subject:"Re\: \[anti\-abuse\-wg\] Abuse Report ignored. What to do as next\?"

I would never say you didn’t handle abuse reports. The question is whether that 
applies to each and every member in the ripe region.

Even if a fraction of a percent of members or LIRs are affected by such a 
policy .. that is like saying there mustn’t be any speed limit because you are 
a careful and safe driver.

--srs

From: anti-abuse-wg  on behalf of Gert Doering 

Sent: Thursday, November 30, 2023 7:51:20 PM
To: Serge Droz 
Cc: anti-abuse-wg@ripe.net 
Subject: Re: [anti-abuse-wg] Abuse Report ignored. What to do as next?

Hi,

On Thu, Nov 30, 2023 at 09:53:54AM +0100, Serge Droz via anti-abuse-wg wrote:
> And as long as this group cannot come up with a compromise nothing will
> change, in essence the anti-abuse wg is taken hostage by the nay sayers.
> These discussions have been going on for years. Nothing new has come out.

I'd argue the attention budget of the anti-abuse WG is taken hostage by
people bringing the same non-acceptable proposal back again and again...

Let me repeat that we *do* handle our abuse reports, man our abuse mail
address, and *do* like having working abuse contacts in the RIPE DB - it's
just that this proposal at hand will do just plain nothing to improve
the situation, while at the same hand annoying (and putting at potential
risk if something slips) those that already do the right thing.

No positive effect, but measurable drawbacks, so not a good way forward,
no matter how often this is re-started.

Gert Doering
-- NetMaster
--
have you enabled IPv6 on something today...?

SpaceNet AG  Vorstand: Sebastian v. Bomhard, Michael Emmer
Joseph-Dollinger-Bogen 14Aufsichtsratsvors.: A. Grundner-Culemann
D-80807 Muenchen HRB: 136055 (AG Muenchen)
Tel: +49 (0)89/32356-444 USt-IdNr.: DE813185279
-- 

To unsubscribe from this mailing list, get a password reminder, or change your 
subscription options, please visit: 
https://lists.ripe.net/mailman/listinfo/anti-abuse-wg

Re: [anti-abuse-wg] Abuse Report ignored. What to do as next?

2023-11-30 Thread Laura Atkins



> On 30 Nov 2023, at 12:38, Leo Vegoda  wrote:
> 
> On Thu, 30 Nov 2023 at 13:16, Alessandro Vesely  wrote:
>> 
>> On Thu 30/Nov/2023 12:40:46 +0100 Laura Atkins wrote:
>>> What happens if / when someone doesn’t?
>> 
>> A minimal, yet useful reaction would be to remove their abuse PoC from RDAP
>> pages.  If the convention is clear that network operators without abuse-c are
>> non-responders, it is easy for all the others to add the corresponding IPs to
>> their drop lists.  Ripe NCC could even distribute non-responders lists.
>> 
>> A motion to reclaim wasted resources can be set up at a later time.
> 
> Publishing factual data that others can use to inform their own
> decision making processes seems quite different from reclaiming
> resources. A more productive path to evaluate.


The question is: how much will it cost to do this and how much will it actually 
improve anything?

laura 

-- 
The Delivery Expert

Laura Atkins
Word to the Wise
la...@wordtothewise.com

Delivery hints and commentary: http://wordtothewise.com/blog






-- 

To unsubscribe from this mailing list, get a password reminder, or change your 
subscription options, please visit: 
https://lists.ripe.net/mailman/listinfo/anti-abuse-wg

Re: [anti-abuse-wg] Abuse Report ignored. What to do as next?

2023-11-30 Thread Gert Doering

Hi,

On Thu, Nov 30, 2023 at 09:53:54AM +0100, Serge Droz via anti-abuse-wg wrote:
> And as long as this group cannot come up with a compromise nothing will
> change, in essence the anti-abuse wg is taken hostage by the nay sayers.
> These discussions have been going on for years. Nothing new has come out.

I'd argue the attention budget of the anti-abuse WG is taken hostage by
people bringing the same non-acceptable proposal back again and again...

Let me repeat that we *do* handle our abuse reports, man our abuse mail
address, and *do* like having working abuse contacts in the RIPE DB - it's
just that this proposal at hand will do just plain nothing to improve
the situation, while at the same hand annoying (and putting at potential
risk if something slips) those that already do the right thing.

No positive effect, but measurable drawbacks, so not a good way forward,
no matter how often this is re-started.

Gert Doering
-- NetMaster
-- 
have you enabled IPv6 on something today...?

SpaceNet AG  Vorstand: Sebastian v. Bomhard, Michael Emmer
Joseph-Dollinger-Bogen 14Aufsichtsratsvors.: A. Grundner-Culemann
D-80807 Muenchen HRB: 136055 (AG Muenchen)
Tel: +49 (0)89/32356-444 USt-IdNr.: DE813185279

signature.asc
Description: PGP signature
-- 

To unsubscribe from this mailing list, get a password reminder, or change your 
subscription options, please visit: 
https://lists.ripe.net/mailman/listinfo/anti-abuse-wg

Re: [anti-abuse-wg] Abuse Report ignored. What to do as next?

As long as you publish it

--srs

From: anti-abuse-wg  on behalf of Leo Vegoda 

Sent: Thursday, November 30, 2023 6:08:59 PM
To: Alessandro Vesely 
Cc: anti-abuse-wg@ripe.net 
Subject: Re: [anti-abuse-wg] Abuse Report ignored. What to do as next?

On Thu, 30 Nov 2023 at 13:16, Alessandro Vesely  wrote:
>
> On Thu 30/Nov/2023 12:40:46 +0100 Laura Atkins wrote:
> > What happens if / when someone doesn’t?
>
> A minimal, yet useful reaction would be to remove their abuse PoC from RDAP
> pages.  If the convention is clear that network operators without abuse-c are
> non-responders, it is easy for all the others to add the corresponding IPs to
> their drop lists.  Ripe NCC could even distribute non-responders lists.
>
> A motion to reclaim wasted resources can be set up at a later time.

Publishing factual data that others can use to inform their own
decision making processes seems quite different from reclaiming
resources. A more productive path to evaluate.

Thanks,

Leo

--

To unsubscribe from this mailing list, get a password reminder, or change your 
subscription options, please visit: 
https://lists.ripe.net/mailman/listinfo/anti-abuse-wg
-- 

To unsubscribe from this mailing list, get a password reminder, or change your 
subscription options, please visit: 
https://lists.ripe.net/mailman/listinfo/anti-abuse-wg

Re: [anti-abuse-wg] Abuse Report ignored. What to do as next?

2023-11-30 Thread Leo Vegoda

On Thu, 30 Nov 2023 at 13:16, Alessandro Vesely  wrote:
>
> On Thu 30/Nov/2023 12:40:46 +0100 Laura Atkins wrote:
> > What happens if / when someone doesn’t?
>
> A minimal, yet useful reaction would be to remove their abuse PoC from RDAP
> pages.  If the convention is clear that network operators without abuse-c are
> non-responders, it is easy for all the others to add the corresponding IPs to
> their drop lists.  Ripe NCC could even distribute non-responders lists.
>
> A motion to reclaim wasted resources can be set up at a later time.

Publishing factual data that others can use to inform their own
decision making processes seems quite different from reclaiming
resources. A more productive path to evaluate.

Thanks,

Leo

-- 

To unsubscribe from this mailing list, get a password reminder, or change your 
subscription options, please visit: 
https://lists.ripe.net/mailman/listinfo/anti-abuse-wg

Re: [anti-abuse-wg] Abuse Report ignored. What to do as next?

2023-11-30 Thread Alessandro Vesely

On Thu 30/Nov/2023 12:40:46 +0100 Laura Atkins wrote:

What happens if / when someone doesn’t?

A minimal, yet useful reaction would be to remove their abuse PoC from RDAP
pages. If the convention is clear that network operators without abuse-c are
non-responders, it is easy for all the others to add the corresponding IPs to
their drop lists. Ripe NCC could even distribute non-responders lists.

A motion to reclaim wasted resources can be set up at a later time.

Best
Ale

On 30 Nov 2023, at 10:47, Matthias Merkel wrote:

The proposal is to send verification emails to abuse mailboxes and have a
link in them clicked, right? I would have no objection to that.

Is there more that is being proposed in this proposal specifically?

—
Maria Merkel

This email was sent by [company]. Any statements contained in this email are
personal to the author and are not necessarily the statements of the company
unless specifically stated.

Novecore and Staclar are collective trading names of Novecore Ltd.,
registered in England and Wales under company number 11748197, Novecore
Licensing Ltd., registered in England and Wales under company number
11544982, Staclar Carrier Ltd., registered in England and Wales under company
number 12219686, Staclar Financial Services Ltd., registered in England and
Wales under company number 13843292 (registered offices 54 Portland Place,
London, UK, W1B 1DY); Novecore Professional Services Ltd., registered in
England and Wales under company number 13965912 (registered office 13
Freeland Park, Wareham Road, Poole, UK, BH16 6FA); Novecore (Estonia) OÜ,
registered in Estonia under registry code 16543205 (local contact Baltic
Business Services OÜ, Narva mnt 5, 10117 Tallinn, Estonia); Novecore (USA)
Inc., registered in Delaware under file number 6707907, Novecore Licensing
(USA) LLC, registered in Delaware under file number 4030866, and Staclar,
Inc., registered in Delaware under file number 7413401 (registered agents The
Corporation Trust Company, Corporation Trust Center, 1209 Orange St,
Wilmington DE 19801, USA). Novecore Licensing Ltd. is registered for VAT in
the United Kingdom under VAT registration number 347 4545 80. Novecore
(Estonia) OÜ is registered for VAT in the European Union under VAT
registration number EE102518979. Novecore Professional Services Ltd. is a
trust or company service provider registered with and supervised by HM
Revenue & Customs under the Money Laundering, Terrorist Financing and
Transfer of Funds (Information on the Payer) Regulations 2017 (registration
number XMML0178208). Staclar Financial Services Ltd. is an Annex 1
financial institution registered with and supervised by the Financial Conduct
Authority under the Money Laundering, Terrorist Financing and Transfer of
Funds (Information on the Payer) Regulations 2017 (firm reference number
989521). Registration is not equivalent to authorisation and is not an
endorsement to do business with a firm. Staclar Financial Services Ltd. is
not an authorised person within the meaning of the Financial Services and
Markets Act 2000 and does not review, approve, or endorse financial
promotions for securities issues it is involved in or provide any form of
investment advice.

Sent from Front
On November 30, 2023 at 11:45 AM GMT+1 ops.li...@gmail.com
<mailto:ops.li...@gmail.com> wrote:

There is somewhat more being proposed than that bare minimum of due
diligence but none of this makes ripe ncc a regulator any more than a
pharmacist verifying a prescription becomes the FDA

--srs
---
*From:* Matthias Merkel <mailto:matthias.mer...@staclar.com>>

*Sent:* Thursday, November 30, 2023 4:03:07 PM
*To:* Suresh Ramasubramanian <mailto:ops.li...@gmail.com>>; Leo Vegoda <mailto:l...@vegoda.org>>
*Cc:* anti-abuse-wg@ripe.net <mailto:anti-abuse-wg@ripe.net>
mailto:anti-abuse-wg@ripe.net>>

*Subject:* Re: [anti-abuse-wg] Abuse Report ignored. What to do as next?
I have already noted that I have no objections to a proposal solely to
verify abuse mailbox functionality, but that we should be careful adding
anything further. Perhaps I wasn't clear enough in this:

Arguably a proposal to simply require verification of the abuse mailbox
does not make the NCC a regulator (and, in fact, I think the NCC already
does this with ASNs), but I do not see how this would be an effective
measure.

Making further requirements would make the NCC a regulator, and this may
be dangerous precedent.

Regarding the potential that government regulators will put rules in place
if we don't, I don't think this is a big concern here. Many governments
already do have those rules and already supervise network operators in their
countries. The issue in this specific case is that some countries simply
don't care, and do not have laws or regulations around

Re: [anti-abuse-wg] Abuse Report ignored. What to do as next?

2023-11-30 Thread Laura Atkins

What happens if / when someone doesn’t? 

laura 



> On 30 Nov 2023, at 10:47, Matthias Merkel  wrote:
> 
> The proposal is to send verification emails to abuse mailboxes and have a 
> link in them clicked, right? I would have no objection to that.
> 
> Is there more that is being proposed in this proposal specifically?
> 
> —
> Maria Merkel
> 
> 
> This email was sent by [company]. Any statements contained in this email are 
> personal to the author and are not necessarily the statements of the company 
> unless specifically stated.
> 
> Novecore and Staclar are collective trading names of Novecore Ltd., 
> registered in England and Wales under company number 11748197, Novecore 
> Licensing Ltd., registered in England and Wales under company number 
> 11544982, Staclar Carrier Ltd., registered in England and Wales under company 
> number 12219686, Staclar Financial Services Ltd., registered in England and 
> Wales under company number 13843292 (registered offices 54 Portland Place, 
> London, UK, W1B 1DY); Novecore Professional Services Ltd., registered in 
> England and Wales under company number 13965912 (registered office 13 
> Freeland Park, Wareham Road, Poole, UK, BH16 6FA); Novecore (Estonia) OÜ, 
> registered in Estonia under registry code 16543205 (local contact Baltic 
> Business Services OÜ, Narva mnt 5, 10117 Tallinn, Estonia); Novecore (USA) 
> Inc., registered in Delaware under file number 6707907, Novecore Licensing 
> (USA) LLC, registered in Delaware under file number 4030866, and Staclar, 
> Inc., registered in Delaware under file number 7413401 (registered agents The 
> Corporation Trust Company, Corporation Trust Center, 1209 Orange St, 
> Wilmington DE 19801, USA). Novecore Licensing Ltd. is registered for VAT in 
> the United Kingdom under VAT registration number 347 4545 80. Novecore 
> (Estonia) OÜ is registered for VAT in the European Union under VAT 
> registration number EE102518979. Novecore Professional Services Ltd. is a 
> trust or company service provider registered with and supervised by HM 
> Revenue & Customs under the Money Laundering, Terrorist Financing and 
> Transfer of Funds (Information on the Payer) Regulations 2017 (registration 
> number XMML0178208). Staclar Financial Services Ltd. is an Annex 1 
> financial institution registered with and supervised by the Financial Conduct 
> Authority under the Money Laundering, Terrorist Financing and Transfer of 
> Funds (Information on the Payer) Regulations 2017 (firm reference number 
> 989521). Registration is not equivalent to authorisation and is not an 
> endorsement to do business with a firm. Staclar Financial Services Ltd. is 
> not an authorised person within the meaning of the Financial Services and 
> Markets Act 2000 and does not review, approve, or endorse financial 
> promotions for securities issues it is involved in or provide any form of 
> investment advice.
> 
>> On November 30, 2023 at 11:45 AM GMT+1 ops.li...@gmail.com 
>> <mailto:ops.li...@gmail.com> wrote:
>> 
>> There is somewhat more being proposed than that bare minimum of due 
>> diligence but none of this makes ripe ncc a regulator any more than a 
>> pharmacist verifying a prescription becomes the FDA
>> 
>> --srs
>> From: Matthias Merkel > <mailto:matthias.mer...@staclar.com>>
>> Sent: Thursday, November 30, 2023 4:03:07 PM
>> To: Suresh Ramasubramanian > <mailto:ops.li...@gmail.com>>; Leo Vegoda > <mailto:l...@vegoda.org>>
>> Cc: anti-abuse-wg@ripe.net <mailto:anti-abuse-wg@ripe.net> 
>> mailto:anti-abuse-wg@ripe.net>>
>> Subject: Re: [anti-abuse-wg] Abuse Report ignored. What to do as next?
>>  
>> I have already noted that I have no objections to a proposal solely to 
>> verify abuse mailbox functionality, but that we should be careful adding 
>> anything further. Perhaps I wasn't clear enough in this:
>> Arguably a proposal to simply require verification of the abuse mailbox does 
>> not make the NCC a regulator (and, in fact, I think the NCC already does 
>> this with ASNs), but I do not see how this would be an effective measure. 
>> 
>> Making further requirements would make the NCC a regulator, and this may be 
>> dangerous precedent. 
>> 
>> Regarding the potential that government regulators will put rules in place 
>> if we don't, I don't think this is a big concern here. Many governments 
>> already do have those rules and already supervise network operators in their 
>> countries. The issue in this specific case is that some countries simply 
>> don't care, and do not have laws or regulations around the issue.
>> 
>> —
>> Maria

Re: [anti-abuse-wg] Abuse Report ignored. What to do as next?

The proposal is to send verification emails to abuse mailboxes and have a link 
in them clicked, right? I would have no objection to that.

Is there more that is being proposed in this proposal specifically?

—
Maria Merkel
[https://cdn.staclar.com/logos/novecore/newlogo.png]

This email was sent by [company]. Any statements contained in this email are 
personal to the author and are not necessarily the statements of the company 
unless specifically stated.

Novecore and Staclar are collective trading names of Novecore Ltd., registered 
in England and Wales under company number 11748197, Novecore Licensing Ltd., 
registered in England and Wales under company number 11544982, Staclar Carrier 
Ltd., registered in England and Wales under company number 12219686, Staclar 
Financial Services Ltd., registered in England and Wales under company number 
13843292 (registered offices 54 Portland Place, London, UK, W1B 1DY); Novecore 
Professional Services Ltd., registered in England and Wales under company 
number 13965912 (registered office 13 Freeland Park, Wareham Road, Poole, UK, 
BH16 6FA); Novecore (Estonia) OÜ, registered in Estonia under registry code 
16543205 (local contact Baltic Business Services OÜ, Narva mnt 5, 10117 
Tallinn, Estonia); Novecore (USA) Inc., registered in Delaware under file 
number 6707907, Novecore Licensing (USA) LLC, registered in Delaware under file 
number 4030866, and Staclar, Inc., registered in Delaware under file number 
7413401 (registered agents The Corporation Trust Company, Corporation Trust 
Center, 1209 Orange St, Wilmington DE 19801, USA). Novecore Licensing Ltd. is 
registered for VAT in the United Kingdom under VAT registration number 347 4545 
80. Novecore (Estonia) OÜ is registered for VAT in the European Union under VAT 
registration number EE102518979. Novecore Professional Services Ltd. is a trust 
or company service provider registered with and supervised by HM Revenue & 
Customs under the Money Laundering, Terrorist Financing and Transfer of Funds 
(Information on the Payer) Regulations 2017 (registration number 
XMML0178208). Staclar Financial Services Ltd. is an Annex 1 financial 
institution registered with and supervised by the Financial Conduct Authority 
under the Money Laundering, Terrorist Financing and Transfer of Funds 
(Information on the Payer) Regulations 2017 (firm reference number 989521). 
Registration is not equivalent to authorisation and is not an endorsement to do 
business with a firm. Staclar Financial Services Ltd. is not an authorised 
person within the meaning of the Financial Services and Markets Act 2000 and 
does not review, approve, or endorse financial promotions for securities issues 
it is involved in or provide any form of investment advice.
[Sent from Front]
On November 30, 2023 at 11:45 AM GMT+1 
ops.li...@gmail.com<mailto:ops.li...@gmail.com> wrote:

There is somewhat more being proposed than that bare minimum of due diligence 
but none of this makes ripe ncc a regulator any more than a pharmacist 
verifying a prescription becomes the FDA

--srs

From: Matthias Merkel 
mailto:matthias.mer...@staclar.com>>
Sent: Thursday, November 30, 2023 4:03:07 PM
To: Suresh Ramasubramanian mailto:ops.li...@gmail.com>>; 
Leo Vegoda mailto:l...@vegoda.org>>
Cc: anti-abuse-wg@ripe.net<mailto:anti-abuse-wg@ripe.net> 
mailto:anti-abuse-wg@ripe.net>>
Subject: Re: [anti-abuse-wg] Abuse Report ignored. What to do as next?

I have already noted that I have no objections to a proposal solely to verify 
abuse mailbox functionality, but that we should be careful adding anything 
further. Perhaps I wasn't clear enough in this:
Arguably a proposal to simply require verification of the abuse mailbox does 
not make the NCC a regulator (and, in fact, I think the NCC already does this 
with ASNs), but I do not see how this would be an effective measure.

Making further requirements would make the NCC a regulator, and this may be 
dangerous precedent.

Regarding the potential that government regulators will put rules in place if 
we don't, I don't think this is a big concern here. Many governments already do 
have those rules and already supervise network operators in their countries. 
The issue in this specific case is that some countries simply don't care, and 
do not have laws or regulations around the issue.

