Search RPD Archives
Limit search to: Subject & Body Subject Author
Sort by:

[rpd] Abuse Contact Policy

Fernando Frediani fhfrediani at gmail.com
Fri Sep 18 12:42:30 UTC 2020


On 18/09/2020 05:22, JORDI PALET MARTINEZ via RPD wrote:

> <clip>

>

> Again, this is not about defining what is abuse, this is among the

> parties. It is about making sure that there is a valid responsible

> contact in case of anyone needs to report what he considers an abuse.

> AFRINIC will not punish anyone that believes that his customer is not

> doing an abuse because in his country is not an abuse.

>

Exactly !

Often people are misunderstanding the intention of the proposals and
opposing them for reasons that are not written on them, which end up
causing more confusion to other people.

I support this proposal
Fernando


> Regards,

>

> Jordi

>

> @jordipalet

>

> El 18/9/20 9:59, "Lamiaa Chnayti" <lamiaachnayti at gmail.com

> <mailto:lamiaachnayti at gmail.com>> escribió:

>

> Hello Jordi,

>

> RFC2142 only defines a tiny portion of the network abuse. In real

> world operation, abuse consists of a  much boarder range : DMCA(copy

> rights) claims, unsolicited emails , phishing  websites , trade mark

> disputes etc.

>

> All those are legal issues that vary vastly across different

> juridictions in which no one but each of the juridiction’s judges can

> decide if it is an abuse or an illegal activity. Claiming that RFC2142

> defines not even 1% of real world abuse is laughable.

>

> Regards,

>

> Lamiaa

>

> Le jeu. 17 sept. 2020 à 15:51, JORDI PALET MARTINEZ via RPD

> <rpd at afrinic.net <mailto:rpd at afrinic.net>> a écrit :

>

> Hi Lamiaa,

>

> I’ve said this already. This policy doesn’t enforce abuse, it

> enforces that the abuse contact is there, and works.

>

> Today AFRINIC is paying for the cost of the abuse handling because

> only a tiny fraction of the members has the abuse contacts in place.

>

> If the contacts in the RIR database aren’t actual and accurate,

> this is a clear violation of the RSA. So what is unacceptable is

> not having the contacts, not on the other way around.

>

> Abuse is not defined by the RIRs, everybody knows it and this is

> the reason why NONE of the RIRs have re-defined it, because it is

> already stated in RFC2142. Can you justify why AFRINIC is

> different and need a definition?

>

> How you define it in the networks that you operate?

>

> Regards,

>

> Jordi

>

> @jordipalet

>

> El 17/9/20 10:49, "Lamiaa Chnayti" <lamiaachnayti at gmail.com

> <mailto:lamiaachnayti at gmail.com>> escribió:

>

> Hello,

>

> I will have to agree with Lucilla on what she said and would like

> to add to it that :

>

> Firstly, Abuse enforcement is out of scope for RIRs.

>

> Secondly, RIRs have no ability to define what is “abuse”, one

> abuse or even criminal activity could be entirely a legal

> operation in a different jurisdiction.

>

> Finally, making a member forcefully reply to abuse contact Emails

> are a waste of resources and totally pointless, it is entirely up

> to the member to define what they think is acceptable in their

> network operation and how they react to it. AFRINIC has no mandate

> to force any member to reply to an “abuse”, since AFRINIC doesn’t

> even have the ability to identify what is considered an abuse.

>

> Therefore the entire policy is out of scope for the RIR operation.

>

> Regards,

>

> Lamiaa

>

> Le jeu. 17 sept. 2020 à 07:42, JORDI PALET MARTINEZ via RPD

> <rpd at afrinic.net <mailto:rpd at afrinic.net>> a écrit :

>

> Hi Lucilla,

>

> Today we already have mnt-IRT, and everybody who operate

> networks understand what it is an abuse. If you operate

> networks you know that **anything** which is a non-authorized

> use of a network is an abuse.

>

> If you send spam, attack networks, try to intrude networks,

> etc., all those are abuse.

