[anti-abuse-wg] "abuse-c:" - a question....with no answers?
- Previous message (by thread): [anti-abuse-wg] "abuse-c:" - a question....with no answers?
- Next message (by thread): [anti-abuse-wg] "abuse-c:" - a question....with no answers?
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Daniel Stolpe
stolpe at resilans.se
Thu Mar 30 16:10:50 CEST 2017
Hi Denis, Maybe som kind of "abuse-org" would do the trick. I.e. the default abuse contact goes via the normal "org" attribute, but if there exists an "abuse-org" you can put different contact details there. Just a plain email address might become a little bit too anonymous. Cheers, Daniel On Wed, 29 Mar 2017, denis walker wrote: > Colleagues > > A couple of weeks ago I asked the question below. No one has yet responded. We need to resolve the issues around "abuse-c:", which means we must make some software > changes. In order to make the right changes we need your feedback. If "abuse-c:" is nothing more than an email address tagged on to a resource then the changes can be > very simple. The working group chairs can't make these decisions. We need your input and direction... > > I understand that this issue has been talked about so many times over several years...with no solution. This time we are determined to take some action. Whilst > nothing is ever final, lets make this the last discussion on "abuse-c:" for a while. > > cheers > denis > co-chair DB-WG > > > ______________________________________________________________________________________________________________________________________________________________________ > From: "ripedenis at yahoo.co.uk" <ripedenis at yahoo.co.uk> > To: "anti-abuse-wg at ripe.net" <anti-abuse-wg at ripe.net> > Sent: Thursday, 16 March 2017, 18:14 > Subject: "abuse-c:" - a question.... > > Colleagues > > I would like to ask the community a question that looks at a wider picture than the "abuse-c:" attribute itself. Depending on how people react to this question, it > may impact the chosen path to solving the issue with documenting abuse contact details in the RIPE Database. > > The current implementation for "abuse-c:" documents the default contact details for who handles abuse issues within an organisation that holds resources. If the email > address is invalid or there is no response to a complaint sent to that address it is clear who the organisation is and there are other contacts related to this > organisation. > > Sometimes a resource holder delegates some responsibility for the management of (one or more of) their resource(s) to another person/organisation. This may be just > the abuse handling. With the current database semantics it is not always possible to create a separate ORGANISATION object to document this responsibility. This issue > has been described as 'How to reference the email address for the abuse reports for this resource?'. > > The simple version of my question is 'Is it enough to only know the email address and an un-validated postal address for the abuse handler?'. An email address can be > 'anyone at anybody.com'. This tells you nothing about 'anyone' or 'anybody'. It is a one directional channel to throw something down that may end in a black hole. If > nothing happens, who was supposed to have this responsibility? Not everyone who uses this abuse contact information understands the RIPE Database structure, the > resource hierarchy or the contractual responsibilities of the related parties. They may have searched online for who to complain to, got this email address and got no > response. How do you take further action against an email address? > > What I am working round to is explaining why the "abuse-c:" was designed the way it is. Where responsibility for handling abuse was delegated to another party > (separate organisation or another internal department) we wanted to maintain a closely coupled link between the resource listing a contact and an organisation > responsible or accountable for abuse handling. As it turned out this created the need for repetitive data in some cases and not being able to record the right details > in some other cases. > > The simplest solution that has been discussed in the past is to allow the "abuse-c:" attribute in resource objects. This does create some resource and data management > issues. But these can be solved by providing resource managers with the right software tools. Now we get to the in depth version of my question. Do we need to > maintain that close coupling in the database between who is responsible or accountable for handling abuse for a resource and their correct and validated (by the > resource holder) contact details? > > If the answer to this question is a simple 'no' then we can easily add "abuse-c:" attributes anywhere pointing to an email address and provide the resource managers > with tools to maintain the data....job done. > > If the answer is anything other than a simple 'no' and we believe abuse information consumers without an in depth knowledge of the database or industry need to easily > understand 'who' claims to be behind an email address then we may need a more complex solution. > > I hope this makes sense and look forward to comments and questions. > > cheers > denis > co-chair DB-WG _________________________________________________________________________________ Daniel Stolpe Tel: 08 - 688 11 81 stolpe at resilans.se Resilans AB Fax: 08 - 55 00 21 63 http://www.resilans.se/ Box 45 094 556741-1193 104 30 Stockholm
- Previous message (by thread): [anti-abuse-wg] "abuse-c:" - a question....with no answers?
- Next message (by thread): [anti-abuse-wg] "abuse-c:" - a question....with no answers?
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]