You are here: Home > Participate > Policy Development > Policy Proposals > Validation of "abuse-mailbox"

Validation of "abuse-mailbox"

Summary of Proposal:

The current policy, “Abuse Contact Management in the RIPE Database” does not sufficiently validate the actual availability of the abuse-mailbox. It provides a technical validation that the mailbox/server exists – but not whether if it accepts new messages or even if it is monitored.

As a result, some resource holders (LIRs and End Users) might not keep this contact information up-to-date or might use a non-responsive or fake mailbox. In practice, this contact becomes ineffective to report abuse and generally gives rise to security issues and costs for the victims.

The RIPE NCC impact analysis of 2017-02, which turned into ripe-705, already recognised that false negatives and false positives are possible, and that there is a need to avoid them.

This proposal aims to solve this problem by ensuring the existence of a proper abuse-c contact and establishing a process for its utilisation. 

Policy Text:

a. Current Policy Text (ripe-705)

1.0 Abuse Contact Information

The "abuse-c:" will reference a role object holding abuse contact information. The positioning of the “abuse-c:” attributes will make use of the hierarchical nature of the resource data to minimize the workload on resource holders. Internet number resources need to have an “abuse-c:” attribute. 

The “abuse-c:” will be mandatory for all aut-nums.

Due the hierarchical nature of IP address objects, at least every direct allocated inetnum and inet6num needs to have an “abuse-c:”. Inherited objects might have their own “abuse-c:” attribute or they will be covered by the higher level objects.

The role objects used for abuse contact information will be required to contain a single “abuse-mailbox:” attribute which is intended for receiving automatic and manual reports about abusive behavior originating in the resource holders' networks.

The “abuse-mailbox:” attribute must be available in an unrestricted way via whois, APIs and future techniques. 

The RIPE NCC will validate the “abuse-mailbox:” attribute at least annually. Where the attribute is deemed incorrect, it will follow up in compliance with relevant RIPE Policies and RIPE NCC procedures.

As per current practice, other "e-mail:" attributes can be included for any other purposes.

b. New Policy Text

1.0 Abuse Contact Information

The "abuse-c:" will reference a role object holding abuse contact information. The positioning of the “abuse-c:” attributes will make use of the hierarchical nature of the resource data to minimise the workload on resource holders. Internet number resources need to have an “abuse-c:” attribute. 

The “abuse-c:” will be mandatory for all aut-nums.

Due the hierarchical nature of IP address objects, at least every direct allocated inetnum and inet6num needs to have an “abuse-c:”. Inherited objects might have their own “abuse-c:” attribute or they will be covered by the higher-level objects.

The role objects used for abuse contact information will be required to contain a single “abuse-mailbox:” attribute, which must receive messages, either for automatic (e.g. X-ARF/RFC5965/RFC6650) or manual reports about abusive behaviour originating in the resource holders' networks and must not force the sender to use a form.

The “abuse-mailbox:” attribute must be available in an unrestricted way via whois, APIs and future techniques.

The RIPE NCC will validate if the “abuse-mailbox:” attribute is present and can receive messages at least every six months*. If the validation fails, the RIPE NCC will follow-up in compliance with the relevant RIPE Policies and RIPE NCC procedures.

This validation process will not check how the abuse cases are processed. The community should escalate/report back to the RIPE NCC, so anonymised statistics can be collected and periodically published.

As per current practice, other "e-mail:" attributes can be included for any other purposes.

*The RIPE NCC may change the validation period depending on the level of accuracy of the contacts. For example, switching from a six-month to one-year period once contact accuracy has improved.

Additional information:

It should be clear that the policy intent is not to look into how the abuse mailbox is monitored or how abuse cases are handled.

However, the community should report any situation to the RIPE NCC, which can provide (anonymous) periodical statistics to the community, which can take further decisions about that.

Rationale:

a. Arguments Supporting the Proposal

The Internet community is based on collaboration. However, in many cases this is not enough, and we need to be able to contact resource holders (LIRs or End Users) who may be experiencing a problem in their networks and are unaware of the situation.

This proposal solves this problem by means of a simple, periodical verification, and establishes basic rules for performing such verification. It thus avoids unnecessary costs to third parties who need to contact the persons responsible for solving abuse from a specific network.

The proposal guarantees that the cost of processing the abuse report falls on the resource holder responsible (or its customers, from whom they receive financial compensation for the service), instead of falling on the victim, as would be the case if they had to resort to a legal claim. This avoids costs in terms of investigations (and lawyers, solicitors, etc.) and saves time for both parties.

Having an equivalent policy in different regions has the advantage of improving the overall response to abuse cases, reduces the cost for handling them, and facilitates the work of all people involved in the operation of the Internet. 

b. Arguments Opposing the Proposal 

RIPE NCC members have to verify and update (if required) their abuse-c objects periodically. 

References:

A similar proposal has been accepted in APNIC (already implemented) and LACNIC. It is under discussion in AFRINIC. ARIN has a similar policy.

Get Involved

The Anti-Abuse Working Group is open to anyone with an interest in combating network abuse. Areas such as cybersquatting and hosting illegal content are beyond the scope of the WG. The WG advises relevant parties such as Internet service providers (ISPs), governments and law enforcement agencies on both technical and non-technical methods of tackling abuse. This mailing list was previously the “anti-spam-wg”, the archives of which are still publicly available on the RIPE NCC website. To post a message to the list, send an email to anti-abuse-wg@ripe.net. Please note that only subscribers can post messages.

RIPE Forum

The RIPE Forum is an additional way to participate in RIPE community mailing list discussions using a web-based interface rather than an email client.

Check out the forum

Please contact if you need more information.

Stay up to date!

Follow @PDO_RIPE_NCC on Twitter.