Re: [anti-abuse-wg] Verification of abuse contact addresses ?
it helps me, thanks Sent via RIPE Forum -- https://www.ripe.net/participate/mail/forum
Re: [anti-abuse-wg] Verification of abuse contact addresses ?
In message , =?ISO-8859-15?Q?Carlos_Fria=E7as?= wrote: >On Mon, 11 Mar 2019, Fi Shing wrote: > >> Why can't it be both? >> >> 12.5% annual fee incurred daily, to a maximum of 7 days, with resources >> being decommissioned if the > abuse contact is not updated >> within that time. > >This is probably something for the RIPE NCC AGM, not for the PDP... > >But i seriously doubt such a proposal could even fly onto an AGM agenda. > >(i'm not saying i agree or disagree, however 7 days seems a bit short) I agree with Carlos. What I was proposing was an -annual- additional fee assesment. It could perhaps be calculated as as additional 1% tacked on to annual fees due for each month that the contact information is incorrect and/or non-functional. Doing it on a monthly basis would provide some incentive to not wait a full year before taking action to correct the issue(s). But there's kind-of a Catch-22 here. Ideally, if RIPE NCC were to access such a penality, it would be the decent thing to do to -inform- each party against which the penalty is being accessed. And it would be rather inconvenient (for RIPE NCC) if it was obliged to do so strictly via snail-mail. The easiest way would be to inform the affected parties via email. But if their email contact addresses aren't working... Well, I guess you all can see the problem. Question: Does RIPE NCC have contact email addresses for all resource holders that work, and that are NOT being published in the relevant WHOIS records? I would guess so. I mean it is necessary to use an email account/address in order to create a login account on the RIPE web site, which is in turn necessary in order to manage one's assigned resources, right? If so, then perhaps the solution to this whole problem is for RIPE NCC to just simply place those working email addresses into the relevant RIPE WHOIS records in each and every case where it is determined that the email contact addresses within the public WHOIS records simply aren't working. Another idea: There are different ways in which RIPE NCC could make life slightly less pleasant for the troublesome few who neglect to keep theire public/published contact email addresses current, up-to-date, and working. The most drastic of these would be reclamation of the relevant number resources, and I do think this approach would be a very hard sell, politically, within the RIPE community... as well it should be. That is a very drastic response to a (relatively) small infraction. But this is quite certainly *not* the only lever of influence that RIPE NCC has at its disposal. What about reverse DNS delegation? I see no compelling or persuasive reason why a party that has neglected to Do The Right Thing and keep their published contact info up-to-date should necessarily continue to enjoy the benefits of properly delegated reverse DNS. Furthermore, the delegation of reverse DNS authority is something that RIPE NCC could discontinue easily, quickly, and from the comfort of their desks (i.e. without having to get up and buy stamps and go to the local Post Office -and- without having to try to reach people by phone). And conversely, once the issue has been resolved, for any partcular block of IP addresses, RIPE NCC staff could easily and quickly turn the reverse DNS delegation back on for that block and could do so the same day as the (WHOIS contacts) problem is resolved for that particular block. This seems like a rather simple and elegant solution for enforcing at least some minimal level of disipline among the holders of RIPE-issued number resources. Regards, rfg
Re: [anti-abuse-wg] Verification of abuse contact addresses ?
Fi Shing, There's no need to complain if you are unhappy with the current policies! The RIPE community follows an open and transparent process for making policies, which you can read about here: https://www.ripe.net/participate/policies Again, I encourage you to submit a policy proposal if you want your ideas to be adopted. Many people can and will help you with this. But also again, I do not think that any proposal to "decommission" resources will be accepted by the community. But if you think that is what should be done then you need a proposal with some details that you can attempt to get consensus for. Cheers, -- Shane On 12/03/2019 05.45, Fi Shing wrote: Why can't it be both? 12.5% annual fee incurred daily, to a maximum of 7 days, with resources being decommissioned if the abuse contact is not updated within that time. Original Message -------- Subject: Re: [anti-abuse-wg] Verification of abuse contact addresses ? From: "Ronald F. Guilmette" mailto:r...@tristatelogic.com>> Date: Mon, March 11, 2019 12:26 pm To: anti-abuse-wg@ripe.net <mailto:anti-abuse-wg@ripe.net> In message <9793c47c-2c44-47e3-033a-1d60ca4d3...@time-travellers.org <mailto:9793c47c-2c44-47e3-033a-1d60ca4d3...@time-travellers.org>>, Shane Kerr mailto:sh...@time-travellers.org>> wrote: >As far as I know there is nothing in any policy about decommissioning >resources. (I'm not even sure what that would mean in practice...) > >I don't think that such a proposal would get consensus in the RIPE >community, but I am often wrong so if you want this then please submit a >policy proposal. The RIPE NCC staff, the working group chairs, or some >friendly community member can help you with this. It might be interesting to float a proposal to tack on a small extra annual registration fee... say, another 12.5% or something... applicable to all respouces for which corrections to the contact info have not been made. I agree that it would be politically problematic to outright kill someone's allocations, but making it just a little painful (if they are screwing up) might be helpful and productive. Regards, rfg
Re: [anti-abuse-wg] Verification of abuse contact addresses ?
On Mon, 11 Mar 2019, Fi Shing wrote: Why can't it be both? 12.5% annual fee incurred daily, to a maximum of 7 days, with resources being decommissioned if the abuse contact is not updated within that time. This is probably something for the RIPE NCC AGM, not for the PDP... But i seriously doubt such a proposal could even fly onto an AGM agenda. (i'm not saying i agree or disagree, however 7 days seems a bit short) Regards, Carlos
Re: [anti-abuse-wg] Verification of abuse contact addresses ?
