[rpd] Abuse Contact Policy

[Saul Stein]

>The reason internet is called INTER-NET is because of its decentralized 

>nature,




You are 100% correct. It is decentralised and there is no-one to tell anyone 
what to do and how to behave.



HOWEVER, I shall decide  what I shall tolerate on my network, so its not for 
you to worry about the definition of abuse. If I want to engage a network 
sending traffic that I don’t approve of, I want to contact them.



Most of us here run ISPs, others are end points. My clients’ expect to me 
supply them with access to the full internet. As such should there be 
networks out there that are preventing my clients from access those internet 
resources through abuse of any kind, I have two choices:



1)      Block that network – that affects everyone

2)      Contact that network owner and engage with them about the issue that 
I am experiencing. This doesn’t mean a fancy email box that only responds to 
certain email, but a genuine mailbox with a human that you can engage with.



This is the great thing about the INTER-Net, we talk to each other and 
resolve issues so that we don’t need policing and it can remain 
decentralised.



So the choice is, let people know how to contact us if there is a problem, 
or get your network blocked.



As I think you seeing here, those that run networks, are not understanding 
your objection.

Do you operate a network?

Perhaps try explain in a different way.



Thanks

Saul





From: Lamiaa Chnayti <lamiaachnayti at gmail.com>
Sent: Saturday, 19 September 2020 18:19
To: JORDI PALET MARTINEZ <jordi.palet at consulintel.es>
Cc: rpd >> AfriNIC Resource Policy <rpd at afrinic.net>
Subject: Re: [rpd] Abuse Contact Policy






Hello again Jordi ,



It is somewhat OK to have a member having an abuse contact in the whois, 
being part of a complete registration, and have Afrinic remind them if they 
haven't done so, but the problem comes with 8.5 validation of 
"abuse-c"/"abuse-mailbox"

AFRINIC will validate compliance with the items above, both when the 
"abuse-c" and/or "abuse-mailbox" attributes are created or updated, as well 
as periodically, not less than once every 6 months, and whenever AFRINIC 
sees fit.


8.6 Escalation to AFRINIC

Fraudulent behavior (as an example, an "abuse-mailbox" that only replies to 
AFRINIC's emails, or to messages with a specific subject or content), or 
failure to comply with the remaining aspects of this policy (incorrect or 
lack of response to cases of abuse) can be reported to AFRINIC for a 
re-validation (as per section 8.5 above).



How is it in the scope of AFRINIC to decide how I manage my abuse mailbox? 
If I want to reply only to a specific subject line of my abuse box, it is 
entirely in my right to do. Even if I don't want to reply at the abuse 
mailbox at all, that is my right to do so and if I think no action in my 
network would be considered abuse (although unlikely), but it is still from 
the internet community point of view, entirely in my right to do so. You 
might choose to block me as a network, but that is also your right.

The reason internet is called INTER-NET is because of its decentralized 
nature, you have to play nice for others to play with you, but this 
community never forces anyone to play nice, it is not in the scope of 
AFRINIC to decide how members reply to their abuse mailbox, so if 8.3,8.4, 
8.5 and 8.6 are deleted in its entirety, I might consider supporting it. 
Also Jordi, I feel you always have this central management type of thinking, 
and that is so not internet.

Regards,

Lamiaa



Le ven. 18 sept. 2020 à 09:23, JORDI PALET MARTINEZ via RPD <rpd at afrinic.net 
<mailto:rpd at afrinic.net> > a écrit :

Hi Lamiaa,



I don’t agree. Internet doesn't depend on any jurisdiction; abuse is about 
what I (the victim operator) consider abuse. The RFC is clear about that, in 
short “Inappropriate public behaviour” (is a mailbox so to be able to 
contact in case there is a possible inappropriate behaviour in the public 
Internet). If you want a clearer definition, abuse is *anything* that I don’t 
want to accept in my network because is in any way damaging it.



