[anti-abuse-wg] *** Re: [policy-announce] 2017-02 Review Phase (Regular abuse-c Validation)
- Previous message (by thread): [anti-abuse-wg] [policy-announce] 2017-02 Review Phase (Regular abuse-c Validation)
- Next message (by thread): [anti-abuse-wg] [policy-announce] 2017-02 Review Phase (Regular abuse-c Validation)
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
ox
andre at ox.co.za
Wed Jan 24 08:22:58 CET 2018
IF receive complaints from public about abuse-c non functional THEN do additional verification On Tue, 23 Jan 2018 23:45:39 -0700 "Name" <phishing at storey.xxx> wrote: > IF email is from = "validation at RIPE.NET" THEN deliver email, > ELSE, delete/auto-respond/jump through hoops. > > -------- Original Message -------- > Subject: Re: [anti-abuse-wg] [policy-announce] 2017-02 Review Phase > (Regular abuse-c Validation) > From: ox <andre at ox.co.za> > Date: Wed, January 24, 2018 4:43 pm > To: Brian Nisbet <brian.nisbet at heanet.ie> > Cc: anti-abuse-wg at ripe.net > > On Tue, 23 Jan 2018 14:45:13 +0000 > Brian Nisbet <brian.nisbet at heanet.ie> wrote: > > > Just to be very clear, the current proposal is only in relation to > > verification. > > > > If the community wish for other processes to be put in place in > > regards to lack of action on abuse or similar, then that would > > require a wholly different proposal. > > > As Marco Schmidt explained regarding exactly this, "verification" : > > > An SMTP RCPT command, as Nick mentioned, will likely be one of > > several checks that we perform. These checks will identify that the > > syntax and format of the email address is okay, the domain accepts > > email, and that the mailbox itself exists. We aim for the results > > to be as accurate as possible. > > This is simply not good enough for abuse-c as the core of having a > real abuse-c is that it is monitored/real/functional and not just > an email address created with an autoresponder. > > this goes to the core of the real world problem. > > many resource holders create a valid email address and then link an > autoresponder to that saying: > > thank you for your very valuable abuse notification! Please visit our > website link to submit a report > > then on the "website/link" > create an account for this singular complaint > verify that account (jump through many hoops) > then verify the actual complaint > then confirm your details and information > etc etc > > so many many hoops - all designed to waste time and to reduce actually > receiving any abuse notifications. > > Sure, RIPE cannot tell resource users how to handle abuse reports or > complaints > > BUT > > RIPE can ensure at least that having a resource record means > something? otherwise it is pointless even having an abuse-c - as it > means nothing. > > so, why have an abuse-c at all? > > the point is: verification, if done in this manner: > > send an alphanumeric key to be entered on website after solving a > capcha > > proves that the abuse-c is real/monitored/etc. - and not a useless > bot/autoresponder or nonsensical resource record. > > Andre > >
- Previous message (by thread): [anti-abuse-wg] [policy-announce] 2017-02 Review Phase (Regular abuse-c Validation)
- Next message (by thread): [anti-abuse-wg] [policy-announce] 2017-02 Review Phase (Regular abuse-c Validation)
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]