Why can't it be both?12.5% annual fee incurred daily, to a maximum of 7 days, with resources being decommissioned if the abuse contact is not updated within that time. Original Message Subject: Re: [anti-abuse-wg] Verification of abuse contact addresses ? From: "Ronald F. Guilmette" <r...@tristatelogic.com> Date: Mon, March 11, 2019 12:26 pm To: anti-abuse-wg@ripe.net In message <9793c47c-2c44-47e3-033a-1d60ca4d3...@time-travellers.org>, Shane Kerr <sh...@time-travellers.org> wrote: >As far as I know there is nothing in any policy about decommissioning >resources. (I'm not even sure what that would mean in practice...) > >I don't think that such a proposal would get consensus in the RIPE >community, but I am often wrong so if you want this then please submit a >policy proposal. The RIPE NCC staff, the working group chairs, or some >friendly community member can help you with this. It might be interesting to float a proposal to tack on a small extra annual registration fee... say, another 12.5% or something... applicable to all respouces for which corrections to the contact info have not been made. I agree that it would be politically problematic to outright kill someone's allocations, but making it just a little painful (if they are screwing up) might be helpful and productive. Regards, rfg
Re: [anti-abuse-wg] Verification of abuse contact addresses ?
In message <9793c47c-2c44-47e3-033a-1d60ca4d3...@time-travellers.org>, Shane Kerr wrote: >As far as I know there is nothing in any policy about decommissioning >resources. (I'm not even sure what that would mean in practice...) > >I don't think that such a proposal would get consensus in the RIPE >community, but I am often wrong so if you want this then please submit a >policy proposal. The RIPE NCC staff, the working group chairs, or some >friendly community member can help you with this. It might be interesting to float a proposal to tack on a small extra annual registration fee... say, another 12.5% or something... applicable to all respouces for which corrections to the contact info have not been made. I agree that it would be politically problematic to outright kill someone's allocations, but making it just a little painful (if they are screwing up) might be helpful and productive. Regards, rfg
Re: [anti-abuse-wg] Verification of abuse contact addresses ?
Speaking in general and not just about this case. All the RIRs membership contracts mandate following the policies, otherwise there is a contractual breach and the "services" (read resources as well) can be canceled/reclaimed. At least, this is my reading. So, no need to have an explicit text in each "policy" that talks about that. Of course, if some policies have that text, it is a good reminder about that. In some regions, there is a more explicit policy about resource reclamation, which helps to define, for example, the period of time for the reclamation, etc. Regards, Jordi -Mensaje original- De: anti-abuse-wg en nombre de Michele Neylon - Blacknight Fecha: viernes, 8 de marzo de 2019, 22:51 Para: Shane Kerr , Fi Shing , "anti-abuse-wg@ripe.net" Asunto: Re: [anti-abuse-wg] Verification of abuse contact addresses ? Earlier versions of the proposed policy had language that some people took to mean that removing resources etc., was a possible escalation. I don't think it was originally the intent, though personally I can see merit in it being an escalation path. -- Mr Michele Neylon Blacknight Solutions Hosting, Colocation & Domains https://www.blacknight.com/ http://blacknight.blog/ Intl. +353 (0) 59 9183072 Direct Dial: +353 (0)59 9183090 Personal blog: https://michele.blog/ Some thoughts: https://ceo.hosting/ --- Blacknight Internet Solutions Ltd, Unit 12A,Barrowside Business Park,Sleaty Road,Graiguecullen,Carlow,R93 X265,Ireland Company No.: 370845 On 09/03/2019, 06:46, "anti-abuse-wg on behalf of Shane Kerr" wrote: Fi Shing, As far as I know there is nothing in any policy about decommissioning resources. (I'm not even sure what that would mean in practice...) I don't think that such a proposal would get consensus in the RIPE community, but I am often wrong so if you want this then please submit a policy proposal. The RIPE NCC staff, the working group chairs, or some friendly community member can help you with this. Cheers, -- Shane On 08/03/2019 22.25, Fi Shing wrote: > /But Marco's response mentions to *correcting* the contact addresses, not > just verifying them. That involves working with human beings, so it > makes sense that it will take a while./ > / > / > No it doesn't - that was the whole point of the "change" in the first > place, that it was to reduce the amount of verification needed to be > done by RIPE. There is a simple automated way to verify the entries - > click a link, enter a CAPTCHA, or your resources are decommissioned > within 24 hours. > > How much crime can be committed in the months it has taken (and > continues to take)? > > > > > > Original Message > Subject: Re: [anti-abuse-wg] Verification of abuse contact addresses ? > From: Shane Kerr <mailto:sh...@time-travellers.org>> > Date: Fri, March 08, 2019 9:40 pm > To: anti-abuse-wg@ripe.net <mailto:anti-abuse-wg@ripe.net> > > Fi Shing, > > I'm sure verifying the delivery of 70k e-mails (or however many is in > the database) can be done in a few hours. > > But Marco's response mentions to *correcting* the contact addresses, > not > just verifying them. That involves working with human beings, so it > makes sense that it will take a while. > > Cheers, > > -- > Shane > > On 08/03/2019 11.07, Fi Shing wrote: > > If it takes more than a week to verify your entire database, there is > > the first sign that something is wrong with your system. > > > > > > Original Message > > Subject: Re: [anti-abuse-wg] Verification of abuse contact addresses ? > > From: Marco Schmidt mailto:mschm...@ripe.net> > ><mailto:mschm...@ripe.net>> > > Date: Thu, March 07, 2019 10:03 pm > > To: "Ronald F. Guilmette" mailto:r...@tristatelogic.com> > > <mailto:r...@tristatelogic.com>>, > > anti-abuse-wg@ripe.net <mailto:anti-abus
Re: [anti-abuse-wg] Verification of abuse contact addresses ?