—
Maria Merkel
[https://cdn.staclar.com/logos/novecore/newlogo.png]

This email was sent by [company]. Any statements contained in this email are 
personal to the author and are not necessarily the statements of the company 
unless specifically stated.

Novecore and Staclar are collective trading names of Novecore Ltd., registered 
in England and Wales under company number 11748197, Novecore Licensing Ltd., 
registered in England and Wales under company number 11544982, Staclar Carrier 
Ltd., registered in England and Wales under company number 12219686, Staclar 
Financ

Re: [anti-abuse-wg] Abuse Report ignored. What to do as next?

There is somewhat more being proposed than that bare minimum of due diligence 
but none of this makes ripe ncc a regulator any more than a pharmacist 
verifying a prescription becomes the FDA

--srs

From: Matthias Merkel 
Sent: Thursday, November 30, 2023 4:03:07 PM
To: Suresh Ramasubramanian ; Leo Vegoda 
Cc: anti-abuse-wg@ripe.net 
Subject: Re: [anti-abuse-wg] Abuse Report ignored. What to do as next?

I have already noted that I have no objections to a proposal solely to verify 
abuse mailbox functionality, but that we should be careful adding anything 
further. Perhaps I wasn't clear enough in this:
Arguably a proposal to simply require verification of the abuse mailbox does 
not make the NCC a regulator (and, in fact, I think the NCC already does this 
with ASNs), but I do not see how this would be an effective measure.

Making further requirements would make the NCC a regulator, and this may be 
dangerous precedent.

Regarding the potential that government regulators will put rules in place if 
we don't, I don't think this is a big concern here. Many governments already do 
have those rules and already supervise network operators in their countries. 
The issue in this specific case is that some countries simply don't care, and 
do not have laws or regulations around the issue.

—
Maria Merkel
[https://cdn.staclar.com/logos/novecore/newlogo.png]

This email was sent by [company]. Any statements contained in this email are 
personal to the author and are not necessarily the statements of the company 
unless specifically stated.

Novecore and Staclar are collective trading names of Novecore Ltd., registered 
in England and Wales under company number 11748197, Novecore Licensing Ltd., 
registered in England and Wales under company number 11544982, Staclar Carrier 
Ltd., registered in England and Wales under company number 12219686, Staclar 
Financial Services Ltd., registered in England and Wales under company number 
13843292 (registered offices 54 Portland Place, London, UK, W1B 1DY); Novecore 
Professional Services Ltd., registered in England and Wales under company 
number 13965912 (registered office 13 Freeland Park, Wareham Road, Poole, UK, 
BH16 6FA); Novecore (Estonia) OÜ, registered in Estonia under registry code 
16543205 (local contact Baltic Business Services OÜ, Narva mnt 5, 10117 
Tallinn, Estonia); Novecore (USA) Inc., registered in Delaware under file 
number 6707907, Novecore Licensing (USA) LLC, registered in Delaware under file 
number 4030866, and Staclar, Inc., registered in Delaware under file number 
7413401 (registered agents The Corporation Trust Company, Corporation Trust 
Center, 1209 Orange St, Wilmington DE 19801, USA). Novecore Licensing Ltd. is 
registered for VAT in the United Kingdom under VAT registration number 347 4545 
80. Novecore (Estonia) OÜ is registered for VAT in the European Union under VAT 
registration number EE102518979. Novecore Professional Services Ltd. is a trust 
or company service provider registered with and supervised by HM Revenue & 
Customs under the Money Laundering, Terrorist Financing and Transfer of Funds 
(Information on the Payer) Regulations 2017 (registration number 
XMML0178208). Staclar Financial Services Ltd. is an Annex 1 financial 
institution registered with and supervised by the Financial Conduct Authority 
under the Money Laundering, Terrorist Financing and Transfer of Funds 
(Information on the Payer) Regulations 2017 (firm reference number 989521). 
Registration is not equivalent to authorisation and is not an endorsement to do 
business with a firm. Staclar Financial Services Ltd. is not an authorised 
person within the meaning of the Financial Services and Markets Act 2000 and 
does not review, approve, or endorse financial promotions for securities issues 
it is involved in or provide any form of investment advice.
[Sent from Front]
On November 30, 2023 at 11:25 AM GMT+1 
ops.li...@gmail.com<mailto:ops.li...@gmail.com> wrote:

This is simply an ongoing verification that the justification and other 
paperwork which were used to allocate the numbers are reasonable and correct

Consensus tends to work in strange ways - and room packing isn’t unknown if you 
see the example I cited

--srs

From: anti-abuse-wg 
mailto:anti-abuse-wg-boun...@ripe.net>> on 
behalf of Matthias Merkel 
mailto:matthias.mer...@staclar.com>>
Sent: Thursday, November 30, 2023 3:24:02 PM
To: Leo Vegoda mailto:l...@vegoda.org>>; Suresh 
Ramasubramanian mailto:ops.li...@gmail.com>>
Cc: anti-abuse-wg@ripe.net<mailto:anti-abuse-wg@ripe.net> 
mailto:anti-abuse-wg@ripe.net>>
Subject: Re: [anti-abuse-wg] Abuse Report ignored. What to do as next?

Of course, this is not how consensus works.

I also think you're misunderstanding my argument. I'm all for fighting abuse. A 
lot of my work is in abuse and fraud prevention and in the prevention of 
finan

Re: [anti-abuse-wg] Abuse Report ignored. What to do as next?

I have already noted that I have no objections to a proposal solely to verify 
abuse mailbox functionality, but that we should be careful adding anything 
further. Perhaps I wasn't clear enough in this:
Arguably a proposal to simply require verification of the abuse mailbox does 
not make the NCC a regulator (and, in fact, I think the NCC already does this 
with ASNs), but I do not see how this would be an effective measure.

Making further requirements would make the NCC a regulator, and this may be 
dangerous precedent.

Regarding the potential that government regulators will put rules in place if 
we don't, I don't think this is a big concern here. Many governments already do 
have those rules and already supervise network operators in their countries. 
The issue in this specific case is that some countries simply don't care, and 
do not have laws or regulations around the issue.

—
Maria Merkel
[https://cdn.staclar.com/logos/novecore/newlogo.png]

This email was sent by [company]. Any statements contained in this email are 
personal to the author and are not necessarily the statements of the company 
unless specifically stated.

Novecore and Staclar are collective trading names of Novecore Ltd., registered 
in England and Wales under company number 11748197, Novecore Licensing Ltd., 
registered in England and Wales under company number 11544982, Staclar Carrier 
Ltd., registered in England and Wales under company number 12219686, Staclar 
Financial Services Ltd., registered in England and Wales under company number 
13843292 (registered offices 54 Portland Place, London, UK, W1B 1DY); Novecore 
Professional Services Ltd., registered in England and Wales under company 
number 13965912 (registered office 13 Freeland Park, Wareham Road, Poole, UK, 
BH16 6FA); Novecore (Estonia) OÜ, registered in Estonia under registry code 
16543205 (local contact Baltic Business Services OÜ, Narva mnt 5, 10117 
Tallinn, Estonia); Novecore (USA) Inc., registered in Delaware under file 
number 6707907, Novecore Licensing (USA) LLC, registered in Delaware under file 
number 4030866, and Staclar, Inc., registered in Delaware under file number 
7413401 (registered agents The Corporation Trust Company, Corporation Trust 
Center, 1209 Orange St, Wilmington DE 19801, USA). Novecore Licensing Ltd. is 
registered for VAT in the United Kingdom under VAT registration number 347 4545 
80. Novecore (Estonia) OÜ is registered for VAT in the European Union under VAT 
registration number EE102518979. Novecore Professional Services Ltd. is a trust 
or company service provider registered with and supervised by HM Revenue & 
Customs under the Money Laundering, Terrorist Financing and Transfer of Funds 
(Information on the Payer) Regulations 2017 (registration number 
XMML0178208). Staclar Financial Services Ltd. is an Annex 1 financial 
institution registered with and supervised by the Financial Conduct Authority 
under the Money Laundering, Terrorist Financing and Transfer of Funds 
(Information on the Payer) Regulations 2017 (firm reference number 989521). 
Registration is not equivalent to authorisation and is not an endorsement to do 
business with a firm. Staclar Financial Services Ltd. is not an authorised 
person within the meaning of the Financial Services and Markets Act 2000 and 
does not review, approve, or endorse financial promotions for securities issues 
it is involved in or provide any form of investment advice.
[Sent from Front]
On November 30, 2023 at 11:25 AM GMT+1 
ops.li...@gmail.com<mailto:ops.li...@gmail.com> wrote:

This is simply an ongoing verification that the justification and other 
paperwork which were used to allocate the numbers are reasonable and correct

Consensus tends to work in strange ways - and room packing isn’t unknown if you 
see the example I cited

--srs

From: anti-abuse-wg 
mailto:anti-abuse-wg-boun...@ripe.net>> on 
behalf of Matthias Merkel 
mailto:matthias.mer...@staclar.com>>
Sent: Thursday, November 30, 2023 3:24:02 PM
To: Leo Vegoda mailto:l...@vegoda.org>>; Suresh 
Ramasubramanian mailto:ops.li...@gmail.com>>
Cc: anti-abuse-wg@ripe.net<mailto:anti-abuse-wg@ripe.net> 
mailto:anti-abuse-wg@ripe.net>>
Subject: Re: [anti-abuse-wg] Abuse Report ignored. What to do as next?

Of course, this is not how consensus works.

I also think you're misunderstanding my argument. I'm all for fighting abuse. A 
lot of my work is in abuse and fraud prevention and in the prevention of 
financial crime. I'm not arguing against preventing abuse, only against adding 
even more regulators where they aren't needed.

The Gmail example still does not address my concern. They say what you can do 
with Gmail, which is the service. An IP address itself is not an abusable 
service, the systems addressed by them are. Gmail doesn't tell you what to do 
on third party services you sign up to with your gmail.com<http://gmail.com/> 
ad

Re: [anti-abuse-wg] Abuse Report ignored. What to do as next?

This is simply an ongoing verification that the justification and other 
paperwork which were used to allocate the numbers are reasonable and correct

Consensus tends to work in strange ways - and room packing isn’t unknown if you 
see the example I cited

--srs

From: anti-abuse-wg  on behalf of Matthias 
Merkel 
Sent: Thursday, November 30, 2023 3:24:02 PM
To: Leo Vegoda ; Suresh Ramasubramanian 
Cc: anti-abuse-wg@ripe.net 
Subject: Re: [anti-abuse-wg] Abuse Report ignored. What to do as next?

Of course, this is not how consensus works.

I also think you're misunderstanding my argument. I'm all for fighting abuse. A 
lot of my work is in abuse and fraud prevention and in the prevention of 
financial crime. I'm not arguing against preventing abuse, only against adding 
even more regulators where they aren't needed.

The Gmail example still does not address my concern. They say what you can do 
with Gmail, which is the service. An IP address itself is not an abusable 
service, the systems addressed by them are. Gmail doesn't tell you what to do 
on third party services you sign up to with your gmail.com<http://gmail.com> 
address. Google is responsible for Gmail. The RIPE NCC is responsible for the 
IP addresses. The network operator is responsible for the systems.

—
Maria Merkel
[https://cdn.staclar.com/logos/novecore/newlogo.png]

This email was sent by [company]. Any statements contained in this email are 
personal to the author and are not necessarily the statements of the company 
unless specifically stated.

Novecore and Staclar are collective trading names of Novecore Ltd., registered 
in England and Wales under company number 11748197, Novecore Licensing Ltd., 
registered in England and Wales under company number 11544982, Staclar Carrier 
Ltd., registered in England and Wales under company number 12219686, Staclar 
Financial Services Ltd., registered in England and Wales under company number 
13843292 (registered offices 54 Portland Place, London, UK, W1B 1DY); Novecore 
Professional Services Ltd., registered in England and Wales under company 
number 13965912 (registered office 13 Freeland Park, Wareham Road, Poole, UK, 
BH16 6FA); Novecore (Estonia) OÜ, registered in Estonia under registry code 
16543205 (local contact Baltic Business Services OÜ, Narva mnt 5, 10117 
Tallinn, Estonia); Novecore (USA) Inc., registered in Delaware under file 
number 6707907, Novecore Licensing (USA) LLC, registered in Delaware under file 
number 4030866, and Staclar, Inc., registered in Delaware under file number 
7413401 (registered agents The Corporation Trust Company, Corporation Trust 
Center, 1209 Orange St, Wilmington DE 19801, USA). Novecore Licensing Ltd. is 
registered for VAT in the United Kingdom under VAT registration number 347 4545 
80. Novecore (Estonia) OÜ is registered for VAT in the European Union under VAT 
registration number EE102518979. Novecore Professional Services Ltd. is a trust 
or company service provider registered with and supervised by HM Revenue & 
Customs under the Money Laundering, Terrorist Financing and Transfer of Funds 
(Information on the Payer) Regulations 2017 (registration number 
XMML0178208). Staclar Financial Services Ltd. is an Annex 1 financial 
institution registered with and supervised by the Financial Conduct Authority 
under the Money Laundering, Terrorist Financing and Transfer of Funds 
(Information on the Payer) Regulations 2017 (firm reference number 989521). 
Registration is not equivalent to authorisation and is not an endorsement to do 
business with a firm. Staclar Financial Services Ltd. is not an authorised 
person within the meaning of the Financial Services and Markets Act 2000 and 
does not review, approve, or endorse financial promotions for securities issues 
it is involved in or provide any form of investment advice.
[Sent from Front]
On November 30, 2023 at 10:48 AM GMT+1 l...@vegoda.org<mailto:l...@vegoda.org> 
wrote:

On Thu, 30 Nov 2023 at 10:44, Suresh Ramasubramanian
mailto:ops.li...@gmail.com>> wrote:

>
> The funny part is that the abuse teams of the very same companies will be out 
> there in other conferences working earnestly and well on best practices. If 
> they were to turn up at a ripe meeting and provide consensus ..
>
> And before you accuse me of packing the room to generate artificial consensus

Consensus isn't a numbers thing. I think you've misunderstood the process.

Regards,

Leo

--

To unsubscribe from this mailing list, get a password reminder, or change your 
subscription options, please visit: 
https://lists.ripe.net/mailman/listinfo/anti-abuse-wg
-- 

To unsubscribe from this mailing list, get a password reminder, or change your 
subscription options, please visit: 
https://lists.ripe.net/mailman/listinfo/anti-abuse-wg

Re: [anti-abuse-wg] Abuse Report ignored. What to do as next?

A good friend who is a former regulator told me exactly this. I’ll share that 
bottle with you, Serge :)

--srs

From: anti-abuse-wg  on behalf of Serge Droz 
via anti-abuse-wg 
Sent: Thursday, November 30, 2023 3:20:29 PM
To: anti-abuse-wg@ripe.net 
Subject: Re: [anti-abuse-wg] Abuse Report ignored. What to do as next?

As I said

I disagree. Gmail says what you can do with their accounts, that doesn't
make them a regulator. But it doesn't matter: At the end of the day it's
excuses to not do anything about a growing problem.

And what typically happens in such cases is that states get upset and
start dictating the rules, i.e. the real regulators come out. At this
point the community has pretty much lost the ability to shape the rules.

I bet a good bottle of you favorite drink, that this is what will happen.

Best
Serge

On 30.11.23 09:58, Matthias Merkel wrote:
> Hi Serge,
>
> The difference is the scope of the rules.
>
> All organizations, including the RIPE NCC, enforce rules as part of
> their own business, for example with customers, etc.
>
> What is being proposed here is imposing rules on unrelated things. Abuse
> isn't inherently of the resources provided by RIPE, but rather of the
> services addressed by them. It's like the postal service making rules on
> what you can do at your house because it has an address assigned by them.
>
> This is the difference between regulator or not. The definition I cited
> is from the dictionary.
>
> —
> Maria Merkel
>
> This email was sent by [company]. Any statements contained in this email
> are personal to the author and are not necessarily the statements of the
> company unless specifically stated.
>
> Novecore and Staclar are collective trading names of Novecore Ltd.,
> registered in England and Wales under company number 11748197, Novecore
> Licensing Ltd., registered in England and Wales under company number
> 11544982, Staclar Carrier Ltd., registered in England and Wales under
> company number 12219686, Staclar Financial Services Ltd., registered in
> England and Wales under company number 13843292 (registered offices 54
> Portland Place, London, UK, W1B 1DY); Novecore Professional Services
> Ltd., registered in England and Wales under company number 13965912
> (registered office 13 Freeland Park, Wareham Road, Poole, UK, BH16 6FA);
> Novecore (Estonia) OÜ, registered in Estonia under registry code
> 16543205 (local contact Baltic Business Services OÜ, Narva mnt 5, 10117
> Tallinn, Estonia); Novecore (USA) Inc., registered in Delaware under
> file number 6707907, Novecore Licensing (USA) LLC, registered in
> Delaware under file number 4030866, and Staclar, Inc., registered in
> Delaware under file number 7413401 (registered agents The Corporation
> Trust Company, Corporation Trust Center, 1209 Orange St, Wilmington DE
> 19801, USA). Novecore Licensing Ltd. is registered for VAT in the United
> Kingdom under VAT registration number 347 4545 80. Novecore (Estonia) OÜ
> is registered for VAT in the European Union under VAT registration
> number EE102518979. Novecore Professional Services Ltd. is a trust or
> company service provider registered with and supervised by HM Revenue &
> Customs under the Money Laundering, Terrorist Financing and Transfer of
> Funds (Information on the Payer) Regulations 2017 (registration number
> XMML0178208). Staclar Financial Services Ltd. is an Annex 1
> financial institution registered with and supervised by the Financial
> Conduct Authority under the Money Laundering, Terrorist Financing and
> Transfer of Funds (Information on the Payer) Regulations 2017 (firm
> reference number 989521). Registration is not equivalent to
> authorisation and is not an endorsement to do business with a firm.
> Staclar Financial Services Ltd. is not an authorised person within the
> meaning of the Financial Services and Markets Act 2000 and does not
> review, approve, or endorse financial promotions for securities issues
> it is involved in or provide any form of investment advice.
> Sent from Front
>> On November 30, 2023 at 9:54 AM GMT+1 anti-abuse-wg@ripe.net
>> <mailto:anti-abuse-wg@ripe.net> wrote:
>>
>> I do not agree
>>
>> Every organization has rules it enforces. That doesn't make it a
>> regulator. The public transport here, where I live enforces that you
>> have a valid ticket. That doesn't make it the transport regulator.
>>
>> In fact RIPE NCC will probably enforce that you pay your fees.
>>
>> The issue here is, that we have two subgroups:
>>
>> One that thinks we should try go a bit further to ensure that people do
>> what can be expected they should be doing, and another fractions that
>> feels every little bit of addi

Re: [anti-abuse-wg] Abuse Report ignored. What to do as next?

Of course, this is not how consensus works.

I also think you're misunderstanding my argument. I'm all for fighting abuse. A 
lot of my work is in abuse and fraud prevention and in the prevention of 
financial crime. I'm not arguing against preventing abuse, only against adding 
even more regulators where they aren't needed.

The Gmail example still does not address my concern. They say what you can do 
with Gmail, which is the service. An IP address itself is not an abusable 
service, the systems addressed by them are. Gmail doesn't tell you what to do 
on third party services you sign up to with your gmail.com 
address. Google is responsible for Gmail. The RIPE NCC is responsible for the 
IP addresses. The network operator is responsible for the systems.

—
Maria Merkel
[https://cdn.staclar.com/logos/novecore/newlogo.png]

This email was sent by [company]. Any statements contained in this email are 
personal to the author and are not necessarily the statements of the company 
unless specifically stated.

