We had to deal with 40+ invalid abuse contacts only for resources
registered to German holders in the past three months.
Most messages bounced with "user unknown".
We tried to reach out to the resource holders to get the invalid
abuse contacts fixed. If that failed, we reported the case to
RIPE NCC. With their assistance, a lot of additional cases could
be solved (thanks!).
It turned out that most of the contacts were not invalid because
the resource holders wanted to ignore reporting of abuse but due to
technical problems or the contact set to a personal mailbox of
someone who had left the organization. Many resource holders were
glad to be notified of the problem.
So while I'd still prefer a validation process that requires
human interaction to make sure messages sent to the abuse contacts
are actually read and processed, an automated check if the mailbox
exists at all would already help a lot.
I'd be glad if this automated check just for the existence of the
abuse mailbox could be done not only annually but probably even
twice or four times a year.
- Thomas
CERT-Bund Incident Response & Malware Analysis Team
On 20.03.2018 13:54, Gert Doering wrote:
> Hi,
>
> On Tue, Mar 20, 2018 at 01:23:18PM +0100, Janos Zsako wrote:
>> At the same time, I do see some benefit in checking regularly the provided
>> e-mail address, because I am convinced that there will always be cases where
>> people simply forget to update the database. If they are reminded, they will
>> be happy to correct it.
>
> This is actually some benefit I see here - the NCC already does the
> ARC in regular intervals, so including abuse-c: in "please check that
> these are still correct" would be useful to help "those that do care but
> overlooked a necessary update".
>
> (Right now, the NCC will already ensure that contacts are correct if they
> receive a complaint from someone that contact data is wrong)
>
> So, still not really able to make up my mind whether I support or oppose
> this - staying neutral.
>
> Gert Doering
> -- NetMaster
>