Earlier versions of the proposed policy had language that some people took to mean that removing resources etc., was a possible escalation. I don't think it was originally the intent, though personally I can see merit in it being an escalation path. -- Mr Michele Neylon Blacknight Solutions Hosting, Colocation & Domains https://www.blacknight.com/ http://blacknight.blog/ Intl. +353 (0) 59 9183072 Direct Dial: +353 (0)59 9183090 Personal blog: https://michele.blog/ Some thoughts: https://ceo.hosting/ --- Blacknight Internet Solutions Ltd, Unit 12A,Barrowside Business Park,Sleaty Road,Graiguecullen,Carlow,R93 X265,Ireland Company No.: 370845 On 09/03/2019, 06:46, "anti-abuse-wg on behalf of Shane Kerr" wrote: Fi Shing, As far as I know there is nothing in any policy about decommissioning resources. (I'm not even sure what that would mean in practice...) I don't think that such a proposal would get consensus in the RIPE community, but I am often wrong so if you want this then please submit a policy proposal. The RIPE NCC staff, the working group chairs, or some friendly community member can help you with this. Cheers, -- Shane On 08/03/2019 22.25, Fi Shing wrote: > /But Marco's response mentions to *correcting* the contact addresses, not > just verifying them. That involves working with human beings, so it > makes sense that it will take a while./ > / > / > No it doesn't - that was the whole point of the "change" in the first > place, that it was to reduce the amount of verification needed to be > done by RIPE. There is a simple automated way to verify the entries - > click a link, enter a CAPTCHA, or your resources are decommissioned > within 24 hours. > > How much crime can be committed in the months it has taken (and > continues to take)? > > > > > > ---- Original Message > Subject: Re: [anti-abuse-wg] Verification of abuse contact addresses ? > From: Shane Kerr <mailto:sh...@time-travellers.org>> > Date: Fri, March 08, 2019 9:40 pm > To: anti-abuse-wg@ripe.net <mailto:anti-abuse-wg@ripe.net> > > Fi Shing, > > I'm sure verifying the delivery of 70k e-mails (or however many is in > the database) can be done in a few hours. > > But Marco's response mentions to *correcting* the contact addresses, > not > just verifying them. That involves working with human beings, so it > makes sense that it will take a while. > > Cheers, > > -- > Shane > > On 08/03/2019 11.07, Fi Shing wrote: > > If it takes more than a week to verify your entire database, there is > > the first sign that something is wrong with your system. > > > > > > Original Message > > Subject: Re: [anti-abuse-wg] Verification of abuse contact addresses ? > > From: Marco Schmidt mailto:mschm...@ripe.net> > ><mailto:mschm...@ripe.net>> > > Date: Thu, March 07, 2019 10:03 pm > > To: "Ronald F. Guilmette" mailto:r...@tristatelogic.com> > > <mailto:r...@tristatelogic.com>>, > > anti-abuse-wg@ripe.net <mailto:anti-abuse-wg@ripe.net> > <mailto:anti-abuse-wg@ripe.net> > > > > Hello Ronald, > > > > We are planning to publish an updated timeline soon. > > > > Ultimately, our implementation will depend of the level of cooperation > > we get from LIRs and the nature of issues that need to be fixed before > > an abuse contact can be updated (for example, some organisations may > > need to reset their maintainer password). > > > > Over the next few weeks we will be analysing our progress, to make a > > realistic estimation. From observations so far, we think we might be > > able to finish our initial validation of all abuse contacts within six > > months - but it is still too early to make any strong predictions. > > > > Kind regards, > > Marco Schmidt > > RIPE NCC > > > > > > On 05/03/2019 21:51, Ronald F. Guilmette wrote: > > > In message <9c95
Re: [anti-abuse-wg] Verification of abuse contact addresses ?
Fi Shing, As far as I know there is nothing in any policy about decommissioning resources. (I'm not even sure what that would mean in practice...) I don't think that such a proposal would get consensus in the RIPE community, but I am often wrong so if you want this then please submit a policy proposal. The RIPE NCC staff, the working group chairs, or some friendly community member can help you with this. Cheers, -- Shane On 08/03/2019 22.25, Fi Shing wrote: /But Marco's response mentions to *correcting* the contact addresses, not just verifying them. That involves working with human beings, so it makes sense that it will take a while./ / / No it doesn't - that was the whole point of the "change" in the first place, that it was to reduce the amount of verification needed to be done by RIPE. There is a simple automated way to verify the entries - click a link, enter a CAPTCHA, or your resources are decommissioned within 24 hours. How much crime can be committed in the months it has taken (and continues to take)? Original Message ---- Subject: Re: [anti-abuse-wg] Verification of abuse contact addresses ? From: Shane Kerr mailto:sh...@time-travellers.org>> Date: Fri, March 08, 2019 9:40 pm To: anti-abuse-wg@ripe.net <mailto:anti-abuse-wg@ripe.net> Fi Shing, I'm sure verifying the delivery of 70k e-mails (or however many is in the database) can be done in a few hours. But Marco's response mentions to *correcting* the contact addresses, not just verifying them. That involves working with human beings, so it makes sense that it will take a while. Cheers, -- Shane On 08/03/2019 11.07, Fi Shing wrote: > If it takes more than a week to verify your entire database, there is > the first sign that something is wrong with your system. > > > -------- Original Message ---- > Subject: Re: [anti-abuse-wg] Verification of abuse contact addresses ? > From: Marco Schmidt mailto:mschm...@ripe.net> ><mailto:mschm...@ripe.net>> > Date: Thu, March 07, 2019 10:03 pm > To: "Ronald F. Guilmette" mailto:r...@tristatelogic.com> > <mailto:r...@tristatelogic.com>>, > anti-abuse-wg@ripe.net <mailto:anti-abuse-wg@ripe.net> <mailto:anti-abuse-wg@ripe.net> > > Hello Ronald, > > We are planning to publish an updated timeline soon. > > Ultimately, our implementation will depend of the level of cooperation > we get from LIRs and the nature of issues that need to be fixed before > an abuse contact can be updated (for example, some organisations may > need to reset their maintainer password). > > Over the next few weeks we will be analysing our progress, to make a > realistic estimation. From observations so far, we think we might be > able to finish our initial validation of all abuse contacts within six > months - but it is still too early to make any strong predictions. > > Kind regards, > Marco Schmidt > RIPE NCC > > > On 05/03/2019 21:51, Ronald F. Guilmette wrote: > > In message <9c95c110-d5a3-e94a-6b3c-b02030736...@ripe.net <mailto:9c95c110-d5a3-e94a-6b3c-b02030736...@ripe.net> > <mailto:9c95c110-d5a3-e94a-6b3c-b02030736...@ripe.net>>, > > Marco Schmidt mailto:mschm...@ripe.net> ><mailto:mschm...@ripe.net>> wrote: > > > >> It is correct that the implementation phase is still ongoing. Currently > >> we are validating all the abuse contact information referenced in LIR > >> organisation objects. Then we will proceed with the validation of abuse > >> contacts referenced in LIR resource objects - the example that you > >> mentioned belongs to this group. And finally all abuse contacts > >> referenced in End User (sponsored) objects will be validated. > > Thanks for the info Marco. > > > > I guess the only question I would ask is this: Is there a published > > timeline for how this whole process is planned to play out, and for > > when it is planned to be completed? > > > > > > Regards, > > rfg > > > >
Re: [anti-abuse-wg] Verification of abuse contact addresses ?
