Search RPD Archives
Limit search to: Subject & Body Subject Author
Sort by:

[rpd] Abuse Contact Policy

JORDI PALET MARTINEZ jordi.palet at consulintel.es
Mon Sep 21 09:00:01 UTC 2020


Hi Lamiaa,



8.3 and 8.4 are making sure that you respond to an abuse case, *not* that you *recognize* it as an abuse. It is your choice to tell the “victim ISP”, look for me this is not an abuse, so I will not do anything about it.



AFRINIC can’t verify this automatically, because it doesn’t make sense that AFRINIC is “sending” fake abuse reports to see if they get a response.



AFRINIC can only send an email for the validation of the mailbox. It is an existing mailbox? I’m getting a response (for example, have they, once I send the validation email, clicked the link or went into MyAfrinic to input the validation code?).



8.4 also states the timing for the validation.



8.5 is the validation itself, so I guess, according to your response, that you’re ok with this specific point. If we don’t have it, AFRINIC can’t do a periodic validation.



8.6. is making sure that you don’t try to fake the validation. For instance, you could respond only to AFRINIC validations and then discard all the other emails. If we don’t have that, the policy may become useless. Note also that in fact, if you follow the RSA, *anyone* could escalate *any* lack of CPM compliance. So this is making sure that the policy text is honest and transparent.



Or do you prefer to be filtered because you don’t respond?



Clearly this proposal is not asking AFRINIC to be a police. Is only making sure that the parties *can talk*. Again: AFRINIC will not be involved in “how you handle the case”, but I least you should be able to be contacted and respond.



See this example:

If AK or Moses customers are sending me spam, or trying to intrude my network, and they have abuse contacts, I will be able to complain to them. Then we have two cases:

1. Moses responds to me and say “you’re right, this is against our AUP” (is irrelevant what the law in Moses country say, it is the contract with customers what says what is allowed or not). Let’s fix it. I will warn the customer, and if they don’t stop, we will filter their email port, or even cancel the contract (just examples, only Moses can decide what they do).

2. AK instead doesn’t care, or the mailbox is full or bouncing emails or respond “sorry in our network we allow that”. Then I can take my own decision, filter only that IP address, or the complete AK network. I can even see if this is allowed in his country and take legal actions (which usually you don’t do because is costly and more of the regulations don’t know “anything” about abuse or even Internet!).

AFRINIC will not take any measure if AK decides that is not an abuse. It is our problem not AFRINIC problem. However, if the email is bouncing, AFRINIC will revalidate the abuse-c and make sure that it works.



Is like a phone book. You have there the phones and they must be correct, or you need to update them every “n” months. The phone book doesn’t tell the purpose of each phone. If you don’t want to accept calls related to “ordering pizzas”, you tell the caller “this number is not for that”, but at least you must pick up the phone otherwise, you don’t know if it is somebody calling by error or someone that you really want to talk. And this is true for *every* whois contact.







Can you let us know how do you handle it in the networks that you operate?



Regards,

Jordi

@jordipalet







El 21/9/20 10:00, "Lamiaa Chnayti" <lamiaachnayti at gmail.com> escribió:



Hi Fernando,



I think you are very confused. I never said I have a problem with people completing their registration. Keep registration---having an abuse contact Email in the whois, just like tech contact or admin contact--I am perfectly fine with it, and I think the current policy achieves 99% it, if you want to add this contact as mandatory field I am fine with it as well.



But the problem of this policy in 8.3-8.6, is that it requires AFRINIC to monitor the members HOW to manage their abuse mailbox down to the subject line, and that is out of the scope of AFRINIC, just read my last email with logic in mind and you will understand. I suggest this policy should be very simple, adding one line to the current policy-- abuse contact is mandatory, and it's done, everything else should be deleted.



And again, you are trying to use AFRINIC for something that is not in its scope, how someone manages their mailbox is not in the scope of AFRINIC, it is like you go to your local church to ask them to arrest your neighbour who plays loud music at night when you should go to police instead. Same thing for someone running an abusive network, as many already stated, it is up to a local Jury to decide if it is simply at an annoying level or a criminal offense, but either way please do go to your local police to report it.



As for the internet, we never tell you how to behave--you are entirely at your rights in the internet to behave abusively, but it is also entirely in everyone's rights to block you, that's how de-centralizing works, no central governing, everyone plays nice because that's the only way for everyone else to play with you, and this policy here asks AFRINIC to act like a central government even down to manage people's mailbox's subject line and that is way beyond what internet meant to be.



