Hi Marco, Okay, I think I now understand better what you mean. There are different levels of check of entered abuse address: 1. Nothing 2. Syntax check 3. Address validity check (as previously described) 4. Response time check I very much disagree with you that level 3 should be worthless, I think its about as good as it can realistic be. How do you propose level 4 should be accomplished without in some way costing ressources (considerably more than level 3)? If you want audit on LIRs then abuse is probably not the only thing which should be thoroughly checked. Also, what would you do in case some LIRs choose not to respond to abuse complaints? I also still support the proposed idea with abuse address in inetnum/maintainer, but if the argument against is the lack of trust I think a level 3 check would solve the problem. Med venlig hilsen/Best regards Christian Rasmussen Hosting manager, jay.net a/s Smedeland 32, 2600 Glostrup, Denmark Email: noc@jay.net Personal email: chr@corp.jay.net Tlf./Phone: +45 3336 6300, Fax: +45 3336 6301 Produkter / Products: http://hosting.jay.net
-----Original Message----- From: MarcoH [mailto:marcoh@marcoh.net] Sent: 13. januar 2004 15:53 To: Christian Rasmussen Cc: Ulrich Kiermayr; Sebastian Abt; db-wg@ripe.net Subject: Re: [db-wg] abuse-c
This is useless other then some verification that on the time of creation somebody replied to one mail sent to that specific address. Unless you design an audit procedure to check the validity and response of the address at random intervals it doesn't add anything to check it on creation time except for extra time as the system waits for your reply.
Why do you say that its useless? As I understand some LIRs fear
On Tue, Jan 13, 2004 at 03:38:43PM +0100, Christian Rasmussen wrote: that invalid
email addresses might be entered, if so, the above procedure will not approve willnotwork@domain while a syntax check will.
As I said, the email address can be checked again if its changed - this way we can make sure that only valid email addresses received by the LIR are entered. What more do you want?
That the database user can 'trust' the LIR to actually respond to emails send to that address and not only when they change something and they have to respond to the test message sent by ripe.
Furthermore I still support the idea of abuse: being an attribute on either inet(6)num or mntner, with inetnum taking precedence over mntner. That means that with the verification method you propose the creation and updates of inetnum object depends on the speed my collegeaus from the abuse department handle their mail. So one or two customers sourcing a spam run can prevent me from keeping the database up-to-date.
But this will of course not say anything about general response time or if all other mails to the address is simply ignored.. But isn't that a completely different story?
It is, so you propose to add extra overhead without gaining anything from a user perspective other than that at some point in time somebody responded to 1 email.
Let's keep it at running a syntax check...
Why? Whats the disadvantage of the above procedure? It might require some ressources from Ripe NCC but I would say thats reasonable considering you will this way be sure email addresses entered are all valid. At least I would prefer this compared to keeping the current system because some might argue that the system discussed is not trustworthy.
You add resources without benifit. Basic economics apply, adding cost which doesn't increase your revenue is not a smart thing to do.
Grtx,
MarcoH