If I don’t want to accept a DoS, or spam, or phising, DMCA, or whatever, 
this is abuse *for me*. I’ve the right to tell you because that abuse is 
coming from your network. If you believe that is not abuse (and here is your 
jurisdiction in some cases, in other just doesn’t exist, but it may be also 
your “business” decision – like operators that don’t care if their customers 
do spam or intrusion attempts), you’ve the right to tell me “sorry, this is 
not abuse for us”, and then I’ve the right to decide if I should filter your 
network based on your response.



Not having an abuse contact, means that I’m not able to contact you, so we 
can’t talk, we can’t investigate or agree if it is an abuse or not, so you 
(the offender operator) don’t have the chance to decide about it! Is bad for 
you, is bad for me. In those cases, my best choice is to filter you. This 
create problems for your customers and my customers.



We can’t depend on jurisdictions, because then the policy will need to 
consider inter-relations among every possible “pairs” of country worlds, and 
we will need to update the policy based on any jurisdiction change. The 
policy is not about that, is about having a valid responsible contact, not 
about deciding what is an abuse, which is among the two parties.



Tell me what is different from AFRINIC than the rest of the world, because 
none of the RIRs have defined abuse in their policies. I even don’t recall 
that having appeared in the discussions!



If you want, I’m happy to change the title of the proposal to “supposed 
abuse contact”, that may be clearing your point?



Again, this is not about defining what is abuse, this is among the parties. 
It is about making sure that there is a valid responsible contact in case of 
anyone needs to report what he considers an abuse. AFRINIC will not punish 
anyone that believes that his customer is not doing an abuse because in his 
country is not an abuse.



Regards,

Jordi

@jordipalet







El 18/9/20 9:59, "Lamiaa Chnayti" <lamiaachnayti at gmail.com 
<mailto:lamiaachnayti at gmail.com> > escribió:



Hello Jordi,



RFC2142 only defines a tiny portion of the network abuse. In real world 
operation, abuse consists of a  much boarder range : DMCA(copy rights) 
claims, unsolicited emails , phishing  websites , trade mark disputes etc.



All those are legal issues that vary vastly across different juridictions in 
which no one but each of the juridiction’s judges can decide if it is an 
abuse or an illegal activity. Claiming that RFC2142 defines not even 1% of 
real world abuse is laughable.



Regards,



Lamiaa



Le jeu. 17 sept. 2020 à 15:51, JORDI PALET MARTINEZ via RPD <rpd at afrinic.net 
<mailto:rpd at afrinic.net> > a écrit :

Hi Lamiaa,



I’ve said this already. This policy doesn’t enforce abuse, it enforces that 
the abuse contact is there, and works.



Today AFRINIC is paying for the cost of the abuse handling because only a 
tiny fraction of the members has the abuse contacts in place.



If the contacts in the RIR database aren’t actual and accurate, this is a 
clear violation of the RSA. So what is unacceptable is not having the 
contacts, not on the other way around.



Abuse is not defined by the RIRs, everybody knows it and this is the reason 
why NONE of the RIRs have re-defined it, because it is already stated in 
RFC2142. Can you justify why AFRINIC is different and need a definition?



How you define it in the networks that you operate?



Regards,

Jordi

@jordipalet







El 17/9/20 10:49, "Lamiaa Chnayti" < <mailto:lamiaachnayti at gmail.com> 
lamiaachnayti at gmail.com> escribió:





Hello,



I will have to agree with Lucilla on what she said and would like to add to 
it that :

Firstly, Abuse enforcement is out of scope for RIRs.

Secondly, RIRs have no ability to define what is “abuse”, one abuse or even 
criminal activity could be entirely a legal operation in a different 
jurisdiction.

Finally, making a member forcefully reply to abuse contact Emails are a 
waste of resources and totally pointless, it is entirely up to the member to 
define what they think is acceptable in their network operation and how they 
react to it. AFRINIC has no mandate to force any member to reply to an 
“abuse”, since AFRINIC doesn’t even have the ability to identify what is 
considered an abuse.

