Search RPD Archives
[rpd] Abuse Contact Policy
Saul Stein
saul at enetworks.co.za
Mon Sep 21 06:50:30 UTC 2020
>The reason internet is called INTER-NET is because of its decentralized
>nature,
You are 100% correct. It is decentralised and there is no-one to tell anyone
what to do and how to behave.
HOWEVER, I shall decide what I shall tolerate on my network, so its not for
you to worry about the definition of abuse. If I want to engage a network
sending traffic that I don’t approve of, I want to contact them.
Most of us here run ISPs, others are end points. My clients’ expect to me
supply them with access to the full internet. As such should there be
networks out there that are preventing my clients from access those internet
resources through abuse of any kind, I have two choices:
1) Block that network – that affects everyone
2) Contact that network owner and engage with them about the issue that
I am experiencing. This doesn’t mean a fancy email box that only responds to
certain email, but a genuine mailbox with a human that you can engage with.
This is the great thing about the INTER-Net, we talk to each other and
resolve issues so that we don’t need policing and it can remain
decentralised.
So the choice is, let people know how to contact us if there is a problem,
or get your network blocked.
As I think you seeing here, those that run networks, are not understanding
your objection.
Do you operate a network?
Perhaps try explain in a different way.
Thanks
Saul
From: Lamiaa Chnayti <lamiaachnayti at gmail.com>
Sent: Saturday, 19 September 2020 18:19
To: JORDI PALET MARTINEZ <jordi.palet at consulintel.es>
Cc: rpd >> AfriNIC Resource Policy <rpd at afrinic.net>
Subject: Re: [rpd] Abuse Contact Policy
Hello again Jordi ,
It is somewhat OK to have a member having an abuse contact in the whois,
being part of a complete registration, and have Afrinic remind them if they
haven't done so, but the problem comes with 8.5 validation of
"abuse-c"/"abuse-mailbox"
AFRINIC will validate compliance with the items above, both when the
"abuse-c" and/or "abuse-mailbox" attributes are created or updated, as well
as periodically, not less than once every 6 months, and whenever AFRINIC
sees fit.
8.6 Escalation to AFRINIC
Fraudulent behavior (as an example, an "abuse-mailbox" that only replies to
AFRINIC's emails, or to messages with a specific subject or content), or
failure to comply with the remaining aspects of this policy (incorrect or
lack of response to cases of abuse) can be reported to AFRINIC for a
re-validation (as per section 8.5 above).
How is it in the scope of AFRINIC to decide how I manage my abuse mailbox?
If I want to reply only to a specific subject line of my abuse box, it is
entirely in my right to do. Even if I don't want to reply at the abuse
mailbox at all, that is my right to do so and if I think no action in my
network would be considered abuse (although unlikely), but it is still from
the internet community point of view, entirely in my right to do so. You
might choose to block me as a network, but that is also your right.
The reason internet is called INTER-NET is because of its decentralized
nature, you have to play nice for others to play with you, but this
community never forces anyone to play nice, it is not in the scope of
AFRINIC to decide how members reply to their abuse mailbox, so if 8.3,8.4,
8.5 and 8.6 are deleted in its entirety, I might consider supporting it.
Also Jordi, I feel you always have this central management type of thinking,
and that is so not internet.
Regards,
Lamiaa
Le ven. 18 sept. 2020 à 09:23, JORDI PALET MARTINEZ via RPD <rpd at afrinic.net
<mailto:rpd at afrinic.net> > a écrit :
Hi Lamiaa,
I don’t agree. Internet doesn't depend on any jurisdiction; abuse is about
what I (the victim operator) consider abuse. The RFC is clear about that, in
short “Inappropriate public behaviour” (is a mailbox so to be able to
contact in case there is a possible inappropriate behaviour in the public
Internet). If you want a clearer definition, abuse is *anything* that I don’t
want to accept in my network because is in any way damaging it.
If I don’t want to accept a DoS, or spam, or phising, DMCA, or whatever,
this is abuse *for me*. I’ve the right to tell you because that abuse is
coming from your network. If you believe that is not abuse (and here is your
jurisdiction in some cases, in other just doesn’t exist, but it may be also
your “business” decision – like operators that don’t care if their customers
do spam or intrusion attempts), you’ve the right to tell me “sorry, this is
not abuse for us”, and then I’ve the right to decide if I should filter your
network based on your response.
Not having an abuse contact, means that I’m not able to contact you, so we
can’t talk, we can’t investigate or agree if it is an abuse or not, so you
(the offender operator) don’t have the chance to decide about it! Is bad for
you, is bad for me. In those cases, my best choice is to filter you. This
create problems for your customers and my customers.
