse-wg <anti-abuse-wg@ripe.net> wrote: Hi Nick, [..] Anyone failing in repetitive ocassions to comply with policies is subjected to further NCC scrutiny, including account closure. This is a different policy already in place. If we don't like that, we should change that policy, but then we don't need policies anymore. Policies are the rules for the community to be respected by all, and not having an administrative enforcement by the NCC is the wilde west. It is an illusion to think ripe can suspend/withdraw resources if an organisation does not reply to a abuse validation request. That simply will not pass the proportionality test needed under Dutch law. So you will have no recourse. (Only if you can prove the entity has registered with false creditials (Due Diligence by new members takes care of this) -and- the entity is active in a criminal enterprise, you might have a case) Cheers, Alex

How was ARIN able to reclaim 750k IPs showing fraud including shell company setup then? The USA is if anything even more litigious than Europe is. You also go to court with "clean hands", so if the invalid abuse contact is also accompanied by a proliferation of malware etc a judge may not react the same way they would when faced with a situation where the ripe contact was sick, on vacation or just plain negligent. --srs ________________________________ From: anti-abuse-wg <anti-abuse-wg-bounces@ripe.net> on behalf of Alex de Joode <alex@idgara.nl> Sent: Friday, May 17, 2019 11:02 AM To: anti-abuse-wg@ripe.net Subject: Re: [anti-abuse-wg] 2019-04 New Policy Proposal (Validation of "abuse-mailbox") ​​I beg to differ. The ripe membership set's the policy; Ripe enforces the policy; If a ripe member has it's resources withdrawn due the policy and the enforcement of the policy, the ripe member can go to court in The Netherlands (see contact between member and ripe); The Amsterdam court will apply the proportionality test to a case where the resources are withdrawn based only on the fact there was no reply to the abuse-mailbox validation email; The Amsterdam court will find this action is unreasonable; The Amsterdam court will force ripe to re-instate the resources; The Amsterdam court will be liable for any and all damages the ripe member suffered. ​-- IDGARA | Alex de Joode | +31651108221 On Fri, 17-05-2019 4h 49min, Fi Shing <phishing@storey.xxx> wrote: This "proportionality" test you speak of, has as much relevance to the regulating of internet resources, as "freedom of speech" does to regulating internet forum membership (no relevance at all). --------- Original Message --------- Subject: Re: [anti-abuse-wg] 2019-04 New Policy Proposal (Validation of "abuse-mailbox") From: "Alex de Joode" <alex@idgara.nl> Date: 5/16/19 4:56 pm To: "JORDI PALET MARTINEZ" <jordi.palet@consulintel.es> Cc: anti-abuse-wg@ripe.net ​On Fri, 17-05-2019 1h 45min, JORDI PALET MARTINEZ via anti-abuse-wg <anti-abuse-wg@ripe.net> wrote: Hi Nick, [..] Anyone failing in repetitive ocassions to comply with policies is subjected to further NCC scrutiny, including account closure. This is a different policy already in place. If we don't like that, we should change that policy, but then we don't need policies anymore. Policies are the rules for the community to be respected by all, and not having an administrative enforcement by the NCC is the wilde west. It is an illusion to think ripe can suspend/withdraw resources if an organisation does not reply to a abuse validation request. That simply will not pass the proportionality test needed under Dutch law. So you will have no recourse. (Only if you can prove the entity has registered with false creditials (Due Diligence by new members takes care of this) -and- the entity is active in a criminal enterprise, you might have a case) Cheers, Alex

But if a policy asking ripe ncc to investigate fraud and withdraw resources were to be proposed we would again hear the "we are not the internet police" trope :( --srs ________________________________ From: Alex de Joode <alex@idgara.nl> Sent: Friday, May 17, 2019 11:32 AM To: Suresh Ramasubramanian Cc: anti-abuse-wg@ripe.net Subject: Re: [anti-abuse-wg] 2019-04 New Policy Proposal (Validation of "abuse-mailbox") ​"a case where the resources are withdrawn based only on the fact there was no reply to the abuse-mailbox validation email" You should high light the word 'only'. The ARIN case has nothing to do with -only- not answering the validation mail. It actually attacks a business model build on providing a cybercrime infrastructure. The proposed policy will not be able to accomplish this. ​-- IDGARA | Alex de Joode | +31651108221 On Fri, 17-05-2019 7h 47min, Suresh Ramasubramanian <ops.lists@gmail.com> wrote: How was ARIN able to reclaim 750k IPs showing fraud including shell company setup then? The USA is if anything even more litigious than Europe is. You also go to court with "clean hands", so if the invalid abuse contact is also accompanied by a proliferation of malware etc a judge may not react the same way they would when faced with a situation where the ripe contact was sick, on vacation or just plain negligent. --srs ________________________________ From: anti-abuse-wg <anti-abuse-wg-bounces@ripe.net> on behalf of Alex de Joode <alex@idgara.nl> Sent: Friday, May 17, 2019 11:02 AM To: anti-abuse-wg@ripe.net Subject: Re: [anti-abuse-wg] 2019-04 New Policy Proposal (Validation of "abuse-mailbox") ​​I beg to differ. The ripe membership set's the policy; Ripe enforces the policy; If a ripe member has it's resources withdrawn due the policy and the enforcement of the policy, the ripe member can go to court in The Netherlands (see contact between member and ripe); The Amsterdam court will apply the proportionality test to a case where the resources are withdrawn based only on the fact there was no reply to the abuse-mailbox validation email; The Amsterdam court will find this action is unreasonable; The Amsterdam court will force ripe to re-instate the resources; The Amsterdam court will be liable for any and all damages the ripe member suffered. ​-- IDGARA | Alex de Joode | +31651108221 On Fri, 17-05-2019 4h 49min, Fi Shing <phishing@storey.xxx> wrote: This "proportionality" test you speak of, has as much relevance to the regulating of internet resources, as "freedom of speech" does to regulating internet forum membership (no relevance at all). --------- Original Message --------- Subject: Re: [anti-abuse-wg] 2019-04 New Policy Proposal (Validation of "abuse-mailbox") From: "Alex de Joode" <alex@idgara.nl> Date: 5/16/19 4:56 pm To: "JORDI PALET MARTINEZ" <jordi.palet@consulintel.es> Cc: anti-abuse-wg@ripe.net ​On Fri, 17-05-2019 1h 45min, JORDI PALET MARTINEZ via anti-abuse-wg <anti-abuse-wg@ripe.net> wrote: Hi Nick, [..] Anyone failing in repetitive ocassions to comply with policies is subjected to further NCC scrutiny, including account closure. This is a different policy already in place. If we don't like that, we should change that policy, but then we don't need policies anymore. Policies are the rules for the community to be respected by all, and not having an administrative enforcement by the NCC is the wilde west. It is an illusion to think ripe can suspend/withdraw resources if an organisation does not reply to a abuse validation request. That simply will not pass the proportionality test needed under Dutch law. So you will have no recourse. (Only if you can prove the entity has registered with false creditials (Due Diligence by new members takes care of this) -and- the entity is active in a criminal enterprise, you might have a case) Cheers, Alex

Alex, On 17/05/2019 01.56, Alex de Joode wrote:

​On Fri, 17-05-2019 1h 45min, JORDI PALET MARTINEZ via anti-abuse-wg <anti-abuse-wg@ripe.net> wrote:

Hi Nick,

[..]