Regards,



Lamiaa



Le dim. 20 sept. 2020 à 23:42, Fernando Frediani <fhfrediani at gmail.com> a écrit :










On 19/09/2020 13:19, Lamiaa Chnayti wrote:























<clip>









































How is it in the scope of AFRINIC to decide how I manage my abuse mailbox? If I want to reply only to a specific subject line of my abuse box, it is entirely in my right to do. Even if I don't want to reply at the abuse mailbox at all, that is my right to do so and if I think no action in my network would be considered abuse (although unlikely), but it is still from the internet community point of view, entirely in my right to do so. You might choose to block me as a network, but that is also your right.



The reason internet is called INTER-NET is because of its decentralized nature, you have to play nice for others to play with you, but this community never forces anyone to play nice, it is not in the scope of AFRINIC to decide how members reply to their abuse mailbox, so if 8.3,8.4, 8.5 and 8.6 are deleted in its entirety, I might consider supporting it. Also Jordi, I feel you always have this central management type of thinking, and that is so not internet.























It is not in the scope of any RIR how anyone manage people's

mailboxes.


Nobody exists alone in the Internet. If an organization

hypothetically doesn't care at all and refuses to respond to abuse

emails it probably should re-think its existence in the Internet

business.



The Internet is what is among many reasons because of the

cooperation among its organizations, and there are certain rules

that are agreed cooperatively and must be observed by everyone

willing remain on it, otherwise it may in many cases cause serious

damage to those willing to operate in serious manner and keep it a

healthy place to most people who depend on it.




This forum is about setting rules on how registration information

about resources are kept and it may be of the wish of the

community to refuse keep registration for those who repetitively

abuse of their individual rights.



Fernando

























Regards,





Lamiaa






















Le ven. 18 sept. 2020 à 09:23,

JORDI PALET MARTINEZ via RPD <rpd at afrinic.net> a écrit :










Hi Lamiaa,







I don’t agree. Internet doesn't depend on

any jurisdiction; abuse is about what I (the victim

operator) consider abuse. The RFC is clear about that,

in short “Inappropriate public behaviour” (is a

mailbox so to be able to contact in case there is a

possible inappropriate behaviour in the public

Internet). If you want a clearer definition, abuse is

*anything* that I don’t want to accept in my

network because is in any way damaging it.







If I don’t want to accept a DoS, or spam,

or phising, DMCA, or whatever, this is abuse *for

me*. I’ve the right to tell you because that

abuse is coming from your network. If you believe that

is not abuse (and here is your jurisdiction in some

cases, in other just doesn’t exist, but it may be also

your “business” decision – like operators that don’t

care if their customers do spam or intrusion

attempts), you’ve the right to tell me “sorry, this is

not abuse for us”, and then I’ve the right to decide

if I should filter your network based on your

response.







Not having an abuse contact, means that

I’m not able to contact you, so we can’t talk, we

can’t investigate or agree if it is an abuse or not,

so you (the offender operator) don’t have the chance

to decide about it! Is bad for you, is bad for me. In

those cases, my best choice is to filter you. This

create problems for your customers and my customers.







We can’t depend on jurisdictions, because

then the policy will need to consider inter-relations

among every possible “pairs” of country worlds, and we

will need to update the policy based on any

jurisdiction change. The policy is not about that, is

about having a valid responsible contact, not about

deciding what is an abuse, which is among the two

parties.







Tell me what is different from AFRINIC

than the rest of the world, because none of the RIRs

have defined abuse in their policies. I even don’t

recall that having appeared in the discussions!









If

you want, I’m happy to change the title of the

proposal to “supposed abuse contact”, that may be

clearing your point?







Again,

this is not about defining what is abuse, this is

among the parties. It is about making sure that

there is a valid responsible contact in case of

anyone needs to report what he considers an abuse.

AFRINIC will not punish anyone that believes that

his customer is not doing an abuse because in his

country is not an abuse.







Regards,



Jordi



@jordipalet





















El

18/9/20 9:59, "Lamiaa Chnayti" <lamiaachnayti at gmail.com>

escribió:



















Hello

Jordi,















RFC2142

only defines a tiny portion of the network abuse. In

real world operation, abuse consists of a much

boarder range : DMCA(copy rights) claims,

unsolicited emails , phishing websites , trade mark

disputes etc.















All

those are legal issues that vary vastly across

different juridictions in which no one but each of

the juridiction’s judges can decide if it is an

abuse or an illegal activity. Claiming that RFC2142

defines not even 1% of real world abuse is

laughable.