Novecore and Staclar are collective trading names of Novecore Ltd., registered 
in England and Wales under company number 11748197, Novecore Licensing Ltd., 
registered in England and Wales under company number 11544982, Staclar Carrier 
Ltd., registered in England and Wales under company number 12219686, Staclar 
Financial Services Ltd., registered in England and Wales under company number 
13843292 (registered offices 54 Portland Place, London, UK, W1B 1DY); Novecore 
Professional Services Ltd., registered in England and Wales under company 
number 13965912 (registered office 13 Freeland Park, Wareham Road, Poole, UK, 
BH16 6FA); Novecore (Estonia) OÜ, registered in Estonia under registry code 
16543205 (local contact Baltic Business Services OÜ, Narva mnt 5, 10117 
Tallinn, Estonia); Novecore (USA) Inc., registered in Delaware under file 
number 6707907, Novecore Licensing (USA) LLC, registered in Delaware under file 
number 4030866, and Staclar, Inc., registered in Delaware under file number 
7413401 (registered agents The Corporation Trust Company, Corporation Trust 
Center, 1209 Orange St, Wilmington DE 19801, USA). Novecore Licensing Ltd. is 
registered for VAT in the United Kingdom under VAT registration number 347 4545 
80. Novecore (Estonia) OÜ is registered for VAT in the European Union under VAT 
registration number EE102518979. Novecore Professional Services Ltd. is a trust 
or company service provider registered with and supervised by HM Revenue & 
Customs under the Money Laundering, Terrorist Financing and Transfer of Funds 
(Information on the Payer) Regulations 2017 (registration number 
XMML0178208). Staclar Financial Services Ltd. is an Annex 1 financial 
institution registered with and supervised by the Financial Conduct Authority 
under the Money Laundering, Terrorist Financing and Transfer of Funds 
(Information on the Payer) Regulations 2017 (firm reference number 989521). 
Registration is not equivalent to authorisation and is not an endorsement to do 
business with a firm. Staclar Financial Services Ltd. is not an authorised 
person within the meaning of the Financial Services and Markets Act 2000 and 
does not review, approve, or endorse financial promotions for securities issues 
it is involved in or provide any form of investment advice.
[Sent from Front]
On November 30, 2023 at 10:48 AM GMT+1 l...@vegoda.org 
wrote:

On Thu, 30 Nov 2023 at 10:44, Suresh Ramasubramanian
mailto:ops.li...@gmail.com>> wrote:

>
> The funny part is that the abuse teams of the very same companies will be out 
> there in other conferences working earnestly and well on best practices. If 
> they were to turn up at a ripe meeting and provide consensus ..
>
> And before you accuse me of packing the room to generate artificial consensus

Consensus isn't a numbers thing. I think you've misunderstood the process.

Regards,

Leo

--

To unsubscribe from this mailing list, get a password reminder, or change your 
subscription options, please visit: 
https://lists.ripe.net/mailman/listinfo/anti-abuse-wg
-- 

To unsubscribe from this mailing list, get a password reminder, or change your 
subscription options, please visit: 
https://lists.ripe.net/mailman/listinfo/anti-abuse-wg

Re: [anti-abuse-wg] Abuse Report ignored. What to do as next?

2023-11-30 Thread Serge Droz via anti-abuse-wg

As I said

I disagree. Gmail says what you can do with their accounts, that doesn't 
make them a regulator. But it doesn't matter: At the end of the day it's 
excuses to not do anything about a growing problem.

And what typically happens in such cases is that states get upset and 
start dictating the rules, i.e. the real regulators come out. At this 
point the community has pretty much lost the ability to shape the rules.

I bet a good bottle of you favorite drink, that this is what will happen.

Best
Serge

On 30.11.23 09:58, Matthias Merkel wrote:

Hi Serge,

The difference is the scope of the rules.

All organizations, including the RIPE NCC, enforce rules as part of 
their own business, for example with customers, etc.

What is being proposed here is imposing rules on unrelated things. Abuse 
isn't inherently of the resources provided by RIPE, but rather of the 
services addressed by them. It's like the postal service making rules on 
what you can do at your house because it has an address assigned by them.

This is the difference between regulator or not. The definition I cited 
is from the dictionary.

—
Maria Merkel

This email was sent by [company]. Any statements contained in this email 
are personal to the author and are not necessarily the statements of the 
company unless specifically stated.

Novecore and Staclar are collective trading names of Novecore Ltd., 
registered in England and Wales under company number 11748197, Novecore 
Licensing Ltd., registered in England and Wales under company number 
11544982, Staclar Carrier Ltd., registered in England and Wales under 
company number 12219686, Staclar Financial Services Ltd., registered in 
England and Wales under company number 13843292 (registered offices 54 
Portland Place, London, UK, W1B 1DY); Novecore Professional Services 
Ltd., registered in England and Wales under company number 13965912 
(registered office 13 Freeland Park, Wareham Road, Poole, UK, BH16 6FA); 
Novecore (Estonia) OÜ, registered in Estonia under registry code 
16543205 (local contact Baltic Business Services OÜ, Narva mnt 5, 10117 
Tallinn, Estonia); Novecore (USA) Inc., registered in Delaware under 
file number 6707907, Novecore Licensing (USA) LLC, registered in 
Delaware under file number 4030866, and Staclar, Inc., registered in 
Delaware under file number 7413401 (registered agents The Corporation 
Trust Company, Corporation Trust Center, 1209 Orange St, Wilmington DE 
19801, USA). Novecore Licensing Ltd. is registered for VAT in the United 
Kingdom under VAT registration number 347 4545 80. Novecore (Estonia) OÜ 
is registered for VAT in the European Union under VAT registration 
number EE102518979. Novecore Professional Services Ltd. is a trust or 
company service provider registered with and supervised by HM Revenue & 
Customs under the Money Laundering, Terrorist Financing and Transfer of 
Funds (Information on the Payer) Regulations 2017 (registration number 
XMML0178208). Staclar Financial Services Ltd. is an Annex 1 
financial institution registered with and supervised by the Financial 
Conduct Authority under the Money Laundering, Terrorist Financing and 
Transfer of Funds (Information on the Payer) Regulations 2017 (firm 
reference number 989521). Registration is not equivalent to 
authorisation and is not an endorsement to do business with a firm. 
Staclar Financial Services Ltd. is not an authorised person within the 
meaning of the Financial Services and Markets Act 2000 and does not 
review, approve, or endorse financial promotions for securities issues 
it is involved in or provide any form of investment advice.

Sent from Front
On November 30, 2023 at 9:54 AM GMT+1 anti-abuse-wg@ripe.net 
 wrote:

I do not agree

Every organization has rules it enforces. That doesn't make it a
regulator. The public transport here, where I live enforces that you
have a valid ticket. That doesn't make it the transport regulator.

In fact RIPE NCC will probably enforce that you pay your fees.

The issue here is, that we have two subgroups:

One that thinks we should try go a bit further to ensure that people do
what can be expected they should be doing, and another fractions that
feels every little bit of additional load is too much and will not solve
the problem 100%. It's like saying we give up on speed limits because it
doesn't prevent speeding.

And as long as this group cannot come up with a compromise nothing will
change, in essence the anti-abuse wg is taken hostage by the nay sayers.
These discussions have been going on for years. Nothing new has come out.

We don't even try. We could, and then see if it makes a difference. If
not we go back. But nope.

Best
Serge

On 30.11.23 09:39, Matthias Merkel wrote:

> Hi Leo,
>
> The definition of a regulator is an entity that sets and enforces 
rules

> on the persons it supervises.
>
> If the RIPE NCC goes further than just providing numbers, and instead
> enforces rules

Re: [anti-abuse-wg] Abuse Report ignored. What to do as next?

2023-11-30 Thread Leo Vegoda

On Thu, 30 Nov 2023 at 10:44, Suresh Ramasubramanian
 wrote:
>
> The funny part is that the abuse teams of the very same companies will be out 
> there in other conferences working earnestly and well on best practices.   If 
> they were to turn up at a ripe meeting and provide consensus ..
>
> And before you accuse me of packing the room to generate artificial consensus

Consensus isn't a numbers thing. I think you've misunderstood the process.

Regards,

Leo

-- 

To unsubscribe from this mailing list, get a password reminder, or change your 
subscription options, please visit: 
https://lists.ripe.net/mailman/listinfo/anti-abuse-wg

Re: [anti-abuse-wg] Abuse Report ignored. What to do as next?

The funny part is that the abuse teams of the very same companies will be out 
there in other conferences working earnestly and well on best practices.   If 
they were to turn up at a ripe meeting and provide consensus ..

And before you accuse me of packing the room to generate artificial consensus 
please remember just how many ripe luminaries just happened to be in the room 
during an any other business segment of the wg a decade or so back, just so 
that Richard Cox could be ousted from the chair.

--srs

From: anti-abuse-wg  on behalf of Serge Droz 
via anti-abuse-wg 
Sent: Thursday, November 30, 2023 2:23:54 PM
To: anti-abuse-wg@ripe.net 
Subject: Re: [anti-abuse-wg] Abuse Report ignored. What to do as next?

I do not agree

Every organization has rules it enforces. That doesn't make it a
regulator. The public transport here, where I live enforces that you
have a valid ticket. That doesn't make it the transport regulator.

In fact RIPE NCC will probably enforce that you pay your fees.

The issue here is, that we have two subgroups:

One that thinks we should try go a bit further to ensure that people do
what can be expected they should be doing, and another fractions that
feels every little bit of additional load is too much and will not solve
the problem 100%. It's like saying we give up on speed limits because it
doesn't prevent speeding.

And as long as this group cannot come up with a compromise nothing will
change, in essence the anti-abuse wg is taken hostage by the nay sayers.
These discussions have been going on for years. Nothing new has come out.

We don't even try. We could, and then see if it makes a difference. If
not we go back. But nope.

Best
Serge

On 30.11.23 09:39, Matthias Merkel wrote:
> Hi Leo,
>
> The definition of a regulator is an entity that sets and enforces rules
> on the persons it supervises.
>
> If the RIPE NCC goes further than just providing numbers, and instead
> enforces rules on usage associated with them (note that this doesn't
> even concern the use of the numbers themselves, but rather services
> addressed by them), it will, by definition, be a regulator.
>
> I'm not sure that there will be consensus on wanting the NCC to become a
> regulator.
>
> —
> Maria Merkel
>
> This email was sent by Staclar, Inc. Any statements contained in this
> email are personal to the author and are not necessarily the statements
> of the company unless specifically stated.
>
> Novecore and Staclar are collective trading names of Novecore Ltd.,
> registered in England and Wales under company number 11748197, Novecore
> Licensing Ltd., registered in England and Wales under company number
> 11544982, Staclar Carrier Ltd., registered in England and Wales under
> company number 12219686, Staclar Financial Services Ltd., registered in
> England and Wales under company number 13843292 (registered offices 54
> Portland Place, London, UK, W1B 1DY); Novecore Professional Services
> Ltd., registered in England and Wales under company number 13965912
> (registered office 13 Freeland Park, Wareham Road, Poole, UK, BH16 6FA);
> Novecore (Estonia) OÜ, registered in Estonia under registry code
> 16543205 (local contact Baltic Business Services OÜ, Narva mnt 5, 10117
> Tallinn, Estonia); Novecore (USA) Inc., registered in Delaware under
> file number 6707907, Novecore Licensing (USA) LLC, registered in
> Delaware under file number 4030866, and Staclar, Inc., registered in
> Delaware under file number 7413401 (registered agents The Corporation
> Trust Company, Corporation Trust Center, 1209 Orange St, Wilmington DE
> 19801, USA). Novecore Licensing Ltd. is registered for VAT in the United
> Kingdom under VAT registration number 347 4545 80. Novecore (Estonia) OÜ
> is registered for VAT in the European Union under VAT registration
> number EE102518979. Novecore Professional Services Ltd. is a trust or
> company service provider registered with and supervised by HM Revenue &
> Customs under the Money Laundering, Terrorist Financing and Transfer of
> Funds (Information on the Payer) Regulations 2017 (registration number
> XMML0178208). Staclar Financial Services Ltd. is an Annex 1
> financial institution registered with and supervised by the Financial
> Conduct Authority under the Money Laundering, Terrorist Financing and
> Transfer of Funds (Information on the Payer) Regulations 2017 (firm
> reference number 989521). Registration is not equivalent to
> authorisation and is not an endorsement to do business with a firm.
> Staclar Financial Services Ltd. is not an authorised person within the
> meaning of the Financial Services and Markets Act 2000 and does not
> review, approve, or endorse financial promotions for securities issues
> it is involved in or provide any form of investment advice.
> Sent fro

Re: [anti-abuse-wg] Abuse Report ignored. What to do as next?

 This is why we shouldn't have a policy like this.

The existing policies are on the resources themselves and the services the NCC 
provides. If we create a policy that regulated services provided by RIPE NCC 
members, it will be binding, but that will then make the NCC a regulator.

—
Maria Merkel
[https://cdn.staclar.com/logos/novecore/newlogo.png]

This email was sent by [company]. Any statements contained in this email are 
personal to the author and are not necessarily the statements of the company 
unless specifically stated.

Novecore and Staclar are collective trading names of Novecore Ltd., registered 
in England and Wales under company number 11748197, Novecore Licensing Ltd., 
registered in England and Wales under company number 11544982, Staclar Carrier 
Ltd., registered in England and Wales under company number 12219686, Staclar 
Financial Services Ltd., registered in England and Wales under company number 
13843292 (registered offices 54 Portland Place, London, UK, W1B 1DY); Novecore 
Professional Services Ltd., registered in England and Wales under company 
number 13965912 (registered office 13 Freeland Park, Wareham Road, Poole, UK, 
BH16 6FA); Novecore (Estonia) OÜ, registered in Estonia under registry code 
16543205 (local contact Baltic Business Services OÜ, Narva mnt 5, 10117 
Tallinn, Estonia); Novecore (USA) Inc., registered in Delaware under file 
number 6707907, Novecore Licensing (USA) LLC, registered in Delaware under file 
number 4030866, and Staclar, Inc., registered in Delaware under file number 
7413401 (registered agents The Corporation Trust Company, Corporation Trust 
Center, 1209 Orange St, Wilmington DE 19801, USA). Novecore Licensing Ltd. is 
registered for VAT in the United Kingdom under VAT registration number 347 4545 
80. Novecore (Estonia) OÜ is registered for VAT in the European Union under VAT 
registration number EE102518979. Novecore Professional Services Ltd. is a trust 
or company service provider registered with and supervised by HM Revenue & 
Customs under the Money Laundering, Terrorist Financing and Transfer of Funds 
(Information on the Payer) Regulations 2017 (registration number 
XMML0178208). Staclar Financial Services Ltd. is an Annex 1 financial 
institution registered with and supervised by the Financial Conduct Authority 
under the Money Laundering, Terrorist Financing and Transfer of Funds 
(Information on the Payer) Regulations 2017 (firm reference number 989521). 
Registration is not equivalent to authorisation and is not an endorsement to do 
business with a firm. Staclar Financial Services Ltd. is not an authorised 
person within the meaning of the Financial Services and Markets Act 2000 and 
does not review, approve, or endorse financial promotions for securities issues 
it is involved in or provide any form of investment advice.
[Sent from Front]
On November 30, 2023 at 10:26 AM GMT+1 
anti-abuse-wg@ripe.net wrote:

>From the RIPE NCC LIR Account Agreement (the "Agreement”) 
>https://www.ripe.net/about-us/legal/ripe-ncc-lir-account-agreement

3.6 If the Member fails to comply with the RIPE Policies and RIPE NCC 
procedures as outlined in Section B.1 of the RIPE NCC procedural document 
‘Closure of Members, Deregistration of Internet Resources and Legacy Internet 
Resources’, the RIPE NCC may suspend the provision of RIPE NCC services to the 
Member and may deregister the Internet number resources registered to this LIR 
Account in accordance with the procedure outlined in Section B.2 of the RIPE 
NCC procedural document ‘Closure of Members, Deregistration of Internet 
Resources and Legacy Internet Resources’. The Member shall cooperate with the 
deregistration of the Internet Number Resources. The RIPE NCC may also 
terminate the RIPE NCC Standard Service Agreement in accordance with Article 
5.4 of this Agreement.

and from the RIPE NCC Standard Service Agreement 
https://www.ripe.net/publications/docs/ripe-812

6.1 The Member acknowledges applicability of, and adheres to, the RIPE 
Policies, the RIPE NCC procedural documents and the RIPE NCC LIR Account 
Agreement. The RIPE Policies and the RIPE NCC procedural documents are publicly 
available from the RIPE NCC Document Store. The RIPE NCC LIR Account Agreement 
is publicly available on the RIPE NCC website. These documents, which may be 
revised and updated from time to time, form an integral part of and apply fully 
to the RIPE NCC Standard Service Agreement. Each revised document will receive 
a new document number and can be found on 
https://www.ripe.net.

All the RIRs have similar terms to ensure policy compliance, otherwise, if they 
can’t be enforced, why we have policies at all?

Regards,
Jordi

@jordipalet

El 30 nov 2023, a las 10:07, jordi.palet--- via anti-abuse-wg 
mailto:anti-abuse-wg@ripe.net>> escribió:

In APNIC, LACNIC or AFRINIC, just to set an example, leasing of addresses 
(unless for “connected customers”)

Re: [anti-abuse-wg] Abuse Report ignored. What to do as next?

>From the RIPE NCC LIR Account Agreement (the "Agreement”) 
>https://www.ripe.net/about-us/legal/ripe-ncc-lir-account-agreement

3.6 If the Member fails to comply with the RIPE Policies and RIPE NCC 
procedures as outlined in Section B.1 of the RIPE NCC procedural document 
‘Closure of Members, Deregistration of Internet Resources and Legacy Internet 
Resources’, the RIPE NCC may suspend the provision of RIPE NCC services to the 
Member and may deregister the Internet number resources registered to this LIR 
Account in accordance with the procedure outlined in Section B.2 of the RIPE 
NCC procedural document ‘Closure of Members, Deregistration of Internet 
Resources and Legacy Internet Resources’. The Member shall cooperate with the 
deregistration of the Internet Number Resources. The RIPE NCC may also 
terminate the RIPE NCC Standard Service Agreement in accordance with Article 
5.4 of this Agreement.

and from the RIPE NCC Standard Service Agreement 
https://www.ripe.net/publications/docs/ripe-812

6.1 The Member acknowledges applicability of, and adheres to, the RIPE 
Policies, the RIPE NCC procedural documents and the RIPE NCC LIR Account 
Agreement. The RIPE Policies and the RIPE NCC procedural documents are publicly 
available from the RIPE NCC Document Store. The RIPE NCC LIR Account Agreement 
is publicly available on the RIPE NCC website. These documents, which may be 
revised and updated from time to time, form an integral part of and apply fully 
to the RIPE NCC Standard Service Agreement. Each revised document will receive 
a new document number and can be found on https://www.ripe.net.


All the RIRs have similar terms to ensure policy compliance, otherwise, if they 
can’t be enforced, why we have policies at all?

Regards,
Jordi

@jordipalet


> El 30 nov 2023, a las 10:07, jordi.palet--- via anti-abuse-wg 
>  escribió:
> 
> In APNIC, LACNIC or AFRINIC, just to set an example, leasing of addresses 
> (unless for “connected customers”) is not allowed.
> 
> If you do so, and the staff realize it, or somebody reports it to the staff, 
> then you will get a warning, or a few of them across a certain period of 
> time, you will get probably other policy-compliance reviewed, and then if you 
> still not correct the situation, there will be a reclamation process.
> 
> So are the other RIRs regulators, and not RIPE NCC? I don’t think so, and I 
> really don’t care if we call it regulator or not, it is a matter of ensuring 
> that the resources are provided under certain rules and in the end, we 
> enforce them.
> 
> Regards,
> Jordi
> 
> @jordipalet
> 
> 
>> El 30 nov 2023, a las 9:58, Matthias Merkel  
>> escribió:
>> 
>> Hi Serge,
>> 
>> The difference is the scope of the rules.
>> 
>> All organizations, including the RIPE NCC, enforce rules as part of their 
>> own business, for example with customers, etc.
>> 
>> What is being proposed here is imposing rules on unrelated things. Abuse 
>> isn't inherently of the resources provided by RIPE, but rather of the 
>> services addressed by them. It's like the postal service making rules on 
>> what you can do at your house because it has an address assigned by them.
>> 
>> This is the difference between regulator or not. The definition I cited is 
>> from the dictionary.
>> 
>> —
>> Maria Merkel
>> 
>> 
>> This email was sent by [company]. Any statements contained in this email are 
>> personal to the author and are not necessarily the statements of the company 
>> unless specifically stated.
>> 
>> Novecore and Staclar are collective trading names of Novecore Ltd., 
>> registered in England and Wales under company number 11748197, Novecore 
>> Licensing Ltd., registered in England and Wales under company number 
>> 11544982, Staclar Carrier Ltd., registered in England and Wales under 
>> company number 12219686, Staclar Financial Services Ltd., registered in 
>> England and Wales under company number 13843292 (registered offices 54 
>> Portland Place, London, UK, W1B 1DY); Novecore Professional Services Ltd., 
>> registered in England and Wales under company number 13965912 (registered 
>> office 13 Freeland Park, Wareham Road, Poole, UK, BH16 6FA); Novecore 
>> (Estonia) OÜ, registered in Estonia under registry code 16543205 (local 
>> contact Baltic Business Services OÜ, Narva mnt 5, 10117 Tallinn, Estonia); 
>> Novecore (USA) Inc., registered in Delaware under file number 6707907, 
>> Novecore Licensing (USA) LLC, registered in Delaware under file number 
>> 4030866, and Staclar, Inc., registered in Delaware under file number 7413401 
>> (registered agents The Corporation Trust Company, Corporation Trust Center, 
>> 1209 Orange St, Wilmington DE 19801, USA). Novecore Licensing Ltd. is 
>> registered for VAT in the United Kingdom under VAT registration number 347 
>> 4545 80. Novecore (Estonia) OÜ is registered for VAT in the European Union 
>> under VAT registration number EE102518979. Novecore Professional Services 
>> Ltd. is a trust or company

Re: [anti-abuse-wg] Abuse Report ignored. What to do as next?