>

> What the policy ask is to make sure that in AFRINIC everybody

> has an abuse contact (today we have mnt-IRT, but is not

> mandatory, and as a results many African networks are filtered

> because lack of that – and consequently they do not respond to

> abuse cases -, which exist in all the other regions of the world).

>

> Not having an abuse means more chances of legal actions, more

> cost, for both the victims and the ISPs. Having that means

> that you have more chances to resolve it in goodfaith.

>

> One of the **most important** Afrinic missions is to have

> accuracy on the database, which includes accuracy on the

> contacts. We are not fulfilling that in this situation.

>

> Remember that **all** the other RIRs have already this kind of

> policy. This one is like the one that has been implemented in

> APNIC, and the accuracy of the contacts is now 87.5% as

> reported this month in the last APNIC meeting. In that report

> **none** of the members indicated any of the issues that you

> indicated (didn't happened as well in the other regions).

>

> You know who is interested in not having abuse contacts? Those

> that use their networks for doing abuse (hijacking, spam, DoS,

> intrusions, etc.).

>

> Can you explain if the network that you operate has an abuse

> contact an how if one of your customes is trying to penetrate

> my network or do a DoS, I will be able to contact you and if

> you will do anything or just ignore it?

>

> Regards,

>

> Jordi

>

> @jordipalet

>

> El 17/9/20 2:21, "lucilla fornaro"

> <lucillafornarosawamoto at gmail.com

> <mailto:lucillafornarosawamoto at gmail.com>> escribió:

>

> Dear all,

>

> I have some concerns about the “Abuse Contact Policy”.

>

> First of all, it does not offer a specific and regulated

> description of the term “abuse”  and this opens the door to

> potentially bigger problems: a surplus of reports,

> discrimination/legal issues, and a waste of resources. Around

> the world, we can perceive what abuse is in very different ways.

>

> Afrinic is not entitled to force members to report abuses and

> most importantly, this proposal does not represent Afrinic’s

> purpose.

>

> I, therefore, oppose this policy.

>

> Thank you,

>

> Lucilla

>

> _______________________________________________ RPD mailing

> list RPD at afrinic.net <mailto:RPD at afrinic.net>

> https://lists.afrinic.net/mailman/listinfo/rpd

> <https://lists.afrinic.net/mailman/listinfo/rpd>

>

>

> **********************************************

> IPv4 is over

> Are you ready for the new Internet ?

> http://www.theipv6company.com <http://www.theipv6company.com/>

> The IPv6 Company

>

> This electronic message contains information which may be

> privileged or confidential. The information is intended to be

> for the exclusive use of the individual(s) named above and

> further non-explicilty authorized disclosure, copying,

> distribution or use of the contents of this information, even

> if partially, including attached files, is strictly prohibited

> and will be considered a criminal offense. If you are not the

> intended recipient be aware that any disclosure, copying,

> distribution or use of the contents of this information, even

> if partially, including attached files, is strictly

> prohibited, will be considered a criminal offense, so you must

> reply to the original sender to inform about this

> communication and delete it.

>

> _______________________________________________

> RPD mailing list

> RPD at afrinic.net <mailto:RPD at afrinic.net>

> https://lists.afrinic.net/mailman/listinfo/rpd

> <https://lists.afrinic.net/mailman/listinfo/rpd>

>

>

> **********************************************

>

> IPv4 is over

>

> Are you ready for the new Internet ?

>

> http://www.theipv6company.com <http://www.theipv6company.com/>

>

> The IPv6 Company

>

>

>

> This electronic message contains information which may be

> privileged or confidential. The information is intended to be for

> the exclusive use of the individual(s) named above and further

> non-explicilty authorized disclosure, copying, distribution or use

> of the contents of this information, even if partially, including

> attached files, is strictly prohibited and will be considered a

> criminal offense. If you are not the intended recipient be aware

> that any disclosure, copying, distribution or use of the contents

> of this information, even if partially, including attached files,

> is strictly prohibited, will be considered a criminal offense, so

> you must reply to the original sender to inform about this

> communication and delete it.

