non-responsive abuse mailbox or any other non-compliance with RIPE policy.
Original Message
Subject: Re: [anti-abuse-wg] [policy-announce] 2017-02 Review Phase
(Regular abuse-c Validation)
From: Nick Hilliard <n...@foobar.org>
Date: Thu, January 25, 2018 1:40 am
To: Bri
the RIPE NCC "may close"
sorry
De : CLEMENT Herve IMT/OLN
Envoyé : mercredi 24 janvier 2018 16:21
À : 'Nick Hilliard'; Brian Nisbet
Cc : Gert Doering; anti-abuse-wg@ripe.net
Objet : RE: [anti-abuse-wg] [policy-announce] 2017-02 Review Phase (Regular
abuse-c Validation)
Hilliard
Envoyé : mercredi 24 janvier 2018 15:40
À : Brian Nisbet
Cc : Gert Doering; anti-abuse-wg@ripe.net
Objet : Re: [anti-abuse-wg] [policy-announce] 2017-02 Review Phase (Regular
abuse-c Validation)
Brian Nisbet wrote:
> No, it isn't. It's a statement that the process has many steps and
&
Brian Nisbet wrote:
> No, it isn't. It's a statement that the process has many steps and that
> the NCC both say they do and clearly do whatever they can to not reach
> the termination point of the process. I'm not saying it could never
> happen, I'm saying that it if happens it's may have been
IF email is from = "validat...@ripe.net" THEN deliver email,ELSE, delete/auto-respond/jump through hoops.
Original Message
Subject: Re: [anti-abuse-wg] [policy-announce] 2017-02 Review Phase
(Regular abuse-c Validation)
From: ox <an...@ox.co.za>
Date: Wed, Janua
On Tue, 23 Jan 2018 14:45:13 +
Brian Nisbet wrote:
> Just to be very clear, the current proposal is only in relation to
> verification.
>
> If the community wish for other processes to be put in place in
> regards to lack of action on abuse or similar, then that
Dear Brian and Nick,
On 2018-01-22 10:20:50 CET, Brian Nisbet wrote:
> > After looking at the text from the "Validation method" section of the
> > proposal, it looks like the RIPE NCC may be suggesting doing something
> > like issuing an SMTP RCPT command to see if the mail server rejects the
> >
Thomas,
Just to be very clear, the current proposal is only in relation to
verification.
If the community wish for other processes to be put in place in regards
to lack of action on abuse or similar, then that would require a wholly
different proposal.
Thanks,
Brian
Co-Chair, RIPE AA-W
On 23.01.2018 13:52, Name wrote:
> Autoresponders/webforms should actually be encouraged, because a stand alone
> email address means that all a spammer/attacker has to do to is flood that
> email
> account with bogus data and the valid reports will either get lost amongst
> the
> genuine
't exclude the abuse email box from the spam filter, resulting in spam complaints being rejected.
Original Message
Subject: Re: [anti-abuse-wg] [policy-announce] 2017-02 Review Phase
(Regular abuse-c Validation)
From: Thomas Hungenberg <t...@cert-bund.de>
Date: Tue, January 2
On 22.01.2018 14:19, Gert Doering wrote:
> I do see the need for a working abuse contact, and I do see the need of
> sanctions in case a policy is violated, but "deregister all resources,
> because your mail server was broken when we tested" is too extreme
> (exaggeration for emphasis).
I fully
On 22/01/2018 16:25, Sascha Luck [ml] wrote:
> On Mon, Jan 22, 2018 at 04:20:41PM +, Sascha Luck [ml] wrote:
>> it. (However, since I'm not sure the implementation process
>> cannot just change without my consent, I still oppose it on this
>> point, too)
>
> Actually, a question for the
ning abuse reporting address.
Original Message
Subject: Re: [anti-abuse-wg] [policy-announce] 2017-02 Review Phase
(Regular abuse-c Validation)
From: ox <an...@ox.co.za>
Date: Tue, January 23, 2018 12:33 am
To: anti-abuse-wg@ripe.net
On Mon, 22 Jan 2018 14:19:26 +0100
On Mon, 22 Jan 2018 16:20:41 +
"Sascha Luck [ml]" wrote:
> "The objective of this proposal is not to devise a detailed
> validation procedure. The RIPE NCC is best placed to assess the
> technical challenges and the financial and human resources
> necessary to conduct
On 22/01/2018 15:09, Nick Hilliard wrote:
> Brian Nisbet wrote:
>> I believe the NCC have stated very clearly how incredibly unlikely
>> deregistration of resources would be and I honestly don't believe the
>> exaggeration for emphasis or otherwise is useful.
