Re: [anti-abuse-wg] [policy-announce] 2017-02 Review Phase (Regular abuse-c Validation)

non-responsive abuse mailbox or any other non-compliance with RIPE policy. Original Message Subject: Re: [anti-abuse-wg] [policy-announce] 2017-02 Review Phase (Regular abuse-c Validation) From: Nick Hilliard <n...@foobar.org> Date: Thu, January 25, 2018 1:40 am To: Bri

Re: [anti-abuse-wg] [policy-announce] 2017-02 Review Phase (Regular abuse-c Validation)

the RIPE NCC "may close" sorry De : CLEMENT Herve IMT/OLN Envoyé : mercredi 24 janvier 2018 16:21 À : 'Nick Hilliard'; Brian Nisbet Cc : Gert Doering; anti-abuse-wg@ripe.net Objet : RE: [anti-abuse-wg] [policy-announce] 2017-02 Review Phase (Regular abuse-c Validation)

Re: [anti-abuse-wg] [policy-announce] 2017-02 Review Phase (Regular abuse-c Validation)

Hilliard Envoyé : mercredi 24 janvier 2018 15:40 À : Brian Nisbet Cc : Gert Doering; anti-abuse-wg@ripe.net Objet : Re: [anti-abuse-wg] [policy-announce] 2017-02 Review Phase (Regular abuse-c Validation) Brian Nisbet wrote: > No, it isn't. It's a statement that the process has many steps and &

Re: [anti-abuse-wg] [policy-announce] 2017-02 Review Phase (Regular abuse-c Validation)

Brian Nisbet wrote: > No, it isn't. It's a statement that the process has many steps and that > the NCC both say they do and clearly do whatever they can to not reach > the termination point of the process. I'm not saying it could never > happen, I'm saying that it if happens it's may have been

Re: [anti-abuse-wg] [policy-announce] 2017-02 Review Phase (Regular abuse-c Validation)

IF email is from = "validat...@ripe.net" THEN deliver email,ELSE, delete/auto-respond/jump through hoops. Original Message Subject: Re: [anti-abuse-wg] [policy-announce] 2017-02 Review Phase (Regular abuse-c Validation) From: ox <an...@ox.co.za> Date: Wed, Janua

Re: [anti-abuse-wg] [policy-announce] 2017-02 Review Phase (Regular abuse-c Validation)

On Tue, 23 Jan 2018 14:45:13 + Brian Nisbet wrote: > Just to be very clear, the current proposal is only in relation to > verification. > > If the community wish for other processes to be put in place in > regards to lack of action on abuse or similar, then that

Re: [anti-abuse-wg] [policy-announce] 2017-02 Review Phase (Regular abuse-c Validation)

Dear Brian and Nick, On 2018-01-22 10:20:50 CET, Brian Nisbet wrote: > > After looking at the text from the "Validation method" section of the > > proposal, it looks like the RIPE NCC may be suggesting doing something > > like issuing an SMTP RCPT command to see if the mail server rejects the > >

Re: [anti-abuse-wg] [policy-announce] 2017-02 Review Phase (Regular abuse-c Validation)

Thomas, Just to be very clear, the current proposal is only in relation to verification. If the community wish for other processes to be put in place in regards to lack of action on abuse or similar, then that would require a wholly different proposal. Thanks, Brian Co-Chair, RIPE AA-W

Re: [anti-abuse-wg] [policy-announce] 2017-02 Review Phase (Regular abuse-c Validation)

On 23.01.2018 13:52, Name wrote: > Autoresponders/webforms should actually be encouraged, because a stand alone > email address means that all a spammer/attacker has to do to is flood that > email > account with bogus data and the valid reports will either get lost amongst > the > genuine

Re: [anti-abuse-wg] [policy-announce] 2017-02 Review Phase (Regular abuse-c Validation)

't exclude the abuse email box from the spam filter, resulting in spam complaints being rejected. Original Message Subject: Re: [anti-abuse-wg] [policy-announce] 2017-02 Review Phase (Regular abuse-c Validation) From: Thomas Hungenberg <t...@cert-bund.de> Date: Tue, January 2

Re: [anti-abuse-wg] [policy-announce] 2017-02 Review Phase (Regular abuse-c Validation)

On 22.01.2018 14:19, Gert Doering wrote: > I do see the need for a working abuse contact, and I do see the need of > sanctions in case a policy is violated, but "deregister all resources, > because your mail server was broken when we tested" is too extreme > (exaggeration for emphasis). I fully

Re: [anti-abuse-wg] [policy-announce] 2017-02 Review Phase (Regular abuse-c Validation)