Therefore the entire policy is out of scope for the RIR operation.



Regards,



Lamiaa



















Le jeu. 17 sept. 2020 à 07:42, JORDI PALET MARTINEZ via RPD < 
<mailto:rpd at afrinic.net> rpd at afrinic.net> a écrit :

Hi Lucilla,



Today we already have mnt-IRT, and everybody who operate networks understand 
what it is an abuse. If you operate networks you know that *anything* which 
is a non-authorized use of a network is an abuse.



If you send spam, attack networks, try to intrude networks, etc., all those 
are abuse.



What the policy ask is to make sure that in AFRINIC everybody has an abuse 
contact (today we have mnt-IRT, but is not mandatory, and as a results many 
African networks are filtered because lack of that – and consequently they 
do not respond to abuse cases -, which exist in all the other regions of the 
world).



Not having an abuse means more chances of legal actions, more cost, for both 
the victims and the ISPs. Having that means that you have more chances to 
resolve it in goodfaith.



One of the *most important* Afrinic missions is to have accuracy on the 
database, which includes accuracy on the contacts. We are not fulfilling 
that in this situation.



Remember that *all* the other RIRs have already this kind of policy. This 
one is like the one that has been implemented in APNIC, and the accuracy of 
the contacts is now 87.5% as reported this month in the last APNIC meeting. 
In that report *none* of the members indicated any of the issues that you 
indicated (didn't happened as well in the other regions).



You know who is interested in not having abuse contacts? Those that use 
their networks for doing abuse (hijacking, spam, DoS, intrusions, etc.).



Can you explain if the network that you operate has an abuse contact an how 
if one of your customes is trying to penetrate my network or do a DoS, I 
will be able to contact you and if you will do anything or just ignore it?



Regards,

Jordi

@jordipalet







El 17/9/20 2:21, "lucilla fornaro" < 
<mailto:lucillafornarosawamoto at gmail.com> lucillafornarosawamoto at gmail.com> 
escribió:



Dear all,



I have some concerns about the “Abuse Contact Policy”.

First of all, it does not offer a specific and regulated description of the 
term “abuse”  and this opens the door to potentially bigger problems: a 
surplus of reports, discrimination/legal issues, and a waste of resources. 
Around the world, we can perceive what abuse is in very different ways.



Afrinic is not entitled to force members to report abuses and most 
importantly, this proposal does not represent Afrinic’s purpose.



I, therefore, oppose this policy.





Thank you,



Lucilla

_______________________________________________ RPD mailing list 
<mailto:RPD at afrinic.net> RPD at afrinic.net 
<https://lists.afrinic.net/mailman/listinfo/rpd> 
https://lists.afrinic.net/mailman/listinfo/rpd


**********************************************
IPv4 is over
Are you ready for the new Internet ?
 <http://www.theipv6company.com/> http://www.theipv6company.com
The IPv6 Company

This electronic message contains information which may be privileged or 
confidential. The information is intended to be for the exclusive use of the 
individual(s) named above and further non-explicilty authorized disclosure, 
copying, distribution or use of the contents of this information, even if 
partially, including attached files, is strictly prohibited and will be 
considered a criminal offense. If you are not the intended recipient be 
aware that any disclosure, copying, distribution or use of the contents of 
this information, even if partially, including attached files, is strictly 
prohibited, will be considered a criminal offense, so you must reply to the 
original sender to inform about this communication and delete it.

_______________________________________________
RPD mailing list
 <mailto:RPD at afrinic.net> RPD at afrinic.net
 <https://lists.afrinic.net/mailman/listinfo/rpd> 
https://lists.afrinic.net/mailman/listinfo/rpd


**********************************************

IPv4 is over

Are you ready for the new Internet ?

