Search RPD Archives
Limit search to: Subject & Body Subject Author
Sort by:

[rpd] Abuse Contact Policy

Fernando Frediani fhfrediani at gmail.com
Tue Sep 22 15:53:39 UTC 2020


The RIR's community defines the rules under which resources are
distributed to members and must be used. It also defines the conditions
these resources may be revoked. Example: there are RIRs that stipulates
you must use most of the resources within the region.

The resources once allocated don't belong to the organization. If it
uses it against the current rules defined by community they may be revoked.
And the community may understand those who decide to constantly use
these resources to damage other business and the internet as a whole may
have their resources revoked too.

Let's leave the political correctness behind of 'unlimited freedoom'
once organizations receive their allocations they may do whatever they
like with it without any ever possible sanctions.
IP space is intended to make the internet a great place and to get
people connected to it, so there must be bounds for that and rules the
apply.

One of which is what this proposal intends: any organization must have a
valid email address and be reachable by the RIR whenever needed.

Fernando

On 22/09/2020 12:19, Chloe Kung wrote:

>

> Hi Fernando,

>

> It is not in RIR's position to judge who is bad netizen,  it is up to

> networks to judge for themselves, they can block the entire network

> that behave badly from their point of view if they want, but not have

> AFRINIC to tell them that, and that is exactly what Lamiaa trying to

> say here, I think she is right, you are very mixed up.

>

> Best,

>

> Chloe

>

> *From: *Fernando Frediani <fhfrediani at gmail.com>

> *Date: *Tuesday, September 22, 2020 at 19:48

> *To: *"rpd at afrinic.net" <rpd at afrinic.net>

> *Subject: *Re: [rpd] Abuse Contact Policy

>

> Every day I get surprised with the amount of effort people put into

> not making something instead of making something that works for a

> collaborative place that must be the Internet.

>

> AfriNic PDP defines the rules resources are registered in its whois

> database and it may wish to choose not to register anymore bad

> netizens which may be using the resources it received from the RIR in

> a bad manner making the Internet a worst place.

>

> Fernando

>

> On 22/09/2020 08:29, Jaco Kroon wrote:

>

> Hi Lamiaa,

>

> On 2020/09/22 10:32, Lamiaa Chnayti wrote:

>

> Hello again Jordi,

>

> Of course I can choose NOT TO REPLY, this is my network, and I

> decide how I want to run it. Everyday I ignore tons of

> e-mailsand they go to a folder called spam, and it is entirely

> up to me to decide IN MY NETWORK what I consider spam. I think

> you fundamentally mix up the concept of "management of IP

> address registration" with "management of network". AFRINIC

> only has a mandate to manage registration of IP numbers, it

> does not have the

>

> No.  I suspect Jordi knows a fair amount of the difference.  More

> so than most.

>

> capacity or mandate to manage networks. And once you get that,

> you will also understand why your dashboard

>

> Nobody is asking Afrinic to manage any networks.  We're asking

> them to help those of that want to be good netizens to enable us

> to do that, by ensuring that contact can be made with other

> networks for the purposes of resolving abuse related problems.  My

> experience says that usually these disputes are between customers

> of ISPs but they insist that the ISPs should do something about

> it.  So short of me dropping your entire set of prefixes, I'd

> prefer to be able to make contact with you in order to look for a

> resolution. Personally, I'm not worried about screaming insults

> and the like, those or nitty gritty issues people should sort out

> themselves, but what happens if a customer of yours is actively

> trying to hack on of mine?  Or the other way around?  Would you

> prefer we all just drop each other's routes and never actually

> resolve anything?

>

> policy, your hijacking as policy violation, your

> over-intrusive management clause in abuse-c get pushed back

> very hard in RIPE. Hands off my network, as Randy Bush

> famously said.

>

> I am sorry, in my opinion you're out of line here, that is

> bordering on a personal attack on Jordi, we're all trying to make

> this Internet a better place.  As is Jordi.  Whilst I do not agree

> with him on everything, what is it to you have a single email

> address that people can mail you on? Honestly, nobody said you're

> not allowed to filter spam on that.  Again, you choose what is

> spam and not.  We're asking you to be responsible.  Basically by

> saying you refuse to publish an abuse contact you're effectively

> being an elitist stating that your network is so perfect that

> there is no reason anyone would ever need to contact you in an

> attempt to resolve a (probably) legitimate issue.

>

> My response to that would be:  So why should I route your

> traffic?  Why shouldn't I just outright reject all your prefixes?

>

> By enabling networks to contact each other via an abuse contact it

> enables all of us to communicate better, towards sorting out real

> issues.  If you don't want to be part of the solution, my personal

> opinion is that you should not form part of the internet.  My

> opinion is that by making abuse related contact more reliable

> we're improving the overall networking landscape.  You're still

> welcome to ignore contact you don't consider legitimate.  But know

> that that leaves us few options if you do ignore a legitimate issues.

>

>

> And why on earth does a network have to give AFRINIC their

> confidential data? Networks have already showedtechnical need

> during the application process and done correct registration

> of their numbers, and they are done with AFRINIC from this

> point on. How they manage a network is entirely out of the

> scope of AFRINIC.