Anyone failing in repetitive ocassions to comply with policies is subjected to further NCC scrutiny, including account closure. This is a different policy already in place. If we don't like that, we should change that policy, but then we don't need policies anymore. Policies are the rules for the community to be respected by all, and not having an administrative enforcement by the NCC is the wilde west.

It is an illusion to think ripe can suspend/withdraw resources if an organisation does not reply to a abuse validation request. That simply will not pass the proportionality test needed under Dutch law. So you will have no recourse. (Only if you can prove the entity has registered with false creditials (Due Diligence by new members takes care of this) -and- the entity is active in a criminal enterprise, you might have a case)

(Please read all 3 paragraphs before answering the first one!) It seems like the RIPE NCC could legitimately claim that being able to handle abuse reports is a requirement for receiving any number resources. If the procedure for verifying this is reasonable, then I don't see why revocation of those resources would be considered disproportional. In any case, any policy proposal receives feasibility feedback from the RIPE NCC, who has excellent legal staff. Further, the RIPE NCC has resources for external consultation if their in-house legal staff is not sufficient to answer any questions about a given proposal. I don't think we need to be amateur lawyers for this or any other proposal. Cheers, -- Shane

Shane Kerr wrote on 17/05/2019 08:45:

All I can say is that the law is stupid then, and it SHOULD allow the proposed policy. 😉

fundamentally, it shouldn't. Proportionality is a cornerstone of most legal systems - if you don't have proportionality, you end up with tyranny. The idea of threatening to cut off a LIR because they haven't updated an abuse contact is completely disproportionate to the scale of the policy infraction. Nick

As I read the proposal cutting off bogus LIRs seems to be the goal rather than cutting off a legitimate but careless player. There seem to be quite a few such given the coming wg meeting has a preso on just this topic. --srs ________________________________ From: anti-abuse-wg <anti-abuse-wg-bounces@ripe.net> on behalf of Carlos Friaças via anti-abuse-wg <anti-abuse-wg@ripe.net> Sent: Friday, May 17, 2019 3:08 PM To: Nick Hilliard Cc: Shane Kerr; anti-abuse-wg@ripe.net Subject: Re: [anti-abuse-wg] Legality of proposal (apologies) On Fri, 17 May 2019, Nick Hilliard wrote:

Shane Kerr wrote on 17/05/2019 08:45:

...

All I can say is that the law is stupid then, and it SHOULD allow the proposed policy. ?

fundamentally, it shouldn't. Proportionality is a cornerstone of most legal systems - if you don't have proportionality, you end up with tyranny. The idea of threatening to cut off a LIR because they haven't updated an abuse contact is completely disproportionate to the scale of the policy infraction.

Hi, It's probably not "haven't updated" but instead "haven't created". Ideally this would also cover cases where company X deliberately inserts an e-mail address from someone which has nothing to do with the numbering resource... at least the legitimate owner of such mailbox should be able to resort to someone (hopefully not a court!) to have that corrected in the registry....... We had that with our postal address from an ARIN member some years ago. :/ Carlos

Nick

Hi, On Fri, May 17, 2019 at 01:45:19AM +0200, JORDI PALET MARTINEZ via anti-abuse-wg wrote:

If two validations are done per year, I don't think this is significant overhead for any resource holder vs the benefits of the time saving for the same resource holders that need to use the abuse mailbox of a counterparty that today is escaping from a real validation and creating troubles with abuse emails to someone else.

Please do not speak for a LIR's abuse contact here. These are (usually) good guys that have too much work and too little time to actually *work on fixing abuse in their network*. Your proposal steals life time from these guys, while not helping at all with folks that just ignore mails sent to their (working and verified!) abuse mail address. Gert Doering -- NetMaster -- have you enabled IPv6 on something today...? SpaceNet AG Vorstand: Sebastian v. Bomhard, Michael Emmer Joseph-Dollinger-Bogen 14 Aufsichtsratsvors.: A. Grundner-Culemann D-80807 Muenchen HRB: 136055 (AG Muenchen) Tel: +49 (0)89/32356-444 USt-IdNr.: DE813185279

Hi Agree with this policy, all management and membership need more tight policies. The relation from Ripe with everyone it's to loosy, my vote to every rule that bring more responsibility to members. Like in every country any region, rules are important to avoid abuses. Exist lots of organizations that abuse because the lack of policies, rules and consequences. -----Original Message----- From: anti-abuse-wg [mailto:anti-abuse-wg-bounces@ripe.net] On Behalf Of Nick Hilliard Sent: Thursday, May 16, 2019 22:39 PM To: Gert Doering <gert@space.net> Cc: anti-abuse-wg@ripe.net Subject: Re: [anti-abuse-wg] 2019-04 New Policy Proposal (Validation of "abuse-mailbox") Gert Doering wrote on 16/05/2019 21:47:

No positive effect, but lots of negative side-effects.

Abuse mailboxes are already checked. What matters for abuse management is whether reports are acted on. This policy doesn't address that. If the RIPE NCC is instructed to send 6-monthly reminders to all abuse contacts with the implicit threat that if they aren't acted on in the way specified in this policy, that the organisation in question can look forward to having their addressing resources vapourised, this will aggravate the RIPE NCC membership and corrode community trust in the organisation. The one thing it won't do is make abuse management better. Internet abuse management is not something that you're going to fix by beating LIRs with sticks, and if they don't react, that you threaten to beat them harder. Separate to this, it's inappropriate to micromanage the NCC in RIPE policy. It would be good if the RIPE working groups stopped trying to tell the RIPE NCC people how to do their jobs. Nick

On Fri, 17 May 2019, Gert Doering wrote:

Hi,

On Fri, May 17, 2019 at 09:41:24AM +0100, Carlos Friaças via anti-abuse-wg wrote:

...

My team has nearly sent out 6000 abuse reports (only about intrusion attempts and brute force attacks) since Jan 1st this year. I've just checked, and only 2.5% bounced. 2018's bounces were around 4.5%.

But this means the existing efforts from the RIPE NCC are showing an effect, and we do *NOT NEED* a new policy with lots of extra complications.

We do have abuse-mailbox verification, and we do have ARCs.

Why do we need more process?

Hi, We might not need more processes, but hopefully improved processes :-) Carlos

Gert Doering -- NetMaster -- have you enabled IPv6 on something today...?