 <http://www.theipv6company.com/> http://www.theipv6company.com

The IPv6 Company



This electronic message contains information which may be privileged or 
confidential. The information is intended to be for the exclusive use of the 
individual(s) named above and further non-explicilty authorized disclosure, 
copying, distribution or use of the contents of this information, even if 
partially, including attached files, is strictly prohibited and will be 
considered a criminal offense. If you are not the intended recipient be 
aware that any disclosure, copying, distribution or use of the contents of 
this information, even if partially, including attached files, is strictly 
prohibited, will be considered a criminal offense, so you must reply to the 
original sender to inform about this communication and delete it.




_______________________________________________

RPD mailing list

 <mailto:RPD at afrinic.net> RPD at afrinic.net

 <https://lists.afrinic.net/mailman/listinfo/rpd> 
https://lists.afrinic.net/mailman/listinfo/rpd





Le jeu. 17 sept. 2020 à 15:49, JORDI PALET MARTINEZ via RPD <rpd at afrinic.net 
<mailto:rpd at afrinic.net> > a écrit :

Hi Lamiaa,



I’ve said this already. This policy doesn’t enforce abuse, it enforces that 
the abuse contact is there, and works.



Today AFRINIC is paying for the cost of the abuse handling because only a 
tiny fraction of the members has the abuse contacts in place.



If the contacts in the RIR database aren’t actual and accurate, this is a 
clear violation of the RSA. So what is unacceptable is not having the 
contacts, not on the other way around.



Abuse is not defined by the RIRs, everybody knows it and this is the reason 
why NONE of the RIRs have re-defined it, because it is already stated in 
RFC2142. Can you justify why AFRINIC is different and need a definition?



How you define it in the networks that you operate?



Regards,

Jordi

@jordipalet







El 17/9/20 10:49, "Lamiaa Chnayti" <lamiaachnayti at gmail.com 
<mailto:lamiaachnayti at gmail.com> > escribió:





Hello,



I will have to agree with Lucilla on what she said and would like to add to 
it that :

Firstly, Abuse enforcement is out of scope for RIRs.

Secondly, RIRs have no ability to define what is “abuse”, one abuse or even 
criminal activity could be entirely a legal operation in a different 
jurisdiction.

Finally, making a member forcefully reply to abuse contact Emails are a 
waste of resources and totally pointless, it is entirely up to the member to 
define what they think is acceptable in their network operation and how they 
react to it. AFRINIC has no mandate to force any member to reply to an 
“abuse”, since AFRINIC doesn’t even have the ability to identify what is 
considered an abuse.

Therefore the entire policy is out of scope for the RIR operation.



Regards,



Lamiaa



















Le jeu. 17 sept. 2020 à 07:42, JORDI PALET MARTINEZ via RPD <rpd at afrinic.net 
<mailto:rpd at afrinic.net> > a écrit :

Hi Lucilla,



Today we already have mnt-IRT, and everybody who operate networks understand 
what it is an abuse. If you operate networks you know that *anything* which 
is a non-authorized use of a network is an abuse.



If you send spam, attack networks, try to intrude networks, etc., all those 
are abuse.



What the policy ask is to make sure that in AFRINIC everybody has an abuse 
contact (today we have mnt-IRT, but is not mandatory, and as a results many 
African networks are filtered because lack of that – and consequently they 
do not respond to abuse cases -, which exist in all the other regions of the 
world).



Not having an abuse means more chances of legal actions, more cost, for both 
the victims and the ISPs. Having that means that you have more chances to 
resolve it in goodfaith.



One of the *most important* Afrinic missions is to have accuracy on the 
database, which includes accuracy on the contacts. We are not fulfilling 
that in this situation.



Remember that *all* the other RIRs have already this kind of policy. This 
one is like the one that has been implemented in APNIC, and the accuracy of 
the contacts is now 87.5% as reported this month in the last APNIC meeting. 
In that report *none* of the members indicated any of the issues that you 
indicated (didn't happened as well in the other regions).



