Re: [anti-abuse-wg] 2017-02: what does it achieve?
On 2017-09-25 18:33, Malcolm Hutty wrote: > Yes, I get that it will trigger on that. > > What I'm struggling with (I don't want to speak for Nick), is this: what > is the benefit of getting people to set it to a valid address that no > human reads, or no human capable of acting, over null or the various > null-equivalents you list? > > Who does that help? How? I want to second this question in light of the proposal from Malcolm on 2017-09-25 16:02 CEST to enact a different form of monitoring by the NCC, namely "a simple visualisation tool for the BGP routing table." It would be interesting to hear what are the pros and cons of this proposal, and opinions of the group with respect to the efficacy of such a measure given Europol's likely priorities. best regards, Amelia
Re: [anti-abuse-wg] 2017-02: what does it achieve?
On Mon, 25 Sep 2017 17:33:23 +0100 Malcolm Huttywrote: > What I'm struggling with (I don't want to speak for Nick), is this: > what is the benefit of getting people to set it to a valid address > that no human reads, or no human capable of acting, over null or the > various null-equivalents you list? > Who does that help? How? > > Michele said: > > In fact an auto-reply would be preferable to the black holes in many > > cases .. > > Can someone please explain why that is preferable, rather than merely > equivalent? > (Please don't just say "because it shows they have working e-mail". > What is the value of that, if nobody's reading it?) > there is an easy answer to your question. it depends what the goal is: 1. == if the goal is to test if there is email routing, dns is operational, etc - an autoresponder proves that. it has no real implications as someone could argue: but it responded, so it was received - but it could easily be argued that it is an auto response and it is also auto deleted - so no communications were ever received. 2. == if the goal is any sort of communication - or to know if the email address is real and functional, so that it could be used for communication - an autoresponder does not prove that. +++ a technical example of an auto responder, is also a bounce notice - example Subject Line: Subject: Mail delivery failed: returning message to sender or Subject: Auto Response etc. example auto response message: This message was created automatically by mail delivery software. or This message was created by an auto responder. The received message has been deleted. etc. so outcomes highlights goals. Andre
Re: [anti-abuse-wg] 2017-02: what does it achieve?
On 25/09/2017 16:41, Richard Clayton wrote: > In message <59c9148b.6010...@foobar.org>, Nick Hilliard >writes > >> So, to be clear, it would be fully policy compliant if someone: > >> - registers IP address space with the RIPE NCC, with contact information >> point to a PO box in Panama or BVI. >> - sets up an abuse mailbox with an autoresponder, where all emails are >> thrown into the bin >> - ignores all attempts at contact regarding abuse queries, whether from >> LEAs or not > >> If this is the case, what problem is this proposal trying to solve? > > #1 people who set the email address to nowh...@example.com [deleted list of similar brokenness] Yes, I get that it will trigger on that. What I'm struggling with (I don't want to speak for Nick), is this: what is the benefit of getting people to set it to a valid address that no human reads, or no human capable of acting, over null or the various null-equivalents you list? Who does that help? How? Michele said: > In fact an auto-reply would be preferable to the black holes in many > cases .. Can someone please explain why that is preferable, rather than merely equivalent? (Please don't just say "because it shows they have working e-mail". What is the value of that, if nobody's reading it?) Malcolm. -- Malcolm Hutty | tel: +44 20 7645 3523 Head of Public Affairs | Read the LINX Public Affairs blog London Internet Exchange | http://publicaffairs.linx.net/ London Internet Exchange Ltd Monument Place, 24 Monument Street London EC3R 8AJ Company Registered in England No. 3137929 Trinity Court, Trinity Street, Peterborough PE1 1DA
Re: [anti-abuse-wg] 2017-02: what does it achieve?