>

> No one is asking for confidential data.  We're asking for a

> contact where we can make contact with you in a case where of my

> customers and one of yours have issues with each other, in order

> to get problems / issues / disputes / whatever resolved amicably

> instead of via lawyers, so by all means, if you prefer me first

> suing Afrinic for your contact details, and then suing you for

> damages + costs ... guess we can go that route too.

>

> Alternatively I can file abuse complaints against you with your

> transit providers and if they agree with me, it's not just one or

> two of your customers that's going to face difficulty, it's going

> to be all of them.

>

> Either way, with an attitude like yours I'm fairly certain not

> many people will think twice about dropping your prefixes.

>

> As for my perspective, it is really simple, for the good of

> the internet and for the future of this region, we are not

> making policies for individual networks, but rather policies

> impacting billions of people's internet access, and it needs

> to be abundantly clear on what we can do and what is not for

> us to decide. Yes, you are right, all networks should be run

> responsively,  just like all your neighbors  shouldn't play

> loud music after 10pm, but that doesn't mean you can force

> your local church to arrest them and ban them from Sunday

> service. Same with abuse, if a network is running abusively,

> police will find them and shut them down--again, not AFRINIC's

> business.

>

> Yes, you're right.  This policy is for improving the internet for

> billions of people, by enabling networks to contact each other to

> resolve abuse related issues such that the internet can remain an

> open and friendly place by eliminating the problems.  An abuse

> contact allows us to achieve exactly that.  Without it, no one is

> going to contact you regarding individual customers of yours,

> enabling you to take action against your individual customers, or

> to work with your customers to resolve problems, they're going to

> track down your transit providers, and they're going to get your

> entire network isolated and de-routed.  You leave them no other

> choices.

>

> Kind Regards,

> Jaco

>

> Le lun. 21 sept. 2020 à 15:42, JORDI PALET MARTINEZ via RPD

> <rpd at afrinic.net <mailto:rpd at afrinic.net>> a écrit :

>

> Hi Lamiaa,

>

> Internet is about cooperation, I don’t think you can

> choose “not to reply”. You can choose “not to consider it

> an abuse”, but not reply at all, in my opinion, will be

> against the correct management of the resources, which

> you’re bound as an AFRINIC member. You can choose to no

> reply to victims if they insist in something that you told

> them is not an abuse, that’s fine, but you must reply to

> AFRINIC for the validation of any data, whois, etc.

>

> Regarding how you run your network, I’m trying to

> understand your perspective, that’s it.

>

> Regards,

>

> Jordi

>

> @jordipalet

>

> El 21/9/20 14:46, "Lamiaa Chnayti"

> <lamiaachnayti at gmail.com <mailto:lamiaachnayti at gmail.com>>

> escribió:

>

> Hey Jordi,

>

> You keep mixing up two very simple concepts, it is ok for

> AFRINIC to include abuse-c as part of whois registration,

> just like admin-c or tech-c. But IT IS ENTIRELY absurd to

> have AFRINIC to verify how members reply to their Email,

> even down to the subject line. It is entirely the

> network's right to choose NOT to reply to that "victim

> ISP" at all because it doesn't think this is an abuse.

>

> And again you keep asking about my personal network and

> how I run it, and which is entirely irrelevant to this

> policy discussion. You can not disqualify people by

> disallowing anyone not running a network in this list, so

> what is your point? People discussing here who are running

> networks or not are none of anyone's business and is not

> relevant to the discussion of this policy.

>

> Regards,

>

> Lamiaa

>

> Le lun. 21 sept. 2020 à 10:00, JORDI PALET MARTINEZ via

> RPD <rpd at afrinic.net <mailto:rpd at afrinic.net>> a écrit :

>

> Hi Lamiaa,

>

> 8.3 and 8.4 are making sure that you respond to an

> abuse case, **not** that you **recognize** it as an

> abuse. It is your choice to tell the “victim ISP”,

> look for me this is not an abuse, so I will not do

> anything about it.

>

> AFRINIC can’t verify this automatically, because it

> doesn’t make sense that AFRINIC is “sending” fake

> abuse reports to see if they get a response.

>

> AFRINIC can only send an email for the validation of

> the mailbox. It is an existing mailbox? I’m getting a

> response (for example, have they, once I send the

> validation email, clicked the link or went into

> MyAfrinic to input the validation code?).

>

> 8.4 also states the timing for the validation.

>

> 8.5 is the validation itself, so I guess, according to

> your response, that you’re ok with this specific

> point. If we don’t have it, AFRINIC can’t do a

> periodic validation.

>

> 8.6. is making sure that you don’t try to fake the

> validation. For instance, you could respond only to

> AFRINIC validations and then discard all the other

> emails. If we don’t have that, the policy may become

> useless. Note also that in fact, if you follow the

> RSA, **anyone** could escalate **any** lack of CPM

> compliance. So this is making sure that the policy

> text is honest and transparent.

>

> Or do you prefer to be filtered because you don’t respond?

>

> Clearly this proposal is not asking AFRINIC to be a

> police. Is only making sure that the parties **can

> talk**. Again: AFRINIC will not be involved in “how

> you handle the case”, but I least you should be able

> to be contacted and respond.

