[anti-abuse-wg] Decision on Proposal 2017-02

Mon Mar 26 23:08:36 CEST 2018

Thomas Hungenberg(th at cert-bund.de) on 2018.03.23 10:39:53 +0100:
> 
> We had to deal with 40+ invalid abuse contacts only for resources
> registered to German holders in the past three months.
> Most messages bounced with "user unknown".
> 
> We tried to reach out to the resource holders to get the invalid
> abuse contacts fixed. If that failed, we reported the case to
> RIPE NCC. With their assistance, a lot of additional cases could
> be solved (thanks!).
> 
> It turned out that most of the contacts were not invalid because
> the resource holders wanted to ignore reporting of abuse but due to
> technical problems or the contact set to a personal mailbox of
> someone who had left the organization. Many resource holders were
> glad to be notified of the problem.
> 
> So while I'd still prefer a validation process that requires
> human interaction to make sure messages sent to the abuse contacts
> are actually read and processed, an automated check if the mailbox
> exists at all would already help a lot.
> I'd be glad if this automated check just for the existence of the
> abuse mailbox could be done not only annually but probably even
> twice or four times a year.

I support the proposal. Thomas example shows that this check fixes a real
problem, and that the number of non-working abuse contacts can easily be
reduced.

I fixed an abuse contact myself last week - one that i believe was
automatically generated by the NCC when the contacts were introduced. A lot
non-working contacts probably result from that alone.

If a simple check like the one proposed by the NCC had been part of the
original abuse contact implementation, i believe there would have been few
complaints about it.

/Benno

>      - Thomas
> 
> CERT-Bund Incident Response & Malware Analysis Team
> 
> 
> On 20.03.2018 13:54, Gert Doering wrote:
> > Hi,
> > 
> > On Tue, Mar 20, 2018 at 01:23:18PM +0100, Janos Zsako wrote:
> >> At the same time, I do see some benefit in checking regularly the provided
> >> e-mail address, because I am convinced that there will always be cases where
> >> people simply forget to update the database. If they are reminded, they will
> >> be happy to correct it.
> > 
> > This is actually some benefit I see here - the NCC already does the
> > ARC in regular intervals, so including abuse-c: in "please check that
> > these are still correct" would be useful to help "those that do care but
> > overlooked a necessary update".
> > 
> > (Right now, the NCC will already ensure that contacts are correct if they 
> > receive a complaint from someone that contact data is wrong)
> > 
> > So, still not really able to make up my mind whether I support or oppose
> > this - staying neutral.
> > 
> > Gert Doering
> >         -- NetMaster
> > 
> 

-- 