Search RPD Archives
[rpd] Abuse Contact Policy
Fernando Frediani
fhfrediani at gmail.com
Fri Sep 18 12:42:30 UTC 2020
On 18/09/2020 05:22, JORDI PALET MARTINEZ via RPD wrote:
> <clip>
>
> Again, this is not about defining what is abuse, this is among the
> parties. It is about making sure that there is a valid responsible
> contact in case of anyone needs to report what he considers an abuse.
> AFRINIC will not punish anyone that believes that his customer is not
> doing an abuse because in his country is not an abuse.
>
Exactly !
Often people are misunderstanding the intention of the proposals and
opposing them for reasons that are not written on them, which end up
causing more confusion to other people.
I support this proposal
Fernando
> Regards,
>
> Jordi
>
> @jordipalet
>
> El 18/9/20 9:59, "Lamiaa Chnayti" <lamiaachnayti at gmail.com
> <mailto:lamiaachnayti at gmail.com>> escribió:
>
> Hello Jordi,
>
> RFC2142 only defines a tiny portion of the network abuse. In real
> world operation, abuse consists of a much boarder range : DMCA(copy
> rights) claims, unsolicited emails , phishing websites , trade mark
> disputes etc.
>
> All those are legal issues that vary vastly across different
> juridictions in which no one but each of the juridiction’s judges can
> decide if it is an abuse or an illegal activity. Claiming that RFC2142
> defines not even 1% of real world abuse is laughable.
>
> Regards,
>
> Lamiaa
>
> Le jeu. 17 sept. 2020 à 15:51, JORDI PALET MARTINEZ via RPD
> <rpd at afrinic.net <mailto:rpd at afrinic.net>> a écrit :
>
> Hi Lamiaa,
>
> I’ve said this already. This policy doesn’t enforce abuse, it
> enforces that the abuse contact is there, and works.
>
> Today AFRINIC is paying for the cost of the abuse handling because
> only a tiny fraction of the members has the abuse contacts in place.
>
> If the contacts in the RIR database aren’t actual and accurate,
> this is a clear violation of the RSA. So what is unacceptable is
> not having the contacts, not on the other way around.
>
> Abuse is not defined by the RIRs, everybody knows it and this is
> the reason why NONE of the RIRs have re-defined it, because it is
> already stated in RFC2142. Can you justify why AFRINIC is
> different and need a definition?
>
> How you define it in the networks that you operate?
>
> Regards,
>
> Jordi
>
> @jordipalet
>
> El 17/9/20 10:49, "Lamiaa Chnayti" <lamiaachnayti at gmail.com
> <mailto:lamiaachnayti at gmail.com>> escribió:
>
> Hello,
>
> I will have to agree with Lucilla on what she said and would like
> to add to it that :
>
> Firstly, Abuse enforcement is out of scope for RIRs.
>
> Secondly, RIRs have no ability to define what is “abuse”, one
> abuse or even criminal activity could be entirely a legal
> operation in a different jurisdiction.
>
> Finally, making a member forcefully reply to abuse contact Emails
> are a waste of resources and totally pointless, it is entirely up
> to the member to define what they think is acceptable in their
> network operation and how they react to it. AFRINIC has no mandate
> to force any member to reply to an “abuse”, since AFRINIC doesn’t
> even have the ability to identify what is considered an abuse.
>
> Therefore the entire policy is out of scope for the RIR operation.
>
> Regards,
>
> Lamiaa
>
> Le jeu. 17 sept. 2020 à 07:42, JORDI PALET MARTINEZ via RPD
> <rpd at afrinic.net <mailto:rpd at afrinic.net>> a écrit :
>
> Hi Lucilla,
>
> Today we already have mnt-IRT, and everybody who operate
> networks understand what it is an abuse. If you operate
> networks you know that **anything** which is a non-authorized
> use of a network is an abuse.
>
> If you send spam, attack networks, try to intrude networks,
> etc., all those are abuse.
