<html xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:w="urn:schemas-microsoft-com:office:word" xmlns:m="http://schemas.microsoft.com/office/2004/12/omml" xmlns="http://www.w3.org/TR/REC-html40"><head><meta http-equiv=Content-Type content="text/html; charset=utf-8"><meta name=Generator content="Microsoft Word 15 (filtered medium)"><style><!--
/* Font Definitions */
@font-face
{font-family:"Cambria Math";
panose-1:2 4 5 3 5 4 6 3 2 4;}
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
@font-face
{font-family:"Times New Roman \(Cuerpo en alfa";
panose-1:2 2 6 3 5 4 5 2 3 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0cm;
margin-bottom:.0001pt;
font-size:11.0pt;
font-family:"Calibri",sans-serif;}
a:link, span.MsoHyperlink
{mso-style-priority:99;
color:blue;
text-decoration:underline;}
span.EstiloCorreo18
{mso-style-type:personal-reply;
font-family:"Calibri",sans-serif;
color:windowtext;}
.MsoChpDefault
{mso-style-type:export-only;
font-size:10.0pt;}
@page WordSection1
{size:612.0pt 792.0pt;
margin:70.85pt 3.0cm 70.85pt 3.0cm;}
div.WordSection1
{page:WordSection1;}
--></style></head><body lang=ES link=blue vlink=purple><div class=WordSection1><p class=MsoNormal><span lang=ES-TRAD style='font-size:12.0pt;mso-fareast-language:EN-US'><o:p> </o:p></span></p><div><div><p class=MsoNormal style='margin-left:35.4pt'>El 29/4/20 4:25, "anti-abuse-wg en nombre de No No" <<a href="mailto:anti-abuse-wg-bounces@ripe.net">anti-abuse-wg-bounces@ripe.net</a> en nombre de <a href="mailto:no0484985@gmail.com">no0484985@gmail.com</a>> escribió:<o:p></o:p></p></div></div><div><p class=MsoNormal style='margin-left:35.4pt'><o:p> </o:p></p></div><div><p class=MsoNormal style='margin-left:35.4pt'>In relation to the policy, where it says: "must not force the sender to use a form."<o:p></o:p></p><div><p class=MsoNormal style='margin-left:35.4pt'><o:p> </o:p></p></div><div><p class=MsoNormal style='margin-left:35.4pt'>as someone that reports phishing websites, I find the use of forms helpful, as it ensures the company receives the report, particularly where they implement a CAPTCHA. <o:p></o:p></p></div><div><p class=MsoNormal style='margin-left:35.4pt'><o:p> </o:p></p><p class=MsoNormal><span lang=EN-US>[Jordi] I disagree here and many people has also indicated the same in previous versions discussions. The problem of a form is that is not standard. If you’re reporting abuses to 100 ISPs, and each one has its own form, you really need to do it manually, you can’t automate it. Even if you do the job for automating it, they may change it and your automation may fail. This is economically non-sustainable and means that the cost of the abuse cases is on the back of the one actually reporting.<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US style='font-size:12.0pt'><o:p> </o:p></span></p></div><div><p class=MsoNormal style='margin-left:35.4pt'>To require the resource to only accept abuse reports via email, means all the criminals have to do is flood the mailbox, making it physically impossible to receive the abuse reports.<o:p></o:p></p></div><div><p class=MsoNormal style='margin-left:35.4pt'><o:p> </o:p></p><p class=MsoNormal><span lang=EN-US>[Jordi] That's why I’m suggesting the use of standards as one of the options. I’m happy to find a better way or wording to improve it. Do we agree that something that can be fully automatted is much better, even to filter that kind of flooding?</span><span lang=EN-US style='font-size:12.0pt'><o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US style='font-size:12.0pt'><o:p> </o:p></span></p></div><div><p class=MsoNormal style='margin-left:35.4pt'>If the policy could be amended to include a suggestion that the abuse mailbox contain a verification procedure (such as "your email has been received. Please "click here" to confirm you sent it") it would improve efficiency all around.<o:p></o:p></p></div><div><p class=MsoNormal style='margin-left:35.4pt'><o:p> </o:p></p></div><div><p class=MsoNormal><span lang=EN-US>[Jordi] A previous version had many many many details and it was considered to intrusive, that's why I’m going away from there.</span><span lang=EN-US><o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US style='font-size:12.0pt'><o:p> </o:p></span></p></div><div><p class=MsoNormal style='margin-left:35.4pt'>In relation to Nick Hilliard's email, where they say:<o:p></o:p></p></div><div><p class=MsoNormal style='margin-left:35.4pt'><o:p> </o:p></p></div><div><p class=MsoNormal style='margin-left:35.4pt'>" it is beyond inappropriate for this working group to expect the RIPE NCC to withdraw numbering resources if member organisations don't comply with an arbitrary policy which forces the use of SMTP email like this."