>

> See this example:

>

> If AK or Moses customers are sending me spam, or

> trying to intrude my network, and they have abuse

> contacts, I will be able to complain to them. Then we

> have two cases:

>

> 1. Moses responds to me and say “you’re right, this is

> against our AUP” (is irrelevant what the law in Moses

> country say, it is the contract with customers what

> says what is allowed or not). Let’s fix it. I will

> warn the customer, and if they don’t stop, we will

> filter their email port, or even cancel the contract

> (just examples, only Moses can decide what they do).

>

> 2. AK instead doesn’t care, or the mailbox is full or

> bouncing emails or respond “sorry in our network we

> allow that”. Then I can take my own decision, filter

> only that IP address, or the complete AK network. I

> can even see if this is allowed in his country and

> take legal actions (which usually you don’t do because

> is costly and more of the regulations don’t know

> “anything” about abuse or even Internet!).

>

> AFRINIC will not take any measure if AK decides that

> is not an abuse. It is our problem not AFRINIC

> problem. However, if the email is bouncing, AFRINIC

> will revalidate the abuse-c and make sure that it works.

>

> Is like a phone book. You have there the phones and

> they must be correct, or you need to update them every

> “n” months. The phone book doesn’t tell the purpose of

> each phone. If you don’t want to accept calls related

> to “ordering pizzas”, you tell the caller “this number

> is not for that”, but at least you must pick up the

> phone otherwise, you don’t know if it is somebody

> calling by error or someone that you really want to

> talk. And this is true for **every** whois contact.

>

> Can you let us know how do you handle it in the

> networks that you operate?

>

> Regards,

>

> Jordi

>

> @jordipalet

>

> El 21/9/20 10:00, "Lamiaa Chnayti"

> <lamiaachnayti at gmail.com

> <mailto:lamiaachnayti at gmail.com>> escribió:

>

> Hi Fernando,

>

> I think you are very confused. I never said I have a

> problem with people completing their registration.

> Keep registration---having an abuse contact Email in

> the whois, just like tech contact or admin contact--I

> am perfectly fine with it, and I think the current

> policy achieves 99% it, if you want to add this

> contact as mandatory field I am fine with it as well.

>

>  But the problem of this policy in 8.3-8.6, is that it

> requires AFRINIC to monitor the members HOW to manage

> their abuse mailbox down to the subject line,  and

> that is out of the scope of AFRINIC, just read my last

> email with logic in mind and you will understand. I

> suggest this policy should be very simple,  adding one

> line to the current policy-- abuse contact is

> mandatory, and it's done, everything else should be

> deleted.

>

> And again, you are trying to use AFRINIC for something

> that is not in its scope, how someone manages their

> mailbox is not in the scope of AFRINIC, it is like you

> go to your local church to ask them to arrest your

> neighbour who plays loud music at night when you

> should go to police instead. Same thing for someone

> running an abusive network, as many already stated, it

> is up to a local Jury to decide if it is simply at an

> annoying level or a criminal offense, but either way

> please do go to your local police to report it.

>

> As for the internet, we never tell you how to

> behave--you are entirely at your rights in the

> internet to behave abusively, but it is also entirely

> in everyone's rights to block you, that's how

> de-centralizing works, no central governing, everyone

> plays nice because that's the only way for everyone

> else to play with you, and this policy here asks

> AFRINIC to act like a central government even down to

> manage people's mailbox's subject line and that is way

> beyond what internet meant to be.

>

> Regards,

>

> Lamiaa

>

> Le dim. 20 sept. 2020 à 23:42, Fernando Frediani

> <fhfrediani at gmail.com <mailto:fhfrediani at gmail.com>> a

> écrit :

>

>

>

>

>

>

>

>

> On 19/09/2020 13:19, Lamiaa Chnayti wrote:

>

>

> <clip>

>

>

>

> How is it in the scope of AFRINIC to decide

> how I manage my abuse mailbox? If I want to

> reply only to a specific subject line of my

> abuse box, it is entirely in my right to do.

> Even if I don't want to reply at the abuse

> mailbox at all, that is my right to do so and

> if I think no action in my network would be

> considered abuse (although unlikely), but it

> is still from  the internet community point of

> view, entirely in my right to do so. You might

> choose to block me as a network, but that is

> also your right.

>

> The reason internet is called INTER-NET is

> because of its decentralized nature, you have

> to play nice for others to play with you, but

> this community never forces anyone to play

> nice, it is not in the scope of AFRINIC to

> decide how members reply to their abuse

> mailbox, so if 8.3,8.4, 8.5 and 8.6 are

> deleted in its entirety, I might consider

> supporting it. Also Jordi, I feel you always

> have this central management type of thinking,

> and that is so not internet.

>

>

>

> It is not in the scope of any RIR how anyone

> manage people's

>

> mailboxes.

>

>

> Nobody exists alone in the Internet. If an

> organization

>

> hypothetically doesn't care at all and refuses to

> respond to abuse

>

> emails it probably should re-think its existence

> in the Internet

>

> business.

>

> The Internet is what is among many reasons because

> of the

>

> cooperation among its organizations, and there are

> certain rules

>

> that are agreed cooperatively and must be observed

> by everyone

>

> willing remain on it, otherwise it may in many

> cases cause serious

>

> damage to those willing to operate in serious

> manner and keep it a

>

> healthy place to most people who depend on it.