That would not make them regulators because those are rules on the addresses 
themselves, which are services provided by the RIR.

Enforcing a certain type of abuse handling or prevention would be rules on the 
services addressed by the addresses, which are not part of the services 
provided by the RIR.

Arguably a proposal to simply require verification of the abuse mailbox does 
not make the NCC a regulator (and, in fact, I think the NCC already does this 
with ASNs), but I do not see how this would be an effective measure.

Making further requirements would make the NCC a regulator, and this may be 
dangerous precedent. Once this happens, there may be calls for additional 
regulation by the NCC, both from the community and governments, but also from 
third parties, and the NCC is frankly not equipped to deal with this, nor is 
this desirable in my opinion. There could even be calls for the NCC to become 
responsible for enforcing certain EU regulations.

Regulation through supervision makes it much harder to enter an industry, and 
it is expensive for both the supervisor and the supervised. Our group is 
regulated by several governments for various functions in financial and 
professional services, as well as for network operations - which, in some 
countries, require government supervision, and by ICANN (which, among other 
things, is an industry regulator) as a domain registrar, and I can tell you 
that the effort in dealing with supervisors alone is significant.

—
Maria Merkel
[https://cdn.staclar.com/logos/novecore/newlogo.png]

This email was sent by [company]. Any statements contained in this email are 
personal to the author and are not necessarily the statements of the company 
unless specifically stated.

Novecore and Staclar are collective trading names of Novecore Ltd., registered 
in England and Wales under company number 11748197, Novecore Licensing Ltd., 
registered in England and Wales under company number 11544982, Staclar Carrier 
Ltd., registered in England and Wales under company number 12219686, Staclar 
Financial Services Ltd., registered in England and Wales under company number 
13843292 (registered offices 54 Portland Place, London, UK, W1B 1DY); Novecore 
Professional Services Ltd., registered in England and Wales under company 
number 13965912 (registered office 13 Freeland Park, Wareham Road, Poole, UK, 
BH16 6FA); Novecore (Estonia) OÜ, registered in Estonia under registry code 
16543205 (local contact Baltic Business Services OÜ, Narva mnt 5, 10117 
Tallinn, Estonia); Novecore (USA) Inc., registered in Delaware under file 
number 6707907, Novecore Licensing (USA) LLC, registered in Delaware under file 
number 4030866, and Staclar, Inc., registered in Delaware under file number 
7413401 (registered agents The Corporation Trust Company, Corporation Trust 
Center, 1209 Orange St, Wilmington DE 19801, USA). Novecore Licensing Ltd. is 
registered for VAT in the United Kingdom under VAT registration number 347 4545 
80. Novecore (Estonia) OÜ is registered for VAT in the European Union under VAT 
registration number EE102518979. Novecore Professional Services Ltd. is a trust 
or company service provider registered with and supervised by HM Revenue & 
Customs under the Money Laundering, Terrorist Financing and Transfer of Funds 
(Information on the Payer) Regulations 2017 (registration number 
XMML0178208). Staclar Financial Services Ltd. is an Annex 1 financial 
institution registered with and supervised by the Financial Conduct Authority 
under the Money Laundering, Terrorist Financing and Transfer of Funds 
(Information on the Payer) Regulations 2017 (firm reference number 989521). 
Registration is not equivalent to authorisation and is not an endorsement to do 
business with a firm. Staclar Financial Services Ltd. is not an authorised 
person within the meaning of the Financial Services and Markets Act 2000 and 
does not review, approve, or endorse financial promotions for securities issues 
it is involved in or provide any form of investment advice.
[Sent from Front]
On November 30, 2023 at 10:07 AM GMT+1 
anti-abuse-wg@ripe.net wrote:

In APNIC, LACNIC or AFRINIC, just to set an example, leasing of addresses 
(unless for “connected customers”) is not allowed.

If you do so, and the staff realize it, or somebody reports it to the staff, 
then you will get a warning, or a few of them across a certain period of time, 
you will get probably other policy-compliance reviewed, and then if you still 
not correct the situation, there will be a reclamation process.

So are the other RIRs regulators, and not RIPE NCC? I don’t think so, and I 
really don’t care if we call it regulator or not, it is a matter of ensuring 
that the resources are provided under certain rules and in the end, we enforce 
them.

Regards,
Jordi

@jordipalet


El 30 nov 2023, a las 9:58, Matthias Merkel 
mailto:matthias.mer...@staclar.com>> escribió:

Hi Serge,

The difference

Re: [anti-abuse-wg] Abuse Report ignored. What to do as next?

Well, I can personally feel it when comparing abuse reporting in those regions 
(before and after the policy implementation) vs RIPE. That’s sufficient for me. 
I call it results.

Also, when the LIRs don’t respond to abuse cases or abuse-c emails bounce, I 
can ask the relevant RIR to resolve it, and if they can’t, they must enforce 
the policy. Again, I call it a very noticeable result, vs this region where I 
have nothing to do.

Regards,
Jordi

@jordipalet

> El 30 nov 2023, a las 9:53, Leo Vegoda  escribió:
> 
> Hi Jordi,
> 
> On Thu, 30 Nov 2023 at 09:36, jordi.palet--- via anti-abuse-wg
>  wrote:
> 
> [...]
> 
>> Each RIR has measured the “level of adoption” as they progressed with the 
>> initial verification (and this was presented at least a couple of times in 
>> every RIR), so there are slides in each of them, showing the progress. I can 
>> try to find them for you in the previous year's events if you can’t find 
>> them. Also my personal experience reporting over 1.500 abuse cases, average 
>> per day, shows that I get more “happy-ending” responses from those regions 
>> than before and keeps going better and better, which is not the case from 
>> RIPE unfortunately.
> 
> I was hoping for measurements showing an actual reduction in abuse. If
> there is no reduction in abuse that can be tightly linked to abuse-c
> verification etc... then what value does it bring?
> 
> Kind regards,
> 
> Leo

**
IPv4 is over
Are you ready for the new Internet ?
http://www.theipv6company.com
The IPv6 Company

This electronic message contains information which may be privileged or 
confidential. The information is intended to be for the exclusive use of the 
individual(s) named above and further non-explicilty authorized disclosure, 
copying, distribution or use of the contents of this information, even if 
partially, including attached files, is strictly prohibited and will be 
considered a criminal offense. If you are not the intended recipient be aware 
that any disclosure, copying, distribution or use of the contents of this 
information, even if partially, including attached files, is strictly 
prohibited, will be considered a criminal offense, so you must reply to the 
original sender to inform about this communication and delete it.

-- 

To unsubscribe from this mailing list, get a password reminder, or change your 
subscription options, please visit: 
https://lists.ripe.net/mailman/listinfo/anti-abuse-wg

Re: [anti-abuse-wg] Abuse Report ignored. What to do as next?

In APNIC, LACNIC or AFRINIC, just to set an example, leasing of addresses 
(unless for “connected customers”) is not allowed.

If you do so, and the staff realize it, or somebody reports it to the staff, 
then you will get a warning, or a few of them across a certain period of time, 
you will get probably other policy-compliance reviewed, and then if you still 
not correct the situation, there will be a reclamation process.

So are the other RIRs regulators, and not RIPE NCC? I don’t think so, and I 
really don’t care if we call it regulator or not, it is a matter of ensuring 
that the resources are provided under certain rules and in the end, we enforce 
them.

Regards,
Jordi

@jordipalet


> El 30 nov 2023, a las 9:58, Matthias Merkel  
> escribió:
> 
> Hi Serge,
> 
> The difference is the scope of the rules.
> 
> All organizations, including the RIPE NCC, enforce rules as part of their own 
> business, for example with customers, etc.
> 
> What is being proposed here is imposing rules on unrelated things. Abuse 
> isn't inherently of the resources provided by RIPE, but rather of the 
> services addressed by them. It's like the postal service making rules on what 
> you can do at your house because it has an address assigned by them.
> 
> This is the difference between regulator or not. The definition I cited is 
> from the dictionary.
> 
> —
> Maria Merkel
> 
> 
> This email was sent by [company]. Any statements contained in this email are 
> personal to the author and are not necessarily the statements of the company 
> unless specifically stated.
> 
> Novecore and Staclar are collective trading names of Novecore Ltd., 
> registered in England and Wales under company number 11748197, Novecore 
> Licensing Ltd., registered in England and Wales under company number 
> 11544982, Staclar Carrier Ltd., registered in England and Wales under company 
> number 12219686, Staclar Financial Services Ltd., registered in England and 
> Wales under company number 13843292 (registered offices 54 Portland Place, 
> London, UK, W1B 1DY); Novecore Professional Services Ltd., registered in 
> England and Wales under company number 13965912 (registered office 13 
> Freeland Park, Wareham Road, Poole, UK, BH16 6FA); Novecore (Estonia) OÜ, 
> registered in Estonia under registry code 16543205 (local contact Baltic 
> Business Services OÜ, Narva mnt 5, 10117 Tallinn, Estonia); Novecore (USA) 
> Inc., registered in Delaware under file number 6707907, Novecore Licensing 
> (USA) LLC, registered in Delaware under file number 4030866, and Staclar, 
> Inc., registered in Delaware under file number 7413401 (registered agents The 
> Corporation Trust Company, Corporation Trust Center, 1209 Orange St, 
> Wilmington DE 19801, USA). Novecore Licensing Ltd. is registered for VAT in 
> the United Kingdom under VAT registration number 347 4545 80. Novecore 
> (Estonia) OÜ is registered for VAT in the European Union under VAT 
> registration number EE102518979. Novecore Professional Services Ltd. is a 
> trust or company service provider registered with and supervised by HM 
> Revenue & Customs under the Money Laundering, Terrorist Financing and 
> Transfer of Funds (Information on the Payer) Regulations 2017 (registration 
> number XMML0178208). Staclar Financial Services Ltd. is an Annex 1 
> financial institution registered with and supervised by the Financial Conduct 
> Authority under the Money Laundering, Terrorist Financing and Transfer of 
> Funds (Information on the Payer) Regulations 2017 (firm reference number 
> 989521). Registration is not equivalent to authorisation and is not an 
> endorsement to do business with a firm. Staclar Financial Services Ltd. is 
> not an authorised person within the meaning of the Financial Services and 
> Markets Act 2000 and does not review, approve, or endorse financial 
> promotions for securities issues it is involved in or provide any form of 
> investment advice.
> 
>> On November 30, 2023 at 9:54 AM GMT+1 anti-abuse-wg@ripe.net 
>>  wrote:
>> 
>> I do not agree
>> 
>> Every organization has rules it enforces. That doesn't make it a 
>> regulator. The public transport here, where I live enforces that you 
>> have a valid ticket. That doesn't make it the transport regulator.
>> 
>> In fact RIPE NCC will probably enforce that you pay your fees.
>> 
>> The issue here is, that we have two subgroups:
>> 
>> One that thinks we should try go a bit further to ensure that people do 
>> what can be expected they should be doing, and another fractions that 
>> feels every little bit of additional load is too much and will not solve 
>> the problem 100%. It's like saying we give up on speed limits because it 
>> doesn't prevent speeding.
>> 
>> And as long as this group cannot come up with a compromise nothing will 
>> change, in essence the anti-abuse wg is taken hostage by the nay sayers.
>> These discussions have been going on for years. Nothing new has come out.

Re: [anti-abuse-wg] Abuse Report ignored. What to do as next?

Hi Serge,

The difference is the scope of the rules.

All organizations, including the RIPE NCC, enforce rules as part of their own 
business, for example with customers, etc.

What is being proposed here is imposing rules on unrelated things. Abuse isn't 
inherently of the resources provided by RIPE, but rather of the services 
addressed by them. It's like the postal service making rules on what you can do 
at your house because it has an address assigned by them.

This is the difference between regulator or not. The definition I cited is from 
the dictionary.

—
Maria Merkel
[https://cdn.staclar.com/logos/novecore/newlogo.png]

This email was sent by [company]. Any statements contained in this email are 
personal to the author and are not necessarily the statements of the company 
unless specifically stated.

Novecore and Staclar are collective trading names of Novecore Ltd., registered 
in England and Wales under company number 11748197, Novecore Licensing Ltd., 
registered in England and Wales under company number 11544982, Staclar Carrier 
Ltd., registered in England and Wales under company number 12219686, Staclar 
Financial Services Ltd., registered in England and Wales under company number 
13843292 (registered offices 54 Portland Place, London, UK, W1B 1DY); Novecore 
Professional Services Ltd., registered in England and Wales under company 
number 13965912 (registered office 13 Freeland Park, Wareham Road, Poole, UK, 
BH16 6FA); Novecore (Estonia) OÜ, registered in Estonia under registry code 
16543205 (local contact Baltic Business Services OÜ, Narva mnt 5, 10117 
Tallinn, Estonia); Novecore (USA) Inc., registered in Delaware under file 
number 6707907, Novecore Licensing (USA) LLC, registered in Delaware under file 
number 4030866, and Staclar, Inc., registered in Delaware under file number 
7413401 (registered agents The Corporation Trust Company, Corporation Trust 
Center, 1209 Orange St, Wilmington DE 19801, USA). Novecore Licensing Ltd. is 
registered for VAT in the United Kingdom under VAT registration number 347 4545 
80. Novecore (Estonia) OÜ is registered for VAT in the European Union under VAT 
registration number EE102518979. Novecore Professional Services Ltd. is a trust 
or company service provider registered with and supervised by HM Revenue & 
Customs under the Money Laundering, Terrorist Financing and Transfer of Funds 
(Information on the Payer) Regulations 2017 (registration number 
XMML0178208). Staclar Financial Services Ltd. is an Annex 1 financial 
institution registered with and supervised by the Financial Conduct Authority 
under the Money Laundering, Terrorist Financing and Transfer of Funds 
(Information on the Payer) Regulations 2017 (firm reference number 989521). 
Registration is not equivalent to authorisation and is not an endorsement to do 
business with a firm. Staclar Financial Services Ltd. is not an authorised 
person within the meaning of the Financial Services and Markets Act 2000 and 
does not review, approve, or endorse financial promotions for securities issues 
it is involved in or provide any form of investment advice.
[Sent from Front]
On November 30, 2023 at 9:54 AM GMT+1 
anti-abuse-wg@ripe.net wrote:

I do not agree

Every organization has rules it enforces. That doesn't make it a
regulator. The public transport here, where I live enforces that you
have a valid ticket. That doesn't make it the transport regulator.

In fact RIPE NCC will probably enforce that you pay your fees.

The issue here is, that we have two subgroups:

One that thinks we should try go a bit further to ensure that people do
what can be expected they should be doing, and another fractions that
feels every little bit of additional load is too much and will not solve
the problem 100%. It's like saying we give up on speed limits because it
doesn't prevent speeding.

And as long as this group cannot come up with a compromise nothing will
change, in essence the anti-abuse wg is taken hostage by the nay sayers.
These discussions have been going on for years. Nothing new has come out.

We don't even try. We could, and then see if it makes a difference. If
not we go back. But nope.

Best
Serge

On 30.11.23 09:39, Matthias Merkel wrote:

> Hi Leo,
>
> The definition of a regulator is an entity that sets and enforces rules
> on the persons it supervises.
>
> If the RIPE NCC goes further than just providing numbers, and instead
> enforces rules on usage associated with them (note that this doesn't
> even concern the use of the numbers themselves, but rather services
> addressed by them), it will, by definition, be a regulator.
>
> I'm not sure that there will be consensus on wanting the NCC to become a
> regulator.
>
> —
> Maria Merkel
>
> This email was sent by Staclar, Inc. Any statements contained in this
> email are personal to the author and are not necessarily the statements
> of the company unless specifically stated.
>
> Novecore and Staclar are

Re: [anti-abuse-wg] Abuse Report ignored. What to do as next?

2023-11-30 Thread Leo Vegoda

Hi Jordi,

On Thu, 30 Nov 2023 at 09:36, jordi.palet--- via anti-abuse-wg
 wrote:

[...]

> Each RIR has measured the “level of adoption” as they progressed with the 
> initial verification (and this was presented at least a couple of times in 
> every RIR), so there are slides in each of them, showing the progress. I can 
> try to find them for you in the previous year's events if you can’t find 
> them. Also my personal experience reporting over 1.500 abuse cases, average 
> per day, shows that I get more “happy-ending” responses from those regions 
> than before and keeps going better and better, which is not the case from 
> RIPE unfortunately.

I was hoping for measurements showing an actual reduction in abuse. If
there is no reduction in abuse that can be tightly linked to abuse-c
verification etc... then what value does it bring?

Kind regards,

Leo

-- 

To unsubscribe from this mailing list, get a password reminder, or change your 
subscription options, please visit: 
https://lists.ripe.net/mailman/listinfo/anti-abuse-wg

Re: [anti-abuse-wg] Abuse Report ignored. What to do as next?

2023-11-30 Thread Serge Droz via anti-abuse-wg


I do not agree

Every organization has rules it enforces. That doesn't make it a 
regulator. The public transport here, where I live enforces that you 
have a valid ticket. That doesn't make it the transport regulator.


In fact RIPE NCC will probably enforce that you pay your fees.

The issue here is, that we have two subgroups:

One that thinks we should try go a bit further to ensure that people do 
what can be expected they should be doing, and another fractions that 
feels every little bit of additional load is too much and will not solve 
the problem 100%. It's like saying we give up on speed limits because it 
doesn't prevent speeding.


And as long as this group cannot come up with a compromise nothing will 
change, in essence the anti-abuse wg is taken hostage by the nay sayers.

These discussions have been going on for years. Nothing new has come out.

We don't even try. We could, and then see if it makes a difference. If 
not we go back. But nope.


Best
Serge

On 30.11.23 09:39, Matthias Merkel wrote:

Hi Leo,

The definition of a regulator is an entity that sets and enforces rules 
on the persons it supervises.


If the RIPE NCC goes further than just providing numbers, and instead 
enforces rules on usage associated with them (note that this doesn't 
even concern the use of the numbers themselves, but rather services 
addressed by them), it will, by definition, be a regulator.


I'm not sure that there will be consensus on wanting the NCC to become a 
regulator.


—
Maria Merkel

This email was sent by Staclar, Inc. Any statements contained in this 
email are personal to the author and are not necessarily the statements 
of the company unless specifically stated.


Novecore and Staclar are collective trading names of Novecore Ltd., 
registered in England and Wales under company number 11748197, Novecore 
Licensing Ltd., registered in England and Wales under company number 
11544982, Staclar Carrier Ltd., registered in England and Wales under 
company number 12219686, Staclar Financial Services Ltd., registered in 
England and Wales under company number 13843292 (registered offices 54 
Portland Place, London, UK, W1B 1DY); Novecore Professional Services 
Ltd., registered in England and Wales under company number 13965912 
(registered office 13 Freeland Park, Wareham Road, Poole, UK, BH16 6FA); 
Novecore (Estonia) OÜ, registered in Estonia under registry code 
16543205 (local contact Baltic Business Services OÜ, Narva mnt 5, 10117 
Tallinn, Estonia); Novecore (USA) Inc., registered in Delaware under 
file number 6707907, Novecore Licensing (USA) LLC, registered in 
Delaware under file number 4030866, and Staclar, Inc., registered in 
Delaware under file number 7413401 (registered agents The Corporation 
Trust Company, Corporation Trust Center, 1209 Orange St, Wilmington DE 
19801, USA). Novecore Licensing Ltd. is registered for VAT in the United 
Kingdom under VAT registration number 347 4545 80. Novecore (Estonia) OÜ 
is registered for VAT in the European Union under VAT registration 
number EE102518979. Novecore Professional Services Ltd. is a trust or 
company service provider registered with and supervised by HM Revenue & 
Customs under the Money Laundering, Terrorist Financing and Transfer of 
Funds (Information on the Payer) Regulations 2017 (registration number 
XMML0178208). Staclar Financial Services Ltd. is an Annex 1 
financial institution registered with and supervised by the Financial 
Conduct Authority under the Money Laundering, Terrorist Financing and 
Transfer of Funds (Information on the Payer) Regulations 2017 (firm 
reference number 989521). Registration is not equivalent to 
authorisation and is not an endorsement to do business with a firm. 
Staclar Financial Services Ltd. is not an authorised person within the 
meaning of the Financial Services and Markets Act 2000 and does not 
review, approve, or endorse financial promotions for securities issues 
it is involved in or provide any form of investment advice.

