Search RPD Archives
Limit search to: Subject & Body Subject Author
Sort by:

[rpd] Abuse Contact Policy

Lamiaa Chnayti lamiaachnayti at gmail.com
Fri Sep 18 07:58:59 UTC 2020


Hello Jordi,

RFC2142 only defines a tiny portion of the network abuse. In real world
operation, abuse consists of a much boarder range : DMCA(copy rights)
claims, unsolicited emails , phishing websites , trade mark disputes etc.

All those are legal issues that vary vastly across different juridictions
in which no one but each of the juridiction’s judges can decide if it is an
abuse or an illegal activity. Claiming that RFC2142 defines not even 1% of
real world abuse is laughable.

Regards,

Lamiaa

Le jeu. 17 sept. 2020 à 15:51, JORDI PALET MARTINEZ via RPD <rpd at afrinic.net>
a écrit :


> Hi Lamiaa,

>

>

>

> I’ve said this already. This policy doesn’t enforce abuse, it enforces

> that the abuse contact is there, and works.

>

>

>

> Today AFRINIC is paying for the cost of the abuse handling because only a

> tiny fraction of the members has the abuse contacts in place.

>

>

>

> If the contacts in the RIR database aren’t actual and accurate, this is a

> clear violation of the RSA. So what is unacceptable is not having the

> contacts, not on the other way around.

>

>

>

> Abuse is not defined by the RIRs, everybody knows it and this is the

> reason why NONE of the RIRs have re-defined it, because it is already

> stated in RFC2142. Can you justify why AFRINIC is different and need a

> definition?

>

>

>

> How you define it in the networks that you operate?

>

>

>

> Regards,

>

> Jordi

>

> @jordipalet

>

>

>

>

>

>

>

> El 17/9/20 10:49, "Lamiaa Chnayti" <lamiaachnayti at gmail.com> escribió:

>

>

>

>

>

> Hello,

>

>

>

> I will have to agree with Lucilla on what she said and would like to add

> to it that :

>

> Firstly, Abuse enforcement is out of scope for RIRs.

>

> Secondly, RIRs have no ability to define what is “abuse”, one abuse or

> even criminal activity could be entirely a legal operation in a different

> jurisdiction.

>

> Finally, making a member forcefully reply to abuse contact Emails are a

> waste of resources and totally pointless, it is entirely up to the member

> to define what they think is acceptable in their network operation and how

> they react to it. AFRINIC has no mandate to force any member to reply to an

> “abuse”, since AFRINIC doesn’t even have the ability to identify what is

> considered an abuse.

>

> Therefore the entire policy is out of scope for the RIR operation.

>

>

>

> Regards,

>

>

>

> Lamiaa

>

>

>

>

>

>

>

>

>

>

>

>

>

>

>

>

>

>

>

> Le jeu. 17 sept. 2020 à 07:42, JORDI PALET MARTINEZ via RPD <

> rpd at afrinic.net> a écrit :

>

> Hi Lucilla,

>

>

>

> Today we already have mnt-IRT, and everybody who operate networks

> understand what it is an abuse. If you operate networks you know that *

> *anything** which is a non-authorized use of a network is an abuse.

>

>

>

> If you send spam, attack networks, try to intrude networks, etc., all

> those are abuse.

>

>

>

> What the policy ask is to make sure that in AFRINIC everybody has an abuse

> contact (today we have mnt-IRT, but is not mandatory, and as a results many

> African networks are filtered because lack of that – and consequently they

> do not respond to abuse cases -, which exist in all the other regions of

> the world).

>

>

>

> Not having an abuse means more chances of legal actions, more cost, for

> both the victims and the ISPs. Having that means that you have more chances

> to resolve it in goodfaith.

>

>

>

> One of the **most important** Afrinic missions is to have accuracy on the

> database, which includes accuracy on the contacts. We are not fulfilling

> that in this situation.

>

>

>

> Remember that **all** the other RIRs have already this kind of policy.

> This one is like the one that has been implemented in APNIC, and the

> accuracy of the contacts is now 87.5% as reported this month in the last

> APNIC meeting. In that report **none** of the members indicated any of

> the issues that you indicated (didn't happened as well in the other

> regions).

>

>

>

> You know who is interested in not having abuse contacts? Those that use

> their networks for doing abuse (hijacking, spam, DoS, intrusions, etc.).

>

>

>

> Can you explain if the network that you operate has an abuse contact an

> how if one of your customes is trying to penetrate my network or do a DoS,

> I will be able to contact you and if you will do anything or just ignore it?