We can’t depend on jurisdictions, because then the policy will need to
consider inter-relations among every possible “pairs” of country worlds, and
we will need to update the policy based on any jurisdiction change. The
policy is not about that, is about having a valid responsible contact, not
about deciding what is an abuse, which is among the two parties.
Tell me what is different from AFRINIC than the rest of the world, because
none of the RIRs have defined abuse in their policies. I even don’t recall
that having appeared in the discussions!
If you want, I’m happy to change the title of the proposal to “supposed
abuse contact”, that may be clearing your point?
Again, this is not about defining what is abuse, this is among the parties.
It is about making sure that there is a valid responsible contact in case of
anyone needs to report what he considers an abuse. AFRINIC will not punish
anyone that believes that his customer is not doing an abuse because in his
country is not an abuse.
Regards,
Jordi
@jordipalet
El 18/9/20 9:59, "Lamiaa Chnayti" <lamiaachnayti at gmail.com
<mailto:lamiaachnayti at gmail.com> > escribió:
Hello Jordi,
RFC2142 only defines a tiny portion of the network abuse. In real world
operation, abuse consists of a much boarder range : DMCA(copy rights)
claims, unsolicited emails , phishing websites , trade mark disputes etc.
All those are legal issues that vary vastly across different juridictions in
which no one but each of the juridiction’s judges can decide if it is an
abuse or an illegal activity. Claiming that RFC2142 defines not even 1% of
real world abuse is laughable.
Regards,
Lamiaa
Le jeu. 17 sept. 2020 à 15:51, JORDI PALET MARTINEZ via RPD <rpd at afrinic.net
<mailto:rpd at afrinic.net> > a écrit :
Hi Lamiaa,
I’ve said this already. This policy doesn’t enforce abuse, it enforces that
the abuse contact is there, and works.
Today AFRINIC is paying for the cost of the abuse handling because only a
tiny fraction of the members has the abuse contacts in place.
If the contacts in the RIR database aren’t actual and accurate, this is a
clear violation of the RSA. So what is unacceptable is not having the
contacts, not on the other way around.
Abuse is not defined by the RIRs, everybody knows it and this is the reason
why NONE of the RIRs have re-defined it, because it is already stated in
RFC2142. Can you justify why AFRINIC is different and need a definition?
How you define it in the networks that you operate?
Regards,
Jordi
@jordipalet
El 17/9/20 10:49, "Lamiaa Chnayti" < <mailto:lamiaachnayti at gmail.com>
lamiaachnayti at gmail.com> escribió:
Hello,
I will have to agree with Lucilla on what she said and would like to add to
it that :
Firstly, Abuse enforcement is out of scope for RIRs.
Secondly, RIRs have no ability to define what is “abuse”, one abuse or even
criminal activity could be entirely a legal operation in a different
jurisdiction.
Finally, making a member forcefully reply to abuse contact Emails are a
waste of resources and totally pointless, it is entirely up to the member to
define what they think is acceptable in their network operation and how they
react to it. AFRINIC has no mandate to force any member to reply to an
“abuse”, since AFRINIC doesn’t even have the ability to identify what is
considered an abuse.
Therefore the entire policy is out of scope for the RIR operation.
Regards,
Lamiaa
Le jeu. 17 sept. 2020 à 07:42, JORDI PALET MARTINEZ via RPD <
<mailto:rpd at afrinic.net> rpd at afrinic.net> a écrit :
Hi Lucilla,
Today we already have mnt-IRT, and everybody who operate networks understand
what it is an abuse. If you operate networks you know that *anything* which
is a non-authorized use of a network is an abuse.
If you send spam, attack networks, try to intrude networks, etc., all those
are abuse.
What the policy ask is to make sure that in AFRINIC everybody has an abuse
contact (today we have mnt-IRT, but is not mandatory, and as a results many
African networks are filtered because lack of that – and consequently they
do not respond to abuse cases -, which exist in all the other regions of the
world).
Not having an abuse means more chances of legal actions, more cost, for both
the victims and the ISPs. Having that means that you have more chances to
resolve it in goodfaith.
One of the *most important* Afrinic missions is to have accuracy on the
database, which includes accuracy on the contacts. We are not fulfilling
that in this situation.
Remember that *all* the other RIRs have already this kind of policy. This
one is like the one that has been implemented in APNIC, and the accuracy of
the contacts is now 87.5% as reported this month in the last APNIC meeting.
In that report *none* of the members indicated any of the issues that you
indicated (didn't happened as well in the other regions).
You know who is interested in not having abuse contacts? Those that use
their networks for doing abuse (hijacking, spam, DoS, intrusions, etc.).
Can you explain if the network that you operate has an abuse contact an how
if one of your customes is trying to penetrate my network or do a DoS, I
will be able to contact you and if you will do anything or just ignore it?