Sent from Front
On November 30, 2023 at 9:36 AM GMT+1 anti-abuse-wg@ripe.net 
 wrote:


Hi Leo,

I don’t see it as a regulator, I see it as one of the functions of a 
RIR. Not just provide numbers, but also ensure that they are being 
used fairly and according community agreed policies. Otherwise we 
could also say that other reasons for recovery are invalid because we 
become a regulator, right?


Each RIR has measured the “level of adoption” as they progressed with 
the initial verification (and this was presented at least a couple of 
times in every RIR), so there are slides in each of them, showing the 
progress. I can try to find them for you in the previous year's events 
if you can’t find them. Also my personal experience reporting over 
1.500 abuse cases, average per day, shows that I get more 
“happy-ending” responses from those regions than before and keeps 
going better and better, which is not the case from RIPE

Re: [anti-abuse-wg] Abuse Report ignored. What to do as next?

The RIPE community sets rules for the operation of the RIPE NCC, not rules 
imposed on any network operators.

—
Maria Merkel
[https://cdn.staclar.com/logos/novecore/newlogo.png]

This email was sent by Staclar, Inc. Any statements contained in this email are 
personal to the author and are not necessarily the statements of the company 
unless specifically stated.

Novecore and Staclar are collective trading names of Novecore Ltd., registered 
in England and Wales under company number 11748197, Novecore Licensing Ltd., 
registered in England and Wales under company number 11544982, Staclar Carrier 
Ltd., registered in England and Wales under company number 12219686, Staclar 
Financial Services Ltd., registered in England and Wales under company number 
13843292 (registered offices 54 Portland Place, London, UK, W1B 1DY); Novecore 
Professional Services Ltd., registered in England and Wales under company 
number 13965912 (registered office 13 Freeland Park, Wareham Road, Poole, UK, 
BH16 6FA); Novecore (Estonia) OÜ, registered in Estonia under registry code 
16543205 (local contact Baltic Business Services OÜ, Narva mnt 5, 10117 
Tallinn, Estonia); Novecore (USA) Inc., registered in Delaware under file 
number 6707907, Novecore Licensing (USA) LLC, registered in Delaware under file 
number 4030866, and Staclar, Inc., registered in Delaware under file number 
7413401 (registered agents The Corporation Trust Company, Corporation Trust 
Center, 1209 Orange St, Wilmington DE 19801, USA). Novecore Licensing Ltd. is 
registered for VAT in the United Kingdom under VAT registration number 347 4545 
80. Novecore (Estonia) OÜ is registered for VAT in the European Union under VAT 
registration number EE102518979. Novecore Professional Services Ltd. is a trust 
or company service provider registered with and supervised by HM Revenue & 
Customs under the Money Laundering, Terrorist Financing and Transfer of Funds 
(Information on the Payer) Regulations 2017 (registration number 
XMML0178208). Staclar Financial Services Ltd. is an Annex 1 financial 
institution registered with and supervised by the Financial Conduct Authority 
under the Money Laundering, Terrorist Financing and Transfer of Funds 
(Information on the Payer) Regulations 2017 (firm reference number 989521). 
Registration is not equivalent to authorisation and is not an endorsement to do 
business with a firm. Staclar Financial Services Ltd. is not an authorised 
person within the meaning of the Financial Services and Markets Act 2000 and 
does not review, approve, or endorse financial promotions for securities issues 
it is involved in or provide any form of investment advice.
[Sent from Front]
On November 30, 2023 at 9:48 AM GMT+1 
anti-abuse-wg@ripe.net wrote:

We do that already. We setup rules and enforce them in all the 5 RIRs.

Regards,
Jordi

@jordipalet


El 30 nov 2023, a las 9:39, Matthias Merkel 
mailto:matthias.mer...@staclar.com>> escribió:

Hi Leo,

The definition of a regulator is an entity that sets and enforces rules on the 
persons it supervises.

If the RIPE NCC goes further than just providing numbers, and instead enforces 
rules on usage associated with them (note that this doesn't even concern the 
use of the numbers themselves, but rather services addressed by them), it will, 
by definition, be a regulator.

I'm not sure that there will be consensus on wanting the NCC to become a 
regulator.

—
Maria Merkel
[https://cdn.staclar.com/logos/novecore/newlogo.png]

This email was sent by Staclar, Inc. Any statements contained in this email are 
personal to the author and are not necessarily the statements of the company 
unless specifically stated.

Novecore and Staclar are collective trading names of Novecore Ltd., registered 
in England and Wales under company number 11748197, Novecore Licensing Ltd., 
registered in England and Wales under company number 11544982, Staclar Carrier 
Ltd., registered in England and Wales under company number 12219686, Staclar 
Financial Services Ltd., registered in England and Wales under company number 
13843292 (registered offices 54 Portland Place, London, UK, W1B 1DY); Novecore 
Professional Services Ltd., registered in England and Wales under company 
number 13965912 (registered office 13 Freeland Park, Wareham Road, Poole, UK, 
BH16 6FA); Novecore (Estonia) OÜ, registered in Estonia under registry code 
16543205 (local contact Baltic Business Services OÜ, Narva mnt 5, 10117 
Tallinn, Estonia); Novecore (USA) Inc., registered in Delaware under file 
number 6707907, Novecore Licensing (USA) LLC, registered in Delaware under file 
number 4030866, and Staclar, Inc., registered in Delaware under file number 
7413401 (registered agents The Corporation Trust Company, Corporation Trust 
Center, 1209 Orange St, Wilmington DE 19801, USA). Novecore Licensing Ltd. is 
registered for VAT in the United Kingdom under VAT registration number 347 4545 
80. Novecore (Estonia) OÜ is

Re: [anti-abuse-wg] Abuse Report ignored. What to do as next?

We do that already. We setup rules and enforce them in all the 5 RIRs.

Regards,
Jordi

@jordipalet


> El 30 nov 2023, a las 9:39, Matthias Merkel  
> escribió:
> 
> Hi Leo,
> 
> The definition of a regulator is an entity that sets and enforces rules on 
> the persons it supervises.
> 
> If the RIPE NCC goes further than just providing numbers, and instead 
> enforces rules on usage associated with them (note that this doesn't even 
> concern the use of the numbers themselves, but rather services addressed by 
> them), it will, by definition, be a regulator.
> 
> I'm not sure that there will be consensus on wanting the NCC to become a 
> regulator.
> 
> —
> Maria Merkel
> 
> 
> This email was sent by Staclar, Inc. Any statements contained in this email 
> are personal to the author and are not necessarily the statements of the 
> company unless specifically stated.
> 
> Novecore and Staclar are collective trading names of Novecore Ltd., 
> registered in England and Wales under company number 11748197, Novecore 
> Licensing Ltd., registered in England and Wales under company number 
> 11544982, Staclar Carrier Ltd., registered in England and Wales under company 
> number 12219686, Staclar Financial Services Ltd., registered in England and 
> Wales under company number 13843292 (registered offices 54 Portland Place, 
> London, UK, W1B 1DY); Novecore Professional Services Ltd., registered in 
> England and Wales under company number 13965912 (registered office 13 
> Freeland Park, Wareham Road, Poole, UK, BH16 6FA); Novecore (Estonia) OÜ, 
> registered in Estonia under registry code 16543205 (local contact Baltic 
> Business Services OÜ, Narva mnt 5, 10117 Tallinn, Estonia); Novecore (USA) 
> Inc., registered in Delaware under file number 6707907, Novecore Licensing 
> (USA) LLC, registered in Delaware under file number 4030866, and Staclar, 
> Inc., registered in Delaware under file number 7413401 (registered agents The 
> Corporation Trust Company, Corporation Trust Center, 1209 Orange St, 
> Wilmington DE 19801, USA). Novecore Licensing Ltd. is registered for VAT in 
> the United Kingdom under VAT registration number 347 4545 80. Novecore 
> (Estonia) OÜ is registered for VAT in the European Union under VAT 
> registration number EE102518979. Novecore Professional Services Ltd. is a 
> trust or company service provider registered with and supervised by HM 
> Revenue & Customs under the Money Laundering, Terrorist Financing and 
> Transfer of Funds (Information on the Payer) Regulations 2017 (registration 
> number XMML0178208). Staclar Financial Services Ltd. is an Annex 1 
> financial institution registered with and supervised by the Financial Conduct 
> Authority under the Money Laundering, Terrorist Financing and Transfer of 
> Funds (Information on the Payer) Regulations 2017 (firm reference number 
> 989521). Registration is not equivalent to authorisation and is not an 
> endorsement to do business with a firm. Staclar Financial Services Ltd. is 
> not an authorised person within the meaning of the Financial Services and 
> Markets Act 2000 and does not review, approve, or endorse financial 
> promotions for securities issues it is involved in or provide any form of 
> investment advice.
> 
>> On November 30, 2023 at 9:36 AM GMT+1 anti-abuse-wg@ripe.net 
>>  wrote:
>> 
>> Hi Leo,
>> 
>> I don’t see it as a regulator, I see it as one of the functions of a RIR. 
>> Not just provide numbers, but also ensure that they are being used fairly 
>> and according community agreed policies. Otherwise we could also say that 
>> other reasons for recovery are invalid because we become a regulator, right?
>> 
>> Each RIR has measured the “level of adoption” as they progressed with the 
>> initial verification (and this was presented at least a couple of times in 
>> every RIR), so there are slides in each of them, showing the progress. I can 
>> try to find them for you in the previous year's events if you can’t find 
>> them. Also my personal experience reporting over 1.500 abuse cases, average 
>> per day, shows that I get more “happy-ending” responses from those regions 
>> than before and keeps going better and better, which is not the case from 
>> RIPE unfortunately.
>> 
>> Regards,
>> Jordi
>> 
>> @jordipalet
>> 
>>> 
>>> > El 29 nov 2023, a las 16:09, Leo Vegoda >> > > escribió:
>>> > 
>>> > Hi Jordi,
>>> > 
>>> > 
>>> > On Nov 29, 2023, at 11:29, jordi.palet--- via anti-abuse-wg 
>>> > mailto:anti-abuse-wg@ripe.net>> wrote:
>>> >> 
>>> >> I agree that the carrot is better than the stick, but if the carrot 
>>> >> doesn’t work, we need to use the stick.
>>> >> 
>>> >> My original proposal was basically enforcing the NCC to reclaim the 
>>> >> resources when there is a persistent violation of resolving abuse cases. 
>>> >> This can be progressive, such as not allowing to update objects in the 
>>> >> database, etc. No need to go with “a single

Re: [anti-abuse-wg] Abuse Report ignored. What to do as next?

Hi Leo,

The definition of a regulator is an entity that sets and enforces rules on the 
persons it supervises.

If the RIPE NCC goes further than just providing numbers, and instead enforces 
rules on usage associated with them (note that this doesn't even concern the 
use of the numbers themselves, but rather services addressed by them), it will, 
by definition, be a regulator.

I'm not sure that there will be consensus on wanting the NCC to become a 
regulator.

—
Maria Merkel
[https://cdn.staclar.com/logos/novecore/newlogo.png]

This email was sent by Staclar, Inc. Any statements contained in this email are 
personal to the author and are not necessarily the statements of the company 
unless specifically stated.

Novecore and Staclar are collective trading names of Novecore Ltd., registered 
in England and Wales under company number 11748197, Novecore Licensing Ltd., 
registered in England and Wales under company number 11544982, Staclar Carrier 
Ltd., registered in England and Wales under company number 12219686, Staclar 
Financial Services Ltd., registered in England and Wales under company number 
13843292 (registered offices 54 Portland Place, London, UK, W1B 1DY); Novecore 
Professional Services Ltd., registered in England and Wales under company 
number 13965912 (registered office 13 Freeland Park, Wareham Road, Poole, UK, 
BH16 6FA); Novecore (Estonia) OÜ, registered in Estonia under registry code 
16543205 (local contact Baltic Business Services OÜ, Narva mnt 5, 10117 
Tallinn, Estonia); Novecore (USA) Inc., registered in Delaware under file 
number 6707907, Novecore Licensing (USA) LLC, registered in Delaware under file 
number 4030866, and Staclar, Inc., registered in Delaware under file number 
7413401 (registered agents The Corporation Trust Company, Corporation Trust 
Center, 1209 Orange St, Wilmington DE 19801, USA). Novecore Licensing Ltd. is 
registered for VAT in the United Kingdom under VAT registration number 347 4545 
80. Novecore (Estonia) OÜ is registered for VAT in the European Union under VAT 
registration number EE102518979. Novecore Professional Services Ltd. is a trust 
or company service provider registered with and supervised by HM Revenue & 
Customs under the Money Laundering, Terrorist Financing and Transfer of Funds 
(Information on the Payer) Regulations 2017 (registration number 
XMML0178208). Staclar Financial Services Ltd. is an Annex 1 financial 
institution registered with and supervised by the Financial Conduct Authority 
under the Money Laundering, Terrorist Financing and Transfer of Funds 
(Information on the Payer) Regulations 2017 (firm reference number 989521). 
Registration is not equivalent to authorisation and is not an endorsement to do 
business with a firm. Staclar Financial Services Ltd. is not an authorised 
person within the meaning of the Financial Services and Markets Act 2000 and 
does not review, approve, or endorse financial promotions for securities issues 
it is involved in or provide any form of investment advice.
[Sent from Front]
On November 30, 2023 at 9:36 AM GMT+1 
anti-abuse-wg@ripe.net wrote:

Hi Leo,

I don’t see it as a regulator, I see it as one of the functions of a RIR. Not 
just provide numbers, but also ensure that they are being used fairly and 
according community agreed policies. Otherwise we could also say that other 
reasons for recovery are invalid because we become a regulator, right?

Each RIR has measured the “level of adoption” as they progressed with the 
initial verification (and this was presented at least a couple of times in 
every RIR), so there are slides in each of them, showing the progress. I can 
try to find them for you in the previous year's events if you can’t find them. 
Also my personal experience reporting over 1.500 abuse cases, average per day, 
shows that I get more “happy-ending” responses from those regions than before 
and keeps going better and better, which is not the case from RIPE 
unfortunately.

Regards,
Jordi

@jordipalet

> El 29 nov 2023, a las 16:09, Leo Vegoda 
> mailto:l...@vegoda.org>> escribió:
>
> Hi Jordi,
>
>
> On Nov 29, 2023, at 11:29, jordi.palet--- via anti-abuse-wg 
> mailto:anti-abuse-wg@ripe.net>> wrote:
>>
>> I agree that the carrot is better than the stick, but if the carrot doesn’t 
>> work, we need to use the stick.
>>
>> My original proposal was basically enforcing the NCC to reclaim the 
>> resources when there is a persistent violation of resolving abuse cases. 
>> This can be progressive, such as not allowing to update objects in the 
>> database, etc. No need to go with “a single failure means you lose your 
>> resources”.
>
> How could we do this without the RIPE NCC becoming some kind of regulator? Or 
> is the proposal to make the RIPE NCC a private sector regulator?
>
>> As said, this is working in other 2 regions, one more coming (pending of the 
>> AFRINIC board ratification). Why should not work in this region the same?

Re: [anti-abuse-wg] Abuse Report ignored. What to do as next?

2023-11-29 Thread Michele Neylon - Blacknight via anti-abuse-wg

Hi Leo,

I don’t see it as a regulator, I see it as one of the functions of a RIR. Not 
just provide numbers, but also ensure that they are being used fairly and 
according community agreed policies. Otherwise we could also say that other 
reasons for recovery are invalid because we become a regulator, right?

Each RIR has measured the “level of adoption” as they progressed with the 
initial verification (and this was presented at least a couple of times in 
every RIR), so there are slides in each of them, showing the progress. I can 
try to find them for you in the previous year's events if you can’t find them. 
Also my personal experience reporting over 1.500 abuse cases, average per day, 
shows that I get more “happy-ending” responses from those regions than before 
and keeps going better and better, which is not the case from RIPE 
unfortunately.

Regards,
Jordi

@jordipalet

> El 29 nov 2023, a las 16:09, Leo Vegoda  escribió:
> 
> Hi Jordi,
> 
> 
> On Nov 29, 2023, at 11:29, jordi.palet--- via anti-abuse-wg 
>  wrote:
>> 
>> I agree that the carrot is better than the stick, but if the carrot doesn’t 
>> work, we need to use the stick.
>> 
>> My original proposal was basically enforcing the NCC to reclaim the 
>> resources when there is a persistent violation of resolving abuse cases. 
>> This can be progressive, such as not allowing to update objects in the 
>> database, etc. No need to go with “a single failure means you lose your 
>> resources”.
> 
> How could we do this without the RIPE NCC becoming some kind of regulator? Or 
> is the proposal to make the RIPE NCC a private sector regulator?
> 
>> As said, this is working in other 2 regions, one more coming (pending of the 
>> AFRINIC board ratification). Why should not work in this region the same? 
>> Also the PoC in ARIN works in a similar way, and being non-responsive means 
>> you get some “members” rights restricted.
> 
> Who has been measuring the reduction is abuse? How tightly is that drop in 
> abuse linked to this policy action rather than other factors?
> 
> Kind regards,
> 
> Leo
> 

**
IPv4 is over
Are you ready for the new Internet ?
http://www.theipv6company.com
The IPv6 Company

This electronic message contains information which may be privileged or 
confidential. The information is intended to be for the exclusive use of the 
individual(s) named above and further non-explicilty authorized disclosure, 
copying, distribution or use of the contents of this information, even if 
partially, including attached files, is strictly prohibited and will be 
considered a criminal offense. If you are not the intended recipient be aware 
that any disclosure, copying, distribution or use of the contents of this 
information, even if partially, including attached files, is strictly 
prohibited, will be considered a criminal offense, so you must reply to the 
original sender to inform about this communication and delete it.

-- 

To unsubscribe from this mailing list, get a password reminder, or change your 
subscription options, please visit: 
https://lists.ripe.net/mailman/listinfo/anti-abuse-wg

Re: [anti-abuse-wg] Abuse Report ignored. What to do as next?

2023-11-29 Thread Leo Vegoda

Hi Jordi,


On Nov 29, 2023, at 11:29, jordi.palet--- via anti-abuse-wg 
 wrote:
> 
> I agree that the carrot is better than the stick, but if the carrot doesn’t 
> work, we need to use the stick.
> 
> My original proposal was basically enforcing the NCC to reclaim the resources 
> when there is a persistent violation of resolving abuse cases. This can be 
> progressive, such as not allowing to update objects in the database, etc. No 
> need to go with “a single failure means you lose your resources”.

How could we do this without the RIPE NCC becoming some kind of regulator? Or 
is the proposal to make the RIPE NCC a private sector regulator?

> As said, this is working in other 2 regions, one more coming (pending of the 
> AFRINIC board ratification). Why should not work in this region the same? 
> Also the PoC in ARIN works in a similar way, and being non-responsive means 
> you get some “members” rights restricted.

Who has been measuring the reduction is abuse? How tightly is that drop in 
abuse linked to this policy action rather than other factors?

Kind regards,

Leo


-- 

To unsubscribe from this mailing list, get a password reminder, or change your 
subscription options, please visit: 
https://lists.ripe.net/mailman/listinfo/anti-abuse-wg

Re: [anti-abuse-wg] Abuse Report ignored. What to do as next?

Jordi

Can you please provide links to the policies that were implemented elsewhere.

Regards

Michele


--
Mr Michele Neylon
Blacknight Solutions
Hosting, Colocation & Domains
https://www.blacknight.com/
https://blacknight.blog/
Intl. +353 (0) 59  9183072
Direct Dial: +353 (0)59 9183090
Personal blog: https://michele.blog/
Some thoughts: https://ceo.hosting/
---
Blacknight Internet Solutions Ltd, Unit 12A,Barrowside Business Park,Sleaty 
Road,Graiguecullen,Carlow,R93 X265,Ireland  Company No.: 370845

I have sent this email at a time that is convenient for me. I do not expect you 
to respond to it outside of your usual working hours.

-- 

To unsubscribe from this mailing list, get a password reminder, or change your 
subscription options, please visit: 
https://lists.ripe.net/mailman/listinfo/anti-abuse-wg

Re: [anti-abuse-wg] Abuse Report ignored. What to do as next?