>

> This forum is about setting rules on how

> registration information

>

> about resources are kept and it may be of the wish

> of the

>

> community to refuse keep registration for those

> who repetitively

>

> abuse of their individual rights.

>

> Fernando

>

> Regards,

>

> Lamiaa

>

>

>

> Le ven. 18 sept. 2020 à 09:23,

>

> JORDI PALET MARTINEZ via RPD <rpd at afrinic.net

> <mailto:rpd at afrinic.net>> a écrit :

>

> Hi Lamiaa,

>

> I don’t agree. Internet doesn't depend on

>

> any jurisdiction; abuse is about what I

> (the victim

>

> operator) consider abuse. The RFC is clear

> about that,

>

> in short “Inappropriate public behaviour”

> (is a

>

> mailbox so to be able to contact in case

> there is a

>

> possible inappropriate behaviour in the public

>

> Internet). If you want a clearer

> definition, abuse is

>

> **anything** that I don’t want to accept in my

>

> network because is in any way damaging it.

>

> If I don’t want to accept a DoS, or spam,

>

> or phising, DMCA, or whatever, this is

> abuse **for

>

> me**. I’ve the right to tell you because that

>

> abuse is coming from your network. If you

> believe that

>

> is not abuse (and here is your

> jurisdiction in some

>

> cases, in other just doesn’t exist, but it

> may be also

>

> your “business” decision – like operators

> that don’t

>

> care if their customers do spam or intrusion

>

> attempts), you’ve the right to tell me

> “sorry, this is

>

> not abuse for us”, and then I’ve the right

> to decide

>

> if I should filter your network based on your

>

> response.

>

> Not having an abuse contact, means that

>

> I’m not able to contact you, so we can’t

> talk, we

>

> can’t investigate or agree if it is an

> abuse or not,

>

> so you (the offender operator) don’t have

> the chance

>

> to decide about it! Is bad for you, is bad

> for me. In

>

> those cases, my best choice is to filter

> you. This

>

> create problems for your customers and my

> customers.

>

> We can’t depend on jurisdictions, because

>

> then the policy will need to consider

> inter-relations

>

> among every possible “pairs” of country

> worlds, and we

>

> will need to update the policy based on any

>

> jurisdiction change. The policy is not

> about that, is

>

> about having a valid responsible contact,

> not about

>

> deciding what is an abuse, which is among

> the two

>

> parties.

>

> Tell me what is different from AFRINIC

>

> than the rest of the world, because none

> of the RIRs

>

> have defined abuse in their policies. I

> even don’t

>

> recall that having appeared in the

> discussions!

>

> If

>

> you want, I’m happy to change the title of the

>

> proposal to “supposed abuse contact”, that

> may be

>

> clearing your point?

>

> Again,

>

> this is not about defining what is abuse,

> this is

>

> among the parties. It is about making sure

> that

>

> there is a valid responsible contact in

> case of

>

> anyone needs to report what he considers

> an abuse.

>

> AFRINIC will not punish anyone that

> believes that

>

> his customer is not doing an abuse because

> in his

>

> country is not an abuse.

>

> Regards,

>

> Jordi

>

> @jordipalet

>

> El

>

> 18/9/20 9:59, "Lamiaa Chnayti"

> <lamiaachnayti at gmail.com

> <mailto:lamiaachnayti at gmail.com>>

>

> escribió:

>

> Hello

>

> Jordi,

>

> RFC2142

>

> only defines a tiny portion of the network

> abuse. In

>

> real world operation, abuse consists of a

>  much

>

> boarder range : DMCA(copy rights) claims,

>

> unsolicited emails , phishing  websites ,

> trade mark

>

> disputes etc.

>

> All

>

> those are legal issues that vary vastly across

>

> different juridictions in which no one but

> each of

>

> the juridiction’s judges can decide if it

> is an

>

> abuse or an illegal activity. Claiming

> that RFC2142

>

> defines not even 1% of real world abuse is

>

> laughable.

>

> Regards,

>

> Lamiaa

>

> Le jeu.

>

> 17 sept. 2020 à 15:51, JORDI PALET

> MARTINEZ via

>

> RPD <rpd at afrinic.net <mailto:rpd at afrinic.net>>

>

> a écrit :

>

> Hi

>

> Lamiaa,

>

> I’ve

>

> said this already. This policy doesn’t

>

> enforce abuse, it enforces that the abuse

>

> contact is there, and works.

>

> Today

>

> AFRINIC is paying for the cost of the

>

> abuse handling because only a tiny

>

> fraction of the members has the abuse

>

> contacts in place.

>

> If

>

> the contacts in the RIR database aren’t

>

> actual and accurate, this is a clear

>

> violation of the RSA. So what is

>

> unacceptable is not having the contacts,

>

> not on the other way around.

>

> Abuse

>

> is not defined by the RIRs, everybody

>

> knows it and this is the reason why NONE

>

> of the RIRs have re-defined it, because it

>

> is already stated in RFC2142. Can you

>

> justify why AFRINIC is different and need

>

> a definition?

>

> How

>

> you define it in the networks that you

>

> operate?