Richard Clayton wrote: > #1 people who set the email address to nowh...@example.com > > #2 people who set the email address to nowh...@unregistereddomain.com > > #3 people who used to own unregistereddomain.com but forgot that email > addresses are using that domain in a RIPE object > > #4 people whose company used to use ab...@branda.com but have moved to > ab...@brandb.com and now brandA.com is a black hole because the > forwarding doesn't work on the new server > > #5 people whose mail system is just broken > > #6 people who host their email at Google think that Google will deliver > email to an abuse desk even when that email contains bad URLs > > oops, I think the proposal doesn't cover #6 and should! because I see > this on a regular basis > > Nevertheless, it's surely some improvement if RIPE detects when abuse > contact details are unintentionally broken but testing once a year > for that (rather than every couple of months) doesn't seem to be > sufficiently often to me. Wouldn't using the existing ARC process work for #1-#4? Nick
Re: [anti-abuse-wg] 2017-02: what does it achieve?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 In message <59c9148b.6010...@foobar.org>, Nick Hilliardwrites >So, to be clear, it would be fully policy compliant if someone: > >- registers IP address space with the RIPE NCC, with contact information >point to a PO box in Panama or BVI. >- sets up an abuse mailbox with an autoresponder, where all emails are >thrown into the bin >- ignores all attempts at contact regarding abuse queries, whether from >LEAs or not > >If this is the case, what problem is this proposal trying to solve? #1 people who set the email address to nowh...@example.com #2 people who set the email address to nowh...@unregistereddomain.com #3 people who used to own unregistereddomain.com but forgot that email addresses are using that domain in a RIPE object #4 people whose company used to use ab...@branda.com but have moved to ab...@brandb.com and now brandA.com is a black hole because the forwarding doesn't work on the new server #5 people whose mail system is just broken #6 people who host their email at Google think that Google will deliver email to an abuse desk even when that email contains bad URLs oops, I think the proposal doesn't cover #6 and should! because I see this on a regular basis Nevertheless, it's surely some improvement if RIPE detects when abuse contact details are unintentionally broken but testing once a year for that (rather than every couple of months) doesn't seem to be sufficiently often to me. - -- richard Richard Clayton Those who would give up essential Liberty, to purchase a little temporary Safety, deserve neither Liberty nor Safety. Benjamin Franklin 11 Nov 1755 -BEGIN PGP SIGNATURE- Version: PGPsdk version 1.7.1 iQA/AwUBWckjpzu8z1Kouez7EQK2aQCgn0DyOnv3jVFb6YXXMiCJWzx8SmcAnRTr l3dYTZpK9zVTunxvHgz1IXUf =3Cxl -END PGP SIGNATURE-
Re: [anti-abuse-wg] 2017-02: what does it achieve?
A proposal to reclaim such IP space would be ideal --srs > On 25-Sep-2017, at 8:06 PM, Nick Hilliardwrote: > > - registers IP address space with the RIPE NCC, with contact information > point to a PO box in Panama or BVI. > - sets up an abuse mailbox with an autoresponder, where all emails are > thrown into the bin > - ignores all attempts at contact regarding abuse queries, whether from > LEAs or not
Re: [anti-abuse-wg] 2017-02: what does it achieve?
Nick, The point is: if there is an auto-responder, there won't be an absolute and definitive invalidity of the answer. But additional investigations would be conducted, of course. RIPE NCC Impact Analysis will cover these aspects. Hervé -Message d'origine- De : Nick Hilliard [mailto:n...@foobar.org] Envoyé : lundi 25 septembre 2017 16:37 À : CLEMENT Herve IMT/OLN Cc : Malcolm Hutty; anti-abuse-wg@ripe.net Objet : Re: [anti-abuse-wg] 2017-02: what does it achieve? herve.clem...@orange.com<mailto:herve.clem...@orange.com> wrote: > To be clear regarding the acceptability of the auto-responder: > > It refers to "If no valid reply is received by RIPE NCC within two > weeks (including if the email bounces back), the “abuse-mailbox:” > contact attribute will be marked as invalid" So, to be clear, it would be fully policy compliant if someone: - registers IP address space with the RIPE NCC, with contact information point to a PO box in Panama or BVI. - sets up an abuse mailbox with an autoresponder, where all emails are thrown into the bin - ignores all attempts at contact regarding abuse queries, whether from LEAs or not If this is the case, what problem is this proposal trying to solve? Nick _ Ce message et ses pieces jointes peuvent contenir des informations confidentielles ou privilegiees et ne doivent donc pas etre diffuses, exploites ou copies sans autorisation. Si vous avez recu ce message par erreur, veuillez le signaler a l'expediteur et le detruire ainsi que les pieces jointes. Les messages electroniques etant susceptibles d'alteration, Orange decline toute responsabilite si ce message a ete altere, deforme ou falsifie. Merci. This message and its attachments may contain confidential or privileged information that may be protected by law; they should not be distributed, used or copied without authorisation. If you have received this email in error, please notify the sender and delete this message and its attachments. As emails may be altered, Orange is not liable for messages that have been modified, changed or falsified. Thank you.