>
> this seems to be a statement
On 22/01/2018 16:07, Nick Hilliard wrote:
> JORDI PALET MARTINEZ via anti-abuse-wg wrote:
>> I agree that exaggeration is not useful, and probably we need to have
>> several clear attempts before turning down a contract, BUT, if we are
>> talking about proportionality, there are MANY cases of
On Mon, Jan 22, 2018 at 04:20:41PM +, Sascha Luck [ml] wrote:
it. (However, since I'm not sure the implementation process
cannot just change without my consent, I still oppose it on this
point, too)
Actually, a question for the chairs on the PDP: Is the
implentation plan a part of the
On Mon, Jan 22, 2018 at 04:45:43PM +0200, ox wrote:
Have I made myself sufficiently clear?
Not really.
Right. I will then re-iterate all of my arguments including the
ones against v1.
1) The proposal states:
"Improving the trust and safety of the IP address space is a
priority for the RIPE
JORDI PALET MARTINEZ via anti-abuse-wg wrote:
> I agree that exaggeration is not useful, and probably we need to have
> several clear attempts before turning down a contract, BUT, if we are
> talking about proportionality, there are MANY cases of abuses where
> the responsible LIRs aren't
se-wg <anti-abuse-wg-boun...@ripe.net> en nombre de Nick Hilliard
<n...@foobar.org>
Fecha: lunes, 22 de enero de 2018, 16:09
Para: Brian Nisbet <brian.nis...@heanet.ie>
CC: Gert Doering <g...@space.net>, <anti-abuse-wg@ripe.net>
Asunto: Re: [anti-abuse-wg] [polic
On Mon, Jan 22, 2018 at 03:56:05PM +0200, ox wrote:
so, still, there has been no objections to the verification process -
if you have an objection to the process or would like to contribute an
improvement, please do so Sascha?
OK, so for the avoidance of doubt among the trolls and the rules
On Mon, 22 Jan 2018 13:48:19 +
"Sascha Luck [ml]" wrote:
> On Mon, Jan 22, 2018 at 03:42:09PM +0200, ox wrote:
> >I have not seen any objections to the process of emailing a alpha
> >numeric number to abuse-c and then having that number entered into a
> >website (after
Hi,
sorry, Brian, i posted before receiving your email :)
just to get back on topic then:
I have not seen any objections to the process of emailing a alpha
numeric number to abuse-c and then having that number entered into a
website (after solving a capcha)
This would solve many problems as
On Mon, 22 Jan 2018 14:19:26 +0100
Gert Doering wrote:
> On Mon, Jan 22, 2018 at 11:25:12AM +, Nick Hilliard wrote:
> > I have no problem with abuse-c validation, either via ARC, or the
> > mechanism proposed in this policy, and probably not via a range of
> > other mechanisms
Folks,
On 22/01/2018 13:19, Gert Doering wrote:
> Hi,
>
> On Mon, Jan 22, 2018 at 11:25:12AM +, Nick Hilliard wrote:
>> I have no problem with abuse-c validation, either via ARC, or the
>> mechanism proposed in this policy, and probably not via a range of other
>> mechanisms either. But
Brian Nisbet wrote:
> Well, this is where we keep on coming back to in this conversation.
> There are clearly those who wish for the validation to go much further
> and others who do not wish it to happen at all. Threading that line is
> proving tricky. I, personally, do not see how the ARC could
Nick,
On 19/01/2018 17:26, Nick Hilliard wrote:
> Brian Nisbet wrote:
>> Given the NCC have repeatedly said that the ARC is not a suitable way to
>> validate the abuse contact and have proposed an alternative method,
>> supported by the ARC process, do you have any comment on the actually
>>
On 19 Jan 2018, at 2:21, Wolfgang Tremmel wrote:
I can imagine as the "click here and solve captcha" emails will be
standardized that a carefully crafted attack might lure fist line
helpdesk people onto shady websides and making them click stuff.
If your helpdesk in charge of abuse is so
On Fri, 19 Jan 2018 17:33:19 -0700
"Name" wrote:
> "If any of our helpdesk engineers would click on a link or attachment
> in what we receive on the abuse-mailbox ... "
>
> Then a text code could be sent via email, allowing manual opening of
> RIPE website and enter the
On Fri, 19 Jan 2018 17:33:19 -0700
"Name" wrote:
> "If any of our helpdesk engineers would click on a link or attachment
> in what we receive on the abuse-mailbox ... "
>
> Then a text code could be sent via email, allowing manual opening of
> RIPE website and enter the
On Fri, 19 Jan 2018 17:26:47 +
Nick Hilliard wrote:
> Brian Nisbet wrote:
> > Given the NCC have repeatedly said that the ARC is not a suitable
> > way to validate the abuse contact and have proposed an alternative
> > method, supported by the ARC process, do you have any
Thomas,
On 19/01/2018 15:44, Thomas Hungenberg wrote:
> On 19.01.2018 13:08, Marco Schmidt wrote:
>> The way that abuse reports are handled by the receiving party is
>> usually defined by the internal procedures of the providers and not by RIPE
>> Policies.