SpaceNet AG Vorstand: Sebastian v. Bomhard, Michael Emmer Joseph-Dollinger-Bogen 14 Aufsichtsratsvors.: A. Grundner-Culemann D-80807 Muenchen HRB: 136055 (AG Muenchen) Tel: +49 (0)89/32356-444 USt-IdNr.: DE813185279

On Fri, 17 May 2019, Gert Doering wrote: (...)

...

...

Why do we need more process?

We might not need more processes, but hopefully improved processes :-)

There is no indication that the complications Jordi is proposing are an actual improvement in any metric, except "human life time wasted".

Hi, Starting with "complications" is really not that constructive. If the process is too complex let's work on it, and make it simpler where it is possible. Trying to build a softer approach, maybe the NCC doesn't need to send _everyone_ a message twice a year, but if someone finds an abuse-mailbox to be unresponsive, then if it is mandatory to have a working contact/mailbox, the NCC could only get into the picture when someone detects that is not in place. Or is _that_ already in place...? Regards, Carlos

Gert Doering -- NetMaster -- have you enabled IPv6 on something today...?

SpaceNet AG Vorstand: Sebastian v. Bomhard, Michael Emmer Joseph-Dollinger-Bogen 14 Aufsichtsratsvors.: A. Grundner-Culemann D-80807 Muenchen HRB: 136055 (AG Muenchen) Tel: +49 (0)89/32356-444 USt-IdNr.: DE813185279

El 18/5/19 9:56, "anti-abuse-wg en nombre de Gert Doering" <anti-abuse-wg-bounces@ripe.net en nombre de gert@space.net> escribió: Hi, On Sat, May 18, 2019 at 12:02:48AM +0100, Carlos Friaças wrote: > > There is no indication that the complications Jordi is proposing are > > an actual improvement in any metric, except "human life time wasted". > > Starting with "complications" is really not that constructive. > > If the process is too complex let's work on it, and make it simpler where > it is possible. We have an existing process that is the result of a PDP discussed in this very working group, reflecting community consensus on the balance between checking and annoyance. Nobody has made a convincing argument why this needs to be made stricter and more time consuming. > Trying to build a softer approach, maybe the NCC doesn't need to send > _everyone_ a message twice a year, but if someone finds an abuse-mailbox > to be unresponsive, then if it is mandatory to have a working > contact/mailbox, the NCC could only get into the picture when someone > detects that is not in place. > > Or is _that_ already in place...? We *HAVE* a process to check abuse contacts. We *HAVE* ARCs. So, please state *first* what is wrong or insufficient with the current process, and why these added complications would improve the end goal: abuse reports sent to ISPs are handled "better" (in a to-be-defined metric). A process that allows to use emails from other random people is not a *real validation* it looks closer to a joke. Note: taking away lifetime from the people doing abuse mail handling is not going to make them more enthusiastic about doing their job. Gert Doering -- NetMaster -- have you enabled IPv6 on something today...? SpaceNet AG Vorstand: Sebastian v. Bomhard, Michael Emmer Joseph-Dollinger-Bogen 14 Aufsichtsratsvors.: A. Grundner-Culemann D-80807 Muenchen HRB: 136055 (AG Muenchen) Tel: +49 (0)89/32356-444 USt-IdNr.: DE813185279 ********************************************** IPv4 is over Are you ready for the new Internet ? http://www.theipv6company.com The IPv6 Company This electronic message contains information which may be privileged or confidential. The information is intended to be for the exclusive use of the individual(s) named above and further non-explicilty authorized disclosure, copying, distribution or use of the contents of this information, even if partially, including attached files, is strictly prohibited and will be considered a criminal offense. If you are not the intended recipient be aware that any disclosure, copying, distribution or use of the contents of this information, even if partially, including attached files, is strictly prohibited, will be considered a criminal offense, so you must reply to the original sender to inform about this communication and delete it.

El 18/5/19 10:35, "Gert Doering" <gert@space.net> escribió: Hi, On Sat, May 18, 2019 at 10:28:45AM +0200, JORDI PALET MARTINEZ via anti-abuse-wg wrote: > So, please state *first* what is wrong or insufficient with the current > process, and why these added complications would improve the end goal: > abuse reports sent to ISPs are handled "better" (in a to-be-defined > metric). > > A process that allows to use emails from other random people is not a *real validation* it looks closer to a joke. If the NCC's existing abuse mail validation mails hit other people's mailboxes, those can report back, and the NCC will surely follow up with the LIR that did this incorrect entry. I have an idea. I will set up a service where everyone can have an e-mail address which will totally follow everything you propose as validation mechanism - like, click on tokes, report back in 10 minutes (even in the middle of the night), etc. - LIRs that want to be spared this annoyance can just pay me 50 EUR/month, and I'll handle all these chores for them. So, this would totally fulfill your proposed policy, and not help in any bit with *abuse handling*. That automated system will be against the policy. I've already worded it out in such way that is not possible this type of "work-around the policy", at least it was my original intent to avoid it. If I've broken something across more than 20 versions that I edited internally since started, I will make sure to fix it in the next version. Can you now see why your proposal is useless in achieving it (not very clearly stated) goal? And if something is not useful towards the goal, but has lots of drawbacks, it should not be followed. Gert Doering -- NetMaster -- have you enabled IPv6 on something today...? SpaceNet AG Vorstand: Sebastian v. Bomhard, Michael Emmer Joseph-Dollinger-Bogen 14 Aufsichtsratsvors.: A. Grundner-Culemann D-80807 Muenchen HRB: 136055 (AG Muenchen) Tel: +49 (0)89/32356-444 USt-IdNr.: DE813185279 ********************************************** IPv4 is over Are you ready for the new Internet ? http://www.theipv6company.com The IPv6 Company This electronic message contains information which may be privileged or confidential. The information is intended to be for the exclusive use of the individual(s) named above and further non-explicilty authorized disclosure, copying, distribution or use of the contents of this information, even if partially, including attached files, is strictly prohibited and will be considered a criminal offense. If you are not the intended recipient be aware that any disclosure, copying, distribution or use of the contents of this information, even if partially, including attached files, is strictly prohibited, will be considered a criminal offense, so you must reply to the original sender to inform about this communication and delete it.