Regards,















Lamiaa















Le jeu.

17 sept. 2020 à 15:51, JORDI PALET MARTINEZ via

RPD <rpd at afrinic.net>

a écrit :











Hi

Lamiaa,







I’ve

said this already. This policy doesn’t

enforce abuse, it enforces that the abuse

contact is there, and works.







Today

AFRINIC is paying for the cost of the

abuse handling because only a tiny

fraction of the members has the abuse

contacts in place.







If

the contacts in the RIR database aren’t

actual and accurate, this is a clear

violation of the RSA. So what is

unacceptable is not having the contacts,

not on the other way around.







Abuse

is not defined by the RIRs, everybody

knows it and this is the reason why NONE

of the RIRs have re-defined it, because it

is already stated in RFC2142. Can you

justify why AFRINIC is different and need

a definition?







How

you define it in the networks that you

operate?









Regards,



Jordi



@jordipalet





















El 17/9/20

10:49, "Lamiaa Chnayti" <lamiaachnayti at gmail.com>

escribió:





























Hello,







I

will have to agree with Lucilla on what

she said and would like to add to it

that :



Firstly, Abuse

enforcement is out of scope for RIRs.



Secondly, RIRs

have no ability to define what is

“abuse”, one abuse or even criminal

activity could be entirely a legal

operation in a different jurisdiction.



Finally, making

a member forcefully reply to abuse

contact Emails are a waste of resources

and totally pointless, it is entirely up

to the member to define what they think

is acceptable in their network operation

and how they react to it. AFRINIC has no

mandate to force any member to reply to

an “abuse”, since AFRINIC doesn’t even

have the ability to identify what is

considered an abuse.



Therefore the

entire policy is out of scope for the

RIR operation.







Regards,







Lamiaa











































Le jeu. 17

sept. 2020 à 07:42, JORDI PALET MARTINEZ

via RPD <rpd at afrinic.net>

a écrit :











Hi Lucilla,







Today we already have

mnt-IRT, and everybody who operate

networks understand what it is an

abuse. If you operate networks you

know that *anything* which

is a non-authorized use of a

network is an abuse.







If you send spam,

attack networks, try to intrude

networks, etc., all those are

abuse.







What the policy ask

is to make sure that in AFRINIC

everybody has an abuse contact

(today we have mnt-IRT, but is not

mandatory, and as a results many

African networks are filtered

because lack of that – and

consequently they do not respond

to abuse cases -, which exist in

all the other regions of the

world).









Not having an abuse

means more chances of legal

actions, more cost, for both the

victims and the ISPs. Having

that means that you have more

chances to resolve it in

goodfaith.







One of the *most

important* Afrinic

missions is to have accuracy on

the database, which includes

accuracy on the contacts. We are

not fulfilling that in this

situation.







Remember that *all*

the other RIRs have already this

kind of policy. This one is like

the one that has been

implemented in APNIC, and the

accuracy of the contacts is now

87.5% as reported this month in

the last APNIC meeting. In that

report *none* of the

members indicated any of the

issues that you indicated

(didn't happened as well in the

other regions).







You know who is

interested in not having abuse

contacts? Those that use their

networks for doing abuse

(hijacking, spam, DoS,

intrusions, etc.).







Can you explain if

the network that you operate has

an abuse contact an how if one

of your customes is trying to

penetrate my network or do a

DoS, I will be able to contact

you and if you will do anything

or just ignore it?







Regards,



Jordi



@jordipalet





















El

17/9/20 2:21, "lucilla fornaro"

<lucillafornarosawamoto at gmail.com>

escribió:





















Dear

all,















I

have some concerns about the

“Abuse Contact Policy”.







First

of all, it does not offer a

specific and regulated

description of the term

“abuse” and this opens the

door to potentially bigger

problems: a surplus of

reports, discrimination/legal

issues, and a waste of

resources. Around the world,

we can perceive what abuse is

in very different ways.















Afrinic

is not entitled to force

members to report abuses and

most importantly, this

proposal does not represent

Afrinic’s purpose.















I,

therefore, oppose this policy.























Thank

you,















Lucilla









_______________________________________________

RPD mailing list RPD at afrinic.net https://lists.afrinic.net/mailman/listinfo/rpd








**********************************************


IPv4 is over


Are you ready for the new Internet ?


http://www.theipv6company.com


The IPv6 Company





This electronic message contains

information which may be privileged or

confidential. The information is

intended to be for the exclusive use

of the individual(s) named above and

further non-explicilty authorized

disclosure, copying, distribution or

use of the contents of this

information, even if partially,

including attached files, is strictly

prohibited and will be considered a

criminal offense. If you are not the

intended recipient be aware that any

disclosure, copying, distribution or

use of the contents of this

information, even if partially,

including attached files, is strictly

prohibited, will be considered a

criminal offense, so you must reply to

the original sender to inform about

this communication and delete it.