>

>

>

> _______________________________________________

>

> RPD mailing list

>

> RPD at afrinic.net <mailto:RPD at afrinic.net>

>

> https://lists.afrinic.net/mailman/listinfo/rpd

> <https://lists.afrinic.net/mailman/listinfo/rpd>

>

> Le jeu. 17 sept. 2020 à 15:49, JORDI PALET MARTINEZ via RPD

> <rpd at afrinic.net <mailto:rpd at afrinic.net>> a écrit :

>

> Hi Lamiaa,

>

> I’ve said this already. This policy doesn’t enforce abuse, it

> enforces that the abuse contact is there, and works.

>

> Today AFRINIC is paying for the cost of the abuse handling because

> only a tiny fraction of the members has the abuse contacts in place.

>

> If the contacts in the RIR database aren’t actual and accurate,

> this is a clear violation of the RSA. So what is unacceptable is

> not having the contacts, not on the other way around.

>

> Abuse is not defined by the RIRs, everybody knows it and this is

> the reason why NONE of the RIRs have re-defined it, because it is

> already stated in RFC2142. Can you justify why AFRINIC is

> different and need a definition?

>

> How you define it in the networks that you operate?

>

> Regards,

>

> Jordi

>

> @jordipalet

>

> El 17/9/20 10:49, "Lamiaa Chnayti" <lamiaachnayti at gmail.com

> <mailto:lamiaachnayti at gmail.com>> escribió:

>

> Hello,

>

> I will have to agree with Lucilla on what she said and would like

> to add to it that :

>

> Firstly, Abuse enforcement is out of scope for RIRs.

>

> Secondly, RIRs have no ability to define what is “abuse”, one

> abuse or even criminal activity could be entirely a legal

> operation in a different jurisdiction.

>

> Finally, making a member forcefully reply to abuse contact Emails

> are a waste of resources and totally pointless, it is entirely up

> to the member to define what they think is acceptable in their

> network operation and how they react to it. AFRINIC has no mandate

> to force any member to reply to an “abuse”, since AFRINIC doesn’t

> even have the ability to identify what is considered an abuse.

>

> Therefore the entire policy is out of scope for the RIR operation.

>

> Regards,

>

> Lamiaa

>

> Le jeu. 17 sept. 2020 à 07:42, JORDI PALET MARTINEZ via RPD

> <rpd at afrinic.net <mailto:rpd at afrinic.net>> a écrit :

>

> Hi Lucilla,

>

> Today we already have mnt-IRT, and everybody who operate

> networks understand what it is an abuse. If you operate

> networks you know that **anything** which is a non-authorized

> use of a network is an abuse.

>

> If you send spam, attack networks, try to intrude networks,

> etc., all those are abuse.

>

> What the policy ask is to make sure that in AFRINIC everybody

> has an abuse contact (today we have mnt-IRT, but is not

> mandatory, and as a results many African networks are filtered

> because lack of that – and consequently they do not respond to

> abuse cases -, which exist in all the other regions of the world).

>

> Not having an abuse means more chances of legal actions, more

> cost, for both the victims and the ISPs. Having that means

> that you have more chances to resolve it in goodfaith.

>

> One of the **most important** Afrinic missions is to have

> accuracy on the database, which includes accuracy on the

> contacts. We are not fulfilling that in this situation.

>

> Remember that **all** the other RIRs have already this kind of

> policy. This one is like the one that has been implemented in

> APNIC, and the accuracy of the contacts is now 87.5% as

> reported this month in the last APNIC meeting. In that report

> **none** of the members indicated any of the issues that you

> indicated (didn't happened as well in the other regions).

>

> You know who is interested in not having abuse contacts? Those

> that use their networks for doing abuse (hijacking, spam, DoS,

> intrusions, etc.).

>

> Can you explain if the network that you operate has an abuse

> contact an how if one of your customes is trying to penetrate

> my network or do a DoS, I will be able to contact you and if

> you will do anything or just ignore it?