>
> What the policy ask is to make sure that in AFRINIC everybody
> has an abuse contact (today we have mnt-IRT, but is not
> mandatory, and as a results many African networks are filtered
> because lack of that – and consequently they do not respond to
> abuse cases -, which exist in all the other regions of the world).
>
> Not having an abuse means more chances of legal actions, more
> cost, for both the victims and the ISPs. Having that means
> that you have more chances to resolve it in goodfaith.
>
> One of the **most important** Afrinic missions is to have
> accuracy on the database, which includes accuracy on the
> contacts. We are not fulfilling that in this situation.
>
> Remember that **all** the other RIRs have already this kind of
> policy. This one is like the one that has been implemented in
> APNIC, and the accuracy of the contacts is now 87.5% as
> reported this month in the last APNIC meeting. In that report
> **none** of the members indicated any of the issues that you
> indicated (didn't happened as well in the other regions).
>
> You know who is interested in not having abuse contacts? Those
> that use their networks for doing abuse (hijacking, spam, DoS,
> intrusions, etc.).
>
> Can you explain if the network that you operate has an abuse
> contact an how if one of your customes is trying to penetrate
> my network or do a DoS, I will be able to contact you and if
> you will do anything or just ignore it?
>
> Regards,
>
> Jordi
>
> @jordipalet
>
> El 17/9/20 2:21, "lucilla fornaro"
> <lucillafornarosawamoto at gmail.com
> <mailto:lucillafornarosawamoto at gmail.com>> escribió:
>
> Dear all,
>
> I have some concerns about the “Abuse Contact Policy”.
>
> First of all, it does not offer a specific and regulated
> description of the term “abuse” and this opens the door to
> potentially bigger problems: a surplus of reports,
> discrimination/legal issues, and a waste of resources. Around
> the world, we can perceive what abuse is in very different ways.
>
> Afrinic is not entitled to force members to report abuses and
> most importantly, this proposal does not represent Afrinic’s
> purpose.
>
> I, therefore, oppose this policy.
>
> Thank you,
>
> Lucilla
>
> _______________________________________________ RPD mailing
> list RPD at afrinic.net <mailto:RPD at afrinic.net>
> https://lists.afrinic.net/mailman/listinfo/rpd
> <https://lists.afrinic.net/mailman/listinfo/rpd>
>
>
> **********************************************
> IPv4 is over
> Are you ready for the new Internet ?
> http://www.theipv6company.com <http://www.theipv6company.com/>
> The IPv6 Company
>
> This electronic message contains information which may be
> privileged or confidential. The information is intended to be
> for the exclusive use of the individual(s) named above and
> further non-explicilty authorized disclosure, copying,
> distribution or use of the contents of this information, even
> if partially, including attached files, is strictly prohibited
> and will be considered a criminal offense. If you are not the
> intended recipient be aware that any disclosure, copying,
> distribution or use of the contents of this information, even
> if partially, including attached files, is strictly
> prohibited, will be considered a criminal offense, so you must
> reply to the original sender to inform about this
> communication and delete it.
>
> _______________________________________________
> RPD mailing list
> RPD at afrinic.net <mailto:RPD at afrinic.net>
> https://lists.afrinic.net/mailman/listinfo/rpd
> <https://lists.afrinic.net/mailman/listinfo/rpd>
>
>
> **********************************************
>
> IPv4 is over
>
> Are you ready for the new Internet ?
>
> http://www.theipv6company.com <http://www.theipv6company.com/>
>
> The IPv6 Company
>
>
>
> This electronic message contains information which may be
> privileged or confidential. The information is intended to be for
> the exclusive use of the individual(s) named above and further
> non-explicilty authorized disclosure, copying, distribution or use
> of the contents of this information, even if partially, including
> attached files, is strictly prohibited and will be considered a
> criminal offense. If you are not the intended recipient be aware
> that any disclosure, copying, distribution or use of the contents
> of this information, even if partially, including attached files,
> is strictly prohibited, will be considered a criminal offense, so
> you must reply to the original sender to inform about this
> communication and delete it.