<o:p></o:p></p></div><div><p class=MsoNormal style='margin-left:35.4pt'><o:p> </o:p></p></div><div><p class=MsoNormal style='margin-left:35.4pt'>This is, in a nutshell, what is wrong with this RIR, and others, such as ARIN. Often I will look up abuse contacts on ARIN, to find that the abuse mailbox bounces, and a message such as "ARIN has attempted to verify this email address since 10-11-2010" - almost 10 YEARS!<o:p></o:p></p></div><div><p class=MsoNormal style='margin-left:35.4pt'><o:p> </o:p></p></div><div><p class=MsoNormal style='margin-left:35.4pt'>So, what are you seriously suggesting? Because these people that become offended at the suggestion that it's unreasonable for someone to ensure an email address is valid once per year (very onerous i'm sure), never really say what they really mean, which is really what is inappropriate: that criminals should be able to use a resource indefinitely to pump out spam, host phishing websites, co-ordinate botnets etc... and that the person that receives this crap is not even entitled to let the resource owner know?<o:p></o:p></p></div><div><p class=MsoNormal style='margin-left:35.4pt'><o:p> </o:p></p></div><div><p class=MsoNormal style='margin-left:35.4pt'>----<o:p></o:p></p></div><div><p class=MsoNormal style='margin-left:35.4pt'><o:p> </o:p></p></div><div><p class=MsoNormal style='margin-left:35.4pt'><o:p> </o:p></p></div><div><p class=MsoNormal style='margin-left:35.4pt'><o:p> </o:p></p></div><div><p class=MsoNormal style='margin-left:35.4pt'><o:p> </o:p></p></div><div><p class=MsoNormal style='margin-left:35.4pt'><o:p> </o:p></p></div></div><p class=MsoNormal style='margin-left:35.4pt'><o:p> </o:p></p><div><div><p class=MsoNormal style='margin-left:35.4pt'>On Wed, Apr 29, 2020 at 12:01 AM Petrit Hasani <<a href="mailto:phasani@ripe.net">phasani@ripe.net</a>> wrote:<o:p></o:p></p></div><blockquote style='border:none;border-left:solid #CCCCCC 1.0pt;padding:0cm 0cm 0cm 6.0pt;margin-left:4.8pt;margin-right:0cm'><p class=MsoNormal style='mso-margin-top-alt:0cm;margin-right:0cm;margin-bottom:12.0pt;margin-left:35.4pt'>Dear colleagues,<br><br>A new version of RIPE policy proposal, 2019-04, "Validation of<br>"abuse-mailbox"", is now available for discussion.<br><br>This proposal aims to have the RIPE NCC validate "abuse-c:" information<br>more often and introduces a new validation process.<br><br>Most of the text has been rewritten following the last round of<br>discussion and the proposal is now at version 3.0. Some key points in<br>this version:<br><br>- The abuse-mailbox should not force the sender to use a form<br>- The validation process must ensure that the abuse mailbox is able to<br>receive messages<br>- The validation should happen at least every six months<br><br>You can find the full proposal at:<br><a href="https://www.ripe.net/participate/policies/proposals/2019-04" target="_blank">https://www.ripe.net/participate/policies/proposals/2019-04</a><br><br>As per the RIPE Policy Development Process (PDP), the purpose of this<br>four-week Discussion Phase is to discuss the proposal and provide<br>feedback to the proposer.<br><br>At the end of the Discussion Phase, the proposer, with the agreement of<br>the Anti-Abuse Working Group Chairs, will decide how to proceed with the<br>proposal.<br><br>We encourage you to review this proposal and send your comments to<br><<a href="mailto:anti-abuse-wg@ripe.net" target="_blank">anti-abuse-wg@ripe.net</a>> before 27 May 2020.<br><br>Kind regards,<br>--<br>Petrit Hasani<br>Policy Officer<br>RIPE NCC<br><br><br><br><br><o:p></o:p></p></blockquote></div></div><br>**********************************************<br>
IPv4 is over<br>
Are you ready for the new Internet ?<br>
http://www.theipv6company.com<br>
The IPv6 Company<br>
<br>
This electronic message contains information which may be privileged or confidential. The information is intended to be for the exclusive use of the individual(s) named above and further non-explicilty authorized disclosure, copying, distribution or use of the contents of this information, even if partially, including attached files, is strictly prohibited and will be considered a criminal offense. If you are not the intended recipient be aware that any disclosure, copying, distribution or use of the contents of this information, even if partially, including attached files, is strictly prohibited, will be considered a criminal offense, so you must reply to the original sender to inform about this communication and delete it.<br>
<br>
</body></html>