On 22/01/2018 16:25, Sascha Luck [ml] wrote: > On Mon, Jan 22, 2018 at 04:20:41PM +, Sascha Luck [ml] wrote: >> it. (However, since I'm not sure the implementation process >> cannot just change without my consent, I still oppose it on this >> point, too) > > Actually, a question for the

Re: [anti-abuse-wg] [policy-announce] 2017-02 Review Phase (Regular abuse-c Validation)

ning abuse reporting address. Original Message Subject: Re: [anti-abuse-wg] [policy-announce] 2017-02 Review Phase (Regular abuse-c Validation) From: ox <an...@ox.co.za> Date: Tue, January 23, 2018 12:33 am To: anti-abuse-wg@ripe.net On Mon, 22 Jan 2018 14:19:26 +0100

Re: [anti-abuse-wg] [policy-announce] 2017-02 Review Phase (Regular abuse-c Validation)

On Mon, 22 Jan 2018 16:20:41 + "Sascha Luck [ml]" wrote: > "The objective of this proposal is not to devise a detailed > validation procedure. The RIPE NCC is best placed to assess the > technical challenges and the financial and human resources > necessary to conduct

Re: [anti-abuse-wg] [policy-announce] 2017-02 Review Phase (Regular abuse-c Validation)

On 22/01/2018 15:09, Nick Hilliard wrote: > Brian Nisbet wrote: >> I believe the NCC have stated very clearly how incredibly unlikely >> deregistration of resources would be and I honestly don't believe the >> exaggeration for emphasis or otherwise is useful. > > this seems to be a statement

Re: [anti-abuse-wg] [policy-announce] 2017-02 Review Phase (Regular abuse-c Validation)

On 22/01/2018 16:07, Nick Hilliard wrote: > JORDI PALET MARTINEZ via anti-abuse-wg wrote: >> I agree that exaggeration is not useful, and probably we need to have >> several clear attempts before turning down a contract, BUT, if we are >> talking about proportionality, there are MANY cases of

Re: [anti-abuse-wg] [policy-announce] 2017-02 Review Phase (Regular abuse-c Validation)

On Mon, Jan 22, 2018 at 04:20:41PM +, Sascha Luck [ml] wrote: it. (However, since I'm not sure the implementation process cannot just change without my consent, I still oppose it on this point, too) Actually, a question for the chairs on the PDP: Is the implentation plan a part of the

Re: [anti-abuse-wg] [policy-announce] 2017-02 Review Phase (Regular abuse-c Validation)

On Mon, Jan 22, 2018 at 04:45:43PM +0200, ox wrote: Have I made myself sufficiently clear? Not really. Right. I will then re-iterate all of my arguments including the ones against v1. 1) The proposal states: "Improving the trust and safety of the IP address space is a priority for the RIPE

Re: [anti-abuse-wg] [policy-announce] 2017-02 Review Phase (Regular abuse-c Validation)

JORDI PALET MARTINEZ via anti-abuse-wg wrote: > I agree that exaggeration is not useful, and probably we need to have > several clear attempts before turning down a contract, BUT, if we are > talking about proportionality, there are MANY cases of abuses where > the responsible LIRs aren't

Re: [anti-abuse-wg] [policy-announce] 2017-02 Review Phase (Regular abuse-c Validation)

se-wg <anti-abuse-wg-boun...@ripe.net> en nombre de Nick Hilliard <n...@foobar.org> Fecha: lunes, 22 de enero de 2018, 16:09 Para: Brian Nisbet <brian.nis...@heanet.ie> CC: Gert Doering <g...@space.net>, <anti-abuse-wg@ripe.net> Asunto: Re: [anti-abuse-wg] [polic

Re: [anti-abuse-wg] [policy-announce] 2017-02 Review Phase (Regular abuse-c Validation)

On Mon, Jan 22, 2018 at 03:56:05PM +0200, ox wrote: so, still, there has been no objections to the verification process - if you have an objection to the process or would like to contribute an improvement, please do so Sascha? OK, so for the avoidance of doubt among the trolls and the rules

Re: [anti-abuse-wg] [policy-announce] 2017-02 Review Phase (Regular abuse-c Validation)

On Mon, 22 Jan 2018 13:48:19 + "Sascha Luck [ml]" wrote: > On Mon, Jan 22, 2018 at 03:42:09PM +0200, ox wrote: > >I have not seen any objections to the process of emailing a alpha > >numeric number to abuse-c and then having that number entered into a > >website (after

Re: [anti-abuse-wg] [policy-announce] 2017-02 Review Phase (Regular abuse-c Validation)