2023-11-29 Thread Suresh Ramasubramanian

This would be a welcome move.  A graded and transparent set of enforcement 
mechanisms is a good thing to have.

—srs

From: anti-abuse-wg  on behalf of 
jordi.palet--- via anti-abuse-wg 
Sent: Wednesday, November 29, 2023 3:59:36 PM
To: anti-abuse-wg@ripe.net 
Subject: Re: [anti-abuse-wg] Abuse Report ignored. What to do as next?

I agree that the carrot is better than the stick, but if the carrot doesn’t 
work, we need to use the stick.

My original proposal was basically enforcing the NCC to reclaim the resources 
when there is a persistent violation of resolving abuse cases. This can be 
progressive, such as not allowing to update objects in the database, etc. No 
need to go with “a single failure means you lose your resources”.

As said, this is working in other 2 regions, one more coming (pending of the 
AFRINIC board ratification). Why should not work in this region the same? Also 
the PoC in ARIN works in a similar way, and being non-responsive means you get 
some “members” rights restricted.

Regards,
Jordi

@jordipalet

> El 29 nov 2023, a las 10:51, Leo Vegoda  escribió:
>
> Hi Jordi,
>
> On Wed, 29 Nov 2023 at 10:12, jordi.palet--- via anti-abuse-wg
>  wrote:
>
> [...]
>
>> Is not magic, is ensuring that the NCC has the tools, dictated by a policy, 
>> to act against those not fulfilling their obligations.
>
> Can you expand on this? What would you have the RIPE NCC do and when?
>
> Thanks,
>
> Leo

**
IPv4 is over
Are you ready for the new Internet ?
http://www.theipv6company.com
The IPv6 Company

This electronic message contains information which may be privileged or 
confidential. The information is intended to be for the exclusive use of the 
individual(s) named above and further non-explicilty authorized disclosure, 
copying, distribution or use of the contents of this information, even if 
partially, including attached files, is strictly prohibited and will be 
considered a criminal offense. If you are not the intended recipient be aware 
that any disclosure, copying, distribution or use of the contents of this 
information, even if partially, including attached files, is strictly 
prohibited, will be considered a criminal offense, so you must reply to the 
original sender to inform about this communication and delete it.

--

To unsubscribe from this mailing list, get a password reminder, or change your 
subscription options, please visit: 
https://lists.ripe.net/mailman/listinfo/anti-abuse-wg
-- 

To unsubscribe from this mailing list, get a password reminder, or change your 
subscription options, please visit: 
https://lists.ripe.net/mailman/listinfo/anti-abuse-wg

Re: [anti-abuse-wg] Abuse Report ignored. What to do as next?

2023-11-29 Thread jordi.palet--- via anti-abuse-wg

I agree that the carrot is better than the stick, but if the carrot doesn’t 
work, we need to use the stick.

My original proposal was basically enforcing the NCC to reclaim the resources 
when there is a persistent violation of resolving abuse cases. This can be 
progressive, such as not allowing to update objects in the database, etc. No 
need to go with “a single failure means you lose your resources”.

As said, this is working in other 2 regions, one more coming (pending of the 
AFRINIC board ratification). Why should not work in this region the same? Also 
the PoC in ARIN works in a similar way, and being non-responsive means you get 
some “members” rights restricted.

Regards,
Jordi

@jordipalet

> El 29 nov 2023, a las 10:51, Leo Vegoda  escribió:
> 
> Hi Jordi,
> 
> On Wed, 29 Nov 2023 at 10:12, jordi.palet--- via anti-abuse-wg
>  wrote:
> 
> [...]
> 
>> Is not magic, is ensuring that the NCC has the tools, dictated by a policy, 
>> to act against those not fulfilling their obligations.
> 
> Can you expand on this? What would you have the RIPE NCC do and when?
> 
> Thanks,
> 
> Leo

**
IPv4 is over
Are you ready for the new Internet ?
http://www.theipv6company.com
The IPv6 Company

This electronic message contains information which may be privileged or 
confidential. The information is intended to be for the exclusive use of the 
individual(s) named above and further non-explicilty authorized disclosure, 
copying, distribution or use of the contents of this information, even if 
partially, including attached files, is strictly prohibited and will be 
considered a criminal offense. If you are not the intended recipient be aware 
that any disclosure, copying, distribution or use of the contents of this 
information, even if partially, including attached files, is strictly 
prohibited, will be considered a criminal offense, so you must reply to the 
original sender to inform about this communication and delete it.

-- 

To unsubscribe from this mailing list, get a password reminder, or change your 
subscription options, please visit: 
https://lists.ripe.net/mailman/listinfo/anti-abuse-wg

Re: [anti-abuse-wg] Abuse Report ignored. What to do as next?

2023-11-29 Thread Leo Vegoda

Hi Jordi,

On Wed, 29 Nov 2023 at 10:12, jordi.palet--- via anti-abuse-wg
 wrote:

[...]

> Is not magic, is ensuring that the NCC has the tools, dictated by a policy, 
> to act against those not fulfilling their obligations.

Can you expand on this? What would you have the RIPE NCC do and when?

Thanks,

Leo

-- 

To unsubscribe from this mailing list, get a password reminder, or change your 
subscription options, please visit: 
https://lists.ripe.net/mailman/listinfo/anti-abuse-wg

Re: [anti-abuse-wg] Abuse Report ignored. What to do as next?

2023-11-29 Thread jordi.palet--- via anti-abuse-wg

Well, it worked in other 2 regions, and one more AFRINIC also accepted it, just 
waiting for the (hopefully) re-constituted board ratification.

Is not magic, is ensuring that the NCC has the tools, dictated by a policy, to 
act against those not fulfilling their obligations.

Regards,
Jordi

@jordipalet

> El 29 nov 2023, a las 10:01, Gert Doering  escribió:
> 
> Hi,
> 
> On Wed, Nov 29, 2023 at 09:39:28AM +0100, jordi.palet--- via anti-abuse-wg 
> wrote:
>> 2017-02 doesn???t enforce people really using the abuse-c,
> 
> Neither does your proposal to require verification...  all it does is
> require "if a mail from the NCC comes in, click on the confirmation
> button".
> 
> People not interested in abuse handling will not magically become interested
> by having a regular check whether the mailbox is working - actually, to
> the contrary, if the abuse mailbox bounces, you know right away that they
> are not interested.
> 
> *Should* they be?  Of course!
> 
> Will your proposal magically achieve that?  no.
> 
> Gert Doering
>-- NetMaster
> -- 
> have you enabled IPv6 on something today...?
> 
> SpaceNet AG  Vorstand: Sebastian v. Bomhard, Michael Emmer
> Joseph-Dollinger-Bogen 14Aufsichtsratsvors.: A. Grundner-Culemann
> D-80807 Muenchen HRB: 136055 (AG Muenchen)
> Tel: +49 (0)89/32356-444 USt-IdNr.: DE813185279

**
IPv4 is over
Are you ready for the new Internet ?
http://www.theipv6company.com
The IPv6 Company

This electronic message contains information which may be privileged or 
confidential. The information is intended to be for the exclusive use of the 
individual(s) named above and further non-explicilty authorized disclosure, 
copying, distribution or use of the contents of this information, even if 
partially, including attached files, is strictly prohibited and will be 
considered a criminal offense. If you are not the intended recipient be aware 
that any disclosure, copying, distribution or use of the contents of this 
information, even if partially, including attached files, is strictly 
prohibited, will be considered a criminal offense, so you must reply to the 
original sender to inform about this communication and delete it.

-- 

To unsubscribe from this mailing list, get a password reminder, or change your 
subscription options, please visit: 
https://lists.ripe.net/mailman/listinfo/anti-abuse-wg

Re: [anti-abuse-wg] Abuse Report ignored. What to do as next?

2023-11-29 Thread Gert Doering

Hi,

On Wed, Nov 29, 2023 at 09:39:28AM +0100, jordi.palet--- via anti-abuse-wg 
wrote:
> 2017-02 doesn???t enforce people really using the abuse-c, 

Neither does your proposal to require verification...  all it does is
require "if a mail from the NCC comes in, click on the confirmation
button".

People not interested in abuse handling will not magically become interested
by having a regular check whether the mailbox is working - actually, to
the contrary, if the abuse mailbox bounces, you know right away that they
are not interested.

*Should* they be?  Of course!

Will your proposal magically achieve that?  no.

Gert Doering
-- NetMaster
-- 
have you enabled IPv6 on something today...?

SpaceNet AG  Vorstand: Sebastian v. Bomhard, Michael Emmer
Joseph-Dollinger-Bogen 14Aufsichtsratsvors.: A. Grundner-Culemann
D-80807 Muenchen HRB: 136055 (AG Muenchen)
Tel: +49 (0)89/32356-444 USt-IdNr.: DE813185279


signature.asc
Description: PGP signature
-- 

To unsubscribe from this mailing list, get a password reminder, or change your 
subscription options, please visit: 
https://lists.ripe.net/mailman/listinfo/anti-abuse-wg

Re: [anti-abuse-wg] Abuse Report ignored. What to do as next?

2023-11-29 Thread jordi.palet--- via anti-abuse-wg

2017-02 doesn’t enforce people really using the abuse-c, neither it constitutes 
a policy violation to have fake data or non-responsible mailboxes.

You can check how my proposal reached consensus in APNIC and LACNIC and 
radically changed the situation in both regions, so it is very successful.

Regards,
Jordi

@jordipalet


> El 1 nov 2023, a las 15:21, Sergey Myasoedov  escribió:
> 
> 
> We have had 2017-02, which is basically the same as yours 2019-04, except the 
> validation will be done 2x more often.
> 
> But the abuse-c validation does work. What's the problem then?
> 
> 
> --
> Sergey
> 
> 
> 
>> On Nov 1, 2023, at 05:10, jordi.palet--- via anti-abuse-wg 
>>  wrote:
>> 
>> We had a policy proposal to ensure that the abuse mailbox was valid and 
>> monitored, but this community didn’t liked it. In other regions it works and 
>> it proven to be a very valid tool.
>> 
>> Should we restart that discussion? I’m happy to resubmit the proposal then.
>> 
>> Regards,
>> Jordi
>> 
>> @jordipalet
>> 
>> 
>>> El 31 oct 2023, a las 21:55, U.Mutlu  escribió:
>>> 
>>> Hello,
>>> 
>>> the IP 80.94.95.181 is endlessly (ie. brute-force) trying
>>> to hack our emailserver by attempting to login as a user.
>>> The login attempts of course fail, and we have blocked
>>> that IP in the firewall.
>>> 
>>> But this IP still continues sending packets to our server,
>>> eventhough his packets get dropped/rejected by our firewall.
>>> This now of course constitutes a DoS attack.
>>> 
>>> 10 days ago we filed an Abuse Report to the abuse address
>>> given in the WHOIS database for this IP:
>>> % Abuse contact for '80.94.95.0 - 80.94.95.255' is 
>>> 'internethosting-...@yandex.ru'
>>> 
>>> But this hoster seems to ignore all Abuse Reports,
>>> b/c researching this IP on the web shows that
>>> it's a well known abuser IP and many people have
>>> reported and complained about this IP. For example see this:
>>> https://www.abuseipdb.com/check/80.94.95.181
>>> 
>>> So, what to do if the hoster is uncooperative, like in this case?
>>> Where else to complain, what else to do?
>>> 
>>> Thx
>>> 
>>> U.Mutlu
>>> admin & hostmaster
>>> 
>>> -- 
>>> 
>>> To unsubscribe from this mailing list, get a password reminder, or change 
>>> your subscription options, please visit: 
>>> https://lists.ripe.net/mailman/listinfo/anti-abuse-wg
>> 
>> 
>> **
>> IPv4 is over
>> Are you ready for the new Internet ?
>> http://www.theipv6company.com
>> The IPv6 Company
>> 
>> This electronic message contains information which may be privileged or 
>> confidential. The information is intended to be for the exclusive use of the 
>> individual(s) named above and further non-explicilty authorized disclosure, 
>> copying, distribution or use of the contents of this information, even if 
>> partially, including attached files, is strictly prohibited and will be 
>> considered a criminal offense. If you are not the intended recipient be 
>> aware that any disclosure, copying, distribution or use of the contents of 
>> this information, even if partially, including attached files, is strictly 
>> prohibited, will be considered a criminal offense, so you must reply to the 
>> original sender to inform about this communication and delete it.
>> 
>> 
>> 
>> 
>> 
>> -- 
>> 
>> To unsubscribe from this mailing list, get a password reminder, or change 
>> your subscription options, please visit: 
>> https://lists.ripe.net/mailman/listinfo/anti-abuse-wg
> 


**
IPv4 is over
Are you ready for the new Internet ?
http://www.theipv6company.com
The IPv6 Company

This electronic message contains information which may be privileged or 
confidential. The information is intended to be for the exclusive use of the 
individual(s) named above and further non-explicilty authorized disclosure, 
copying, distribution or use of the contents of this information, even if 
partially, including attached files, is strictly prohibited and will be 
considered a criminal offense. If you are not the intended recipient be aware 
that any disclosure, copying, distribution or use of the contents of this 
information, even if partially, including attached files, is strictly 
prohibited, will be considered a criminal offense, so you must reply to the 
original sender to inform about this communication and delete it.





-- 

To unsubscribe from this mailing list, get a password reminder, or change your 
subscription options, please visit: 
https://lists.ripe.net/mailman/listinfo/anti-abuse-wg

Re: [anti-abuse-wg] Abuse Report ignored. What to do as next?

2023-11-02 Thread Steve Linford

> On 1 Nov 2023, at 13:56, John Levine  wrote:
> 
> It appears that Ã ngel Gonzalez Berdasco via anti-abuse-wg 
>  said:
>>> Just block their network 80.94.95.0/24 and forget about it.
> 
>> organisation:   ORG-BA1515-RIPE
>> org-name:   BtHoster LTD
>> country:GB
>> org-type:   OTHER
>> address:26, New Kent Road, London, SE1 6TJ, UNITED KINGDOM
> 
> If you look at that address on Google stret view, you will see a late
> 2022 picture of a construction site.
> 
> Unless you care enough to contact their transit providers and try
> and get them disconnected, I wouldn't waste more time on it.
> 
> R's,
> John
> 

Interesting. The same company director “Colin Brown” registered another company 
just a few days ago at that same 26 New Kent Road address: “Emanuel Hosting 
Ltd”. I wonder how long before Emanuel pops up on abuse radar.

(Bit of a problem with UK companies; cheap and quick to register + penalty for 
not filing any accounts is that a year or two they simply get struck off the 
Companies Register. Perfect for Fly-by-Night companies.)

Best regards,

Steve

___
Steve Linford
Spamhaus Project

-- 

To unsubscribe from this mailing list, get a password reminder, or change your 
subscription options, please visit: 
https://lists.ripe.net/mailman/listinfo/anti-abuse-wg

Re: [anti-abuse-wg] Abuse Report ignored. What to do as next?

2023-11-02 Thread Michele Neylon - Blacknight via anti-abuse-wg

Peter

Economic incentives make a lot of sense. In the domain space we’ve seen 
registries offering promotions that are linked to a registrar’s “rating” and it 
seems to work.

Regards

Michele


--
Mr Michele Neylon
Blacknight Solutions
Hosting, Colocation & Domains
https://www.blacknight.com/
https://blacknight.blog/
Intl. +353 (0) 59  9183072
Direct Dial: +353 (0)59 9183090
Personal blog: https://michele.blog/
Some thoughts: https://ceo.hosting/
---
Blacknight Internet Solutions Ltd, Unit 12A,Barrowside Business Park,Sleaty 
Road,Graiguecullen,Carlow,R93 X265,Ireland  Company No.: 370845

I have sent this email at a time that is convenient for me. I do not expect you 
to respond to it outside of your usual working hours.


From: anti-abuse-wg  on behalf of Peter Koch 

Date: Thursday, 2 November 2023 at 13:36
To: anti-abuse-wg@ripe.net 
Subject: Re: [anti-abuse-wg] Abuse Report ignored. What to do as next?
[EXTERNAL EMAIL] Please use caution when opening attachments from unrecognised 
sources.

Moin,

On Wed, Nov 01, 2023 at 02:37:27PM -0700, Leo Vegoda wrote:

> Sure, but that's a membership decision and not a community decision.

this perceived disconnect is a re-occuring scheme and therefore
deserves a bit more thought, albeit not in this WG but likely
in NCC Services and/or Address Policy as well as within the membership.

If (or "iff" for the formal reader) policy is helped by economic
incentives or counter-incentives, then it could be a good thing to
have a way of (conditional) policy making to solve the deadlock
without stepping on each others' toes.

Not saying that's a solution for the case that started this threat,
also recognizing the emotional aspect of fee scheme decisions.

-Peter

--

To unsubscribe from this mailing list, get a password reminder, or change your 
subscription options, please visit: 
https://lists.ripe.net/mailman/listinfo/anti-abuse-wg
-- 

To unsubscribe from this mailing list, get a password reminder, or change your 
subscription options, please visit: 
https://lists.ripe.net/mailman/listinfo/anti-abuse-wg

Re: [anti-abuse-wg] Abuse Report ignored. What to do as next?

2023-11-02 Thread Peter Koch

Moin,

On Wed, Nov 01, 2023 at 02:37:27PM -0700, Leo Vegoda wrote:

> Sure, but that's a membership decision and not a community decision.

this perceived disconnect is a re-occuring scheme and therefore
deserves a bit more thought, albeit not in this WG but likely
in NCC Services and/or Address Policy as well as within the membership.

If (or "iff" for the formal reader) policy is helped by economic
incentives or counter-incentives, then it could be a good thing to
have a way of (conditional) policy making to solve the deadlock
without stepping on each others' toes.

Not saying that's a solution for the case that started this threat,
also recognizing the emotional aspect of fee scheme decisions.

-Peter

-- 

To unsubscribe from this mailing list, get a password reminder, or change your 
subscription options, please visit: 
https://lists.ripe.net/mailman/listinfo/anti-abuse-wg

Re: [anti-abuse-wg] Abuse Report ignored. What to do as next?

2023-11-02 Thread U.Mutlu


Just to give a feedback:

Yesterday I had complained about the said IP 80.94.95.181 also to RIPE NCC
via their WebMail contact page, which went to supp...@ripe.net
and opened a ticket: https://www.ripe.net/contact-form

Luckily the worst hacking attempts originating from these IPs
finally have stopped since today morning at around 08:25 :
80.94.95.181
45.129.14.106
They tried for many weeks.

They both belong to the same said company and have the same abuse contact:
% Abuse contact for '80.94.95.0 - 80.94.95.255' is 
'internethosting-...@yandex.ru'
% Abuse contact for '45.129.14.0 - 45.129.14.255' is 
'internethosting-...@yandex.ru'


Currently the other mass hacking attacks are coming from
the following IPs, but an Abuse Report has not been filed yet,
still monitoring & collecting evidence:
141.98.11.68
141.98.11.82
185.162.235.225



U.Mutlu wrote on 11/01/23 19:44:

Thank you for your interesting analysis.

Is then RIPE not a "partner in crime" for such criminal companies?
B/c it seems RIPE does not take any action against such evidently
criminal members abusing the network and the other members and users.
RIPE just says this ( https://www.ripe.net/support/abuse ):
"
...
At the RIPE NCC, we allocate blocks of IP addresses to ISPs and
other organisations, but we have no involvement in how these
addresses are used by their users.
...
However, we can help you find out who is abusing your network
by providing you with the relevant network operator contact details.
Our role is to ensure that all abuse contacts are valid and
up-to-date in the RIPE Database. From there, it is the
responsibility of the network operator to handle your abuse report.
There is nothing we can do if a network operator chooses not to reply.
...
"

IMO, RIPE very well can do some more, and needs to do some more...



Natale Maria Bianchi wrote on 11/01/23 19:06:

On Wed, Nov 01, 2023 at 01:55:42PM +0100, John Levine wrote:

It appears that ? ngel Gonzalez Berdasco via anti-abuse-wg
 said:

Just block their network 80.94.95.0/24 and forget about it.



organisation:   ORG-BA1515-RIPE
org-name:   BtHoster LTD
country:GB
org-type:   OTHER
address:26, New Kent Road, London, SE1 6TJ, UNITED KINGDOM


If you look at that address on Google stret view, you will see a late
2022 picture of a construction site.

Unless you care enough to contact their transit providers and try
and get them disconnected, I wouldn't waste more time on it.