El 18/5/19 18:49, "anti-abuse-wg en nombre de Niall O'Reilly" <anti-abuse-wg-bounces@ripe.net en nombre de niall.oreilly@ucd.ie> escribió: On 18 May 2019, at 9:38, JORDI PALET MARTINEZ via anti-abuse-wg wrote: > El 18/5/19 10:35, "Gert Doering" <gert@space.net> escribió: > > I have an idea. > > I will set up a service where everyone can have an e-mail address > which > will totally follow everything you propose as validation mechanism > - like, > click on tokes, report back in 10 minutes (even in the middle of > the > night), etc. - LIRs that want to be spared this annoyance can just > pay > me 50 EUR/month, and I'll handle all these chores for them. > > So, this would totally fulfill your proposed policy, and not help > in any > bit with *abuse handling*. > > That automated system will be against the policy. I've already worded > it out in such way that is not possible this type of "work-around the > policy", at least it was my original intent to avoid it. I wonder how words can make anything impossible. I also wonder how to implement a dependable Turing Test for distinguishing between what Gert suggests ( a kind of "Mechanical Turk") and a real human. Obviously all what we have in our policies is not bullet proof (and you could fake almost every rule that we have), but that doesn't mean that if you don't follow policies and it is discovered you're not violating them. Same in law. Nobody is looking that you follow law at 100%, but if you don't do, is your own decision and may have consequences. I said this already several times. Don't having agreed reasonable rules that need to be followed will be like not need for having RIRs and being in the wild-west. Just saying. Niall ********************************************** IPv4 is over Are you ready for the new Internet ? http://www.theipv6company.com The IPv6 Company This electronic message contains information which may be privileged or confidential. The information is intended to be for the exclusive use of the individual(s) named above and further non-explicilty authorized disclosure, copying, distribution or use of the contents of this information, even if partially, including attached files, is strictly prohibited and will be considered a criminal offense. If you are not the intended recipient be aware that any disclosure, copying, distribution or use of the contents of this information, even if partially, including attached files, is strictly prohibited, will be considered a criminal offense, so you must reply to the original sender to inform about this communication and delete it.

Hi Gert, I'm fine if it is outsourced to comply with the policy, of course, but not to circumvent it. I think any way to comply with policies is just fine if acting in good faith. Regards, Jordi El 18/5/19 19:03, "Gert Doering" <gert@space.net> escribió: Hi, On Sat, May 18, 2019 at 10:38:46AM +0200, JORDI PALET MARTINEZ via anti-abuse-wg wrote: > I have an idea. > > I will set up a service where everyone can have an e-mail address which > will totally follow everything you propose as validation mechanism - like, > click on tokes, report back in 10 minutes (even in the middle of the > night), etc. - LIRs that want to be spared this annoyance can just pay > me 50 EUR/month, and I'll handle all these chores for them. > > So, this would totally fulfill your proposed policy, and not help in any > bit with *abuse handling*. > > That automated system will be against the policy. I've already > worded it out in such way that is not possible this type of > "work-around the policy", at least it was my original intent to > avoid it. If I've broken something across more than 20 versions > that I edited internally since started, I will make sure to fix it > in the next version. Who said that this is automated? If enough LIRs give me 50 EUR/month, I can hire a few students who will sit there all day waiting for confirmation requests and dutifully do (as humans) what they are expected to do. You do not seem to be willing to listen: what you propose is sheer and uncalled-for extra annoyance for the vast majority of LIRs, and will do *nothing* to improve abuse handling. All it will do is ensure that someone wastes a few minutes of human lifetime on your challenge. And *that* can be nicely outsourced. Gert Doering -- NetMaster -- have you enabled IPv6 on something today...? SpaceNet AG Vorstand: Sebastian v. Bomhard, Michael Emmer Joseph-Dollinger-Bogen 14 Aufsichtsratsvors.: A. Grundner-Culemann D-80807 Muenchen HRB: 136055 (AG Muenchen) Tel: +49 (0)89/32356-444 USt-IdNr.: DE813185279 ********************************************** IPv4 is over Are you ready for the new Internet ? http://www.theipv6company.com The IPv6 Company This electronic message contains information which may be privileged or confidential. The information is intended to be for the exclusive use of the individual(s) named above and further non-explicilty authorized disclosure, copying, distribution or use of the contents of this information, even if partially, including attached files, is strictly prohibited and will be considered a criminal offense. If you are not the intended recipient be aware that any disclosure, copying, distribution or use of the contents of this information, even if partially, including attached files, is strictly prohibited, will be considered a criminal offense, so you must reply to the original sender to inform about this communication and delete it.

Hi Gert, El 21/5/19 14:37, "Gert Doering" <gert@space.net> escribió: Hi, you cannot know if someone complies with the policy in good faith or not. And this is exactly the same for any other policies that we have adopted, and that doesn't preclude us to adopt them, because in any membership organization, we presume good faith from members? Gert Doering -- NetMaster -- have you enabled IPv6 on something today...? SpaceNet AG Vorstand: Sebastian v. Bomhard, Michael Emmer Joseph-Dollinger-Bogen 14 Aufsichtsratsvors.: A. Grundner-Culemann D-80807 Muenchen HRB: 136055 (AG Muenchen) Tel: +49 (0)89/32356-444 USt-IdNr.: DE813185279 ********************************************** IPv4 is over Are you ready for the new Internet ? http://www.theipv6company.com The IPv6 Company This electronic message contains information which may be privileged or confidential. The information is intended to be for the exclusive use of the individual(s) named above and further non-explicilty authorized disclosure, copying, distribution or use of the contents of this information, even if partially, including attached files, is strictly prohibited and will be considered a criminal offense. If you are not the intended recipient be aware that any disclosure, copying, distribution or use of the contents of this information, even if partially, including attached files, is strictly prohibited, will be considered a criminal offense, so you must reply to the original sender to inform about this communication and delete it.

El 21/5/19 15:32, "Gert Doering" <gert@space.net> escribió: Hi, the whole point of your policy is the underlying assumption that people are *not* acting in good faith, so why all of a sudden assume they are? Is in the other way around. If you're acting in good faith, you should not have a problem to have a validation. The time you invest in a couple of validations per year, will be *much less* than the time that you *now* invest in unusable abuse contacts. Gert Doering -- NetMaster -- have you enabled IPv6 on something today...? SpaceNet AG Vorstand: Sebastian v. Bomhard, Michael Emmer Joseph-Dollinger-Bogen 14 Aufsichtsratsvors.: A. Grundner-Culemann D-80807 Muenchen HRB: 136055 (AG Muenchen) Tel: +49 (0)89/32356-444 USt-IdNr.: DE813185279 ********************************************** IPv4 is over Are you ready for the new Internet ? http://www.theipv6company.com The IPv6 Company This electronic message contains information which may be privileged or confidential. The information is intended to be for the exclusive use of the individual(s) named above and further non-explicilty authorized disclosure, copying, distribution or use of the contents of this information, even if partially, including attached files, is strictly prohibited and will be considered a criminal offense. If you are not the intended recipient be aware that any disclosure, copying, distribution or use of the contents of this information, even if partially, including attached files, is strictly prohibited, will be considered a criminal offense, so you must reply to the original sender to inform about this communication and delete it.