>
>
>
> _______________________________________________
>
> RPD mailing list
>
> RPD at afrinic.net <mailto:RPD at afrinic.net>
>
> https://lists.afrinic.net/mailman/listinfo/rpd
> <https://lists.afrinic.net/mailman/listinfo/rpd>
>
> Le jeu. 17 sept. 2020 à 15:49, JORDI PALET MARTINEZ via RPD
> <rpd at afrinic.net <mailto:rpd at afrinic.net>> a écrit :
>
> Hi Lamiaa,
>
> I’ve said this already. This policy doesn’t enforce abuse, it
> enforces that the abuse contact is there, and works.
>
> Today AFRINIC is paying for the cost of the abuse handling because
> only a tiny fraction of the members has the abuse contacts in place.
>
> If the contacts in the RIR database aren’t actual and accurate,
> this is a clear violation of the RSA. So what is unacceptable is
> not having the contacts, not on the other way around.
>
> Abuse is not defined by the RIRs, everybody knows it and this is
> the reason why NONE of the RIRs have re-defined it, because it is
> already stated in RFC2142. Can you justify why AFRINIC is
> different and need a definition?
>
> How you define it in the networks that you operate?
>
> Regards,
>
> Jordi
>
> @jordipalet
>
> El 17/9/20 10:49, "Lamiaa Chnayti" <lamiaachnayti at gmail.com
> <mailto:lamiaachnayti at gmail.com>> escribió:
>
> Hello,
>
> I will have to agree with Lucilla on what she said and would like
> to add to it that :
>
> Firstly, Abuse enforcement is out of scope for RIRs.
>
> Secondly, RIRs have no ability to define what is “abuse”, one
> abuse or even criminal activity could be entirely a legal
> operation in a different jurisdiction.
>
> Finally, making a member forcefully reply to abuse contact Emails
> are a waste of resources and totally pointless, it is entirely up
> to the member to define what they think is acceptable in their
> network operation and how they react to it. AFRINIC has no mandate
> to force any member to reply to an “abuse”, since AFRINIC doesn’t
> even have the ability to identify what is considered an abuse.
>
> Therefore the entire policy is out of scope for the RIR operation.
>
> Regards,
>
> Lamiaa
>
> Le jeu. 17 sept. 2020 à 07:42, JORDI PALET MARTINEZ via RPD
> <rpd at afrinic.net <mailto:rpd at afrinic.net>> a écrit :
>
> Hi Lucilla,
>
> Today we already have mnt-IRT, and everybody who operate
> networks understand what it is an abuse. If you operate
> networks you know that **anything** which is a non-authorized
> use of a network is an abuse.
>
> If you send spam, attack networks, try to intrude networks,
> etc., all those are abuse.
>
> What the policy ask is to make sure that in AFRINIC everybody
> has an abuse contact (today we have mnt-IRT, but is not
> mandatory, and as a results many African networks are filtered
> because lack of that – and consequently they do not respond to
> abuse cases -, which exist in all the other regions of the world).
>
> Not having an abuse means more chances of legal actions, more
> cost, for both the victims and the ISPs. Having that means
> that you have more chances to resolve it in goodfaith.
>
> One of the **most important** Afrinic missions is to have
> accuracy on the database, which includes accuracy on the
> contacts. We are not fulfilling that in this situation.
>
> Remember that **all** the other RIRs have already this kind of
> policy. This one is like the one that has been implemented in
> APNIC, and the accuracy of the contacts is now 87.5% as
> reported this month in the last APNIC meeting. In that report
> **none** of the members indicated any of the issues that you
> indicated (didn't happened as well in the other regions).
>
> You know who is interested in not having abuse contacts? Those
> that use their networks for doing abuse (hijacking, spam, DoS,
> intrusions, etc.).
>
> Can you explain if the network that you operate has an abuse
> contact an how if one of your customes is trying to penetrate
> my network or do a DoS, I will be able to contact you and if
> you will do anything or just ignore it?