You know who is interested in not having abuse contacts? Those that use 
their networks for doing abuse (hijacking, spam, DoS, intrusions, etc.).



Can you explain if the network that you operate has an abuse contact an how 
if one of your customes is trying to penetrate my network or do a DoS, I 
will be able to contact you and if you will do anything or just ignore it?



Regards,

Jordi

@jordipalet







El 17/9/20 2:21, "lucilla fornaro" <lucillafornarosawamoto at gmail.com 
<mailto:lucillafornarosawamoto at gmail.com> > escribió:



Dear all,



I have some concerns about the “Abuse Contact Policy”.

First of all, it does not offer a specific and regulated description of the 
term “abuse”  and this opens the door to potentially bigger problems: a 
surplus of reports, discrimination/legal issues, and a waste of resources. 
Around the world, we can perceive what abuse is in very different ways.



Afrinic is not entitled to force members to report abuses and most 
importantly, this proposal does not represent Afrinic’s purpose.



I, therefore, oppose this policy.





Thank you,



Lucilla

_______________________________________________ RPD mailing list 
RPD at afrinic.net <mailto:RPD at afrinic.net> 
https://lists.afrinic.net/mailman/listinfo/rpd


**********************************************
IPv4 is over
Are you ready for the new Internet ?
http://www.theipv6company.com
The IPv6 Company

This electronic message contains information which may be privileged or 
confidential. The information is intended to be for the exclusive use of the 
individual(s) named above and further non-explicilty authorized disclosure, 
copying, distribution or use of the contents of this information, even if 
partially, including attached files, is strictly prohibited and will be 
considered a criminal offense. If you are not the intended recipient be 
aware that any disclosure, copying, distribution or use of the contents of 
this information, even if partially, including attached files, is strictly 
prohibited, will be considered a criminal offense, so you must reply to the 
original sender to inform about this communication and delete it.

_______________________________________________
RPD mailing list
RPD at afrinic.net <mailto:RPD at afrinic.net>
https://lists.afrinic.net/mailman/listinfo/rpd


**********************************************


IPv4 is over


Are you ready for the new Internet ?


http://www.theipv6company.com


The IPv6 Company





This electronic message contains information which may be privileged or 
confidential. The information is intended to be for the exclusive use of the 
individual(s) named above and further non-explicilty authorized disclosure, 
copying, distribution or use of the contents of this information, even if 
partially, including attached files, is strictly prohibited and will be 
considered a criminal offense. If you are not the intended recipient be 
aware that any disclosure, copying, distribution or use of the contents of 
this information, even if partially, including attached files, is strictly 
prohibited, will be considered a criminal offense, so you must reply to the 
original sender to inform about this communication and delete it.







_______________________________________________

RPD mailing list

RPD at afrinic.net <mailto:RPD at afrinic.net>

https://lists.afrinic.net/mailman/listinfo/rpd

-- 

Lamiaa CHNAYTI




**********************************************
IPv4 is over
Are you ready for the new Internet ?
http://www.theipv6company.com
The IPv6 Company

This electronic message contains information which may be privileged or 
confidential. The information is intended to be for the exclusive use of the 
individual(s) named above and further non-explicilty authorized disclosure, 
copying, distribution or use of the contents of this information, even if 
partially, including attached files, is strictly prohibited and will be 
considered a criminal offense. If you are not the intended recipient be 
aware that any disclosure, copying, distribution or use of the contents of 
this information, even if partially, including attached files, is strictly 
prohibited, will be considered a criminal offense, so you must reply to the 
original sender to inform about this communication and delete it.

_______________________________________________
RPD mailing list
RPD at afrinic.net <mailto:RPD at afrinic.net>
https://lists.afrinic.net/mailman/listinfo/rpd

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.afrinic.net/pipermail/rpd/attachments/20200921/3983242b/attachment-0001.html>