Hi, indeed, and this is why we should just not go there. Gert Doering -- NetMaster -- have you enabled IPv6 on something today...? SpaceNet AG Vorstand: Sebastian v. Bomhard, Michael Emmer Joseph-Dollinger-Bogen 14 Aufsichtsratsvors.: A. Grundner-Culemann D-80807 Muenchen HRB: 136055 (AG Muenchen) Tel: +49 (0)89/32356-444 USt-IdNr.: DE813185279

Hi, you are comparing the claimed cost savings on the side of the reporters with the very real extra costs incurred on the side of the abuse handlers. You can't do that, and come up with a positive result. (Well, you can, but that approach is very one-side and flawed at that) Gert Doering -- NetMaster -- have you enabled IPv6 on something today...? SpaceNet AG Vorstand: Sebastian v. Bomhard, Michael Emmer Joseph-Dollinger-Bogen 14 Aufsichtsratsvors.: A. Grundner-Culemann D-80807 Muenchen HRB: 136055 (AG Muenchen) Tel: +49 (0)89/32356-444 USt-IdNr.: DE813185279

Hi, it's nice how you can decide on your own how the (very real) extra costs incurred to *15.000+* LIR abuse desks plus the RIPE NCC are "negilible", claiming that the (unfounded) saving on the costs on the side of abuse reporters would outweigh that. Please back with actual numbers. Gert Doering -- NetMaster -- have you enabled IPv6 on something today...? SpaceNet AG Vorstand: Sebastian v. Bomhard, Michael Emmer Joseph-Dollinger-Bogen 14 Aufsichtsratsvors.: A. Grundner-Culemann D-80807 Muenchen HRB: 136055 (AG Muenchen) Tel: +49 (0)89/32356-444 USt-IdNr.: DE813185279

Hi, your math is fundamentally flawed, and this is the last comment I'll do on that matter. You cannot balance costs put on the shoulder of 15.000 people with costs caused by a customer of *one* of them, and come out with a net profit. @chairs: I'll repeat the counter arguments if this should hit review phase (since it's the proposer's decision, this is to be expected), and I consider them to be not sufficiently addressed yet. Gert Doering -- NetMaster -- have you enabled IPv6 on something today...? SpaceNet AG Vorstand: Sebastian v. Bomhard, Michael Emmer Joseph-Dollinger-Bogen 14 Aufsichtsratsvors.: A. Grundner-Culemann D-80807 Muenchen HRB: 136055 (AG Muenchen) Tel: +49 (0)89/32356-444 USt-IdNr.: DE813185279

Hi Tarass, El 21/5/19 16:18, "Taras Heichenko" <tasic@hostmaster.ua> escribió: > On May 21, 2019, at 18:35, JORDI PALET MARTINEZ via anti-abuse-wg <anti-abuse-wg@ripe.net> wrote: > > > > El 21/5/19 15:32, "Gert Doering" <gert@space.net> escribió: > > Hi, > > the whole point of your policy is the underlying assumption that people > are *not* acting in good faith, so why all of a sudden assume they are? > > Is in the other way around. If you're acting in good faith, you should not have a problem to have a validation. The time you invest in a couple of validations per year, will be *much less* than the time that you *now* invest in unusable abuse contacts. If you're acting in good faith you do not need the validation. So other people do not need to validate your abuse contact. It just works. If you're acting in bad faith then additional validation will not change your behavior. You just check your ---->>> Right, but those folks *then* are violating the policy. mailbox to reply to the validation. Nothing more. But the people who are acting in good faith will have additional headache to not miss the validation to make all good. > > Gert Doering > -- NetMaster > -- > have you enabled IPv6 on something today...? > > SpaceNet AG Vorstand: Sebastian v. Bomhard, Michael Emmer > Joseph-Dollinger-Bogen 14 Aufsichtsratsvors.: A. Grundner-Culemann > D-80807 Muenchen HRB: 136055 (AG Muenchen) > Tel: +49 (0)89/32356-444 USt-IdNr.: DE813185279 > > > > > ********************************************** > IPv4 is over > Are you ready for the new Internet ? > http://www.theipv6company.com > The IPv6 Company > > This electronic message contains information which may be privileged or confidential. The information is intended to be for the exclusive use of the individual(s) named above and further non-explicilty authorized disclosure, copying, distribution or use of the contents of this information, even if partially, including attached files, is strictly prohibited and will be considered a criminal offense. If you are not the intended recipient be aware that any disclosure, copying, distribution or use of the contents of this information, even if partially, including attached files, is strictly prohibited, will be considered a criminal offense, so you must reply to the original sender to inform about this communication and delete it. > > > > > -- Best regards Taras Heichenko tasic@hostmaster.ua ********************************************** IPv4 is over Are you ready for the new Internet ? http://www.theipv6company.com The IPv6 Company This electronic message contains information which may be privileged or confidential. The information is intended to be for the exclusive use of the individual(s) named above and further non-explicilty authorized disclosure, copying, distribution or use of the contents of this information, even if partially, including attached files, is strictly prohibited and will be considered a criminal offense. If you are not the intended recipient be aware that any disclosure, copying, distribution or use of the contents of this information, even if partially, including attached files, is strictly prohibited, will be considered a criminal offense, so you must reply to the original sender to inform about this communication and delete it.

On May 21, 2019, at 19:31, JORDI PALET MARTINEZ via anti-abuse-wg <anti-abuse-wg@ripe.net> wrote:

Hi Tarass,

El 21/5/19 16:18, "Taras Heichenko" <tasic@hostmaster.ua> escribió:

...

On May 21, 2019, at 18:35, JORDI PALET MARTINEZ via anti-abuse-wg <anti-abuse-wg@ripe.net> wrote:

El 21/5/19 15:32, "Gert Doering" <gert@space.net> escribió:

Hi,

the whole point of your policy is the underlying assumption that people are *not* acting in good faith, so why all of a sudden assume they are?

Is in the other way around. If you're acting in good faith, you should not have a problem to have a validation. The time you invest in a couple of validations per year, will be *much less* than the time that you *now* invest in unusable abuse contacts.

If you're acting in good faith you do not need the validation. So other people do not need to validate your abuse contact. It just works. If you're acting in bad faith then additional validation will not change your behavior. You just check your

---->>> Right, but those folks *then* are violating the policy.

They are _already_ acting in bad faith. Do you really think that it is reason for them to go to the good path? Do you have any way to prove that they are violating policy when you look at the address outside of the abuse mailbox owner, from RIPE NCC point of view?

mailbox to reply to the validation. Nothing more. But the people who are acting in good faith will have additional headache to not miss the validation to make all good.

...

Gert Doering -- NetMaster -- have you enabled IPv6 on something today...?

SpaceNet AG Vorstand: Sebastian v. Bomhard, Michael Emmer Joseph-Dollinger-Bogen 14 Aufsichtsratsvors.: A. Grundner-Culemann D-80807 Muenchen HRB: 136055 (AG Muenchen) Tel: +49 (0)89/32356-444 USt-IdNr.: DE813185279

********************************************** IPv4 is over Are you ready for the new Internet ? http://www.theipv6company.com The IPv6 Company

This electronic message contains information which may be privileged or confidential. The information is intended to be for the exclusive use of the individual(s) named above and further non-explicilty authorized disclosure, copying, distribution or use of the contents of this information, even if partially, including attached files, is strictly prohibited and will be considered a criminal offense. If you are not the intended recipient be aware that any disclosure, copying, distribution or use of the contents of this information, even if partially, including attached files, is strictly prohibited, will be considered a criminal offense, so you must reply to the original sender to inform about this communication and delete it.