>
> Regards,
>
> Jordi
>
> @jordipalet
>
> El 17/9/20 2:21, "lucilla fornaro"
> <lucillafornarosawamoto at gmail.com
> <mailto:lucillafornarosawamoto at gmail.com>> escribió:
>
> Dear all,
>
> I have some concerns about the “Abuse Contact Policy”.
>
> First of all, it does not offer a specific and regulated
> description of the term “abuse” and this opens the door to
> potentially bigger problems: a surplus of reports,
> discrimination/legal issues, and a waste of resources. Around
> the world, we can perceive what abuse is in very different ways.
>
> Afrinic is not entitled to force members to report abuses and
> most importantly, this proposal does not represent Afrinic’s
> purpose.
>
> I, therefore, oppose this policy.
>
> Thank you,
>
> Lucilla
>
> _______________________________________________ RPD mailing
> list RPD at afrinic.net <mailto:RPD at afrinic.net>
> https://lists.afrinic.net/mailman/listinfo/rpd
> <https://lists.afrinic.net/mailman/listinfo/rpd>
>
>
> **********************************************
> IPv4 is over
> Are you ready for the new Internet ?
> http://www.theipv6company.com <http://www.theipv6company.com>
> The IPv6 Company
>
> This electronic message contains information which may be
> privileged or confidential. The information is intended to be
> for the exclusive use of the individual(s) named above and
> further non-explicilty authorized disclosure, copying,
> distribution or use of the contents of this information, even
> if partially, including attached files, is strictly prohibited
> and will be considered a criminal offense. If you are not the
> intended recipient be aware that any disclosure, copying,
> distribution or use of the contents of this information, even
> if partially, including attached files, is strictly
> prohibited, will be considered a criminal offense, so you must
> reply to the original sender to inform about this
> communication and delete it.
>
> _______________________________________________
> RPD mailing list
> RPD at afrinic.net <mailto:RPD at afrinic.net>
> https://lists.afrinic.net/mailman/listinfo/rpd
> <https://lists.afrinic.net/mailman/listinfo/rpd>
>
>
> **********************************************
>
>
> IPv4 is over
>
>
> Are you ready for the new Internet ?
>
>
> http://www.theipv6company.com <http://www.theipv6company.com>
>
>
> The IPv6 Company
>
>
>
>
>
> This electronic message contains information which may be
> privileged or confidential. The information is intended to be for
> the exclusive use of the individual(s) named above and further
> non-explicilty authorized disclosure, copying, distribution or use
> of the contents of this information, even if partially, including
> attached files, is strictly prohibited and will be considered a
> criminal offense. If you are not the intended recipient be aware
> that any disclosure, copying, distribution or use of the contents
> of this information, even if partially, including attached files,
> is strictly prohibited, will be considered a criminal offense, so
> you must reply to the original sender to inform about this
> communication and delete it.
>
>
>
>
>
>
> _______________________________________________
>
> RPD mailing list
>
> RPD at afrinic.net <mailto:RPD at afrinic.net>
>
> https://lists.afrinic.net/mailman/listinfo/rpd
> <https://lists.afrinic.net/mailman/listinfo/rpd>
>
> --
>
> Lamiaa CHNAYTI
>
>
> **********************************************
> IPv4 is over
> Are you ready for the new Internet ?
> http://www.theipv6company.com
> The IPv6 Company
>
> This electronic message contains information which may be privileged
> or confidential. The information is intended to be for the exclusive
> use of the individual(s) named above and further non-explicilty
> authorized disclosure, copying, distribution or use of the contents of
> this information, even if partially, including attached files, is
> strictly prohibited and will be considered a criminal offense. If you
> are not the intended recipient be aware that any disclosure, copying,
> distribution or use of the contents of this information, even if
> partially, including attached files, is strictly prohibited, will be
> considered a criminal offense, so you must reply to the original
> sender to inform about this communication and delete it.
>
>
> _______________________________________________
> RPD mailing list
> RPD at afrinic.net
> https://lists.afrinic.net/mailman/listinfo/rpd
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.afrinic.net/pipermail/rpd/attachments/20200918/011fb642/attachment-0001.html>
More information about the RPD
mailing list