But Marco's response mentions to *correcting* the contact addresses, not just verifying them. That involves working with human beings, so it makes sense that it will take a while.No it doesn't - that was the whole point of the "change" in the first place, that it was to reduce the amount of verification needed to be done by RIPE. There is a simple automated way to verify the entries - click a link, enter a CAPTCHA, or your resources are decommissioned within 24 hours.How much crime can be committed in the months it has taken (and continues to take)? Original Message ---- Subject: Re: [anti-abuse-wg] Verification of abuse contact addresses ? From: Shane Kerr <sh...@time-travellers.org> Date: Fri, March 08, 2019 9:40 pm To: anti-abuse-wg@ripe.net Fi Shing, I'm sure verifying the delivery of 70k e-mails (or however many is in the database) can be done in a few hours. But Marco's response mentions to *correcting* the contact addresses, not just verifying them. That involves working with human beings, so it makes sense that it will take a while. Cheers, -- Shane On 08/03/2019 11.07, Fi Shing wrote: > If it takes more than a week to verify your entire database, there is > the first sign that something is wrong with your system. > > > ---- Original Message ---- > Subject: Re: [anti-abuse-wg] Verification of abuse contact addresses ? > From: Marco Schmidt <mschm...@ripe.net ><mailto:mschm...@ripe.net>> > Date: Thu, March 07, 2019 10:03 pm > To: "Ronald F. Guilmette" <r...@tristatelogic.com > <mailto:r...@tristatelogic.com>>, > anti-abuse-wg@ripe.net <mailto:anti-abuse-wg@ripe.net> > > Hello Ronald, > > We are planning to publish an updated timeline soon. > > Ultimately, our implementation will depend of the level of cooperation > we get from LIRs and the nature of issues that need to be fixed before > an abuse contact can be updated (for example, some organisations may > need to reset their maintainer password). > > Over the next few weeks we will be analysing our progress, to make a > realistic estimation. From observations so far, we think we might be > able to finish our initial validation of all abuse contacts within six > months - but it is still too early to make any strong predictions. > > Kind regards, > Marco Schmidt > RIPE NCC > > > On 05/03/2019 21:51, Ronald F. Guilmette wrote: > > In message <9c95c110-d5a3-e94a-6b3c-b02030736...@ripe.net > <mailto:9c95c110-d5a3-e94a-6b3c-b02030736...@ripe.net>>, > > Marco Schmidt <mschm...@ripe.net ><mailto:mschm...@ripe.net>> wrote: > > > >> It is correct that the implementation phase is still ongoing. Currently > >> we are validating all the abuse contact information referenced in LIR > >> organisation objects. Then we will proceed with the validation of abuse > >> contacts referenced in LIR resource objects - the example that you > >> mentioned belongs to this group. And finally all abuse contacts > >> referenced in End User (sponsored) objects will be validated. > > Thanks for the info Marco. > > > > I guess the only question I would ask is this: Is there a published > > timeline for how this whole process is planned to play out, and for > > when it is planned to be completed? > > > > > > Regards, > > rfg > > > >
Re: [anti-abuse-wg] Verification of abuse contact addresses ?
In message <20190308030704.af7f9f79718891d8e76b551cf73e1563.3317785c9a@email19.godaddy.com>, "Fi Shing" wrote: > If it takes more than a week to verify your entire database, there is > the first sign that something is wrong with your system. For whatever little it is worth, I would just like to say that I am in general agreement with the proposition that it should be possible, in the very short run, to reliably determine which, among a set a email addresses, perhaps even numbering up to a million, are or are not producing undeliverable bounce responses. That having been said, I should also note that making this determination with high accuracy is not nearly as easy as some folks might imagine, due mostly to the utter lack of standards when it comes to the format of undeliverable bounce responses. And thus, some amount of manual "eyeballing" may be involved with any attempt to do this at scale. Regards, rfg
Re: [anti-abuse-wg] Verification of abuse contact addresses ?
