Hi Alessandro,
I just read Marco response to this thread (Marco thanks for the quick reaction
on it!), and also Angel response (so to avoid answering to several emails about
the same).
I guess all your other inputs are also relevant for the NCC.
In principle, I don't think all that should be part of the policy proposal, but
if the NCC seems otherwise, I'm happy to work with you/Angel/others to make
sure that we have captured correctly that and see what the WG believes.
Thanks!
Regards,
Jordi
@jordipalet
El 13/5/20 13:02, "anti-abuse-wg en nombre de Alessandro Vesely"
<anti-abuse-wg-boun...@ripe.net en nombre de ves...@tana.it> escribió:
Hi Jordy,
On Tue 12/May/2020 22:21:11 +0200 JORDI PALET MARTINEZ via anti-abuse-wg
wrote:
> El 12/5/20 19:26, "anti-abuse-wg en nombre de Alessandro Vesely"
<anti-abuse-wg-boun...@ripe.net en nombre de ves...@tana.it> escribió:
>
> I think it is more useful instead of removing the address, marking the
> record as invalid, and this is being done if I recall correctly from RIPE
> NCC presentations. Because it may be a temporary failure of the address,
so
> *not removing it* may bring it back in a subsequent verification.
If at all possible, I'd suggest to register a suitable RDAP JSON value for
the
relevant remark type, at IANA[*]. That would allow automated tools to
discard
the corresponding vcard entry.
ARIN write a remark, like so:
"remarks" : [
{
"description" : [
"ARIN has attempted to validate the data for this POC, but has
received no response from the POC since 2011-06-07"
],
"title" : "Unvalidated POC"
}
],
Such remark is not quite actionable, as it doesn't say which POC does not
work
(recall there are various arrays of vcards, only some of which are tagged
with
the "abuse" role.) Perhaps more importantly, it doesn't say if the invalid
nature of the mailbox was notified to the responsible organization, and such
notification acknowledged.
> [Jordi] I think both [actual validity and statistics] are useful to know.
Is
> the address valid/invalid. If valid, is this LIR processing abuse reports
or
> there is information escalated from the community that is not?
The latter datum is much more difficult to get right. I'd stick with an
invalid mark. If, say, email messages bounced since 2011, and the
organization
was promptly notified and shrugged, a loud and clear mark is well deserved.
> [Jordi] Totally agree. I still think ideally, we should have X-ARF as the
> single way to do all the abuse reporting. Not sure if this could be also
> connected to provide feedback to DNSBL, but I'm not convinced RIPE NCC (or
> any other RIR) could do that ... very difficult to reach consensus on that
> at the time being. The stats might prove that on the long term and then we
> can change our minds.
The format, like the actual handling of reports, is one or more levels
above.
As for a DNSBL, I keep reading that most data in the RIPE Database is
public.
Are there API to browse its content? Is it possible to maintain a
(filtered)
copy of it? If one could collect all the blocks whose abuse-c is marked as
invalid, she could then run a corresponding DNSBL. However, article 3 of
the
Terms and Conditions for Data Access[†] seems to disallow just that.
Best
Ale
--
[*] https://www.iana.org/assignments/rdap-json-values/rdap-json-values.xhtml
[†] https://labs.ripe.net/datarepository/conditions/basic
**********************************************
IPv4 is over
Are you ready for the new Internet ?
http://www.theipv6company.com
The IPv6 Company
This electronic message contains information which may be privileged or
confidential. The information is intended to be for the exclusive use of the
individual(s) named above and further non-explicilty authorized disclosure,
copying, distribution or use of the contents of this information, even if
partially, including attached files, is strictly prohibited and will be
considered a criminal offense. If you are not the intended recipient be aware
that any disclosure, copying, distribution or use of the contents of this
information, even if partially, including attached files, is strictly
prohibited, will be considered a criminal offense, so you must reply to the
original sender to inform about this communication and delete it.