-- Best regards

Taras Heichenko tasic@hostmaster.ua

********************************************** IPv4 is over Are you ready for the new Internet ? http://www.theipv6company.com The IPv6 Company

This electronic message contains information which may be privileged or confidential. The information is intended to be for the exclusive use of the individual(s) named above and further non-explicilty authorized disclosure, copying, distribution or use of the contents of this information, even if partially, including attached files, is strictly prohibited and will be considered a criminal offense. If you are not the intended recipient be aware that any disclosure, copying, distribution or use of the contents of this information, even if partially, including attached files, is strictly prohibited, will be considered a criminal offense, so you must reply to the original sender to inform about this communication and delete it.

-- Best regards Taras Heichenko tasic@hostmaster.ua

A case can be made that lax "not the internet police" policies that earlier allowed a single shady LIR to get multiple /14s and now, as per Furio, allows serial registration of bogus LIRs to gather up IP space is actually making abuse and security teams worldwide expend rather more man hours than they would spend in a lifetime of engaging in this sort of occasional compliance. --srs ________________________________ From: anti-abuse-wg <anti-abuse-wg-bounces@ripe.net> on behalf of JORDI PALET MARTINEZ via anti-abuse-wg <anti-abuse-wg@ripe.net> Sent: Saturday, May 18, 2019 1:59 PM To: anti-abuse-wg@ripe.net Subject: Re: [anti-abuse-wg] 2019-04 New Policy Proposal (Validation of "abuse-mailbox") El 18/5/19 9:56, "anti-abuse-wg en nombre de Gert Doering" <anti-abuse-wg-bounces@ripe.net en nombre de gert@space.net> escribió: Hi, On Sat, May 18, 2019 at 12:02:48AM +0100, Carlos Friaças wrote:

...

There is no indication that the complications Jordi is proposing are an actual improvement in any metric, except "human life time wasted".

Starting with "complications" is really not that constructive.

If the process is too complex let's work on it, and make it simpler where it is possible.

We have an existing process that is the result of a PDP discussed in this very working group, reflecting community consensus on the balance between checking and annoyance. Nobody has made a convincing argument why this needs to be made stricter and more time consuming.

Trying to build a softer approach, maybe the NCC doesn't need to send _everyone_ a message twice a year, but if someone finds an abuse-mailbox to be unresponsive, then if it is mandatory to have a working contact/mailbox, the NCC could only get into the picture when someone detects that is not in place.

Or is _that_ already in place...?

We *HAVE* a process to check abuse contacts. We *HAVE* ARCs. So, please state *first* what is wrong or insufficient with the current process, and why these added complications would improve the end goal: abuse reports sent to ISPs are handled "better" (in a to-be-defined metric). A process that allows to use emails from other random people is not a *real validation* it looks closer to a joke. Note: taking away lifetime from the people doing abuse mail handling is not going to make them more enthusiastic about doing their job. Gert Doering -- NetMaster -- have you enabled IPv6 on something today...? SpaceNet AG Vorstand: Sebastian v. Bomhard, Michael Emmer Joseph-Dollinger-Bogen 14 Aufsichtsratsvors.: A. Grundner-Culemann D-80807 Muenchen HRB: 136055 (AG Muenchen) Tel: +49 (0)89/32356-444 USt-IdNr.: DE813185279 ********************************************** IPv4 is over Are you ready for the new Internet ? http://www.theipv6company.com The IPv6 Company This electronic message contains information which may be privileged or confidential. The information is intended to be for the exclusive use of the individual(s) named above and further non-explicilty authorized disclosure, copying, distribution or use of the contents of this information, even if partially, including attached files, is strictly prohibited and will be considered a criminal offense. If you are not the intended recipient be aware that any disclosure, copying, distribution or use of the contents of this information, even if partially, including attached files, is strictly prohibited, will be considered a criminal offense, so you must reply to the original sender to inform about this communication and delete it.

On May 17, 2019, at 11:41, Carlos Friaças via anti-abuse-wg <anti-abuse-wg@ripe.net> wrote:

Hi All,

Hi all,

I'm not sure about the 6 month period (vs. 12 months), and probably some details can be improved in further versions, but i do support this proposal, which is clearly in the path of "anti-abuse".

My team has nearly sent out 6000 abuse reports (only about intrusion attempts and brute force attacks) since Jan 1st this year. I've just checked, and only 2.5% bounced. 2018's bounces were around 4.5%.

Did you calculate percentage of deliberate reactions to your abuse reports? What is main purpose to deliver letter without problem or to get deliberate reaction to it?

Maybe when we start to send out (automated) abuse reports about spam, the percentage will increase. We also send messages, globally, so solving the issue only in RIPEland will have limited impact. I've read this is already under implementation in another region, and proposed in the remaining 3 -- great!

I also think some reference to the ARC (Assisted Registry Check) could be included in the proposal, and could work as a primary step well before going into other actions which can carry more impact.

Regards, Carlos

On Thu, 16 May 2019, Marco Schmidt wrote:

...

Dear colleagues,

A new RIPE Policy proposal, 2019-04, "Validation of "abuse-mailbox"", is now available for discussion.

This proposal aims to have the RIPE NCC validate "abuse-c:" information more often, and introduces a new validation process that requires manual input from resource holders.

You can find the full proposal at: https://www.ripe.net/participate/policies/proposals/2019-04

As per the RIPE Policy Development Process (PDP), the purpose of this four-week Discussion Phase is to discuss the proposal and provide feedback to the proposer.

At the end of the Discussion Phase, the proposer, with the agreement of the Anti-Abuse Working Group Chairs, decides how to proceed with the proposal.

We encourage you to review this proposal and send your comments to <anti-abuse-wg@ripe.net> before 14 June 2019.

Kind regards,

Marco Schmidt Policy Officer RIPE NCC

Sent via RIPE Forum -- https://www.ripe.net/participate/mail/forum

-- Best regards Taras Heichenko tasic@hostmaster.ua

We belong to this group: " Some people are really thankful when they receive a notice and they understand they have something to fix. :-)" And we would be more happy if we have sure that all the abuse contacts are real, at least in RIPE region. Sérgio Rocha -----Original Message----- From: anti-abuse-wg [mailto:anti-abuse-wg-bounces@ripe.net] On Behalf Of Carlos Friaças via anti-abuse-wg Sent: Friday, May 17, 2019 23:52 PM To: Taras Heichenko <tasic@hostmaster.ua> Cc: anti-abuse-wg@ripe.net Subject: Re: [anti-abuse-wg] 2019-04 New Policy Proposal (Validation of "abuse-mailbox") On Fri, 17 May 2019, Taras Heichenko wrote:

...