Hi I'm fairly new here. This is a formidable task, and not easily achieved. So kudos to RIPE for doing this. The abuse contacts already there helped me a lot. I don't appreciate people who can't even stand up with their real names, just pointing out that others are lame. We make this a better world by helping with advice that empowers, not with diminish comments. Cheers Serge On 08.03.19 11:40, Shane Kerr wrote: > Fi Shing, > > I'm sure verifying the delivery of 70k e-mails (or however many is in > the database) can be done in a few hours. > > But Marco's response mentions to *correcting* the contact addresses, not > just verifying them. That involves working with human beings, so it > makes sense that it will take a while. > > Cheers, > > -- > Shane > > On 08/03/2019 11.07, Fi Shing wrote: >> If it takes more than a week to verify your entire database, there is >> the first sign that something is wrong with your system. >> >> >> Original Message >> Subject: Re: [anti-abuse-wg] Verification of abuse contact >> addresses ? >> From: Marco Schmidt mailto:mschm...@ripe.net>> >> Date: Thu, March 07, 2019 10:03 pm >> To: "Ronald F. Guilmette" > <mailto:r...@tristatelogic.com>>, >> anti-abuse-wg@ripe.net <mailto:anti-abuse-wg@ripe.net> >> >> Hello Ronald, >> >> We are planning to publish an updated timeline soon. >> >> Ultimately, our implementation will depend of the level of >> cooperation >> we get from LIRs and the nature of issues that need to be fixed >> before >> an abuse contact can be updated (for example, some organisations may >> need to reset their maintainer password). >> >> Over the next few weeks we will be analysing our progress, to make a >> realistic estimation. From observations so far, we think we might be >> able to finish our initial validation of all abuse contacts within >> six >> months - but it is still too early to make any strong predictions. >> >> Kind regards, >> Marco Schmidt >> RIPE NCC >> >> >> On 05/03/2019 21:51, Ronald F. Guilmette wrote: >> > In message <9c95c110-d5a3-e94a-6b3c-b02030736...@ripe.net >> <mailto:9c95c110-d5a3-e94a-6b3c-b02030736...@ripe.net>>, >> > Marco Schmidt mailto:mschm...@ripe.net>> wrote: >> > >> >> It is correct that the implementation phase is still ongoing. >> Currently >> >> we are validating all the abuse contact information referenced >> in LIR >> >> organisation objects. Then we will proceed with the validation >> of abuse >> >> contacts referenced in LIR resource objects - the example that you >> >> mentioned belongs to this group. And finally all abuse contacts >> >> referenced in End User (sponsored) objects will be validated. >> > Thanks for the info Marco. >> > >> > I guess the only question I would ask is this: Is there a >> published >> > timeline for how this whole process is planned to play out, and for >> > when it is planned to be completed? >> > >> > >> > Regards, >> > rfg >> > >> >> > > -- Dr. Serge Droz Member of the FIRST Board of DirectorsSenior Advisor ICT4Peace https://www.first.org https://www.ict4peace.org
Re: [anti-abuse-wg] Verification of abuse contact addresses ?
Fi Shing, I'm sure verifying the delivery of 70k e-mails (or however many is in the database) can be done in a few hours. But Marco's response mentions to *correcting* the contact addresses, not just verifying them. That involves working with human beings, so it makes sense that it will take a while. Cheers, -- Shane On 08/03/2019 11.07, Fi Shing wrote: If it takes more than a week to verify your entire database, there is the first sign that something is wrong with your system. Original Message Subject: Re: [anti-abuse-wg] Verification of abuse contact addresses ? From: Marco Schmidt mailto:mschm...@ripe.net>> Date: Thu, March 07, 2019 10:03 pm To: "Ronald F. Guilmette" mailto:r...@tristatelogic.com>>, anti-abuse-wg@ripe.net <mailto:anti-abuse-wg@ripe.net> Hello Ronald, We are planning to publish an updated timeline soon. Ultimately, our implementation will depend of the level of cooperation we get from LIRs and the nature of issues that need to be fixed before an abuse contact can be updated (for example, some organisations may need to reset their maintainer password). Over the next few weeks we will be analysing our progress, to make a realistic estimation. From observations so far, we think we might be able to finish our initial validation of all abuse contacts within six months - but it is still too early to make any strong predictions. Kind regards, Marco Schmidt RIPE NCC On 05/03/2019 21:51, Ronald F. Guilmette wrote: > In message <9c95c110-d5a3-e94a-6b3c-b02030736...@ripe.net <mailto:9c95c110-d5a3-e94a-6b3c-b02030736...@ripe.net>>, > Marco Schmidt mailto:mschm...@ripe.net>> wrote: > >> It is correct that the implementation phase is still ongoing. Currently >> we are validating all the abuse contact information referenced in LIR >> organisation objects. Then we will proceed with the validation of abuse >> contacts referenced in LIR resource objects - the example that you >> mentioned belongs to this group. And finally all abuse contacts >> referenced in End User (sponsored) objects will be validated. > Thanks for the info Marco. > > I guess the only question I would ask is this: Is there a published > timeline for how this whole process is planned to play out, and for > when it is planned to be completed? > > > Regards, > rfg >
Re: [anti-abuse-wg] Verification of abuse contact addresses ?
If it takes more than a week to verify your entire database, there is the first sign that something is wrong with your system. Original Message Subject: Re: [anti-abuse-wg] Verification of abuse contact addresses ? From: Marco Schmidt <mschm...@ripe.net> Date: Thu, March 07, 2019 10:03 pm To: "Ronald F. Guilmette" <r...@tristatelogic.com>, anti-abuse-wg@ripe.net Hello Ronald, We are planning to publish an updated timeline soon. Ultimately, our implementation will depend of the level of cooperation we get from LIRs and the nature of issues that need to be fixed before an abuse contact can be updated (for example, some organisations may need to reset their maintainer password). Over the next few weeks we will be analysing our progress, to make a realistic estimation. From observations so far, we think we might be able to finish our initial validation of all abuse contacts within six months - but it is still too early to make any strong predictions. Kind regards, Marco Schmidt RIPE NCC On 05/03/2019 21:51, Ronald F. Guilmette wrote: > In message <9c95c110-d5a3-e94a-6b3c-b02030736...@ripe.net>, > Marco Schmidt <mschm...@ripe.net> wrote: > >> It is correct that the implementation phase is still ongoing. Currently >> we are validating all the abuse contact information referenced in LIR >> organisation objects. Then we will proceed with the validation of abuse >> contacts referenced in LIR resource objects - the example that you >> mentioned belongs to this group. And finally all abuse contacts >> referenced in End User (sponsored) objects will be validated. > Thanks for the info Marco. > > I guess the only question I would ask is this: Is there a published > timeline for how this whole process is planned to play out, and for > when it is planned to be completed? > > > Regards, > rfg >
Re: [anti-abuse-wg] Verification of abuse contact addresses ?
