You are here: Home > Participate > Policy Development > Policy Proposals > Validation of "abuse-mailbox"

You're looking at an older or unpublished version: 1

How to read this draft document:

This document relates to the policy proposal 2019-04, “Validation of "abuse-mailbox"”. If approved, it will modify ripe-705, “Abuse Contact Management in the RIPE Database”.
To show you how the new document would be different to the old one, we have highlighted any new text or changes to the existing text.

We indicate changes to existing text in the document like this:


The text from the current policy document that will be replaced is displayed here.

The proposed text change will be displayed here.



This policy originated from the work of the Abuse Contact Management Task Force. The task force examined the collection and maintenance of resource registration information in the RIPE Database, including potential areas for improvement and alternative approaches.

This policy introduces a new contact attribute named "abuse-c:”, that can be included in inetnuminet6num and aut-num objects.



1.0 Abuse Contact Information

2.0 Attribution

2.0 About the "abuse-mailbox"
3.0 Objectives of "abuse-mailbox" validation
4.0 Validation of “abuse-mailbox"
5.0 Escalation to the RIPE NCC
6.0 Attribution


1.0 Abuse Contact Information

The "abuse-c:" will reference a role object holding abuse contact information. The positioning of the “abuse-c:” attributes will make use of the hierarchical nature of the resource data to minimize the workload on resource holders. Internet number resources need to have an “abuse-c:” attribute.

The “abuse-c:” will be mandatory for all aut-nums.

Due the hierarchical nature of IP address objects, at least every direct allocated inetnum and inet6num needs to have an “abuse-c:”. Inherited objects might have their own “abuse-c:” attribute or they will be covered by the higher level objects.

The role objects used for abuse contact information will be required to contain a single “abuse-mailbox:” attribute which is intended for receiving automatic and manual reports about abusive behavior originating in the resource holders' networks.

The “abuse-mailbox:” attribute must be available in an unrestricted way via whois, APIs and future techniques.

The RIPE NCC will validate the “abuse-mailbox:” attribute at least annually. Where the attribute is deemed incorrect, it will follow up in compliance with relevant RIPE Policies and RIPE NCC procedures. 

As per current practice, other "e-mail:" attributes can be included for any other purposes.

2.0 Attribution

The RIPE NCC will validate the “abuse-mailbox:” attribute at least every six months, as per the procedure stated in this policy. Where the attribute is deemed incorrect, it will follow up in compliance with relevant RIPE Policies and RIPE NCC procedures.

As per current practice, other "e-mail:" attributes can be included for any other purposes.

2.0 About the "abuse-mailbox"

Emails sent to "abuse-mailbox" require manual intervention by the recipient at some point, and may not be filtered, because in certain cases this might prevent receiving abuse reports, for example in a spam case where the abuse report could include the spam message itself or URLs or content usually classified as spam.

The "abuse-mailbox" may initially send an automatic reply, for example assigning a ticket number, applying classification procedures, requesting further information, etc. However, it should not require that the abuse reporter fills a form, as this would imply that each entity that needs to report an abuse case (a task that is typically automated) would be forced to develop a specific interface for each resource holder in the world that mandates filling forms. That scenario would be neither feasible nor logical, as it would place the cost of processing the abuse on those who submit the claim and are therefore victims of the abuse, instead of being paid for by those whose clients cause the abuse (and from whom they obtain income).

By way of information, it is worth noting that it is reasonable to expect that the abuse reporting procedure sends, with the initial abuse report, the logs, a copy of the spam message (attaching an example of the spam email or its full headers), or equivalent evidence (depending on the abuse type). Likewise, it is reasonable to expect that the initial auto-reply email could specify that the claim will not be processed unless such evidence has been submitted, thus allowing the sender an opportunity to repeat the submission and include relevant evidence. This allows automatic reporting, for example, via fail2ban, SpamCop or others, keeping costs at a minimum for both parties involved. Commonly, if a ticket number has been generated, it should be kept (typically as part of the subject) through successive communications.


3.0 Objectives of "abuse-mailbox" validation

The procedure, which will be developed by the RIPE NCC, must meet the following objectives:

  1. A simple process that guarantees its functionality and allows the helpdesks that deal with abuse reports to verify that validation requests actually come from the RIPE NCC and not from third parties (which might involve security risks), avoiding, for example, a single "direct" URL for validation.

  2. Avoid exclusively automated processing.

  3. Confirm that the person performing the validation understands the procedure and the policy, that they regularly monitor the "abuse-mailbox", that measures are taken, and that the abuse report receives a response.

  4. Validation period of no longer than 15 days.

  5. If validation fails, escalate to the LIR and set a new validation period not to exceed 15 days.

The “initial” and “escalation” validation periods may be modified by the RIPE NCC, if deemed appropriate, informing the community about the motivation. For example, it could be longer for the first validation, once this policy is implemented, and shortened afterwards once the percentage of failures decreases, so the quality of the contacts increases and consequently a decrease in the average abuse response times could be expected.


4.0 Validation of "abuse-mailbox"

The RIPE NCC will validate compliance with the items above, both when the "abuse-c:" and/or "abuse-mailbox:" attributes are created or updated, as well as periodically, not less than once every six months, and whenever RIPE NCC sees fit.

Lack of compliance will lead to a more exhaustive follow-up, in accordance with the relevant RIPE NCC policies, procedures or contractual requirements.

The frequency of the periodic validation could be modified if the RIPE NCC deems this appropriate and informs the community of its reasons. For example, a single validation could be done in the first year, to facilitate adherence to the policy, and then the number of annual validations could progressively increase, reaching even quarterly ones, with the aim of improving the quality of the contacts.


5.0 Escalation to the RIPE NCC

Fraudulent behaviour (for example, an "abuse-mailbox" that only replies to the RIPE NCC's emails or to messages with a specific subject or content), or failure to comply with the remaining aspects of this policy (incorrect or lack of response to cases of abuse) can be reported to the RIPE NCC for a re-validation as per section 4.0.


6.0 Attribution

This document is developed by the RIPE community.

The following people actively contributed by making proposals through the RIPE Policy Development Process:

Tobias Knecht


Get Involved

The Anti-Abuse Working Group is open to anyone with an interest in combating network abuse. Areas such as cybersquatting and hosting illegal content are beyond the scope of the WG. The WG advises relevant parties such as Internet service providers (ISPs), governments and law enforcement agencies on both technical and non-technical methods of tackling abuse. This mailing list was previously the “anti-spam-wg”, the archives of which are still publicly available on the RIPE NCC website. To post a message to the list, send an email to [email protected] Please note that only subscribers can post messages.

RIPE Forum

The RIPE Forum is an additional way to participate in RIPE community mailing list discussions using a web-based interface rather than an email client.

Check out the forum

Please contact if you need more information.

Stay up to date!

Follow @PDO_RIPE_NCC on Twitter.