My team has nearly sent out 6000 abuse reports (only about intrusion attempts and brute force attacks) since Jan 1st this year. I've just checked, and only 2.5% bounced. 2018's bounces were around 4.5%.

Did you calculate percentage of deliberate reactions to your abuse reports?

No, not yet.

What is main purpose to deliver letter without problem or to get deliberate reaction to it?

We assume some of the nasty stuff we see comes from infected devices. If legitimate owners care to desinfect, it's possible we will receive less events... i.e. everyone should be sending out more notices. Some people are really thankful when they receive a notice and they understand they have something to fix. :-) Carlos

===== c. Alignment with other RIRs: A similar proposal has been accepted in APNIC (being implemented) and is under discussion in the LACNIC, AFRINIC and ARIN regions. =====

i.e. 1 region on track, 4 still to go (RIPE included here).

So it looks that this proposal it's not so avant-garde, since the other regions are having the same needs and one of them already include this policy -----Original Message----- From: Carlos Friaças [mailto:cfriacas@fccn.pt] Sent: Saturday, May 18, 2019 0:06 AM To: Sérgio Rocha <sergio.rocha@makeitsimple.pt> Cc: anti-abuse-wg@ripe.net Subject: Re: [anti-abuse-wg] 2019-04 New Policy Proposal (Validation of "abuse-mailbox") On Sat, 18 May 2019, S�rgio Rocha wrote:

We belong to this group: " Some people are really thankful when they receive a notice and they understand they have something to fix. :-)" And we would be more happy if we have sure that all the abuse contacts are real, at least in RIPE region.

About the "at least in RIPE region", there is text on 2019-04 about that: ===== c. Alignment with other RIRs: A similar proposal has been accepted in APNIC (being implemented) and is under discussion in the LACNIC, AFRINIC and ARIN regions. ===== i.e. 1 region on track, 4 still to go (RIPE included here). Cheers, Carlos

S�rgio Rocha

-----Original Message----- From: anti-abuse-wg [mailto:anti-abuse-wg-bounces@ripe.net] On Behalf Of Carlos Fria�as via anti-abuse-wg Sent: Friday, May 17, 2019 23:52 PM To: Taras Heichenko <tasic@hostmaster.ua> Cc: anti-abuse-wg@ripe.net Subject: Re: [anti-abuse-wg] 2019-04 New Policy Proposal (Validation of "abuse-mailbox")

On Fri, 17 May 2019, Taras Heichenko wrote:

...

...

My team has nearly sent out 6000 abuse reports (only about intrusion attempts and brute force attacks) since Jan 1st this year. I've just checked, and only 2.5% bounced. 2018's bounces were around 4.5%.

Did you calculate percentage of deliberate reactions to your abuse reports?

No, not yet.

...

What is main purpose to deliver letter without problem or to get deliberate reaction to it?

We assume some of the nasty stuff we see comes from infected devices. If legitimate owners care to desinfect, it's possible we will receive less events... i.e. everyone should be sending out more notices. Some people are really thankful when they receive a notice and they understand they have something to fix. :-)

Carlos

There are only one internet, the abuse problem its worldwide, the challenges for better management are the same, that's why all region are looking for the similar responses for the same problems. I support this proposals and other that give more capacity for RIPE deal with abuses. Sérgio Rocha -----Original Message----- From: Piotr Strzyzewski [mailto:Piotr.Strzyzewski@polsl.pl] Sent: Wednesday, May 22, 2019 18:32 PM To: Sérgio Rocha <sergio.rocha@makeitsimple.pt> Cc: anti-abuse-wg@ripe.net Subject: Re: [anti-abuse-wg] 2019-04 New Policy Proposal (Validation of "abuse-mailbox") On Sat, May 18, 2019 at 12:37:07AM +0100, Sérgio Rocha wrote:

...

i.e. 1 region on track, 4 still to go (RIPE included here).

So it looks that this proposal it's not so avant-garde, since the other regions are having the same needs and one of them already include this policy

The fact that the authori has proposed the same idea in all regions doesn't mean that "other regions are having the same needs". Piotr -- Piotr Strzyżewski Silesian University of Technology, Computer Centre Gliwice, Poland

On 22 May 2019, at 22:38, Gert Doering <gert@space.net> wrote:

Before you all argue for "we need to have more paperwork!" please take a step back and explain a) what is wrong with the current validation process, and b) why this proposal would improve this.

What Gert said - at the very least these need to be answered before this policy can gain consensus. I oppose the policy as written and proposed. Thanks f

On Thu, 23 May 2019 00:38:00 +0200 Gert Doering <gert@space.net> wrote:

On Wed, May 22, 2019 at 06:40:28PM +0100, Sérgio Rocha wrote:

...

There are only one internet, the abuse problem its worldwide, the challenges for better management are the same, that's why all region are looking for the similar responses for the same problems. I support this proposals and other that give more capacity for RIPE deal with abuses.

+1

This proposal takes *away* resources from people that actually deal with abuse cases. Now they would have to deal with clicking on response forms and filling in tokens, instead of handling actual abuse complaints.

few minutes a year, very reasonable.

Folks, the process we have in the RIPE region for abuse contact validation is the result of a *consensus based process* that happend *in this working group*. Before you all argue for "we need to have more paperwork!" please take a step back and explain a) what is wrong with the current validation process, and b) why this proposal would improve this. Gert Doering -- NetMaster

because, IRL (in real life) things do not remain "static" we are all sitting on a spinning ball in the middle of nowhere and there is vast chaos out there on which we are trying to enforce patterns in order to create fake stability. basically, I am saying that, over time, things change. the whole point of having data is to have current, working and "real" data otherwise we may as well not even parse the email address format for abuse-c why not propose then just to remove the resource completely? your very forceful and multiple emails arguing very hard against and all your emails, attacking each and every +1 simply serves to illustrate that you really want to enforce your opinion on the group in this regard. So, again, I ask: Why not propose to remove the abuse contact resource completely? Is this where you are going with your very strong and continuing and ongoing objections? Andre

As for simple graylisting why use a even back then not terribly effective 2000s era technique at all? Also - waiting for a 5xx smtp return code is ideal when deciding that a validation test has failed. You could actually have an email problem that isn't of the shoot yourself in the foot by deploying unsuitable anti spam measures category and have to delay accepting mail. --srs ________________________________ From: Suresh Ramasubramanian <ops.lists@gmail.com> Sent: Thursday, May 23, 2019 4:18 AM To: Sérgio Rocha; anti-abuse-wg@ripe.net Subject: Re: [anti-abuse-wg] 2019-04 New Policy Proposal (Validation of "abuse-mailbox") So I don't know about other regions not having the same needs. APNIC has adopted this for example. https://www.apnic.net/community/policy/proposals/prop-125 --srs ________________________________ From: anti-abuse-wg <anti-abuse-wg-bounces@ripe.net> on behalf of Sérgio Rocha <sergio.rocha@makeitsimple.pt> Sent: Wednesday, May 22, 2019 11:10 PM To: anti-abuse-wg@ripe.net Subject: Re: [anti-abuse-wg] 2019-04 New Policy Proposal (Validation of "abuse-mailbox") There are only one internet, the abuse problem its worldwide, the challenges for better management are the same, that's why all region are looking for the similar responses for the same problems. I support this proposals and other that give more capacity for RIPE deal with abuses. Sérgio Rocha -----Original Message----- From: Piotr Strzyzewski [mailto:Piotr.Strzyzewski@polsl.pl] Sent: Wednesday, May 22, 2019 18:32 PM To: Sérgio Rocha <sergio.rocha@makeitsimple.pt> Cc: anti-abuse-wg@ripe.net Subject: Re: [anti-abuse-wg] 2019-04 New Policy Proposal (Validation of "abuse-mailbox") On Sat, May 18, 2019 at 12:37:07AM +0100, Sérgio Rocha wrote:

...

i.e. 1 region on track, 4 still to go (RIPE included here).