Agreed It's good to see that there is progress on this. Regards Michele -- Mr Michele Neylon Blacknight Solutions Hosting, Colocation & Domains https://www.blacknight.com/ http://blacknight.blog/ Intl. +353 (0) 59 9183072 Direct Dial: +353 (0)59 9183090 Personal blog: https://michele.blog/ Some thoughts: https://ceo.hosting/ --- Blacknight Internet Solutions Ltd, Unit 12A,Barrowside Business Park,Sleaty Road,Graiguecullen,Carlow,R93 X265,Ireland Company No.: 370845 On 08/03/2019, 04:40, "anti-abuse-wg on behalf of Ronald F. Guilmette" wrote: In message , Marco Schmidt wrote: >We are planning to publish an updated timeline soon. > >Ultimately, our implementation will depend of the level of cooperation >we get from LIRs and the nature of issues that need to be fixed before >an abuse contact can be updated (for example, some organisations may >need to reset their maintainer password). > >Over the next few weeks we will be analysing our progress, to make a >realistic estimation. From observations so far, we think we might be >able to finish our initial validation of all abuse contacts within six >months - but it is still too early to make any strong predictions. Thanks again for the additional information. I'm sure that you face many challenges, given that this project is dependent upon so many vagaries, and upon the active cooperation of so many individuals and companies. But it is my sincere hope that this can be made to take less than 6 months. It seems that there are really two parts here, i.e. (1) identifying all of the broken contact addresses and then (b) attempting to get as many of those fixed as possible. The latter part may last indefinitely. The former however should be amenable to completion on a very short time scale. I would encourage you to seek to find out what is broken, as expeditiously as possible, and to then publish those findings for all to see. Such publication could have multiple useful knock-on effects. Regards, rfg
Re: [anti-abuse-wg] Verification of abuse contact addresses ?
In message , Marco Schmidt wrote: >We are planning to publish an updated timeline soon. > >Ultimately, our implementation will depend of the level of cooperation >we get from LIRs and the nature of issues that need to be fixed before >an abuse contact can be updated (for example, some organisations may >need to reset their maintainer password). > >Over the next few weeks we will be analysing our progress, to make a >realistic estimation. From observations so far, we think we might be >able to finish our initial validation of all abuse contacts within six >months - but it is still too early to make any strong predictions. Thanks again for the additional information. I'm sure that you face many challenges, given that this project is dependent upon so many vagaries, and upon the active cooperation of so many individuals and companies. But it is my sincere hope that this can be made to take less than 6 months. It seems that there are really two parts here, i.e. (1) identifying all of the broken contact addresses and then (b) attempting to get as many of those fixed as possible. The latter part may last indefinitely. The former however should be amenable to completion on a very short time scale. I would encourage you to seek to find out what is broken, as expeditiously as possible, and to then publish those findings for all to see. Such publication could have multiple useful knock-on effects. Regards, rfg
Re: [anti-abuse-wg] Verification of abuse contact addresses ?
Hello Ronald, We are planning to publish an updated timeline soon. Ultimately, our implementation will depend of the level of cooperation we get from LIRs and the nature of issues that need to be fixed before an abuse contact can be updated (for example, some organisations may need to reset their maintainer password). Over the next few weeks we will be analysing our progress, to make a realistic estimation. From observations so far, we think we might be able to finish our initial validation of all abuse contacts within six months - but it is still too early to make any strong predictions. Kind regards, Marco Schmidt RIPE NCC On 05/03/2019 21:51, Ronald F. Guilmette wrote: In message <9c95c110-d5a3-e94a-6b3c-b02030736...@ripe.net>, Marco Schmidt wrote: It is correct that the implementation phase is still ongoing. Currently we are validating all the abuse contact information referenced in LIR organisation objects. Then we will proceed with the validation of abuse contacts referenced in LIR resource objects - the example that you mentioned belongs to this group. And finally all abuse contacts referenced in End User (sponsored) objects will be validated. Thanks for the info Marco. I guess the only question I would ask is this: Is there a published timeline for how this whole process is planned to play out, and for when it is planned to be completed? Regards, rfg
Re: [anti-abuse-wg] Verification of abuse contact addresses ?
In message <9c95c110-d5a3-e94a-6b3c-b02030736...@ripe.net>, Marco Schmidt wrote: >It is correct that the implementation phase is still ongoing. Currently >we are validating all the abuse contact information referenced in LIR >organisation objects. Then we will proceed with the validation of abuse >contacts referenced in LIR resource objects - the example that you >mentioned belongs to this group. And finally all abuse contacts >referenced in End User (sponsored) objects will be validated. Thanks for the info Marco. I guess the only question I would ask is this: Is there a published timeline for how this whole process is planned to play out, and for when it is planned to be completed? Regards, rfg
Re: [anti-abuse-wg] Verification of abuse contact addresses ?
In message <20190305042821.af7f9f79718891d8e76b551cf73e1563.4d026bdf0f@email19.godaddy.com>, "Fi Shing" wrote: > Yes, the verification mechanism they chose to implement was a flop, > with no input required from address owners. So, um, nobody even checked for undeliverable bounces?? Facinating.
Re: [anti-abuse-wg] Verification of abuse contact addresses ?