Hi, sorry, Brian, i posted before receiving your email :) just to get back on topic then: I have not seen any objections to the process of emailing a alpha numeric number to abuse-c and then having that number entered into a website (after solving a capcha) This would solve many problems as

Re: [anti-abuse-wg] [policy-announce] 2017-02 Review Phase (Regular abuse-c Validation)

On Mon, 22 Jan 2018 14:19:26 +0100 Gert Doering wrote: > On Mon, Jan 22, 2018 at 11:25:12AM +, Nick Hilliard wrote: > > I have no problem with abuse-c validation, either via ARC, or the > > mechanism proposed in this policy, and probably not via a range of > > other mechanisms

Re: [anti-abuse-wg] [policy-announce] 2017-02 Review Phase (Regular abuse-c Validation)

Folks, On 22/01/2018 13:19, Gert Doering wrote: > Hi, > > On Mon, Jan 22, 2018 at 11:25:12AM +, Nick Hilliard wrote: >> I have no problem with abuse-c validation, either via ARC, or the >> mechanism proposed in this policy, and probably not via a range of other >> mechanisms either. But

Re: [anti-abuse-wg] [policy-announce] 2017-02 Review Phase (Regular abuse-c Validation)

Brian Nisbet wrote: > Well, this is where we keep on coming back to in this conversation. > There are clearly those who wish for the validation to go much further > and others who do not wish it to happen at all. Threading that line is > proving tricky. I, personally, do not see how the ARC could

Re: [anti-abuse-wg] [policy-announce] 2017-02 Review Phase (Regular abuse-c Validation)

Nick, On 19/01/2018 17:26, Nick Hilliard wrote: > Brian Nisbet wrote: >> Given the NCC have repeatedly said that the ARC is not a suitable way to >> validate the abuse contact and have proposed an alternative method, >> supported by the ARC process, do you have any comment on the actually >>

Re: [anti-abuse-wg] [policy-announce] 2017-02 Review Phase (Regular abuse-c Validation)

On 19 Jan 2018, at 2:21, Wolfgang Tremmel wrote: I can imagine as the "click here and solve captcha" emails will be standardized that a carefully crafted attack might lure fist line helpdesk people onto shady websides and making them click stuff. If your helpdesk in charge of abuse is so

Re: [anti-abuse-wg] [policy-announce] 2017-02 Review Phase (Regular abuse-c Validation)

On Fri, 19 Jan 2018 17:33:19 -0700 "Name" wrote: > "If any of our helpdesk engineers would click on a link or attachment > in what we receive on the abuse-mailbox ... " > > Then a text code could be sent via email, allowing manual opening of > RIPE website and enter the

Re: [anti-abuse-wg] [policy-announce] 2017-02 Review Phase (Regular abuse-c Validation)

On Fri, 19 Jan 2018 17:33:19 -0700 "Name" wrote: > "If any of our helpdesk engineers would click on a link or attachment > in what we receive on the abuse-mailbox ... " > > Then a text code could be sent via email, allowing manual opening of > RIPE website and enter the

Re: [anti-abuse-wg] [policy-announce] 2017-02 Review Phase (Regular abuse-c Validation)

On Fri, 19 Jan 2018 17:26:47 + Nick Hilliard wrote: > Brian Nisbet wrote: > > Given the NCC have repeatedly said that the ARC is not a suitable > > way to validate the abuse contact and have proposed an alternative > > method, supported by the ARC process, do you have any

Re: [anti-abuse-wg] [policy-announce] 2017-02 Review Phase (Regular abuse-c Validation)

Thomas, On 19/01/2018 15:44, Thomas Hungenberg wrote: > On 19.01.2018 13:08, Marco Schmidt wrote: >> The way that abuse reports are handled by the receiving party is >> usually defined by the internal procedures of the providers and not by RIPE >> Policies. > > If the abuse-mailbox is valid

Re: [anti-abuse-wg] [policy-announce] 2017-02 Review Phase (Regular abuse-c Validation)

On 19.01.2018 13:08, Marco Schmidt wrote: > The way that abuse reports are handled by the receiving party is > usually defined by the internal procedures of the providers and not by RIPE > Policies. If the abuse-mailbox is valid but the resource holder constantly ignores abuse complaints sent

Re: [anti-abuse-wg] [policy-announce] 2017-02 Review Phase (Regular abuse-c Validation)

ernes, 19 de enero de 2018, 13:09 Para: <anti-abuse-wg@ripe.net> Asunto: Re: [anti-abuse-wg] [policy-announce] 2017-02 Review Phase (Regular abuse-c Validation) Dear Jordi, Thank you for your question. On 2018-01-18 19:44:51 CET, Jordi Palet Martinez wrote: > HOW

