In message <DB7PR10MB2154B14808EEAB8E27A17FBFD6AD0@DB7PR10MB2154.EURPRD1 0.PROD.OUTLOOK.COM>, Elad Cohen <e...@netstyle.io> writes
[of RIPE NCC operating a centralised abuse reporting system] >To my opinion, this kind of anti-abuse system expense will be low and much >more >needed than many other expenses in the ~30M euros yearly expenses of Ripe. Since there is already an (to a large extent comparable) existing centralised system for handling abuse complaints it seems worthwhile to examine how well it actually works before suggesting that RIPE move into that business as well. Would you care to compare and contrast the effectiveness of the ICANN centralised system for handling some types of complaint relating to domain name usage with reporting directly to registries or registrars. Extra points for quantitative data. I've generally found the ICANN system to be useful only as a last resort and for it to be very slow and almost (albeit not entirely) useless. Also ... you might usefully seek out data from some of the large hosting organisations that choose to centralise their abuse reporting functions rather than generating very large numbers of whois entries (sometimes down to a /32) in the hope of deflecting complaints away from themselves (and of course with the laudible aim of ensuring that the complaints actually go to the organisation that actually knows which of their IPs corresponds to which physical device and has root access...) ie: you should show some evidence from existing systems that they work and bring benefits. I don't think you can ... but I keep an open mind. >There will be an API for the system with an option for email notifications >just >like abuse complaints are received in email messages now, so there will be no >overhead to your staff. Regarding the reporters - this overhead can protect >from >flood of automatic tools abuse complaints - if the reporter cannot fill a form >and solve a captcha then the abuse complaint is not important enough to him. I don't think you quite understand the scale at which many abuse detection systems identify activity which needs to be dealt with (and indeed will be dealt with in an extremely timely manner once a report has been made). Solving CAPTCHAs gets old very quickly. >Regarding the little to no value that you wrote, through this system there >will >be no spam of abuse, no spam to the abuse publicly visible email address, >there >will be an API to LIR's internal systems for them to better track and to >better >handle abuse complaints, there will be tracking if abuse complaints were >handled >and public visibility of the percentage (of unhandled abuse complaints) of >each >LIR, in Ripe website. This paragraph make me think that you have never been the receiver of email which has been generated as a result of filling in a web form... spam (and indeed abuse such as mail-bombing) is remarkably common. It is also extremely common for genuine reporters to fill in incorrect or incomplete information and making forms robust against this issue is extremely complex. viz: this type of system really does not work as well as you suggest. About the only plus to your idea is that it would generate a reliable source of stats -- otherwise, IMO, it has nothing to recommend it. -- richard Richard Clayton Those who would give up essential Liberty, to purchase a little temporary Safety, deserve neither Liberty nor Safety. Benjamin Franklin 11 Nov 1755
signature.asc
Description: PGP signature