So it looks that this proposal it's not so avant-garde, since the other regions are having the same needs and one of them already include this policy

The fact that the authori has proposed the same idea in all regions doesn't mean that "other regions are having the same needs". Piotr -- Piotr Strzyżewski Silesian University of Technology, Computer Centre Gliwice, Poland

El 17/5/19 10:41, "anti-abuse-wg en nombre de Carlos Friaças via anti-abuse-wg" <anti-abuse-wg-bounces@ripe.net en nombre de anti-abuse-wg@ripe.net> escribió: Hi All, I'm not sure about the 6 month period (vs. 12 months), and probably some details can be improved in further versions, but i do support this proposal, which is clearly in the path of "anti-abuse". My team has nearly sent out 6000 abuse reports (only about intrusion attempts and brute force attacks) since Jan 1st this year. I've just checked, and only 2.5% bounced. 2018's bounces were around 4.5%. I guess that means that it is increasing. 2.5% is only for 5 first months of this year, so it may end up in 2019 you have 5-6% ? I've looked at my own network and the situation is even worst. Major number of abuse reports for me are intrusion attempts, attempts to use our SIP and SPAM. In total, the average number of abuse reports per month is about 3.800 (99% are automated). Bounces increase from previous year, average, is 23%. Maybe when we start to send out (automated) abuse reports about spam, the percentage will increase. We also send messages, globally, so solving the issue only in RIPEland will have limited impact. I've read this is already under implementation in another region, and proposed in the remaining 3 -- great! I also think some reference to the ARC (Assisted Registry Check) could be included in the proposal, and could work as a primary step well before going into other actions which can carry more impact. Regards, Carlos On Thu, 16 May 2019, Marco Schmidt wrote: > Dear colleagues, > > A new RIPE Policy proposal, 2019-04, "Validation of "abuse-mailbox"", is now available for discussion. > > This proposal aims to have the RIPE NCC validate "abuse-c:" information more often, and introduces a new validation process that requires manual input from resource holders. > > You can find the full proposal at: > https://www.ripe.net/participate/policies/proposals/2019-04 > > As per the RIPE Policy Development Process (PDP), the purpose of this four-week Discussion Phase is to discuss the proposal and provide feedback to the proposer. > > At the end of the Discussion Phase, the proposer, with the agreement of the Anti-Abuse Working Group Chairs, decides how to proceed with the proposal. > > We encourage you to review this proposal and send your comments to <anti-abuse-wg@ripe.net> before 14 June 2019. > > Kind regards, > > Marco Schmidt > Policy Officer > RIPE NCC > > Sent via RIPE Forum -- https://www.ripe.net/participate/mail/forum > ********************************************** IPv4 is over Are you ready for the new Internet ? http://www.theipv6company.com The IPv6 Company This electronic message contains information which may be privileged or confidential. The information is intended to be for the exclusive use of the individual(s) named above and further non-explicilty authorized disclosure, copying, distribution or use of the contents of this information, even if partially, including attached files, is strictly prohibited and will be considered a criminal offense. If you are not the intended recipient be aware that any disclosure, copying, distribution or use of the contents of this information, even if partially, including attached files, is strictly prohibited, will be considered a criminal offense, so you must reply to the original sender to inform about this communication and delete it.

Hi Gert, Yeah, I definitively should go to school, never went when I was a child. However, this is not a matter of math's, it is just a matter of responding too fast while sleeping only a couple of hours. Anyway, nobody knows how much will be the % at the end of the year, as this is not necessarily linear. Regards, Jordi El 18/5/19 19:07, "Gert Doering" <gert@space.net> escribió: Hi, On Sat, May 18, 2019 at 10:43:11AM +0200, JORDI PALET MARTINEZ via anti-abuse-wg wrote: > My team has nearly sent out 6000 abuse reports (only about intrusion > attempts and brute force attacks) since Jan 1st this year. > I've just checked, and only 2.5% bounced. 2018's bounces were around 4.5%. > > I guess that means that it is increasing. 2.5% is only for 5 first months of this year, so it may end up in 2019 you have 5-6% ? Learn math. Percentages are not added up. Absolutes numbers are, but there is no indication why the *relative* number would be any different in the second half of 2019. Gert Doering -- NetMaster -- have you enabled IPv6 on something today...? SpaceNet AG Vorstand: Sebastian v. Bomhard, Michael Emmer Joseph-Dollinger-Bogen 14 Aufsichtsratsvors.: A. Grundner-Culemann D-80807 Muenchen HRB: 136055 (AG Muenchen) Tel: +49 (0)89/32356-444 USt-IdNr.: DE813185279 ********************************************** IPv4 is over Are you ready for the new Internet ? http://www.theipv6company.com The IPv6 Company This electronic message contains information which may be privileged or confidential. The information is intended to be for the exclusive use of the individual(s) named above and further non-explicilty authorized disclosure, copying, distribution or use of the contents of this information, even if partially, including attached files, is strictly prohibited and will be considered a criminal offense. If you are not the intended recipient be aware that any disclosure, copying, distribution or use of the contents of this information, even if partially, including attached files, is strictly prohibited, will be considered a criminal offense, so you must reply to the original sender to inform about this communication and delete it.

It is not for RIPE to abandon a policy proposal simply because a resource holder is too cheap to implement it. --------- Original Message --------- Subject: Re: [anti-abuse-wg] 2019-04 New Policy Proposal (Validation of "abuse-mailbox") From: "Neil McRae" <neil.mcrae@bt.com> Date: 5/31/19 12:05 am To: anti-abuse-wg@ripe.net I'm subscribing to the list specifically to also position not in favour of this policy. This will generate work for the NCC that just wastes their time following up on lots of false positives. It will have _zero_ impact on the handling of abuse requests, in-fact I predict that perhaps even make response time worse. I urge the community to reject this proposal. Neil. -- Neil J. McRae neil.mcrae@BT.COM Sent via RIPE Forum -- https://www.ripe.net/participate/mail/forum