_______________________________________________


RPD mailing list


RPD at afrinic.net


https://lists.afrinic.net/mailman/listinfo/rpd












**********************************************





IPv4 is over





Are you ready for the new Internet ?





http://www.theipv6company.com





The IPv6 Company











This electronic message contains information

which may be privileged or confidential. The

information is intended to be for the

exclusive use of the individual(s) named above

and further non-explicilty authorized

disclosure, copying, distribution or use of

the contents of this information, even if

partially, including attached files, is

strictly prohibited and will be considered a

criminal offense. If you are not the intended

recipient be aware that any disclosure,

copying, distribution or use of the contents

of this information, even if partially,

including attached files, is strictly

prohibited, will be considered a criminal

offense, so you must reply to the original

sender to inform about this communication and

delete it.















_______________________________________________





RPD mailing list





RPD at afrinic.net





https://lists.afrinic.net/mailman/listinfo/rpd

























Le jeu.

17 sept. 2020 à 15:49, JORDI PALET MARTINEZ via

RPD <rpd at afrinic.net>

a écrit :











Hi

Lamiaa,







I’ve

said this already. This policy doesn’t

enforce abuse, it enforces that the abuse

contact is there, and works.







Today

AFRINIC is paying for the cost of the abuse

handling because only a tiny fraction of the

members has the abuse contacts in place.







If the

contacts in the RIR database aren’t actual

and accurate, this is a clear violation of

the RSA. So what is unacceptable is not

having the contacts, not on the other way

around.







Abuse is

not defined by the RIRs, everybody knows it

and this is the reason why NONE of the RIRs

have re-defined it, because it is already

stated in RFC2142. Can you justify why

AFRINIC is different and need a definition?







How you

define it in the networks that you operate?









Regards,



Jordi



@jordipalet





















El 17/9/20

10:49, "Lamiaa Chnayti" <lamiaachnayti at gmail.com>

escribió:





























Hello,







I

will have to agree with Lucilla on what

she said and would like to add to it that


:




Firstly, Abuse

enforcement is out of scope for RIRs.



Secondly, RIRs

have no ability to define what is “abuse”,

one abuse or even criminal activity could

be entirely a legal operation in a

different jurisdiction.



Finally, making

a member forcefully reply to abuse contact

Emails are a waste of resources and

totally pointless, it is entirely up to

the member to define what they think is

acceptable in their network operation and

how they react to it. AFRINIC has no

mandate to force any member to reply to an

“abuse”, since AFRINIC doesn’t even have

the ability to identify what is considered

an abuse.



Therefore the

entire policy is out of scope for the RIR

operation.







Regards,







Lamiaa











































Le jeu. 17

sept. 2020 à 07:42, JORDI PALET MARTINEZ

via RPD <rpd at afrinic.net>

a écrit :











Hi

Lucilla,







Today

we already have mnt-IRT, and

everybody who operate networks

understand what it is an abuse. If

you operate networks you know that *anything*

which is a non-authorized use of a

network is an abuse.







If

you send spam, attack networks, try

to intrude networks, etc., all those

are abuse.







What

the policy ask is to make sure that

in AFRINIC everybody has an abuse

contact (today we have mnt-IRT, but

is not mandatory, and as a results

many African networks are filtered

because lack of that – and

consequently they do not respond to

abuse cases -, which exist in all

the other regions of the world).









Not having an abuse

means more chances of legal

actions, more cost, for both the

victims and the ISPs. Having that

means that you have more chances

to resolve it in goodfaith.







One of the *most

important* Afrinic missions

is to have accuracy on the

database, which includes accuracy

on the contacts. We are not

fulfilling that in this situation.







Remember that *all*

the other RIRs have already this

kind of policy. This one is like

the one that has been implemented

in APNIC, and the accuracy of the

contacts is now 87.5% as reported

this month in the last APNIC

meeting. In that report *none*

of the members indicated any of

the issues that you indicated

(didn't happened as well in the

other regions).







You know who is

interested in not having abuse

contacts? Those that use their

networks for doing abuse

(hijacking, spam, DoS, intrusions,

etc.).







