[anti-abuse-wg] Decision on Proposal 2017-02
- Previous message (by thread): [anti-abuse-wg] Decision on Proposal 2017-02
- Next message (by thread): [anti-abuse-wg] Decision on Proposal 2017-02
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Sebastian Benoit
benoit-lists at fb12.de
Mon Mar 26 23:08:36 CEST 2018
Thomas Hungenberg(th at cert-bund.de) on 2018.03.23 10:39:53 +0100: > > We had to deal with 40+ invalid abuse contacts only for resources > registered to German holders in the past three months. > Most messages bounced with "user unknown". > > We tried to reach out to the resource holders to get the invalid > abuse contacts fixed. If that failed, we reported the case to > RIPE NCC. With their assistance, a lot of additional cases could > be solved (thanks!). > > It turned out that most of the contacts were not invalid because > the resource holders wanted to ignore reporting of abuse but due to > technical problems or the contact set to a personal mailbox of > someone who had left the organization. Many resource holders were > glad to be notified of the problem. > > So while I'd still prefer a validation process that requires > human interaction to make sure messages sent to the abuse contacts > are actually read and processed, an automated check if the mailbox > exists at all would already help a lot. > I'd be glad if this automated check just for the existence of the > abuse mailbox could be done not only annually but probably even > twice or four times a year. I support the proposal. Thomas example shows that this check fixes a real problem, and that the number of non-working abuse contacts can easily be reduced. I fixed an abuse contact myself last week - one that i believe was automatically generated by the NCC when the contacts were introduced. A lot non-working contacts probably result from that alone. If a simple check like the one proposed by the NCC had been part of the original abuse contact implementation, i believe there would have been few complaints about it. /Benno > - Thomas > > CERT-Bund Incident Response & Malware Analysis Team > > > On 20.03.2018 13:54, Gert Doering wrote: > > Hi, > > > > On Tue, Mar 20, 2018 at 01:23:18PM +0100, Janos Zsako wrote: > >> At the same time, I do see some benefit in checking regularly the provided > >> e-mail address, because I am convinced that there will always be cases where > >> people simply forget to update the database. If they are reminded, they will > >> be happy to correct it. > > > > This is actually some benefit I see here - the NCC already does the > > ARC in regular intervals, so including abuse-c: in "please check that > > these are still correct" would be useful to help "those that do care but > > overlooked a necessary update". > > > > (Right now, the NCC will already ensure that contacts are correct if they > > receive a complaint from someone that contact data is wrong) > > > > So, still not really able to make up my mind whether I support or oppose > > this - staying neutral. > > > > Gert Doering > > -- NetMaster > > > --
- Previous message (by thread): [anti-abuse-wg] Decision on Proposal 2017-02
- Next message (by thread): [anti-abuse-wg] Decision on Proposal 2017-02
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]