BtHoster is indeed a well known bulletproof hoster, and nothing good can be
expected also from the other two blocks announced by AS204428, 87.246.7.0/24
and 212.70.149.0/24 (4media.bg/4vendeta.com, who also have much cleaner
ranges directly behind their own AS50360).  BtHoster also has AS198465,
today announcing 45.129.14.0/24 and 77.90.185.0/24.

Sending abuse reports to these places is - how to say? - a bit naive.
Abuse is their core business.  You can see for instance BtHoster's ad in
https://bitcointalk.org/index.php?topic=5407833.0 :

RDP FOR SCAN/BRUTE - PRICE 10 $ /MONTH
WHM FOR PISHING WITH UNLIMITED DOMAIN LICENSE -PRICE 130 $ /MONTH
RESELLER FOR  RDP WITH PANEL -PRICE 150 $ + IP /MONTH
SERVER FOR SCAN/BRUTE 32 GB RAM -PRICE 130 $ /MONTH

So the "ignoring" is fully expected, it is a feature of their hosting offer.
The best action is to completely prevent their packets from entering your
networks
through protection at the network edge.  This is precisely what our
DROP/EDROP/ASN-DROP
free datasets are for: block all packets on the edge router.

Of course, like it or not, the people behind this are members of this
community, read these
lists, make posts, etc, and of course they would not be connected to the
Internet if there
weren't facilitating ISPs between them and backbones - in this case the
operators of
AS47890, AS202425 and the abovementioned AS50360.  These are also part of
the abuse
ecosystem.

The two-layered approach is essential for the stability of their connectivity -
otherwise the backbones would just cut them off.  When pressure from
backbones becomes
excessive and the intermediary is forced to disconnect them, they change
intermediary
or they create a new company, get a new ASN and move the operation so that
reputation
restarts from zero. These patterns are very established, and cause a
considerable
ASN turnaround.  RIPE NCC apparently noted a high number of ASNs being
abandoned
[https://www.ripe.net/ripe/mail/archives/address-policy-wg/2023-June/013757.html]

but does not seem to note the relation with abuse that should explain a
fraction
of them.

Natale M Bianchi
Spamhaus Project



--

To unsubscribe from this mailing list, get a password reminder, or change your 
subscription options, please visit: 
https://lists.ripe.net/mailman/listinfo/anti-abuse-wg

Re: [anti-abuse-wg] Abuse Report ignored. What to do as next?

2023-11-02 Thread Michele Neylon - Blacknight via anti-abuse-wg

Gert

I think a lot of us were not going to accept ANY changes to the charging scheme
that time round.

Anyway .. history now ..

Michele

--
Mr Michele Neylon
Blacknight Solutions
Hosting, Colocation & Domains
https://www.blacknight.com/
https://blacknight.blog/
Intl. +353 (0) 59 9183072
Direct Dial: +353 (0)59 9183090
Personal blog: https://michele.blog/
Some thoughts: https://ceo.hosting/
---
Blacknight Internet Solutions Ltd, Unit 12A,Barrowside Business Park,Sleaty
Road,Graiguecullen,Carlow,R93 X265,Ireland Company No.: 370845

I have sent this email at a time that is convenient for me. I do not expect you
to respond to it outside of your usual working hours.

On 02/11/2023, 10:39, "Gert Doering" wrote:
Hi,

On Thu, Nov 02, 2023 at 09:29:52AM +, Michele Neylon - Blacknight wrote:
> The ASN cost for us would have had practically no impact ? we only have two
> and I suspect we?re getting rid of one at some point.
>
> However the other costs that the charging schemes suggested would have cost
> us thousands ? and that simply wasn?t acceptable

ASN charges yes/no were their own voting item, fully independent on
the charging scheme A/B/C/D vote.

(Resolution 4 vs. Resolution 3)

https://www.ripe.net/participate/meetings/gm/meetings/may-2023/draft-minutes-of-the-general-meeting-may-2023

But maybe the question itself was loaded and biased...

"Resolution 4:

"In addition to the RIPE NCC Charging Scheme adopted in Resolution 3,
the General Meeting adopts an extra charge of EUR 50 per ASN as an
integral part of the Charging Scheme 2024."

naming this an "extra charge" *without* being very clear that it's not
going to change the overall budget (= by implication, the individual
charges on model A, B, C, D need to become lower) does, indeed,
suggest that it will be "more expensive".

*sigh*

Time for retirement,

Gert Doering
-- NetMaster
--
have you enabled IPv6 on something today...?

SpaceNet AG Vorstand: Sebastian v. Bomhard, Michael Emmer
Joseph-Dollinger-Bogen 14Aufsichtsratsvors.: A. Grundner-Culemann
D-80807 Muenchen HRB: 136055 (AG Muenchen)
Tel: +49 (0)89/32356-444 USt-IdNr.: DE813185279

To unsubscribe from this mailing list, get a password reminder, or change your
subscription options, please visit:
https://lists.ripe.net/mailman/listinfo/anti-abuse-wg

Re: [anti-abuse-wg] Abuse Report ignored. What to do as next?

2023-11-02 Thread Gert Doering

Hi,

On Thu, Nov 02, 2023 at 09:29:52AM +, Michele Neylon - Blacknight wrote:
> The ASN cost for us would have had practically no impact ? we only have two 
> and I suspect we?re getting rid of one at some point.
> 
> However the other costs that the charging schemes suggested would have cost 
> us thousands ? and that simply wasn?t acceptable

ASN charges yes/no were their own voting item, fully independent on
the charging scheme A/B/C/D vote.

(Resolution 4 vs. Resolution 3)

https://www.ripe.net/participate/meetings/gm/meetings/may-2023/draft-minutes-of-the-general-meeting-may-2023


But maybe the question itself was loaded and biased...

 "Resolution 4:

  "In addition to the RIPE NCC Charging Scheme adopted in Resolution 3,
   the General Meeting adopts an extra charge of EUR 50 per ASN as an
   integral part of the Charging Scheme 2024."

naming this an "extra charge" *without* being very clear that it's not
going to change the overall budget (= by implication, the individual
charges on model A, B, C, D need to become lower) does, indeed, 
suggest that it will be "more expensive".

*sigh*

Time for retirement,

Gert Doering
-- NetMaster
-- 
have you enabled IPv6 on something today...?

SpaceNet AG  Vorstand: Sebastian v. Bomhard, Michael Emmer
Joseph-Dollinger-Bogen 14Aufsichtsratsvors.: A. Grundner-Culemann
D-80807 Muenchen HRB: 136055 (AG Muenchen)
Tel: +49 (0)89/32356-444 USt-IdNr.: DE813185279


signature.asc
Description: PGP signature
-- 

To unsubscribe from this mailing list, get a password reminder, or change your 
subscription options, please visit: 
https://lists.ripe.net/mailman/listinfo/anti-abuse-wg

Re: [anti-abuse-wg] Abuse Report ignored. What to do as next?

2023-11-02 Thread Michele Neylon - Blacknight via anti-abuse-wg

Gert

The ASN cost for us would have had practically no impact – we only have two and 
I suspect we’re getting rid of one at some point.

However the other costs that the charging schemes suggested would have cost us 
thousands – and that simply wasn’t acceptable

Michele

--
Mr Michele Neylon
Blacknight Solutions
Hosting, Colocation & Domains
https://www.blacknight.com/
https://blacknight.blog/
Intl. +353 (0) 59  9183072
Direct Dial: +353 (0)59 9183090
Personal blog: https://michele.blog/
Some thoughts: https://ceo.hosting/
---
Blacknight Internet Solutions Ltd, Unit 12A,Barrowside Business Park,Sleaty 
Road,Graiguecullen,Carlow,R93 X265,Ireland  Company No.: 370845

I have sent this email at a time that is convenient for me. I do not expect you 
to respond to it outside of your usual working hours.

On 02/11/2023, 10:28, "Gert Doering"  wrote:
Hi,

On Thu, Nov 02, 2023 at 09:19:13AM +, Michele Neylon - Blacknight wrote:
> That?s a massive over simplification of what happened.
>
> The NCC proposed a number of charging schemes which *included* charges per 
> ASN. The proposal was rejected by the majority of the members who voted 
> because the changes would have cost a lot of us significantly more than what 
> we currently pay. The charge per ASN was only one of multiple elements in the 
> proposal ? to characterise it that the members rejected charging per ASN is 
> very misleading.

I wasn't talking about the previous AGM but about the one where the
pre-existing ASN charges got abandoned.

Talking about the *last* meeting, I think most of the members are just
not very good at math... introducing a charge for ASN *with a given total
budget* would have *lowered* the overall bill for most members, holding
only 1 or 2 ASNs (redistributing the overall budget differently).

But "nah, can't have extra costs".

Yes, a few would have had to pay way more, but I think that's legitimate -
if your business is "doling out ASNs to end customers", you'd better have
"oh, it might cost money at some point" in your contracts - and in that
case, the extra costs directly go to the end customers wanting the ASN.

Gert Doering
-- NetMaster
--
have you enabled IPv6 on something today...?

SpaceNet AG  Vorstand: Sebastian v. Bomhard, Michael Emmer
Joseph-Dollinger-Bogen 14Aufsichtsratsvors.: A. Grundner-Culemann
D-80807 Muenchen HRB: 136055 (AG Muenchen)
Tel: +49 (0)89/32356-444 USt-IdNr.: DE813185279

-- 

To unsubscribe from this mailing list, get a password reminder, or change your 
subscription options, please visit: 
https://lists.ripe.net/mailman/listinfo/anti-abuse-wg

Re: [anti-abuse-wg] Abuse Report ignored. What to do as next?

2023-11-02 Thread Gert Doering

Hi,

On Thu, Nov 02, 2023 at 09:19:13AM +, Michele Neylon - Blacknight wrote:
> That?s a massive over simplification of what happened.
> 
> The NCC proposed a number of charging schemes which *included* charges per 
> ASN. The proposal was rejected by the majority of the members who voted 
> because the changes would have cost a lot of us significantly more than what 
> we currently pay. The charge per ASN was only one of multiple elements in the 
> proposal ? to characterise it that the members rejected charging per ASN is 
> very misleading.

I wasn't talking about the previous AGM but about the one where the
pre-existing ASN charges got abandoned.

Talking about the *last* meeting, I think most of the members are just
not very good at math... introducing a charge for ASN *with a given total
budget* would have *lowered* the overall bill for most members, holding
only 1 or 2 ASNs (redistributing the overall budget differently).

But "nah, can't have extra costs".

Yes, a few would have had to pay way more, but I think that's legitimate -
if your business is "doling out ASNs to end customers", you'd better have
"oh, it might cost money at some point" in your contracts - and in that
case, the extra costs directly go to the end customers wanting the ASN.

Gert Doering
-- NetMaster
-- 
have you enabled IPv6 on something today...?

SpaceNet AG  Vorstand: Sebastian v. Bomhard, Michael Emmer
Joseph-Dollinger-Bogen 14Aufsichtsratsvors.: A. Grundner-Culemann
D-80807 Muenchen HRB: 136055 (AG Muenchen)
Tel: +49 (0)89/32356-444 USt-IdNr.: DE813185279

signature.asc
Description: PGP signature
-- 

To unsubscribe from this mailing list, get a password reminder, or change your 
subscription options, please visit: 
https://lists.ripe.net/mailman/listinfo/anti-abuse-wg

Re: [anti-abuse-wg] Abuse Report ignored. What to do as next?

2023-11-02 Thread Michele Neylon - Blacknight via anti-abuse-wg

Gert

That’s a massive over simplification of what happened.

The NCC proposed a number of charging schemes which *included* charges per ASN. 
The proposal was rejected by the majority of the members who voted because the 
changes would have cost a lot of us significantly more than what we currently 
pay. The charge per ASN was only one of multiple elements in the proposal – to 
characterise it that the members rejected charging per ASN is very misleading.

Regards

Michele

--
Mr Michele Neylon
Blacknight Solutions
Hosting, Colocation & Domains
https://www.blacknight.com/
https://blacknight.blog/
Intl. +353 (0) 59  9183072
Direct Dial: +353 (0)59 9183090
Personal blog: https://michele.blog/
Some thoughts: https://ceo.hosting/
---
Blacknight Internet Solutions Ltd, Unit 12A,Barrowside Business Park,Sleaty 
Road,Graiguecullen,Carlow,R93 X265,Ireland  Company No.: 370845

I have sent this email at a time that is convenient for me. I do not expect you 
to respond to it outside of your usual working hours.

From: anti-abuse-wg  on behalf of Gert Doering 

Date: Thursday, 2 November 2023 at 09:30
To: Shane Kerr 
Cc: anti-abuse-wg@ripe.net 
Subject: Re: [anti-abuse-wg] Abuse Report ignored. What to do as next?
[EXTERNAL EMAIL] Please use caution when opening attachments from unrecognised 
sources.

Hi,

On Thu, Nov 02, 2023 at 09:21:01AM +0100, Shane Kerr wrote:
> (*) I guess? I admit to never having read the details of how charging is
> set, since I have never represented a RIPE NCC member.

members vote at the RIPE AGM, to select one out of a number of possible
charging schemes proposed by the board (or just "this is the new one,
accept it or not?").  Since this is about money, it's real voting - and
of course the members are free to ignore whatever arguments the community
brings forward.

Note that there *was* a fee for ASNs, which led to massive complaints by
some people at an ENOG meeting, and then the NCC management promised
"to do away with it" - so the next charging scheme proposed did not include
the ASN fee anymore (and the members had the choice of "approve" or "keep
the old one, which might not give us enough moneyz to fund all the toys,
so drama").

Politics and smoke filled rooms at its best.

Gert Doering
-- NetMaster
--
have you enabled IPv6 on something today...?

SpaceNet AG  Vorstand: Sebastian v. Bomhard, Michael Emmer
Joseph-Dollinger-Bogen 14Aufsichtsratsvors.: A. Grundner-Culemann
D-80807 Muenchen HRB: 136055 (AG Muenchen)
Tel: +49 (0)89/32356-444 USt-IdNr.: DE813185279
-- 

To unsubscribe from this mailing list, get a password reminder, or change your 
subscription options, please visit: 
https://lists.ripe.net/mailman/listinfo/anti-abuse-wg

Re: [anti-abuse-wg] Abuse Report ignored. What to do as next?

2023-11-02 Thread Gert Doering

Hi,

On Thu, Nov 02, 2023 at 09:21:01AM +0100, Shane Kerr wrote:
> (*) I guess? I admit to never having read the details of how charging is
> set, since I have never represented a RIPE NCC member.

members vote at the RIPE AGM, to select one out of a number of possible
charging schemes proposed by the board (or just "this is the new one,
accept it or not?").  Since this is about money, it's real voting - and
of course the members are free to ignore whatever arguments the community
brings forward.

Note that there *was* a fee for ASNs, which led to massive complaints by
some people at an ENOG meeting, and then the NCC management promised
"to do away with it" - so the next charging scheme proposed did not include
the ASN fee anymore (and the members had the choice of "approve" or "keep
the old one, which might not give us enough moneyz to fund all the toys,
so drama").

Politics and smoke filled rooms at its best.

Gert Doering
-- NetMaster
-- 
have you enabled IPv6 on something today...?

SpaceNet AG  Vorstand: Sebastian v. Bomhard, Michael Emmer
Joseph-Dollinger-Bogen 14Aufsichtsratsvors.: A. Grundner-Culemann
D-80807 Muenchen HRB: 136055 (AG Muenchen)
Tel: +49 (0)89/32356-444 USt-IdNr.: DE813185279

signature.asc
Description: PGP signature
-- 

To unsubscribe from this mailing list, get a password reminder, or change your 
subscription options, please visit: 
https://lists.ripe.net/mailman/listinfo/anti-abuse-wg

Re: [anti-abuse-wg] Abuse Report ignored. What to do as next?

2023-11-02 Thread Shane Kerr


Leo,

On 01/11/2023 22.37, Leo Vegoda wrote:

On Wed, 1 Nov 2023 at 14:26, Gert Doering  wrote:

On Wed, Nov 01, 2023 at 01:45:03PM -0700, Leo Vegoda wrote:

The RIPE NCC periodically asks the community about the priority for
cleaning up unused ASNs, e.g.

- https://www.ripe.net/participate/ripe/wg/active-wg/db/minutes/ripe-52
(item G), and
- https://ripe82.ripe.net/presentations/7-RIPE82-Feeback-from-RS.pdf (slide 16)

So far, the answer has been that it is a low priority. Perhaps because
there are about 4 billion left.


Low priority or not, the NCC is spending quite a bit of hostmaster time
in talking to LIRs and trying to reclaim "looks unused" ASNs.  Guess how
I know.

"Here's my 50 bucks, I claim I need this for another year" is so much
less lifetime wasted on all sides.


Sure, but that's a membership decision and not a community decision.


My understanding of how this all works would be that if the anti-abuse 
community felt strongly that a fee for ASN would reduce abuse on the 
Internet, that it could put together a proposal saying just that. While 
this would ultimately have to be up to the members to approve (*), at 
least they would have a clear proposal with documented rational to discuss.


(*) I guess? I admit to never having read the details of how charging is 
set, since I have never represented a RIPE NCC member.


Cheers,

--
Shane




OpenPGP_0x3732979CF967B306.asc
Description: OpenPGP public key


OpenPGP_signature.asc
Description: OpenPGP digital signature
-- 

To unsubscribe from this mailing list, get a password reminder, or change your 
subscription options, please visit: 
https://lists.ripe.net/mailman/listinfo/anti-abuse-wg

Re: [anti-abuse-wg] Abuse Report ignored. What to do as next?

2023-11-01 Thread Leo Vegoda

On Wed, 1 Nov 2023 at 14:26, Gert Doering  wrote:
> On Wed, Nov 01, 2023 at 01:45:03PM -0700, Leo Vegoda wrote:
> > The RIPE NCC periodically asks the community about the priority for
> > cleaning up unused ASNs, e.g.
> >
> > - https://www.ripe.net/participate/ripe/wg/active-wg/db/minutes/ripe-52
> > (item G), and
> > - https://ripe82.ripe.net/presentations/7-RIPE82-Feeback-from-RS.pdf (slide 
> > 16)
> >
> > So far, the answer has been that it is a low priority. Perhaps because
> > there are about 4 billion left.
>
> Low priority or not, the NCC is spending quite a bit of hostmaster time
> in talking to LIRs and trying to reclaim "looks unused" ASNs.  Guess how
> I know.
>
> "Here's my 50 bucks, I claim I need this for another year" is so much
> less lifetime wasted on all sides.

Sure, but that's a membership decision and not a community decision.

-- 

To unsubscribe from this mailing list, get a password reminder, or change your 
subscription options, please visit: 
https://lists.ripe.net/mailman/listinfo/anti-abuse-wg

Re: [anti-abuse-wg] Abuse Report ignored. What to do as next?

Hi,

On Wed, Nov 01, 2023 at 01:45:03PM -0700, Leo Vegoda wrote:
> The RIPE NCC periodically asks the community about the priority for
> cleaning up unused ASNs, e.g.
> 
> - https://www.ripe.net/participate/ripe/wg/active-wg/db/minutes/ripe-52
> (item G), and
> - https://ripe82.ripe.net/presentations/7-RIPE82-Feeback-from-RS.pdf (slide 
> 16)
> 
> So far, the answer has been that it is a low priority. Perhaps because
> there are about 4 billion left.

Low priority or not, the NCC is spending quite a bit of hostmaster time
in talking to LIRs and trying to reclaim "looks unused" ASNs.  Guess how
I know.

"Here's my 50 bucks, I claim I need this for another year" is so much
less lifetime wasted on all sides.

Gert Doering
-- NetMaster
-- 
have you enabled IPv6 on something today...?

SpaceNet AG  Vorstand: Sebastian v. Bomhard, Michael Emmer
Joseph-Dollinger-Bogen 14Aufsichtsratsvors.: A. Grundner-Culemann
D-80807 Muenchen HRB: 136055 (AG Muenchen)
Tel: +49 (0)89/32356-444 USt-IdNr.: DE813185279


signature.asc
Description: PGP signature
-- 

To unsubscribe from this mailing list, get a password reminder, or change your 
subscription options, please visit: 
https://lists.ripe.net/mailman/listinfo/anti-abuse-wg

Re: [anti-abuse-wg] Abuse Report ignored. What to do as next?

