[anti-abuse-wg] [policy-announce] 2017-02 Review Phase (Regular abuse-c Validation)
- Previous message (by thread): [anti-abuse-wg] [policy-announce] 2017-02 Review Phase (Regular abuse-c Validation)
- Next message (by thread): [anti-abuse-wg] [policy-announce] 2017-02 Review Phase (Regular abuse-c Validation)
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Andreas Worbs
anw at artfiles.de
Fri Jan 19 10:23:27 CET 2018
I support the proposal in general and i also think a human interaction of the resource holder is required. Am 19.01.18 um 09:52 schrieb Thomas Hungenberg: > I second Jordi's opinion that validation of the abuse-mailbox should require > human interaction of the resource holder. In addition to solving a captcha > the resource holder might need to confirm (click a checkbox) that he will > monitor the abuse-mailbox account on a regular basis and take appropriate > action to solve reported abuse cases. > > > - Thomas > > CERT-Bund Incident Response & Malware Analysis Team > > > On 18.01.2018 19:44, JORDI PALET MARTINEZ via anti-abuse-wg wrote: >> I fully agree with this proposal and should be implemented ASAP. >> >> HOWEVER, I’ve a question regarding the impact analysis, and specially this sentence: >> >> “To increase efficiency, this process will use an automated solution that will allow the validation of “abuse-mailbox:” attributes without sending an email. No action will be needed by resource holders that have configured their “abuse-mailbox:” attribute correctly.” >> >> Reading the policy proposal, how the NCC concludes that it should be “without sending an email”? >> >> I will say that the right way to do a validation (at creation/modification and yearly) is, in a way that makes sense (having an email that nobody is processing is exactly the same as not having the abuse attribute at all): >> 1) Send an email with a link that must be clicked by a human (so some kind of captcha-like mechanism should be followed) >> 2) If this link is not clicked in a period of 48 hours (not including Saturday-Sunday), an alarm should be generated so the NCC can take the relevant actions and make sure that the mailbox is actively monitored by the LIR >> >> Regards, >> Jordi > -- Mit freundlichem Gruß Artfiles New Media GmbH Andreas Worbs Artfiles New Media GmbH | Zirkusweg 1 | 20359 Hamburg Tel: 040 - 32 02 72 90 | Fax: 040 - 32 02 72 95 E-Mail: support at artfiles.de | Web: http://www.artfiles.de Geschäftsführer: Harald Oltmanns | Tim Evers Eingetragen im Handelsregister Hamburg - HRB 81478 -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 522 bytes Desc: OpenPGP digital signature URL: <https://lists.ripe.net/ripe/mail/archives/anti-abuse-wg/attachments/20180119/7f7ff937/attachment.sig>
- Previous message (by thread): [anti-abuse-wg] [policy-announce] 2017-02 Review Phase (Regular abuse-c Validation)
- Next message (by thread): [anti-abuse-wg] [policy-announce] 2017-02 Review Phase (Regular abuse-c Validation)
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]