>

> Regards,

>

> Jordi

>

> @jordipalet

>

> El 17/9/20

>

> 10:49, "Lamiaa Chnayti"

> <lamiaachnayti at gmail.com

> <mailto:lamiaachnayti at gmail.com>>

>

> escribió:

>

> Hello,

>

> I

>

> will have to agree with Lucilla on what

>

> she said and would like to add to it

>

> that :

>

> Firstly, Abuse

>

> enforcement is out of scope for RIRs.

>

> Secondly, RIRs

>

> have no ability to define what is

>

> “abuse”, one abuse or even criminal

>

> activity could be entirely a legal

>

> operation in a different jurisdiction.

>

> Finally, making

>

> a member forcefully reply to abuse

>

> contact Emails are a waste of resources

>

> and totally pointless, it is entirely up

>

> to the member to define what they think

>

> is acceptable in their network operation

>

> and how they react to it. AFRINIC has no

>

> mandate to force any member to reply to

>

> an “abuse”, since AFRINIC doesn’t even

>

> have the ability to identify what is

>

> considered an abuse.

>

> Therefore the

>

> entire policy is out of scope for the

>

> RIR operation.

>

> Regards,

>

> Lamiaa

>

> Le jeu. 17

>

> sept. 2020 à 07:42, JORDI PALET MARTINEZ

>

> via RPD <rpd at afrinic.net

> <mailto:rpd at afrinic.net>>

>

> a écrit :

>

> Hi Lucilla,

>

> Today we already have

>

> mnt-IRT, and everybody who operate

>

> networks understand what it is an

>

> abuse. If you operate networks you

>

> know that **anything** which

>

> is a non-authorized use of a

>

> network is an abuse.

>

> If you send spam,

>

> attack networks, try to intrude

>

> networks, etc., all those are

>

> abuse.

>

> What the policy ask

>

> is to make sure that in AFRINIC

>

> everybody has an abuse contact

>

> (today we have mnt-IRT, but is not

>

> mandatory, and as a results many

>

> African networks are filtered

>

> because lack of that – and

>

> consequently they do not respond

>

> to abuse cases -, which exist in

>

> all the other regions of the

>

> world).

>

> Not having an abuse

>

> means more chances of legal

>

> actions, more cost, for both the

>

> victims and the ISPs. Having

>

> that means that you have more

>

> chances to resolve it in

>

> goodfaith.

>

> One of the **most

>

> important** Afrinic

>

> missions is to have accuracy on

>

> the database, which includes

>

> accuracy on the contacts. We are

>

> not fulfilling that in this

>

> situation.

>

> Remember that **all**

>

> the other RIRs have already this

>

> kind of policy. This one is like

>

> the one that has been

>

> implemented in APNIC, and the

>

> accuracy of the contacts is now

>

> 87.5% as reported this month in

>

> the last APNIC meeting. In that

>

> report **none** of the

>

> members indicated any of the

>

> issues that you indicated

>

> (didn't happened as well in the

>

> other regions).

>

> You know who is

>

> interested in not having abuse

>

> contacts? Those that use their

>

> networks for doing abuse

>

> (hijacking, spam, DoS,

>

> intrusions, etc.).

>

> Can you explain if

>

> the network that you operate has

>

> an abuse contact an how if one

>

> of your customes is trying to

>

> penetrate my network or do a

>

> DoS, I will be able to contact

>

> you and if you will do anything

>

> or just ignore it?

>

> Regards,

>

> Jordi

>

> @jordipalet

>

> El

>

> 17/9/20 2:21, "lucilla fornaro"

>

> <lucillafornarosawamoto at gmail.com

> <mailto:lucillafornarosawamoto at gmail.com>>

>

> escribió:

>

> Dear

>

> all,

>

> I

>

> have some concerns about the

>

> “Abuse Contact Policy”.

>

> First

>

> of all, it does not offer a

>

> specific and regulated

>

> description of the term

>

> “abuse”  and this opens the

>

> door to potentially bigger

>

> problems: a surplus of

>

> reports, discrimination/legal

>

> issues, and a waste of

>

> resources. Around the world,

>

> we can perceive what abuse is

>

> in very different ways.

>

> Afrinic

>

> is not entitled to force

>

> members to report abuses and

>

> most importantly, this

>

> proposal does not represent

>

> Afrinic’s purpose.

>

> I,

>

> therefore, oppose this policy.

>

> Thank

>

> you,

>

> Lucilla

>

> _______________________________________________

>

> RPD mailing list RPD at afrinic.net

> <mailto:RPD at afrinic.net>

> https://lists.afrinic.net/mailman/listinfo/rpd

> <https://lists.afrinic.net/mailman/listinfo/rpd>

>

>

>

>

> **********************************************

>

>

> IPv4 is over

>

>

> Are you ready for the new Internet ?

>

>

> http://www.theipv6company.com

> <http://www.theipv6company.com/>

>

>

> The IPv6 Company

>

>

>

>

>

> This electronic message contains

>

> information which may be privileged or

>

> confidential. The information is

>

> intended to be for the exclusive use

>

> of the individual(s) named above and

>

> further non-explicilty authorized

>

> disclosure, copying, distribution or

>

> use of the contents of this

>

> information, even if partially,

>

> including attached files, is strictly

>

> prohibited and will be considered a

>

> criminal offense. If you are not the

>

> intended recipient be aware that any

>

> disclosure, copying, distribution or

>

> use of the contents of this

>

> information, even if partially,

>

> including attached files, is strictly

>

> prohibited, will be considered a

>

> criminal offense, so you must reply to

>

> the original sender to inform about

>

> this communication and delete it.