This is more in the line with the one that I submitted in other regions (coming also for RIPE, I think this week or next one), that has been already accepted (being implemented) by APNIC: https://www.apnic.net/community/policy/proposals/prop-125 Regards, Jordi De: anti-abuse-wg en nombre de Fi Shing Fecha: martes, 5 de marzo de 2019, 12:28 Para: "Ronald F. Guilmette" , Asunto: Re: [anti-abuse-wg] Verification of abuse contact addresses ? Yes, the verification mechanism they chose to implement was a flop, with no input required from address owners. In reality, it should be "verify your email address by clicking this link once a week or your resources are decommissioned within 24 hours" but alas, that would make too much sense. abuse.net lists these contacts for mesh digital: ab...@meshdigital.com (for meshdigital.com) n...@meshdigital.com (for meshdigital.com) r...@netsumo.com (for meshdigital.com) Original Message Subject: [anti-abuse-wg] Verification of abuse contact addresses ? From: "Ronald F. Guilmette" Date: Tue, March 05, 2019 8:55 am To: anti-abuse-wg@ripe.net Sorry folks, when this topic was discussed, I confess that I wasn't really paying much attention. So now I am forced to ask: Was someone going to verify the abuse contact addresses listed in the RIPE WHOIS data base? If so, how is that project coming along? I'll tell you why I ask. It's quite simple really. Some jerk, probably Mexican, just sent me a spam wherein he was advertising for sale his list of 18 million "business" email addreses. (I can't quite tell if those are all supposed to be specifically Mexican email addrses or what... because the spam was written in Spanish, and I don't speak Spanish.) https://pastebin.com/raw/dT11krpN Note that the specific email address of mine that was spammed was one that I only used in ancient times, and only in conjunction with my activities on one specific web site. (It obviously leaked somehow.) The envelope sender address was forged to be my own. The source IP was 109.68.33.19 as you can see. So naturally, I performed a RIPE WHOIS query on that IP address and the results I got back indicated that the contact email address for spam reports was . So I emailed off a report to that address. Of course, it bounced back to me immediately as undeliverable. This causes me to suspect that either (a) that stuff that I thought that I has seen previously about a project to verify abuse addresses was all just a bunch of malarkey, or else (b) that project is still unfinished and perhaps not going all that well. Could someone please enlighten me and tell me which possibility actually applies? Regards, rfg P.s. It is annoying enough to have to lookup who the bleep should receive a report about spamming from their network _and_ to have to even write such reports, when 9 time sout of ten, the sending network could have easly prevented the spam from even going out. It is just adding insult to injury when the bloody "official" abuse reporting address doesn't even actually exist. And of course, neither meshdigital.com nor meshdigital.net even have functioning web sites. Apparently this is all the work of some dolts at a company called heg.com, in Germany. Do any of you happen to know any of the clueless nitwits who work there? If so, maybe you could put me in direct touch so that I could personally apply a much needed clue-by-four. ** IPv4 is over Are you ready for the new Internet ? http://www.theipv6company.com The IPv6 Company This electronic message contains information which may be privileged or confidential. The information is intended to be for the exclusive use of the individual(s) named above and further non-explicilty authorized disclosure, copying, distribution or use of the contents of this information, even if partially, including attached files, is strictly prohibited and will be considered a criminal offense. If you are not the intended recipient be aware that any disclosure, copying, distribution or use of the contents of this information, even if partially, including attached files, is strictly prohibited, will be considered a criminal offense, so you must reply to the original sender to inform about this communication and delete it.
Re: [anti-abuse-wg] Verification of abuse contact addresses ?
Morning, The verification system that is being implemented is the one that comes from the policy that was approved by the RIPE community. While I, personally, believe it is what is possible right now, the opportunity exists for everyone in the community to propose a different policy. The Anti-Abuse WG Chairs and the RIPE Policy Development team stand ready to assist anyone with this. Thanks, Brian Co-Chair, RIPE AA-WG Brian Nisbet Service Operations Manager HEAnet CLG, Ireland's National Education and Research Network 1st Floor, 5 George's Dock, IFSC, Dublin D01 X8N7, Ireland +35316609040 brian.nis...@heanet.ie www.heanet.ie Registered in Ireland, No. 275301. CRA No. 20036270 From: anti-abuse-wg On Behalf Of Fi Shing Sent: Tuesday 5 March 2019 11:28 To: Ronald F. Guilmette ; anti-abuse-wg@ripe.net Subject: Re: [anti-abuse-wg] Verification of abuse contact addresses ? Yes, the verification mechanism they chose to implement was a flop, with no input required from address owners. In reality, it should be "verify your email address by clicking this link once a week or your resources are decommissioned within 24 hours" but alas, that would make too much sense. abuse.net<http://abuse.net> lists these contacts for mesh digital: ab...@meshdigital.com<mailto:ab...@meshdigital.com> (for meshdigital.com<http://meshdigital.com>) n...@meshdigital.com<mailto:n...@meshdigital.com> (for meshdigital.com<http://meshdigital.com>) r...@netsumo.com<mailto:r...@netsumo.com> (for meshdigital.com<http://meshdigital.com>) Original Message Subject: [anti-abuse-wg] Verification of abuse contact addresses ? From: "Ronald F. Guilmette" mailto:r...@tristatelogic.com>> Date: Tue, March 05, 2019 8:55 am To: anti-abuse-wg@ripe.net<mailto:anti-abuse-wg@ripe.net> Sorry folks, when this topic was discussed, I confess that I wasn't really paying much attention. So now I am forced to ask: Was someone going to verify the abuse contact addresses listed in the RIPE WHOIS data base? If so, how is that project coming along? I'll tell you why I ask. It's quite simple really. Some jerk, probably Mexican, just sent me a spam wherein he was advertising for sale his list of 18 million "business" email addreses. (I can't quite tell if those are all supposed to be specifically Mexican email addrses or what... because the spam was written in Spanish, and I don't speak Spanish.) https://pastebin.com/raw/dT11krpN Note that the specific email address of mine that was spammed was one that I only used in ancient times, and only in conjunction with my activities on one specific web site. (It obviously leaked somehow.) The envelope sender address was forged to be my own. The source IP was 109.68.33.19 as you can see. So naturally, I performed a RIPE WHOIS query on that IP address and the results I got back indicated that the contact email address for spam reports was mailto:ab...@meshdigital.com>>. So I emailed off a report to that address. Of course, it bounced back to me immediately as undeliverable. This causes me to suspect that either (a) that stuff that I thought that I has seen previously about a project to verify abuse addresses was all just a bunch of malarkey, or else (b) that project is still unfinished and perhaps not going all that well. Could someone please enlighten me and tell me which possibility actually applies? Regards, rfg P.s. It is annoying enough to have to lookup who the bleep should receive a report about spamming from their network _and_ to have to even write such reports, when 9 time sout of ten, the sending network could have easly prevented the spam from even going out. It is just adding insult to injury when the bloody "official" abuse reporting address doesn't even actually exist. And of course, neither meshdigital.com<http://meshdigital.com> nor meshdigital.net<http://meshdigital.net> even have functioning web sites. Apparently this is all the work of some dolts at a company called heg.com<http://heg.com>, in Germany. Do any of you happen to know any of the clueless nitwits who work there? If so, maybe you could put me in direct touch so that I could personally apply a much needed clue-by-four.