Re: [anti-abuse-wg] [policy-announce] 2017-02 Review Phase (Regular abuse-c Validation)

Dear Jordi, Thank you for your question. On 2018-01-18 19:44:51 CET, Jordi Palet Martinez wrote: > HOWEVER, I’ve a question regarding the impact analysis, and specially this > sentence: > > “To increase efficiency, this process will use an automated solution that > will allow the validation

Re: [anti-abuse-wg] [policy-announce] 2017-02 Review Phase (Regular abuse-c Validation)

Do you want to solve a problem or create one? I can imagine as the "click here and solve captcha" emails will be standardized that a carefully crafted attack might lure fist line helpdesk people onto shady websides and making them click stuff. So if I were a helpdesk manager I would order my

Re: [anti-abuse-wg] [policy-announce] 2017-02 Review Phase (Regular abuse-c Validation)

2018, 10:58 Para: Wolfgang Tremmel <wolfgang.trem...@de-cix.net> CC: "anti-abuse-wg@ripe.net" <anti-abuse-wg@ripe.net> Asunto: Re: [anti-abuse-wg] [policy-announce] 2017-02 Review Phase (Regular abuse-c Validation) On Fri, 19 Jan 2018 09:42:09 + Wolfgang Tremmel &

Re: [anti-abuse-wg] [policy-announce] 2017-02 Review Phase (Regular abuse-c Validation)

de ox > <an...@ox.co.za> Organización: ox.co.za > Fecha: viernes, 19 de enero de 2018, 10:37 > Para: <anti-abuse-wg@ripe.net> > Asunto: Re: [anti-abuse-wg] [policy-announce] 2017-02 Review Phase > (Regular abuse-c Validation) > >

Re: [anti-abuse-wg] [policy-announce] 2017-02 Review Phase (Regular abuse-c Validation)

On Fri, 19 Jan 2018 09:42:09 + Wolfgang Tremmel wrote: > I support this policy and IMHO an automated check is "good enough" > If someone asks how this could be done I suggest reading rfc2821 > > IMHO requiring human interaction would deliver too many "false >

Re: [anti-abuse-wg] [policy-announce] 2017-02 Review Phase (Regular abuse-c Validation)

- > De: anti-abuse-wg <anti-abuse-wg-boun...@ripe.net> en nombre de ox > <an...@ox.co.za> Organización: ox.co.za > Fecha: viernes, 19 de enero de 2018, 10:37 > Para: <anti-abuse-wg@ripe.net> > Asunto: Re: [anti-abuse-wg] [policy-announce]

Re: [anti-abuse-wg] [policy-announce] 2017-02 Review Phase (Regular abuse-c Validation)

I support this policy and IMHO an automated check is "good enough" If someone asks how this could be done I suggest reading rfc2821 IMHO requiring human interaction would deliver too many "false negatives". People suggesting a captcha I guess have never worked at a helpdesk or in any customer

Re: [anti-abuse-wg] [policy-announce] 2017-02 Review Phase (Regular abuse-c Validation)

pe.net> en nombre de ox <an...@ox.co.za> Organización: ox.co.za Fecha: viernes, 19 de enero de 2018, 10:37 Para: <anti-abuse-wg@ripe.net> Asunto: Re: [anti-abuse-wg] [policy-announce] 2017-02 Review Phase (Regular abuse-c Validation) Yes, the idea Thomas had about human interac

Re: [anti-abuse-wg] [policy-announce] 2017-02 Review Phase (Regular abuse-c Validation)

ón: Artfiles New Media GmbH Fecha: viernes, 19 de enero de 2018, 10:23 Para: <anti-abuse-wg@ripe.net> Asunto: Re: [anti-abuse-wg] [policy-announce] 2017-02 Review Phase (Regular abuse-c Validation) I support the proposal in general and i also think a human interaction of the resource

Re: [anti-abuse-wg] [policy-announce] 2017-02 Review Phase (Regular abuse-c Validation)

Hi Jordi, A period of 48 hours looks too short to me, I suggest something like within a period of 2 working days (or even more). Regards, Arash On Fri, Jan 19, 2018 at 5:44 AM, JORDI PALET MARTINEZ via anti-abuse-wg < anti-abuse-wg@ripe.net> wrote: > I fully agree with this proposal and

Re: [anti-abuse-wg] [policy-announce] 2017-02 Review Phase (Regular abuse-c Validation)

I second Jordi's opinion that validation of the abuse-mailbox should require human interaction of the resource holder. In addition to solving a captcha the resource holder might need to confirm (click a checkbox) that he will monitor the abuse-mailbox account on a regular basis and take