[anti-abuse-wg] [policy-announce] 2017-02 Review Phase (Regular abuse-c Validation)
- Previous message (by thread): [anti-abuse-wg] [policy-announce] 2017-02 Review Phase (Regular abuse-c Validation)
- Next message (by thread): [anti-abuse-wg] [policy-announce] 2017-02 Review Phase (Regular abuse-c Validation)
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Thomas Hungenberg
th at cert-bund.de
Fri Jan 19 09:52:41 CET 2018
I second Jordi's opinion that validation of the abuse-mailbox should require human interaction of the resource holder. In addition to solving a captcha the resource holder might need to confirm (click a checkbox) that he will monitor the abuse-mailbox account on a regular basis and take appropriate action to solve reported abuse cases. - Thomas CERT-Bund Incident Response & Malware Analysis Team On 18.01.2018 19:44, JORDI PALET MARTINEZ via anti-abuse-wg wrote: > I fully agree with this proposal and should be implemented ASAP. > > HOWEVER, I’ve a question regarding the impact analysis, and specially this sentence: > > “To increase efficiency, this process will use an automated solution that will allow the validation of “abuse-mailbox:” attributes without sending an email. No action will be needed by resource holders that have configured their “abuse-mailbox:” attribute correctly.” > > Reading the policy proposal, how the NCC concludes that it should be “without sending an email”? > > I will say that the right way to do a validation (at creation/modification and yearly) is, in a way that makes sense (having an email that nobody is processing is exactly the same as not having the abuse attribute at all): > 1) Send an email with a link that must be clicked by a human (so some kind of captcha-like mechanism should be followed) > 2) If this link is not clicked in a period of 48 hours (not including Saturday-Sunday), an alarm should be generated so the NCC can take the relevant actions and make sure that the mailbox is actively monitored by the LIR > > Regards, > Jordi
- Previous message (by thread): [anti-abuse-wg] [policy-announce] 2017-02 Review Phase (Regular abuse-c Validation)
- Next message (by thread): [anti-abuse-wg] [policy-announce] 2017-02 Review Phase (Regular abuse-c Validation)
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]