2023-11-01 Thread Leo Vegoda

Hi,

On Wed, 1 Nov 2023 at 12:51, Gert Doering  wrote:
> On Wed, Nov 01, 2023 at 06:06:24PM +, Natale Maria Bianchi wrote:
> > RIPE NCC apparently noted a high number of ASNs being abandoned
> > [https://www.ripe.net/ripe/mail/archives/address-policy-wg/2023-June/013757.html]
> > but does not seem to note the relation with abuse that should explain a 
> > fraction
> > of them.
>
> Unfortunately the RIPE members at the last general meeting still preferred
> to have ASNs free of charge... this would have helped at least get them back,
> without spending NCC people's lifetime in chasing them.

The RIPE NCC periodically asks the community about the priority for
cleaning up unused ASNs, e.g.

- https://www.ripe.net/participate/ripe/wg/active-wg/db/minutes/ripe-52
(item G), and
- https://ripe82.ripe.net/presentations/7-RIPE82-Feeback-from-RS.pdf (slide 16)

So far, the answer has been that it is a low priority. Perhaps because
there are about 4 billion left.

Regards,

Leo

-- 

To unsubscribe from this mailing list, get a password reminder, or change your 
subscription options, please visit: 
https://lists.ripe.net/mailman/listinfo/anti-abuse-wg

Re: [anti-abuse-wg] Abuse Report ignored. What to do as next?

Hi,

On Wed, Nov 01, 2023 at 07:44:45PM +0100, U.Mutlu wrote:
> Thank you for your interesting analysis.
> 
> Is then RIPE not a "partner in crime" for such criminal companies?

"RIPE" is the community, all of us, including you.

So yes.  But not the way you think.

Gert Doering
-- NetMaster
-- 
have you enabled IPv6 on something today...?

SpaceNet AG  Vorstand: Sebastian v. Bomhard, Michael Emmer
Joseph-Dollinger-Bogen 14Aufsichtsratsvors.: A. Grundner-Culemann
D-80807 Muenchen HRB: 136055 (AG Muenchen)
Tel: +49 (0)89/32356-444 USt-IdNr.: DE813185279


signature.asc
Description: PGP signature
-- 

To unsubscribe from this mailing list, get a password reminder, or change your 
subscription options, please visit: 
https://lists.ripe.net/mailman/listinfo/anti-abuse-wg

Re: [anti-abuse-wg] Abuse Report ignored. What to do as next?

2023-11-01 Thread Michele Neylon - Blacknight via anti-abuse-wg

Hi,

On Wed, Nov 01, 2023 at 06:06:24PM +, Natale Maria Bianchi wrote:
> RIPE NCC apparently noted a high number of ASNs being abandoned 
> [https://www.ripe.net/ripe/mail/archives/address-policy-wg/2023-June/013757.html]
> but does not seem to note the relation with abuse that should explain a 
> fraction
> of them.

Unfortunately the RIPE members at the last general meeting still preferred
to have ASNs free of charge... this would have helped at least get them back,
without spending NCC people's lifetime in chasing them.

But what do I know...

Gert Doering
-- NetMaster
-- 
have you enabled IPv6 on something today...?

SpaceNet AG  Vorstand: Sebastian v. Bomhard, Michael Emmer
Joseph-Dollinger-Bogen 14Aufsichtsratsvors.: A. Grundner-Culemann
D-80807 Muenchen HRB: 136055 (AG Muenchen)
Tel: +49 (0)89/32356-444 USt-IdNr.: DE813185279


signature.asc
Description: PGP signature
-- 

To unsubscribe from this mailing list, get a password reminder, or change your 
subscription options, please visit: 
https://lists.ripe.net/mailman/listinfo/anti-abuse-wg

Re: [anti-abuse-wg] Abuse Report ignored. What to do as next?

2023-11-01 Thread U.Mutlu


Thank you for your interesting analysis.

Is then RIPE not a "partner in crime" for such criminal companies?
B/c it seems RIPE does not take any action against such evidently
criminal members abusing the network and the other members and users.
RIPE just says this ( https://www.ripe.net/support/abuse ):
"
...
At the RIPE NCC, we allocate blocks of IP addresses to ISPs and
other organisations, but we have no involvement in how these
addresses are used by their users.
...
However, we can help you find out who is abusing your network
by providing you with the relevant network operator contact details.
Our role is to ensure that all abuse contacts are valid and
up-to-date in the RIPE Database. From there, it is the
responsibility of the network operator to handle your abuse report.
There is nothing we can do if a network operator chooses not to reply.
...
"

IMO, RIPE very well can do some more, and needs to do some more...



Natale Maria Bianchi wrote on 11/01/23 19:06:

On Wed, Nov 01, 2023 at 01:55:42PM +0100, John Levine wrote:

It appears that ? ngel Gonzalez Berdasco via anti-abuse-wg 
 said:

Just block their network 80.94.95.0/24 and forget about it.



organisation:   ORG-BA1515-RIPE
org-name:   BtHoster LTD
country:GB
org-type:   OTHER
address:26, New Kent Road, London, SE1 6TJ, UNITED KINGDOM


If you look at that address on Google stret view, you will see a late
2022 picture of a construction site.

Unless you care enough to contact their transit providers and try
and get them disconnected, I wouldn't waste more time on it.


BtHoster is indeed a well known bulletproof hoster, and nothing good can be
expected also from the other two blocks announced by AS204428, 87.246.7.0/24
and 212.70.149.0/24 (4media.bg/4vendeta.com, who also have much cleaner
ranges directly behind their own AS50360).  BtHoster also has AS198465,
today announcing 45.129.14.0/24 and 77.90.185.0/24.

Sending abuse reports to these places is - how to say? - a bit naive.
Abuse is their core business.  You can see for instance BtHoster's ad in
https://bitcointalk.org/index.php?topic=5407833.0 :

RDP FOR SCAN/BRUTE - PRICE 10 $ /MONTH
WHM FOR PISHING WITH UNLIMITED DOMAIN LICENSE -PRICE 130 $ /MONTH
RESELLER FOR  RDP WITH PANEL -PRICE 150 $ + IP /MONTH
SERVER FOR SCAN/BRUTE 32 GB RAM -PRICE 130 $ /MONTH

So the "ignoring" is fully expected, it is a feature of their hosting offer.
The best action is to completely prevent their packets from entering your 
networks
through protection at the network edge.  This is precisely what our 
DROP/EDROP/ASN-DROP
free datasets are for: block all packets on the edge router.

Of course, like it or not, the people behind this are members of this 
community, read these
lists, make posts, etc, and of course they would not be connected to the 
Internet if there
weren't facilitating ISPs between them and backbones - in this case the 
operators of
AS47890, AS202425 and the abovementioned AS50360.  These are also part of the 
abuse
ecosystem.

The two-layered approach is essential for the stability of their connectivity -
otherwise the backbones would just cut them off.  When pressure from backbones 
becomes
excessive and the intermediary is forced to disconnect them, they change 
intermediary
or they create a new company, get a new ASN and move the operation so that 
reputation
restarts from zero. These patterns are very established, and cause a 
considerable
ASN turnaround.  RIPE NCC apparently noted a high number of ASNs being abandoned
[https://www.ripe.net/ripe/mail/archives/address-policy-wg/2023-June/013757.html]
but does not seem to note the relation with abuse that should explain a fraction
of them.

Natale M Bianchi
Spamhaus Project





--

To unsubscribe from this mailing list, get a password reminder, or change your 
subscription options, please visit: 
https://lists.ripe.net/mailman/listinfo/anti-abuse-wg

Re: [anti-abuse-wg] Abuse Report ignored. What to do as next?

2023-11-01 Thread Natale Maria Bianchi

On Wed, Nov 01, 2023 at 01:55:42PM +0100, John Levine wrote:
> It appears that ? ngel Gonzalez Berdasco via anti-abuse-wg 
>  said:
> >> Just block their network 80.94.95.0/24 and forget about it.
> 
> >organisation:   ORG-BA1515-RIPE
> >org-name:   BtHoster LTD
> >country:GB
> >org-type:   OTHER
> >address:26, New Kent Road, London, SE1 6TJ, UNITED KINGDOM
> 
> If you look at that address on Google stret view, you will see a late
> 2022 picture of a construction site.
> 
> Unless you care enough to contact their transit providers and try
> and get them disconnected, I wouldn't waste more time on it.

BtHoster is indeed a well known bulletproof hoster, and nothing good can be
expected also from the other two blocks announced by AS204428, 87.246.7.0/24
and 212.70.149.0/24 (4media.bg/4vendeta.com, who also have much cleaner
ranges directly behind their own AS50360).  BtHoster also has AS198465,
today announcing 45.129.14.0/24 and 77.90.185.0/24.

Sending abuse reports to these places is - how to say? - a bit naive.
Abuse is their core business.  You can see for instance BtHoster's ad in
https://bitcointalk.org/index.php?topic=5407833.0 :

RDP FOR SCAN/BRUTE - PRICE 10 $ /MONTH
WHM FOR PISHING WITH UNLIMITED DOMAIN LICENSE -PRICE 130 $ /MONTH
RESELLER FOR  RDP WITH PANEL -PRICE 150 $ + IP /MONTH
SERVER FOR SCAN/BRUTE 32 GB RAM -PRICE 130 $ /MONTH

So the "ignoring" is fully expected, it is a feature of their hosting offer.
The best action is to completely prevent their packets from entering your 
networks
through protection at the network edge.  This is precisely what our 
DROP/EDROP/ASN-DROP
free datasets are for: block all packets on the edge router.

Of course, like it or not, the people behind this are members of this 
community, read these
lists, make posts, etc, and of course they would not be connected to the 
Internet if there
weren't facilitating ISPs between them and backbones - in this case the 
operators of
AS47890, AS202425 and the abovementioned AS50360.  These are also part of the 
abuse
ecosystem.

The two-layered approach is essential for the stability of their connectivity -
otherwise the backbones would just cut them off.  When pressure from backbones 
becomes
excessive and the intermediary is forced to disconnect them, they change 
intermediary
or they create a new company, get a new ASN and move the operation so that 
reputation
restarts from zero. These patterns are very established, and cause a 
considerable
ASN turnaround.  RIPE NCC apparently noted a high number of ASNs being 
abandoned 
[https://www.ripe.net/ripe/mail/archives/address-policy-wg/2023-June/013757.html]
but does not seem to note the relation with abuse that should explain a fraction
of them.

Natale M Bianchi
Spamhaus Project

-- 

To unsubscribe from this mailing list, get a password reminder, or change your 
subscription options, please visit: 
https://lists.ripe.net/mailman/listinfo/anti-abuse-wg

Re: [anti-abuse-wg] Abuse Report ignored. What to do as next?

+1
The proposal put a massive burden on both us as members and the NCC with zero 
benefit to anyone.

--
Mr Michele Neylon
Blacknight Solutions
Hosting, Colocation & Domains
https://www.blacknight.com/
https://blacknight.blog/
Intl. +353 (0) 59  9183072
Direct Dial: +353 (0)59 9183090
Personal blog: https://michele.blog/
Some thoughts: https://ceo.hosting/
---
Blacknight Internet Solutions Ltd, Unit 12A,Barrowside Business Park,Sleaty 
Road,Graiguecullen,Carlow,R93 X265,Ireland  Company No.: 370845

I have sent this email at a time that is convenient for me. I do not expect you 
to respond to it outside of your usual working hours.

From: anti-abuse-wg  on behalf of Gert Doering 

Date: Wednesday, 1 November 2023 at 10:21
To: jordi.pa...@consulintel.es 
Cc: anti-abuse-wg@ripe.net , U.Mutlu 

Subject: Re: [anti-abuse-wg] Abuse Report ignored. What to do as next?
[EXTERNAL EMAIL] Please use caution when opening attachments from unrecognised 
sources.

Hi,

On Wed, Nov 01, 2023 at 10:10:45AM +0100, jordi.palet--- via anti-abuse-wg 
wrote:
> We had a policy proposal to ensure that the abuse mailbox was valid and 
> monitored, but this community didn???t liked it. In other regions it works 
> and it proven to be a very valid tool.

You failed to demonstrate why "the mailbox is monitored in a way that
satisfies the proposed policy" would imply "the ISP in question suddenly
gets interested in acting against abuse".  Especially those that promote
themselves as "bulletproof hosting".

This is what the community did not like - added bureaucracy with no
provable gain.

Gert Doering
-- NetMaster
--
have you enabled IPv6 on something today...?

SpaceNet AG  Vorstand: Sebastian v. Bomhard, Michael Emmer
Joseph-Dollinger-Bogen 14Aufsichtsratsvors.: A. Grundner-Culemann
D-80807 Muenchen HRB: 136055 (AG Muenchen)
Tel: +49 (0)89/32356-444 USt-IdNr.: DE813185279
-- 

To unsubscribe from this mailing list, get a password reminder, or change your 
subscription options, please visit: 
https://lists.ripe.net/mailman/listinfo/anti-abuse-wg

Re: [anti-abuse-wg] Abuse Report ignored. What to do as next?

2023-11-01 Thread Randy Bush

> It's not like these norms do not exist today - abuse contacts have to
> be provided already today.  Responsible ISPs read these mailboxes and
> act upon them.
> 
> Forcing everybody through a "you must click here to validate your
> abuse contact, otherwise bad things will happen to your resources"
> cycle in the vague hope that this is something irresponsible ISPs will
> fail to do so (or that it will magically turn them into responsible
> ISPs) is pure wishful thinking.

thanks for saying it simply

randy

-- 

To unsubscribe from this mailing list, get a password reminder, or change your 
subscription options, please visit: 
https://lists.ripe.net/mailman/listinfo/anti-abuse-wg

Re: [anti-abuse-wg] Abuse Report ignored. What to do as next?

2023-11-01 Thread Sergey Myasoedov


We have had 2017-02, which is basically the same as yours 2019-04, except the 
validation will be done 2x more often.

But the abuse-c validation does work. What's the problem then?


--
Sergey



> On Nov 1, 2023, at 05:10, jordi.palet--- via anti-abuse-wg 
>  wrote:
> 
> We had a policy proposal to ensure that the abuse mailbox was valid and 
> monitored, but this community didn’t liked it. In other regions it works and 
> it proven to be a very valid tool.
> 
> Should we restart that discussion? I’m happy to resubmit the proposal then.
> 
> Regards,
> Jordi
> 
> @jordipalet
> 
> 
>> El 31 oct 2023, a las 21:55, U.Mutlu  escribió:
>> 
>> Hello,
>> 
>> the IP 80.94.95.181 is endlessly (ie. brute-force) trying
>> to hack our emailserver by attempting to login as a user.
>> The login attempts of course fail, and we have blocked
>> that IP in the firewall.
>> 
>> But this IP still continues sending packets to our server,
>> eventhough his packets get dropped/rejected by our firewall.
>> This now of course constitutes a DoS attack.
>> 
>> 10 days ago we filed an Abuse Report to the abuse address
>> given in the WHOIS database for this IP:
>> % Abuse contact for '80.94.95.0 - 80.94.95.255' is 
>> 'internethosting-...@yandex.ru'
>> 
>> But this hoster seems to ignore all Abuse Reports,
>> b/c researching this IP on the web shows that
>> it's a well known abuser IP and many people have
>> reported and complained about this IP. For example see this:
>> https://www.abuseipdb.com/check/80.94.95.181
>> 
>> So, what to do if the hoster is uncooperative, like in this case?
>> Where else to complain, what else to do?
>> 
>> Thx
>> 
>> U.Mutlu
>> admin & hostmaster
>> 
>> -- 
>> 
>> To unsubscribe from this mailing list, get a password reminder, or change 
>> your subscription options, please visit: 
>> https://lists.ripe.net/mailman/listinfo/anti-abuse-wg
> 
> 
> **
> IPv4 is over
> Are you ready for the new Internet ?
> http://www.theipv6company.com
> The IPv6 Company
> 
> This electronic message contains information which may be privileged or 
> confidential. The information is intended to be for the exclusive use of the 
> individual(s) named above and further non-explicilty authorized disclosure, 
> copying, distribution or use of the contents of this information, even if 
> partially, including attached files, is strictly prohibited and will be 
> considered a criminal offense. If you are not the intended recipient be aware 
> that any disclosure, copying, distribution or use of the contents of this 
> information, even if partially, including attached files, is strictly 
> prohibited, will be considered a criminal offense, so you must reply to the 
> original sender to inform about this communication and delete it.
> 
> 
> 
> 
> 
> -- 
> 
> To unsubscribe from this mailing list, get a password reminder, or change 
> your subscription options, please visit: 
> https://lists.ripe.net/mailman/listinfo/anti-abuse-wg


-- 

To unsubscribe from this mailing list, get a password reminder, or change your 
subscription options, please visit: 
https://lists.ripe.net/mailman/listinfo/anti-abuse-wg

Re: [anti-abuse-wg] Abuse Report ignored. What to do as next?

2023-11-01 Thread John Levine

It appears that � ngel Gonzalez Berdasco via anti-abuse-wg 
 said:
>> Just block their network 80.94.95.0/24 and forget about it.

>organisation:   ORG-BA1515-RIPE
>org-name:   BtHoster LTD
>country:GB
>org-type:   OTHER
>address:26, New Kent Road, London, SE1 6TJ, UNITED KINGDOM

If you look at that address on Google stret view, you will see a late
2022 picture of a construction site.

Unless you care enough to contact their transit providers and try
and get them disconnected, I wouldn't waste more time on it.

R's,
John

-- 

To unsubscribe from this mailing list, get a password reminder, or change your 
subscription options, please visit: 
https://lists.ripe.net/mailman/listinfo/anti-abuse-wg

Re: [anti-abuse-wg] Abuse Report ignored. What to do as next?

Hi,

On Wed, Nov 01, 2023 at 10:50:20AM +0100, Serge Droz via anti-abuse-wg wrote:
> We do this in many other places, it's called voluntary norms for responsible
> behaviour, and is seen as a great tool to improve things. Happy to explain
> more if there is an interest.

It's not like these norms do not exist today - abuse contacts have to be
provided already today.  Responsible ISPs read these mailboxes and act
upon them.

Forcing everybody through a "you must click here to validate your abuse
contact, otherwise bad things will happen to your resources" cycle in the
vague hope that this is something irresponsible ISPs will fail to do so
(or that it will magically turn them into responsible ISPs) is pure
wishful thinking.

I have better things to do with my time than jump through hoops that do
not serve an effect besides "look, we *are* doing something! better than
nothing!".  No, something needs to be provably *effective* before being
*forced* on everybody.

Gert Doering
-- NetMaster
-- 
have you enabled IPv6 on something today...?

SpaceNet AG  Vorstand: Sebastian v. Bomhard, Michael Emmer
Joseph-Dollinger-Bogen 14Aufsichtsratsvors.: A. Grundner-Culemann
D-80807 Muenchen HRB: 136055 (AG Muenchen)
Tel: +49 (0)89/32356-444 USt-IdNr.: DE813185279

signature.asc
Description: PGP signature
-- 

To unsubscribe from this mailing list, get a password reminder, or change your 
subscription options, please visit: 
https://lists.ripe.net/mailman/listinfo/anti-abuse-wg

Re: [anti-abuse-wg] Abuse Report ignored. What to do as next?

2023-11-01 Thread Serge Droz via anti-abuse-wg


I think this community let's the perfect be the enemy of the possible.

Just because there are traffic rules doesn't mean people don't violate 
them. But they violate them much less.


See, what I fear is, that at some stage states will start to regulate, 
because the industry fails to do so. And usually that is not fun.


So I support Jordi in that we should demand this. Yes there will be 
Bullet proof hosters, but maybe a lot of the others will actually 
comply, exactly because they are not bullet proof hosters.


We do this in many other places, it's called voluntary norms for 
responsible behaviour, and is seen as a great tool to improve things. 
Happy to explain more if there is an interest.


Best
Serge


On 01.11.23 10:21, Gert Doering wrote:

Hi,

On Wed, Nov 01, 2023 at 10:10:45AM +0100, jordi.palet--- via anti-abuse-wg 
wrote:

We had a policy proposal to ensure that the abuse mailbox was valid and 
monitored, but this community didn???t liked it. In other regions it works and 
it proven to be a very valid tool.


You failed to demonstrate why "the mailbox is monitored in a way that
satisfies the proposed policy" would imply "the ISP in question suddenly
gets interested in acting against abuse".  Especially those that promote
themselves as "bulletproof hosting".

This is what the community did not like - added bureaucracy with no
provable gain.

Gert Doering
 -- NetMaster




--
Dr. Serge Droz
Member, FIRST Board of Directors
https://www.first.org

--

To unsubscribe from this mailing list, get a password reminder, or change your 
subscription options, please visit: 
https://lists.ripe.net/mailman/listinfo/anti-abuse-wg

Re: [anti-abuse-wg] Abuse Report ignored. What to do as next?