>
> If the abuse-mailbox is valid
On 19.01.2018 13:08, Marco Schmidt wrote:
> The way that abuse reports are handled by the receiving party is
> usually defined by the internal procedures of the providers and not by RIPE
> Policies.
If the abuse-mailbox is valid but the resource holder constantly ignores
abuse complaints sent
ernes, 19 de enero de 2018, 13:09
Para: <anti-abuse-wg@ripe.net>
Asunto: Re: [anti-abuse-wg] [policy-announce] 2017-02 Review Phase (Regular
abuse-c Validation)
Dear Jordi,
Thank you for your question.
On 2018-01-18 19:44:51 CET, Jordi Palet Martinez wrote:
> HOW
Dear Jordi,
Thank you for your question.
On 2018-01-18 19:44:51 CET, Jordi Palet Martinez wrote:
> HOWEVER, I’ve a question regarding the impact analysis, and specially this
> sentence:
>
> “To increase efficiency, this process will use an automated solution that
> will allow the validation
Do you want to solve a problem or create one?
I can imagine as the "click here and solve captcha" emails will be standardized
that a carefully crafted attack might lure fist line helpdesk people onto shady
websides and making them click stuff.
So if I were a helpdesk manager I would order my
2018, 10:58
Para: Wolfgang Tremmel <wolfgang.trem...@de-cix.net>
CC: "anti-abuse-wg@ripe.net" <anti-abuse-wg@ripe.net>
Asunto: Re: [anti-abuse-wg] [policy-announce] 2017-02 Review Phase (Regular
abuse-c Validation)
On Fri, 19 Jan 2018 09:42:09 +
Wolfgang Tremmel &
de ox
> <an...@ox.co.za> Organización: ox.co.za
> Fecha: viernes, 19 de enero de 2018, 10:37
> Para: <anti-abuse-wg@ripe.net>
> Asunto: Re: [anti-abuse-wg] [policy-announce] 2017-02 Review Phase
> (Regular abuse-c Validation)
>
>
On Fri, 19 Jan 2018 09:42:09 +
Wolfgang Tremmel wrote:
> I support this policy and IMHO an automated check is "good enough"
> If someone asks how this could be done I suggest reading rfc2821
>
> IMHO requiring human interaction would deliver too many "false
>
-
> De: anti-abuse-wg <anti-abuse-wg-boun...@ripe.net> en nombre de ox
> <an...@ox.co.za> Organización: ox.co.za
> Fecha: viernes, 19 de enero de 2018, 10:37
> Para: <anti-abuse-wg@ripe.net>
> Asunto: Re: [anti-abuse-wg] [policy-announce]
I support this policy and IMHO an automated check is "good enough"
If someone asks how this could be done I suggest reading rfc2821
IMHO requiring human interaction would deliver too many "false negatives".
People suggesting a captcha I guess have never worked at a helpdesk or in any
customer
pe.net> en nombre de ox
<an...@ox.co.za>
Organización: ox.co.za
Fecha: viernes, 19 de enero de 2018, 10:37
Para: <anti-abuse-wg@ripe.net>
Asunto: Re: [anti-abuse-wg] [policy-announce] 2017-02 Review Phase (Regular
abuse-c Validation)
Yes, the idea Thomas had about human interac
ón: Artfiles New Media GmbH
Fecha: viernes, 19 de enero de 2018, 10:23
Para: <anti-abuse-wg@ripe.net>
Asunto: Re: [anti-abuse-wg] [policy-announce] 2017-02 Review Phase (Regular
abuse-c Validation)
I support the proposal in general and i also think a human interaction
of the resource
Hi Jordi,
A period of 48 hours looks too short to me, I suggest something like within
a period of 2 working days (or even more).
Regards,
Arash
On Fri, Jan 19, 2018 at 5:44 AM, JORDI PALET MARTINEZ via anti-abuse-wg <
anti-abuse-wg@ripe.net> wrote:
> I fully agree with this proposal and
I second Jordi's opinion that validation of the abuse-mailbox should require
human interaction of the resource holder. In addition to solving a captcha
the resource holder might need to confirm (click a checkbox) that he will
monitor the abuse-mailbox account on a regular basis and take
45 matches
Mail list logo