Re: [anti-abuse-wg] 2017-02: what does it achieve?
herve.clem...@orange.com wrote: > To be clear regarding the acceptability of the auto-responder: > > It refers to "If no valid reply is received by RIPE NCC within two weeks > (including if the email bounces back), the “abuse-mailbox:” contact > attribute will be marked as invalid" So, to be clear, it would be fully policy compliant if someone: - registers IP address space with the RIPE NCC, with contact information point to a PO box in Panama or BVI. - sets up an abuse mailbox with an autoresponder, where all emails are thrown into the bin - ignores all attempts at contact regarding abuse queries, whether from LEAs or not If this is the case, what problem is this proposal trying to solve? Nick
Re: [anti-abuse-wg] 2017-02: what does it achieve?
On 25/09/2017 14:26, herve.clem...@orange.com wrote: > With regard to your first scenario, the auto-answer you mention can be > considered as a valid reply, and the "support service" would help to > proceed with the abuse report. Hervé, Thank you for your reply. If an autoresponder directing the enquirer to go read a FAQ, and possibly submit a web ticket, is deemed compliant with this policy it seems unlikely to do much harm, albeit equally unlikely to do anything terribly useful. I still think Gregory's/Europol's needs would be better addressed by asking the NCC to provide a simple visualisation tool for the BGP routing table that enabled investigators to easily discover for a given network that was targetted for investigation which other network was providing the transit. I strongly suspect that for most of the suspect networks Europol has difficulty pinning down there is a very small number (maybe even only one) much larger, more reputable, and more easily found located network operator who would also be much more willing to be cooperative - and the only thing standing in the way of Europol making such an approach is difficulty in inspecting routing and visualising these relationships. That may not provide a perfect solutions in all cases, but neither will asking the NCC to validate data submitted by a small number of organisations that wish to conceal/lie about their data, hiding in amongst a large number of organisations that fail to maintain their data for less nefarious reasons. Malcolm. -- Malcolm Hutty | tel: +44 20 7645 3523 Head of Public Affairs | Read the LINX Public Affairs blog London Internet Exchange | http://publicaffairs.linx.net/ London Internet Exchange Ltd Monument Place, 24 Monument Street London EC3R 8AJ Company Registered in England No. 3137929 Trinity Court, Trinity Street, Peterborough PE1 1DA
Re: [anti-abuse-wg] 2017-02: what does it achieve?
Andre writes: > probably, yes. if ai is advanced enough to deal with incoming > communications in an acceptable fashion, this will be just fine. > - your trust in your ai would be most commendable and as imho, ai will >be running everything in a few years anyway, this is perfectly >acceptable Andre, please accept my apologies for writing about the "Turing test", it was meant lightheartedly but has confused the issue. It is my fault for being flippant. I didn't envisage that a true AI would handle would such enquiries. I was pointing out two areas that are problematic, separately: 1. The RIPE NCC may not recognise an auto-responder when they see it, if it has been tailored to them specifically (and to achieving a formal but spurious compliance); and 2. A response by a real human being may be just useless as a bounce message, if constrained by policy. That is to say, if all the human is permitted to do is choose from a small range of stock responses (such as directing the person making the enquiry to some pre-written FAQ) then this is equivalent to an autoresponder, so why prohibit (deem non-compliant) only the automated response? However from Hervé's reply I see that a less ambitious bar is being set, and an autoresponder is acceptable, whether a human autoresponder or a software one. I have my doubts that this really achieves anything useful, but at least it is clear. On 25/09/2017 11:34, ox wrote: > On Mon, 25 Sep 2017 10:55:09 +0100 > Malcolm Huttywrote: >> Scenario 1: An LIR directs e-mail sent to their abuse-cc: address to >> an auto-responder that says "This mailbox is not monitored by a human >> being", and advises on alternate "support services" (e.g. a FAQ, a >> webform that feeds a ticketing system etc). Is RIPE NCC intended to >> mark the attribute as invalid in this scenario? >> > there is no point to have an email address that does not exist or is not > monitored. > > if or when email ever stops working and is replaced by alternate "support > services" > this will be a good timeTM to accept non monitored email addresses > > but to granularly define generally accepted forms of communications, > is pointless as there will always be a good reason for whatever form of > communication, to not be suitable or acceptable to someone. > > take mobile, or phone numbers, it can easily be argued "but i am not > available to take calls" or whatever... - everything always has > exceptions, it is whether those exceptions are generally reasonable or not > and/or generally acceptable. > > >> Scenario 2: An LIR filters incoming e-mail sent to their abuse-cc: >> address. Email from RIPE NCC gets "priority treatment", i.e. is >> directed to someone who passes a Turing test administered by the NCC. >> E-mail from anyone else gets the same treatment as in scenario 1. >> >> Is Scenario 2 compliant with the policy? If not, how is RIPE NCC >> supposed to know to mark the attribute as invalid? What tests are the >> NCC supposed to administer? And what must an LIR do to pass them? >> > probably, yes. if ai is advanced enough to deal with incoming > communications in an acceptable fashion, this will be just fine. > > ianal but, there are legal implications, if your ai receives x notice, > replies, etc. > > - your trust in your ai would be most commendable and as imho, ai will >be running everything in a few years anyway, this is perfectly >acceptable :) > > > Andre > -- Malcolm Hutty | tel: +44 20 7645 3523 Head of Public Affairs | Read the LINX Public Affairs blog London Internet Exchange | http://publicaffairs.linx.net/ London Internet Exchange Ltd Monument Place, 24 Monument Street London EC3R 8AJ Company Registered in England No. 3137929 Trinity Court, Trinity Street, Peterborough PE1 1DA
Re: [anti-abuse-wg] 2017-02: what does it achieve?