>

> _______________________________________________

>

>

> RPD mailing list

>

>

> RPD at afrinic.net

> <mailto:RPD at afrinic.net>

>

>

> https://lists.afrinic.net/mailman/listinfo/rpd

> <https://lists.afrinic.net/mailman/listinfo/rpd>

>

>

>

>

> **********************************************

>

>

>

>

>

> IPv4 is over

>

>

>

>

>

> Are you ready for the new Internet ?

>

>

>

>

>

> http://www.theipv6company.com

> <http://www.theipv6company.com/>

>

>

>

>

>

> The IPv6 Company

>

>

>

>

>

>

>

>

>

>

>

> This electronic message contains

> information

>

> which may be privileged or

> confidential. The

>

> information is intended to be for the

>

> exclusive use of the individual(s)

> named above

>

> and further non-explicilty authorized

>

> disclosure, copying, distribution or

> use of

>

> the contents of this information, even if

>

> partially, including attached files, is

>

> strictly prohibited and will be

> considered a

>

> criminal offense. If you are not the

> intended

>

> recipient be aware that any disclosure,

>

> copying, distribution or use of the

> contents

>

> of this information, even if partially,

>

> including attached files, is strictly

>

> prohibited, will be considered a criminal

>

> offense, so you must reply to the original

>

> sender to inform about this

> communication and

>

> delete it.

>

>

>

>

>

>

>

>

> _______________________________________________

>

>

>

>

>

> RPD mailing list

>

>

>

>

>

> RPD at afrinic.net <mailto:RPD at afrinic.net>

>

>

>

>

>

> https://lists.afrinic.net/mailman/listinfo/rpd

> <https://lists.afrinic.net/mailman/listinfo/rpd>

>

> Le jeu.

>

> 17 sept. 2020 à 15:49, JORDI PALET

> MARTINEZ via

>

> RPD <rpd at afrinic.net <mailto:rpd at afrinic.net>>

>

> a écrit :

>

> Hi

>

> Lamiaa,

>

> I’ve

>

> said this already. This policy doesn’t

>

> enforce abuse, it enforces that the abuse

>

> contact is there, and works.

>

> Today

>

> AFRINIC is paying for the cost of the

> abuse

>

> handling because only a tiny fraction

> of the

>

> members has the abuse contacts in place.

>

> If the

>

> contacts in the RIR database aren’t actual

>

> and accurate, this is a clear violation of

>

> the RSA. So what is unacceptable is not

>

> having the contacts, not on the other way

>

> around.

>

> Abuse is

>

> not defined by the RIRs, everybody

> knows it

>

> and this is the reason why NONE of the

> RIRs

>

> have re-defined it, because it is already

>

> stated in RFC2142. Can you justify why

>

> AFRINIC is different and need a

> definition?

>

> How you

>

> define it in the networks that you

> operate?

>

> Regards,

>

> Jordi

>

> @jordipalet

>

> El 17/9/20

>

> 10:49, "Lamiaa Chnayti"

> <lamiaachnayti at gmail.com

> <mailto:lamiaachnayti at gmail.com>>

>

> escribió:

>

> Hello,

>

> I

>

> will have to agree with Lucilla on what

>

> she said and would like to add to it that

>

> :

>

> Firstly, Abuse

>

> enforcement is out of scope for RIRs.

>

> Secondly, RIRs

>

> have no ability to define what is “abuse”,

>

> one abuse or even criminal activity could

>

> be entirely a legal operation in a

>

> different jurisdiction.

>

> Finally, making

>

> a member forcefully reply to abuse contact

>

> Emails are a waste of resources and

>

> totally pointless, it is entirely up to

>

> the member to define what they think is

>

> acceptable in their network operation and

>

> how they react to it. AFRINIC has no

>

> mandate to force any member to reply to an

>

> “abuse”, since AFRINIC doesn’t even have

>

> the ability to identify what is considered

>

> an abuse.

>

> Therefore the

>

> entire policy is out of scope for the RIR

>

> operation.

>

> Regards,

>

> Lamiaa

>

> Le jeu. 17

>

> sept. 2020 à 07:42, JORDI PALET MARTINEZ

>

> via RPD <rpd at afrinic.net

> <mailto:rpd at afrinic.net>>

>

> a écrit :

>

> Hi

>

> Lucilla,

>

> Today

>

> we already have mnt-IRT, and

>

> everybody who operate networks

>

> understand what it is an abuse. If

>

> you operate networks you know that

> **anything**

>

> which is a non-authorized use of a

>

> network is an abuse.

>

> If

>

> you send spam, attack networks, try

>

> to intrude networks, etc., all those

>

> are abuse.

>

> What

>

> the policy ask is to make sure that

>

> in AFRINIC everybody has an abuse

>

> contact (today we have mnt-IRT, but

>

> is not mandatory, and as a results

>

> many African networks are filtered

>

> because lack of that – and

>

> consequently they do not respond to

>

> abuse cases -, which exist in all

>

> the other regions of the world).