Regards,
Jordi
@jordipalet
El 17/9/20 2:21, "lucilla fornaro" <
<mailto:lucillafornarosawamoto at gmail.com> lucillafornarosawamoto at gmail.com>
escribió:
Dear all,
I have some concerns about the “Abuse Contact Policy”.
First of all, it does not offer a specific and regulated description of the
term “abuse” and this opens the door to potentially bigger problems: a
surplus of reports, discrimination/legal issues, and a waste of resources.
Around the world, we can perceive what abuse is in very different ways.
Afrinic is not entitled to force members to report abuses and most
importantly, this proposal does not represent Afrinic’s purpose.
I, therefore, oppose this policy.
Thank you,
Lucilla
_______________________________________________ RPD mailing list
<mailto:RPD at afrinic.net> RPD at afrinic.net
<https://lists.afrinic.net/mailman/listinfo/rpd>
https://lists.afrinic.net/mailman/listinfo/rpd
**********************************************
IPv4 is over
Are you ready for the new Internet ?
<http://www.theipv6company.com/> http://www.theipv6company.com
The IPv6 Company
This electronic message contains information which may be privileged or
confidential. The information is intended to be for the exclusive use of the
individual(s) named above and further non-explicilty authorized disclosure,
copying, distribution or use of the contents of this information, even if
partially, including attached files, is strictly prohibited and will be
considered a criminal offense. If you are not the intended recipient be
aware that any disclosure, copying, distribution or use of the contents of
this information, even if partially, including attached files, is strictly
prohibited, will be considered a criminal offense, so you must reply to the
original sender to inform about this communication and delete it.
_______________________________________________
RPD mailing list
<mailto:RPD at afrinic.net> RPD at afrinic.net
<https://lists.afrinic.net/mailman/listinfo/rpd>
https://lists.afrinic.net/mailman/listinfo/rpd
**********************************************
IPv4 is over
Are you ready for the new Internet ?
<http://www.theipv6company.com/> http://www.theipv6company.com
The IPv6 Company
This electronic message contains information which may be privileged or
confidential. The information is intended to be for the exclusive use of the
individual(s) named above and further non-explicilty authorized disclosure,
copying, distribution or use of the contents of this information, even if
partially, including attached files, is strictly prohibited and will be
considered a criminal offense. If you are not the intended recipient be
aware that any disclosure, copying, distribution or use of the contents of
this information, even if partially, including attached files, is strictly
prohibited, will be considered a criminal offense, so you must reply to the
original sender to inform about this communication and delete it.
_______________________________________________
RPD mailing list
<mailto:RPD at afrinic.net> RPD at afrinic.net
<https://lists.afrinic.net/mailman/listinfo/rpd>
https://lists.afrinic.net/mailman/listinfo/rpd
Le jeu. 17 sept. 2020 à 15:49, JORDI PALET MARTINEZ via RPD <rpd at afrinic.net
<mailto:rpd at afrinic.net> > a écrit :
Hi Lamiaa,
I’ve said this already. This policy doesn’t enforce abuse, it enforces that
the abuse contact is there, and works.
Today AFRINIC is paying for the cost of the abuse handling because only a
tiny fraction of the members has the abuse contacts in place.
If the contacts in the RIR database aren’t actual and accurate, this is a
clear violation of the RSA. So what is unacceptable is not having the
contacts, not on the other way around.
Abuse is not defined by the RIRs, everybody knows it and this is the reason
why NONE of the RIRs have re-defined it, because it is already stated in
RFC2142. Can you justify why AFRINIC is different and need a definition?
How you define it in the networks that you operate?
Regards,
Jordi
@jordipalet
El 17/9/20 10:49, "Lamiaa Chnayti" <lamiaachnayti at gmail.com
<mailto:lamiaachnayti at gmail.com> > escribió:
Hello,
I will have to agree with Lucilla on what she said and would like to add to
it that :
Firstly, Abuse enforcement is out of scope for RIRs.
Secondly, RIRs have no ability to define what is “abuse”, one abuse or even
criminal activity could be entirely a legal operation in a different
jurisdiction.
Finally, making a member forcefully reply to abuse contact Emails are a
waste of resources and totally pointless, it is entirely up to the member to
define what they think is acceptable in their network operation and how they
react to it. AFRINIC has no mandate to force any member to reply to an
“abuse”, since AFRINIC doesn’t even have the ability to identify what is
considered an abuse.
Therefore the entire policy is out of scope for the RIR operation.
Regards,
Lamiaa
Le jeu. 17 sept. 2020 à 07:42, JORDI PALET MARTINEZ via RPD <rpd at afrinic.net
<mailto:rpd at afrinic.net> > a écrit :
Hi Lucilla,
Today we already have mnt-IRT, and everybody who operate networks understand
what it is an abuse. If you operate networks you know that *anything* which
is a non-authorized use of a network is an abuse.