On Mon, 25 Sep 2017 10:55:09 +0100 Malcolm Huttywrote: > Scenario 1: An LIR directs e-mail sent to their abuse-cc: address to > an auto-responder that says "This mailbox is not monitored by a human > being", and advises on alternate "support services" (e.g. a FAQ, a > webform that feeds a ticketing system etc). Is RIPE NCC intended to > mark the attribute as invalid in this scenario? > there is no point to have an email address that does not exist or is not monitored. if or when email ever stops working and is replaced by alternate "support services" this will be a good timeTM to accept non monitored email addresses but to granularly define generally accepted forms of communications, is pointless as there will always be a good reason for whatever form of communication, to not be suitable or acceptable to someone. take mobile, or phone numbers, it can easily be argued "but i am not available to take calls" or whatever... - everything always has exceptions, it is whether those exceptions are generally reasonable or not and/or generally acceptable. > Scenario 2: An LIR filters incoming e-mail sent to their abuse-cc: > address. Email from RIPE NCC gets "priority treatment", i.e. is > directed to someone who passes a Turing test administered by the NCC. > E-mail from anyone else gets the same treatment as in scenario 1. > > Is Scenario 2 compliant with the policy? If not, how is RIPE NCC > supposed to know to mark the attribute as invalid? What tests are the > NCC supposed to administer? And what must an LIR do to pass them? > probably, yes. if ai is advanced enough to deal with incoming communications in an acceptable fashion, this will be just fine. ianal but, there are legal implications, if your ai receives x notice, replies, etc. - your trust in your ai would be most commendable and as imho, ai will be running everything in a few years anyway, this is perfectly acceptable :) Andre
[anti-abuse-wg] 2017-02: what does it achieve?
I would like to clarify the effect of this proposal. The proposal states: "The RIPE NCC will validate the “abuse-mailbox:” attribute at least annually. If no valid reply is received by RIPE NCC within two weeks (including if the email bounces back), the “abuse-mailbox:” contact attribute will be marked as invalid." Scenario 1: An LIR directs e-mail sent to their abuse-cc: address to an auto-responder that says "This mailbox is not monitored by a human being", and advises on alternate "support services" (e.g. a FAQ, a webform that feeds a ticketing system etc). Is RIPE NCC intended to mark the attribute as invalid in this scenario? Scenario 2: An LIR filters incoming e-mail sent to their abuse-cc: address. Email from RIPE NCC gets "priority treatment", i.e. is directed to someone who passes a Turing test administered by the NCC. E-mail from anyone else gets the same treatment as in scenario 1. Is Scenario 2 compliant with the policy? If not, how is RIPE NCC supposed to know to mark the attribute as invalid? What tests are the NCC supposed to administer? And what must an LIR do to pass them? Malcolm. -- Malcolm Hutty | tel: +44 20 7645 3523 Head of Public Affairs | Read the LINX Public Affairs blog London Internet Exchange | http://publicaffairs.linx.net/ London Internet Exchange Ltd Monument Place, 24 Monument Street London EC3R 8AJ Company Registered in England No. 3137929 Trinity Court, Trinity Street, Peterborough PE1 1DA