>

> Regards,

>

> Jordi

>

> @jordipalet

>

> El 17/9/20 2:21, "lucilla fornaro"

> <lucillafornarosawamoto at gmail.com

> <mailto:lucillafornarosawamoto at gmail.com>> escribió:

>

> Dear all,

>

> I have some concerns about the “Abuse Contact Policy”.

>

> First of all, it does not offer a specific and regulated

> description of the term “abuse”  and this opens the door to

> potentially bigger problems: a surplus of reports,

> discrimination/legal issues, and a waste of resources. Around

> the world, we can perceive what abuse is in very different ways.

>

> Afrinic is not entitled to force members to report abuses and

> most importantly, this proposal does not represent Afrinic’s

> purpose.

>

> I, therefore, oppose this policy.

>

> Thank you,

>

> Lucilla

>

> _______________________________________________ RPD mailing

> list RPD at afrinic.net <mailto:RPD at afrinic.net>

> https://lists.afrinic.net/mailman/listinfo/rpd

> <https://lists.afrinic.net/mailman/listinfo/rpd>

>

>

> **********************************************

> IPv4 is over

> Are you ready for the new Internet ?

> http://www.theipv6company.com <http://www.theipv6company.com>

> The IPv6 Company

>

> This electronic message contains information which may be

> privileged or confidential. The information is intended to be

> for the exclusive use of the individual(s) named above and

> further non-explicilty authorized disclosure, copying,

> distribution or use of the contents of this information, even

> if partially, including attached files, is strictly prohibited

> and will be considered a criminal offense. If you are not the

> intended recipient be aware that any disclosure, copying,

> distribution or use of the contents of this information, even

> if partially, including attached files, is strictly

> prohibited, will be considered a criminal offense, so you must

> reply to the original sender to inform about this

> communication and delete it.

>

> _______________________________________________

> RPD mailing list

> RPD at afrinic.net <mailto:RPD at afrinic.net>

> https://lists.afrinic.net/mailman/listinfo/rpd

> <https://lists.afrinic.net/mailman/listinfo/rpd>

>

>

> **********************************************

>

>

> IPv4 is over

>

>

> Are you ready for the new Internet ?

>

>

> http://www.theipv6company.com <http://www.theipv6company.com>

>

>

> The IPv6 Company

>

>

>

>

>

> This electronic message contains information which may be

> privileged or confidential. The information is intended to be for

> the exclusive use of the individual(s) named above and further

> non-explicilty authorized disclosure, copying, distribution or use

> of the contents of this information, even if partially, including

> attached files, is strictly prohibited and will be considered a

> criminal offense. If you are not the intended recipient be aware

> that any disclosure, copying, distribution or use of the contents

> of this information, even if partially, including attached files,

> is strictly prohibited, will be considered a criminal offense, so

> you must reply to the original sender to inform about this

> communication and delete it.

>

>

>

>

>

>

> _______________________________________________

>

> RPD mailing list

>

> RPD at afrinic.net <mailto:RPD at afrinic.net>

>

> https://lists.afrinic.net/mailman/listinfo/rpd

> <https://lists.afrinic.net/mailman/listinfo/rpd>

>

> --

>

> Lamiaa CHNAYTI

>

>

> **********************************************

> IPv4 is over

> Are you ready for the new Internet ?

> http://www.theipv6company.com

> The IPv6 Company

>

> This electronic message contains information which may be privileged

> or confidential. The information is intended to be for the exclusive

> use of the individual(s) named above and further non-explicilty

> authorized disclosure, copying, distribution or use of the contents of

> this information, even if partially, including attached files, is

> strictly prohibited and will be considered a criminal offense. If you

> are not the intended recipient be aware that any disclosure, copying,

> distribution or use of the contents of this information, even if

> partially, including attached files, is strictly prohibited, will be

> considered a criminal offense, so you must reply to the original

> sender to inform about this communication and delete it.

>

>

> _______________________________________________

> RPD mailing list

> RPD at afrinic.net

> https://lists.afrinic.net/mailman/listinfo/rpd

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.afrinic.net/pipermail/rpd/attachments/20200918/011fb642/attachment-0001.html>


More information about the RPD mailing list