If you send spam, attack networks, try to intrude networks, etc., all those
are abuse.
What the policy ask is to make sure that in AFRINIC everybody has an abuse
contact (today we have mnt-IRT, but is not mandatory, and as a results many
African networks are filtered because lack of that – and consequently they
do not respond to abuse cases -, which exist in all the other regions of the
world).
Not having an abuse means more chances of legal actions, more cost, for both
the victims and the ISPs. Having that means that you have more chances to
resolve it in goodfaith.
One of the *most important* Afrinic missions is to have accuracy on the
database, which includes accuracy on the contacts. We are not fulfilling
that in this situation.
Remember that *all* the other RIRs have already this kind of policy. This
one is like the one that has been implemented in APNIC, and the accuracy of
the contacts is now 87.5% as reported this month in the last APNIC meeting.
In that report *none* of the members indicated any of the issues that you
indicated (didn't happened as well in the other regions).
You know who is interested in not having abuse contacts? Those that use
their networks for doing abuse (hijacking, spam, DoS, intrusions, etc.).
Can you explain if the network that you operate has an abuse contact an how
if one of your customes is trying to penetrate my network or do a DoS, I
will be able to contact you and if you will do anything or just ignore it?
Regards,
Jordi
@jordipalet
El 17/9/20 2:21, "lucilla fornaro" <lucillafornarosawamoto at gmail.com
<mailto:lucillafornarosawamoto at gmail.com> > escribió:
Dear all,
I have some concerns about the “Abuse Contact Policy”.
First of all, it does not offer a specific and regulated description of the
term “abuse” and this opens the door to potentially bigger problems: a
surplus of reports, discrimination/legal issues, and a waste of resources.
Around the world, we can perceive what abuse is in very different ways.
Afrinic is not entitled to force members to report abuses and most
importantly, this proposal does not represent Afrinic’s purpose.
I, therefore, oppose this policy.
Thank you,
Lucilla
_______________________________________________ RPD mailing list
RPD at afrinic.net <mailto:RPD at afrinic.net>
https://lists.afrinic.net/mailman/listinfo/rpd
**********************************************
IPv4 is over
Are you ready for the new Internet ?
http://www.theipv6company.com
The IPv6 Company
This electronic message contains information which may be privileged or
confidential. The information is intended to be for the exclusive use of the
individual(s) named above and further non-explicilty authorized disclosure,
copying, distribution or use of the contents of this information, even if
partially, including attached files, is strictly prohibited and will be
considered a criminal offense. If you are not the intended recipient be
aware that any disclosure, copying, distribution or use of the contents of
this information, even if partially, including attached files, is strictly
prohibited, will be considered a criminal offense, so you must reply to the
original sender to inform about this communication and delete it.
_______________________________________________
RPD mailing list
RPD at afrinic.net <mailto:RPD at afrinic.net>
https://lists.afrinic.net/mailman/listinfo/rpd
**********************************************
IPv4 is over
Are you ready for the new Internet ?
http://www.theipv6company.com
The IPv6 Company
This electronic message contains information which may be privileged or
confidential. The information is intended to be for the exclusive use of the
individual(s) named above and further non-explicilty authorized disclosure,
copying, distribution or use of the contents of this information, even if
partially, including attached files, is strictly prohibited and will be
considered a criminal offense. If you are not the intended recipient be
aware that any disclosure, copying, distribution or use of the contents of
this information, even if partially, including attached files, is strictly
prohibited, will be considered a criminal offense, so you must reply to the
original sender to inform about this communication and delete it.
_______________________________________________
RPD mailing list
RPD at afrinic.net <mailto:RPD at afrinic.net>
https://lists.afrinic.net/mailman/listinfo/rpd
--
Lamiaa CHNAYTI
**********************************************
IPv4 is over
Are you ready for the new Internet ?
http://www.theipv6company.com
The IPv6 Company
This electronic message contains information which may be privileged or
confidential. The information is intended to be for the exclusive use of the
individual(s) named above and further non-explicilty authorized disclosure,
copying, distribution or use of the contents of this information, even if
partially, including attached files, is strictly prohibited and will be
considered a criminal offense. If you are not the intended recipient be
aware that any disclosure, copying, distribution or use of the contents of
this information, even if partially, including attached files, is strictly
prohibited, will be considered a criminal offense, so you must reply to the
original sender to inform about this communication and delete it.
_______________________________________________
RPD mailing list
RPD at afrinic.net <mailto:RPD at afrinic.net>
https://lists.afrinic.net/mailman/listinfo/rpd
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.afrinic.net/pipermail/rpd/attachments/20200921/3983242b/attachment-0001.html>
More information about the RPD
mailing list