>

> Not having an abuse

>

> means more chances of legal

>

> actions, more cost, for both the

>

> victims and the ISPs. Having that

>

> means that you have more chances

>

> to resolve it in goodfaith.

>

> One of the **most

>

> important** Afrinic missions

>

> is to have accuracy on the

>

> database, which includes accuracy

>

> on the contacts. We are not

>

> fulfilling that in this situation.

>

> Remember that **all**

>

> the other RIRs have already this

>

> kind of policy. This one is like

>

> the one that has been implemented

>

> in APNIC, and the accuracy of the

>

> contacts is now 87.5% as reported

>

> this month in the last APNIC

>

> meeting. In that report **none**

>

> of the members indicated any of

>

> the issues that you indicated

>

> (didn't happened as well in the

>

> other regions).

>

> You know who is

>

> interested in not having abuse

>

> contacts? Those that use their

>

> networks for doing abuse

>

> (hijacking, spam, DoS, intrusions,

>

> etc.).

>

> Can you explain if

>

> the network that you operate has

>

> an abuse contact an how if one of

>

> your customes is trying to

>

> penetrate my network or do a DoS,

>

> I will be able to contact you and

>

> if you will do anything or just

>

> ignore it?

>

> Regards,

>

> Jordi

>

> @jordipalet

>

> El

>

> 17/9/20 2:21, "lucilla fornaro"

>

> <lucillafornarosawamoto at gmail.com

> <mailto:lucillafornarosawamoto at gmail.com>>

>

> escribió:

>

> Dear

>

> all,

>

> I

>

> have some concerns about the

>

> “Abuse Contact Policy”.

>

> First

>

> of all, it does not offer a

>

> specific and regulated

>

> description of the term “abuse”

>

>  and this opens the door to

>

> potentially bigger problems: a

>

> surplus of reports,

>

> discrimination/legal issues, and

>

> a waste of resources. Around the

>

> world, we can perceive what

>

> abuse is in very different ways.

>

> Afrinic

>

> is not entitled to force members

>

> to report abuses and most

>

> importantly, this proposal does

>

> not represent Afrinic’s purpose.

>

> I,

>

> therefore, oppose this policy.

>

> Thank

>

> you,

>

> Lucilla

>

> _______________________________________________

>

> RPD mailing list RPD at afrinic.net

> <mailto:RPD at afrinic.net>

>

> https://lists.afrinic.net/mailman/listinfo/rpd

> <https://lists.afrinic.net/mailman/listinfo/rpd>

>

>

>

>

> **********************************************

>

>

> IPv4 is over

>

>

> Are you ready for the new Internet ?

>

>

> http://www.theipv6company.com

> <http://www.theipv6company.com>

>

>

> The IPv6 Company

>

>

>

>

>

> This electronic message contains

>

> information which may be privileged or

>

> confidential. The information is

>

> intended to be for the exclusive

> use of

>

> the individual(s) named above and

>

> further non-explicilty authorized

>

> disclosure, copying, distribution

> or use

>

> of the contents of this information,

>

> even if partially, including attached

>

> files, is strictly prohibited and will

>

> be considered a criminal offense.

> If you

>

> are not the intended recipient be

> aware

>

> that any disclosure, copying,

>

> distribution or use of the contents of

>

> this information, even if partially,

>

> including attached files, is strictly

>

> prohibited, will be considered a

>

> criminal offense, so you must reply to

>

> the original sender to inform

> about this

>

> communication and delete it.

>

> _______________________________________________

>

>

> RPD mailing list

>

>

> RPD at afrinic.net

> <mailto:RPD at afrinic.net>

>

>

> https://lists.afrinic.net/mailman/listinfo/rpd

> <https://lists.afrinic.net/mailman/listinfo/rpd>

>

>

>

>

> **********************************************

>

>

>

>

>

>

>

>

> IPv4 is over

>

>

>

>

>

>

>

>

> Are you ready for the new Internet ?

>

>

>

>

>

>

>

>

> http://www.theipv6company.com

> <http://www.theipv6company.com>

>

>

>

>

>

>

>

>

> The IPv6 Company

>

>

>

>

>

>

>

>

>

>

>

>

>

>

>

>

>

> This electronic message contains

> information

>

> which may be privileged or

> confidential. The

>

> information is intended to be for the

> exclusive

>

> use of the individual(s) named above

> and further

>

> non-explicilty authorized disclosure,

> copying,

>

> distribution or use of the contents of

> this

>

> information, even if partially, including

>

> attached files, is strictly prohibited

> and will

>

> be considered a criminal offense. If

> you are not

>

> the intended recipient be aware that any

>

> disclosure, copying, distribution or

> use of the

>

> contents of this information, even if

> partially,

>

> including attached files, is strictly

>

> prohibited, will be considered a criminal

>

> offense, so you must reply to the original

>

> sender to inform about this

> communication and

>

> delete it.