>

>

>

> Regards,

>

> Jordi

>

> @jordipalet

>

>

>

>

>

>

>

> El 17/9/20 2:21, "lucilla fornaro" <lucillafornarosawamoto at gmail.com>

> escribió:

>

>

>

> Dear all,

>

>

>

> I have some concerns about the “Abuse Contact Policy”.

>

> First of all, it does not offer a specific and regulated description of

> the term “abuse” and this opens the door to potentially bigger problems: a

> surplus of reports, discrimination/legal issues, and a waste of resources.

> Around the world, we can perceive what abuse is in very different ways.

>

>

>

> Afrinic is not entitled to force members to report abuses and most

> importantly, this proposal does not represent Afrinic’s purpose.

>

>

>

> I, therefore, oppose this policy.

>

>

>

>

>

> Thank you,

>

>

>

> Lucilla

>

> _______________________________________________ RPD mailing list

> RPD at afrinic.net https://lists.afrinic.net/mailman/listinfo/rpd

>

>

> **********************************************

> IPv4 is over

> Are you ready for the new Internet ?

> http://www.theipv6company.com

> The IPv6 Company

>

> This electronic message contains information which may be privileged or

> confidential. The information is intended to be for the exclusive use of

> the individual(s) named above and further non-explicilty authorized

> disclosure, copying, distribution or use of the contents of this

> information, even if partially, including attached files, is strictly

> prohibited and will be considered a criminal offense. If you are not the

> intended recipient be aware that any disclosure, copying, distribution or

> use of the contents of this information, even if partially, including

> attached files, is strictly prohibited, will be considered a criminal

> offense, so you must reply to the original sender to inform about this

> communication and delete it.

>

> _______________________________________________

> RPD mailing list

> RPD at afrinic.net

> https://lists.afrinic.net/mailman/listinfo/rpd

>

>

> **********************************************

>

> IPv4 is over

>

> Are you ready for the new Internet ?

>

> http://www.theipv6company.com

>

> The IPv6 Company

>

>

>

> This electronic message contains information which may be privileged or

> confidential. The information is intended to be for the exclusive use of

> the individual(s) named above and further non-explicilty authorized

> disclosure, copying, distribution or use of the contents of this

> information, even if partially, including attached files, is strictly

> prohibited and will be considered a criminal offense. If you are not the

> intended recipient be aware that any disclosure, copying, distribution or

> use of the contents of this information, even if partially, including

> attached files, is strictly prohibited, will be considered a criminal

> offense, so you must reply to the original sender to inform about this

> communication and delete it.

>

>

>

>

> _______________________________________________

>

> RPD mailing list

>

> RPD at afrinic.net

>

> https://lists.afrinic.net/mailman/listinfo/rpd

>

>


Le jeu. 17 sept. 2020 à 15:49, JORDI PALET MARTINEZ via RPD <rpd at afrinic.net>
a écrit :


> Hi Lamiaa,

>

>

>

> I’ve said this already. This policy doesn’t enforce abuse, it enforces

> that the abuse contact is there, and works.

>

>

>

> Today AFRINIC is paying for the cost of the abuse handling because only a

> tiny fraction of the members has the abuse contacts in place.

>

>

>

> If the contacts in the RIR database aren’t actual and accurate, this is a

> clear violation of the RSA. So what is unacceptable is not having the

> contacts, not on the other way around.

>

>

>

> Abuse is not defined by the RIRs, everybody knows it and this is the

> reason why NONE of the RIRs have re-defined it, because it is already

> stated in RFC2142. Can you justify why AFRINIC is different and need a

> definition?

>

>

>

> How you define it in the networks that you operate?

>

>

>

> Regards,

>

> Jordi

>

> @jordipalet

>

>

>

>

>

>

>

> El 17/9/20 10:49, "Lamiaa Chnayti" <lamiaachnayti at gmail.com> escribió:

>

>

>

>

>

> Hello,

>

>

>

> I will have to agree with Lucilla on what she said and would like to add

> to it that :

>

> Firstly, Abuse enforcement is out of scope for RIRs.

>

> Secondly, RIRs have no ability to define what is “abuse”, one abuse or

> even criminal activity could be entirely a legal operation in a different

> jurisdiction.

>

> Finally, making a member forcefully reply to abuse contact Emails are a

> waste of resources and totally pointless, it is entirely up to the member

> to define what they think is acceptable in their network operation and how

> they react to it. AFRINIC has no mandate to force any member to reply to an

> “abuse”, since AFRINIC doesn’t even have the ability to identify what is

> considered an abuse.

>

> Therefore the entire policy is out of scope for the RIR operation.