Can you explain if

the network that you operate has

an abuse contact an how if one of

your customes is trying to

penetrate my network or do a DoS,

I will be able to contact you and

if you will do anything or just

ignore it?







Regards,



Jordi



@jordipalet





















El

17/9/20 2:21, "lucilla fornaro"

<lucillafornarosawamoto at gmail.com>

escribió:





















Dear

all,















I

have some concerns about the

“Abuse Contact Policy”.







First

of all, it does not offer a

specific and regulated

description of the term “abuse”

and this opens the door to

potentially bigger problems: a

surplus of reports,

discrimination/legal issues, and

a waste of resources. Around the

world, we can perceive what

abuse is in very different ways.















Afrinic

is not entitled to force members

to report abuses and most

importantly, this proposal does

not represent Afrinic’s purpose.















I,

therefore, oppose this policy.























Thank

you,















Lucilla









_______________________________________________

RPD mailing list RPD at afrinic.net

https://lists.afrinic.net/mailman/listinfo/rpd








**********************************************


IPv4 is over


Are you ready for the new Internet ?


http://www.theipv6company.com


The IPv6 Company





This electronic message contains

information which may be privileged or

confidential. The information is

intended to be for the exclusive use of

the individual(s) named above and

further non-explicilty authorized

disclosure, copying, distribution or use

of the contents of this information,

even if partially, including attached

files, is strictly prohibited and will

be considered a criminal offense. If you

are not the intended recipient be aware

that any disclosure, copying,

distribution or use of the contents of

this information, even if partially,

including attached files, is strictly

prohibited, will be considered a

criminal offense, so you must reply to

the original sender to inform about this

communication and delete it.





_______________________________________________


RPD mailing list


RPD at afrinic.net


https://lists.afrinic.net/mailman/listinfo/rpd












**********************************************








IPv4 is over








Are you ready for the new Internet ?








http://www.theipv6company.com








The IPv6 Company

















This electronic message contains information

which may be privileged or confidential. The

information is intended to be for the exclusive

use of the individual(s) named above and further

non-explicilty authorized disclosure, copying,

distribution or use of the contents of this

information, even if partially, including

attached files, is strictly prohibited and will

be considered a criminal offense. If you are not

the intended recipient be aware that any

disclosure, copying, distribution or use of the

contents of this information, even if partially,

including attached files, is strictly

prohibited, will be considered a criminal

offense, so you must reply to the original

sender to inform about this communication and

delete it.
























_______________________________________________





RPD mailing list





RPD at afrinic.net





https://lists.afrinic.net/mailman/listinfo/rpd









--

















Lamiaa

CHNAYTI






























**********************************************


IPv4 is over


Are you ready for the new Internet ?


http://www.theipv6company.com


The IPv6 Company





This electronic message contains information which may be

privileged or confidential. The information is intended to

be for the exclusive use of the individual(s) named above

and further non-explicilty authorized disclosure, copying,

distribution or use of the contents of this information,

even if partially, including attached files, is strictly

prohibited and will be considered a criminal offense. If you

are not the intended recipient be aware that any disclosure,

copying, distribution or use of the contents of this

information, even if partially, including attached files, is

strictly prohibited, will be considered a criminal offense,

so you must reply to the original sender to inform about

this communication and delete it.







_______________________________________________


RPD mailing list


RPD at afrinic.net


https://lists.afrinic.net/mailman/listinfo/rpd










_______________________________________________

RPD mailing list

RPD at afrinic.net

https://lists.afrinic.net/mailman/listinfo/rpd








_______________________________________________

RPD mailing list

RPD at afrinic.net

https://lists.afrinic.net/mailman/listinfo/rpd

--

Lamiaa CHNAYTI



_______________________________________________ RPD mailing list RPD at afrinic.net https://lists.afrinic.net/mailman/listinfo/rpd



**********************************************
IPv4 is over
Are you ready for the new Internet ?
http://www.theipv6company.com
The IPv6 Company

This electronic message contains information which may be privileged or confidential. The information is intended to be for the exclusive use of the individual(s) named above and further non-explicilty authorized disclosure, copying, distribution or use of the contents of this information, even if partially, including attached files, is strictly prohibited and will be considered a criminal offense. If you are not the intended recipient be aware that any disclosure, copying, distribution or use of the contents of this information, even if partially, including attached files, is strictly prohibited, will be considered a criminal offense, so you must reply to the original sender to inform about this communication and delete it.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.afrinic.net/pipermail/rpd/attachments/20200921/38d79b2f/attachment-0001.html>


More information about the RPD mailing list