>

>

>

>

>

>

>

>

>

>

>

>

>

>

>

>

>

> _______________________________________________

>

>

>

>

>

> RPD mailing list

>

>

>

>

>

> RPD at afrinic.net <mailto:RPD at afrinic.net>

>

>

>

>

>

> https://lists.afrinic.net/mailman/listinfo/rpd

> <https://lists.afrinic.net/mailman/listinfo/rpd>

>

> --

>

> Lamiaa

>

> CHNAYTI

>

>

>

>

>

>

> **********************************************

>

>

> IPv4 is over

>

>

> Are you ready for the new Internet ?

>

>

> http://www.theipv6company.com

> <http://www.theipv6company.com>

>

>

> The IPv6 Company

>

>

>

>

>

> This electronic message contains

> information which may be

>

> privileged or confidential. The

> information is intended to

>

> be for the exclusive use of the

> individual(s) named above

>

> and further non-explicilty authorized

> disclosure, copying,

>

> distribution or use of the contents of

> this information,

>

> even if partially, including attached

> files, is strictly

>

> prohibited and will be considered a

> criminal offense. If you

>

> are not the intended recipient be aware

> that any disclosure,

>

> copying, distribution or use of the

> contents of this

>

> information, even if partially, including

> attached files, is

>

> strictly prohibited, will be considered a

> criminal offense,

>

> so you must reply to the original sender

> to inform about

>

> this communication and delete it.

>

>

>

>

> _______________________________________________

>

>

> RPD mailing list

>

>

> RPD at afrinic.net <mailto:RPD at afrinic.net>

>

>

> https://lists.afrinic.net/mailman/listinfo/rpd

> <https://lists.afrinic.net/mailman/listinfo/rpd>

>

>

>

>

>

> _______________________________________________

>

> RPD mailing list

>

> RPD at afrinic.net <mailto:RPD at afrinic.net>

>

> https://lists.afrinic.net/mailman/listinfo/rpd

> <https://lists.afrinic.net/mailman/listinfo/rpd>

>

>

>

>

>

> _______________________________________________

>

> RPD mailing list

>

> RPD at afrinic.net <mailto:RPD at afrinic.net>

>

> https://lists.afrinic.net/mailman/listinfo/rpd

> <https://lists.afrinic.net/mailman/listinfo/rpd>

>

> --

>

> Lamiaa CHNAYTI

>

> _______________________________________________ RPD

> mailing list RPD at afrinic.net <mailto:RPD at afrinic.net>

> https://lists.afrinic.net/mailman/listinfo/rpd

> <https://lists.afrinic.net/mailman/listinfo/rpd>

>

>

> **********************************************

> IPv4 is over

> Are you ready for the new Internet ?

> http://www.theipv6company.com

> <http://www.theipv6company.com>

> The IPv6 Company

>

> This electronic message contains information which may

> be privileged or confidential. The information is

> intended to be for the exclusive use of the

> individual(s) named above and further non-explicilty

> authorized disclosure, copying, distribution or use of

> the contents of this information, even if partially,

> including attached files, is strictly prohibited and

> will be considered a criminal offense. If you are not

> the intended recipient be aware that any disclosure,

> copying, distribution or use of the contents of this

> information, even if partially, including attached

> files, is strictly prohibited, will be considered a

> criminal offense, so you must reply to the original

> sender to inform about this communication and delete it.

>

> _______________________________________________

> RPD mailing list

> RPD at afrinic.net <mailto:RPD at afrinic.net>

> https://lists.afrinic.net/mailman/listinfo/rpd

> <https://lists.afrinic.net/mailman/listinfo/rpd>

>

>

> **********************************************

> IPv4 is over

> Are you ready for the new Internet ?

> http://www.theipv6company.com <http://www.theipv6company.com>

> The IPv6 Company

>

> This electronic message contains information which may be

> privileged or confidential. The information is intended to

> be for the exclusive use of the individual(s) named above

> and further non-explicilty authorized disclosure, copying,

> distribution or use of the contents of this information,

> even if partially, including attached files, is strictly

> prohibited and will be considered a criminal offense. If

> you are not the intended recipient be aware that any

> disclosure, copying, distribution or use of the contents

> of this information, even if partially, including attached

> files, is strictly prohibited, will be considered a

> criminal offense, so you must reply to the original sender

> to inform about this communication and delete it.

>

> _______________________________________________

> RPD mailing list

> RPD at afrinic.net <mailto:RPD at afrinic.net>

> https://lists.afrinic.net/mailman/listinfo/rpd

> <https://lists.afrinic.net/mailman/listinfo/rpd>

>

>

>

> _______________________________________________

>

> RPD mailing list

>

> RPD at afrinic.net <mailto:RPD at afrinic.net>

>

> https://lists.afrinic.net/mailman/listinfo/rpd <https://lists.afrinic.net/mailman/listinfo/rpd>

>

>

>

> _______________________________________________

>

> RPD mailing list

>

> RPD at afrinic.net <mailto:RPD at afrinic.net>

>

> https://lists.afrinic.net/mailman/listinfo/rpd <https://lists.afrinic.net/mailman/listinfo/rpd>

>

>

> _______________________________________________

> RPD mailing list

> RPD at afrinic.net

> https://lists.afrinic.net/mailman/listinfo/rpd

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.afrinic.net/pipermail/rpd/attachments/20200922/18c25686/attachment-0001.html>


More information about the RPD mailing list