>

>

>

> Regards,

>

>

>

> Lamiaa

>

>

>

>

>

>

>

>

>

>

>

>

>

>

>

>

>

>

>

> Le jeu. 17 sept. 2020 à 07:42, JORDI PALET MARTINEZ via RPD <

> rpd at afrinic.net> a écrit :

>

> Hi Lucilla,

>

>

>

> Today we already have mnt-IRT, and everybody who operate networks

> understand what it is an abuse. If you operate networks you know that *

> *anything** which is a non-authorized use of a network is an abuse.

>

>

>

> If you send spam, attack networks, try to intrude networks, etc., all

> those are abuse.

>

>

>

> What the policy ask is to make sure that in AFRINIC everybody has an abuse

> contact (today we have mnt-IRT, but is not mandatory, and as a results many

> African networks are filtered because lack of that – and consequently they

> do not respond to abuse cases -, which exist in all the other regions of

> the world).

>

>

>

> Not having an abuse means more chances of legal actions, more cost, for

> both the victims and the ISPs. Having that means that you have more chances

> to resolve it in goodfaith.

>

>

>

> One of the **most important** Afrinic missions is to have accuracy on the

> database, which includes accuracy on the contacts. We are not fulfilling

> that in this situation.

>

>

>

> Remember that **all** the other RIRs have already this kind of policy.

> This one is like the one that has been implemented in APNIC, and the

> accuracy of the contacts is now 87.5% as reported this month in the last

> APNIC meeting. In that report **none** of the members indicated any of

> the issues that you indicated (didn't happened as well in the other

> regions).

>

>

>

> You know who is interested in not having abuse contacts? Those that use

> their networks for doing abuse (hijacking, spam, DoS, intrusions, etc.).

>

>

>

> Can you explain if the network that you operate has an abuse contact an

> how if one of your customes is trying to penetrate my network or do a DoS,

> I will be able to contact you and if you will do anything or just ignore it?

>

>

>

> Regards,

>

> Jordi

>

> @jordipalet

>

>

>

>

>

>

>

> El 17/9/20 2:21, "lucilla fornaro" <lucillafornarosawamoto at gmail.com>

> escribió:

>

>

>

> Dear all,

>

>

>

> I have some concerns about the “Abuse Contact Policy”.

>

> First of all, it does not offer a specific and regulated description of

> the term “abuse” and this opens the door to potentially bigger problems: a

> surplus of reports, discrimination/legal issues, and a waste of resources.

> Around the world, we can perceive what abuse is in very different ways.

>

>

>

> Afrinic is not entitled to force members to report abuses and most

> importantly, this proposal does not represent Afrinic’s purpose.

>

>

>

> I, therefore, oppose this policy.

>

>

>

>

>

> Thank you,

>

>

>

> Lucilla

>

> _______________________________________________ RPD mailing list

> RPD at afrinic.net https://lists.afrinic.net/mailman/listinfo/rpd

>

>

> **********************************************

> IPv4 is over

> Are you ready for the new Internet ?

> http://www.theipv6company.com

> The IPv6 Company

>

> This electronic message contains information which may be privileged or

> confidential. The information is intended to be for the exclusive use of

> the individual(s) named above and further non-explicilty authorized

> disclosure, copying, distribution or use of the contents of this

> information, even if partially, including attached files, is strictly

> prohibited and will be considered a criminal offense. If you are not the

> intended recipient be aware that any disclosure, copying, distribution or

> use of the contents of this information, even if partially, including

> attached files, is strictly prohibited, will be considered a criminal

> offense, so you must reply to the original sender to inform about this

> communication and delete it.

>

> _______________________________________________

> RPD mailing list

> RPD at afrinic.net

> https://lists.afrinic.net/mailman/listinfo/rpd

>

>

> **********************************************

>

>

> IPv4 is over

>

>

> Are you ready for the new Internet ?

>

>

> http://www.theipv6company.com

>

>

> The IPv6 Company

>

>

>

>

>

> This electronic message contains information which may be privileged or

> confidential. The information is intended to be for the exclusive use of

> the individual(s) named above and further non-explicilty authorized

> disclosure, copying, distribution or use of the contents of this

> information, even if partially, including attached files, is strictly

> prohibited and will be considered a criminal offense. If you are not the

> intended recipient be aware that any disclosure, copying, distribution or

> use of the contents of this information, even if partially, including

> attached files, is strictly prohibited, will be considered a criminal

> offense, so you must reply to the original sender to inform about this

> communication and delete it.

>

>

>

>

>

>

>

> _______________________________________________

>

> RPD mailing list

>

> RPD at afrinic.net

>

> https://lists.afrinic.net/mailman/listinfo/rpd

>

> --

Lamiaa CHNAYTI
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.afrinic.net/pipermail/rpd/attachments/20200918/4ba3f137/attachment-0001.html>


More information about the RPD mailing list