Re: [anti-abuse-wg] Verification of abuse contact addresses ?
Dear Ronald, Thank you for asking about the status of the policy change 2017-02, "Regular abuse-c Validation". It is correct that the implementation phase is still ongoing. Currently we are validating all the abuse contact information referenced in LIR organisation objects. Then we will proceed with the validation of abuse contacts referenced in LIR resource objects - the example that you mentioned belongs to this group. And finally all abuse contacts referenced in End User (sponsored) objects will be validated. You can read more details on the policy implementation in this RIPE Labs article by my colleague Angela: https://labs.ripe.net/Members/angela_dallara/how-we-will-be-following-up-with-invalid-abuse-contacts We understand that it is frustrating when contact information in the RIPE Database turns out not to work. You can always report such incorrect contact information to the RIPE NCC and we will follow up to have it corrected. https://www.ripe.net/contact-form I hope this clarifies your question. Kind regards, Marco Schmidt Policy Officer RIPE NCC On 04/03/2019 22:55, Ronald F. Guilmette wrote: Sorry folks, when this topic was discussed, I confess that I wasn't really paying much attention. So now I am forced to ask: Was someone going to verify the abuse contact addresses listed in the RIPE WHOIS data base? If so, how is that project coming along? I'll tell you why I ask. It's quite simple really. Some jerk, probably Mexican, just sent me a spam wherein he was advertising for sale his list of 18 million "business" email addreses. (I can't quite tell if those are all supposed to be specifically Mexican email addrses or what... because the spam was written in Spanish, and I don't speak Spanish.) https://pastebin.com/raw/dT11krpN Note that the specific email address of mine that was spammed was one that I only used in ancient times, and only in conjunction with my activities on one specific web site. (It obviously leaked somehow.) The envelope sender address was forged to be my own. The source IP was 109.68.33.19 as you can see. So naturally, I performed a RIPE WHOIS query on that IP address and the results I got back indicated that the contact email address for spam reports was . So I emailed off a report to that address. Of course, it bounced back to me immediately as undeliverable. This causes me to suspect that either (a) that stuff that I thought that I has seen previously about a project to verify abuse addresses was all just a bunch of malarkey, or else (b) that project is still unfinished and perhaps not going all that well. Could someone please enlighten me and tell me which possibility actually applies? Regards, rfg P.s. It is annoying enough to have to lookup who the bleep should receive a report about spamming from their network _and_ to have to even write such reports, when 9 time sout of ten, the sending network could have easly prevented the spam from even going out. It is just adding insult to injury when the bloody "official" abuse reporting address doesn't even actually exist. And of course, neither meshdigital.com nor meshdigital.net even have functioning web sites. Apparently this is all the work of some dolts at a company called heg.com, in Germany. Do any of you happen to know any of the clueless nitwits who work there? If so, maybe you could put me in direct touch so that I could personally apply a much needed clue-by-four.
Re: [anti-abuse-wg] Verification of abuse contact addresses ?
Yes, the verification mechanism they chose to implement was a flop, with no input required from address owners.In reality, it should be "verify your email address by clicking this link once a week or your resources are decommissioned within 24 hours" but alas, that would make too much sense.abuse.net lists these contacts for mesh digital:ab...@meshdigital.com (for meshdigital.com)n...@meshdigital.com (for meshdigital.com)r...@netsumo.com (for meshdigital.com) Original Message Subject: [anti-abuse-wg] Verification of abuse contact addresses ? From: "Ronald F. Guilmette"Date: Tue, March 05, 2019 8:55 am To: anti-abuse-wg@ripe.net Sorry folks, when this topic was discussed, I confess that I wasn't really paying much attention. So now I am forced to ask: Was someone going to verify the abuse contact addresses listed in the RIPE WHOIS data base? If so, how is that project coming along? I'll tell you why I ask. It's quite simple really. Some jerk, probably Mexican, just sent me a spam wherein he was advertising for sale his list of 18 million "business" email addreses. (I can't quite tell if those are all supposed to be specifically Mexican email addrses or what... because the spam was written in Spanish, and I don't speak Spanish.) https://pastebin.com/raw/dT11krpN Note that the specific email address of mine that was spammed was one that I only used in ancient times, and only in conjunction with my activities on one specific web site. (It obviously leaked somehow.) The envelope sender address was forged to be my own. The source IP was 109.68.33.19 as you can see. So naturally, I performed a RIPE WHOIS query on that IP address and the results I got back indicated that the contact email address for spam reports was . So I emailed off a report to that address. Of course, it bounced back to me immediately as undeliverable. This causes me to suspect that either (a) that stuff that I thought that I has seen previously about a project to verify abuse addresses was all just a bunch of malarkey, or else (b) that project is still unfinished and perhaps not going all that well. Could someone please enlighten me and tell me which possibility actually applies? Regards, rfg P.s. It is annoying enough to have to lookup who the bleep should receive a report about spamming from their network _and_ to have to even write such reports, when 9 time sout of ten, the sending network could have easly prevented the spam from even going out. It is just adding insult to injury when the bloody "official" abuse reporting address doesn't even actually exist. And of course, neither meshdigital.com nor meshdigital.net even have functioning web sites. Apparently this is all the work of some dolts at a company called heg.com, in Germany. Do any of you happen to know any of the clueless nitwits who work there? If so, maybe you could put me in direct touch so that I could personally apply a much needed clue-by-four.