Re: [anti-abuse-wg] 2019-03 New Policy Proposal (BGP Hijacking is a RIPE Policy Violation)

Gert Doering writes: > Hi, > > On Sun, Mar 31, 2019 at 01:54:42PM -0700, Ronald F. Guilmette wrote: > > To say that any such funds now being paid to RIPE are "tainted" would be a > > rather gross understatement. > > > > This is the elephant in the room that none of the opponents of 2019-03 > > w

Re: [anti-abuse-wg] 2019-03 New Policy Proposal (BGP Hijacking is a RIPE Policy Violation)

Let's use a less loaded analogy than a gun store :-) Suppose we are dealing with a logistics company that uses stolen lorries/trucks. May their use of stolen vehicles potentially affect their carrier license? Note that, even if after many months of processes the agreement with the rir was termin

Re: [anti-abuse-wg] Mysteries of the Internet: AS65000

Well, someone is announcing those prefixes as linked to AS65000. If he itself was using AS65000 internally with those prefixes, and that leaked to their public interface, it would be a false positive, but lacking some agreement between the receiver and their peer involving AS65000, imho those en

Re: [anti-abuse-wg] standard for abuse reporting (was: VoIP)

On 25-04-2019 16:45 +0200, JORDI PALET MARTINEZ wrote: > I will rather prefer an IETF standard for abuse reporting ... already thought > about starting it several times ... sooner or later I will write down > something, so may be some other people interested to co-author? > > Regards, > Jordi

Re: [anti-abuse-wg] 2019-04 New Policy Proposal (Validation of "abuse-mailbox")

Marco Schmidt writes: > Dear colleagues, > > A new RIPE Policy proposal, 2019-04, "Validation of "abuse-mailbox"", > is now available for discussion. > > This proposal aims to have the RIPE NCC validate "abuse-c:" > information more often, and introduces a new validation process that > requires

Re: [anti-abuse-wg] AI used for spam and abuse at Microsoft?

They have many minions working there, Andre. And it's not a work they require much study.(they probably input that into a tool that says Yes/No). If it wasn't blocked for your own mail, it may be due to mails sent from its neighbourhood. Reply to their ticket and insist. Cheers

Re: [anti-abuse-wg] Massive prefix theft in AFRINIC - attributed to an insider

Let me join Suresh in congratulating you, Ron. It is very hard to obtain meaningful results in this kind of affairs. Yet here, the hard-earned results have been impressive. Hats off. Best regards De: anti-abuse-wg [anti-abuse-wg-boun...@ripe.net] en nomb

Re: [anti-abuse-wg] working in new version of 2019-04 (Validation of "abuse-mailbox")

Well, I do see the value of an option (a magic email value?) meaning "this entity supports the use of its network for abusive purposes and will take no action on any abuse report". That would save time for everyone involved, and would allow to easily block those networks from accesing ours!

Re: [anti-abuse-wg] 2019-04 Discussion Phase (Validation of "abuse-mailbox")

Nick Hilliard wrote: > > and must not force the sender to use a form. > > It's not the job of the RIPE NCC to tell its members how to handle > abuse reports, and it is beyond inappropriate for this working group > to expect the RIPE NCC to withdraw numbering resources if member > organisations don

Re: [anti-abuse-wg] 2019-04 Discussion Phase (Validation of "abuse-mailbox")

Richard Clayton wrote: > >There will be an API for the system with an option for email notifications > >just > >like abuse complaints are received in email messages now, so there will be > >no > >overhead to your staff. Regarding the reporters - this overhead can protect > >from > >flood of a

Re: [anti-abuse-wg] 2019-04 Discussion Phase (Validation of "abuse-mailbox")

On 08-05-2020 20:17 +0200, Alessandro Vesely wrote: > On Fri 08/May/2020 13:28:10 +0200 JORDI PALET MARTINEZ wrote: > > Hi Alessandro, > > > > As I've indicated already several times (and not just in this > > discussion), all the RIRs have forms or other methods to escalate > > any issues. > > >

Re: [anti-abuse-wg] 2019-04 Discussion Phase (Validation of "abuse-mailbox")

El vie, 08-05-2020 a las 22:57 +0100, Nick Hilliard escribió: > > I'm happy if you believe that my wording > > is not good, and we agree on that goal, to find an alternative one. > > Any suggestion? > > Firstly, if you propose to collect stats about anything, you need to > think about what sort o

Re: [anti-abuse-wg] Spamming LIR accounts

I have been told both things. That company email accounts wouldn't fall on its scope (even if they contained the full name) and that such usage would be improperly treating PII. GDPR seems to mostly leave that part to Directive 2002/58/EC, which isn't completely clear: Article 13 Unsolicited c

Re: [anti-abuse-wg] 2019-04 Discussion Phase (Validation of "abuse-mailbox")

El mar, 12-05-2020 a las 22:21 +0200, JORDI PALET MARTINEZ via anti- abuse-wg escribió: > You misunderstood me. I'm not advocating de-registration of IP > resources. I > meant to remove just the abuse-c email address, since it does not > work. As an > alternative, as Àngel noted, the

Re: [anti-abuse-wg] 2019-04 Discussion Phase (Validation of "abuse-mailbox")

El mié, 13-05-2020 a las 15:11 +0200, Marco Schmidt escribió: > Hello Jordi, > > Allow me to respond as this is a more an operational topic. > > I agree with you that RIPE policies should provide the general > framework, while the RIPE NCC works out the best operational details > to > apply the

Re: [anti-abuse-wg] Report & Co-Chair's Decision on Proposal 2019-04

e about a service directly owned by Google. The extent and speed to which reports are actioned is of course unknown but they do take down abuse. Best regards -- TU AYUDA EN CIBERSEGURIDAD INSTITUTO NACIONAL DE CIBERSEGURIDAD SPANI

Re: [anti-abuse-wg] Question about spam to abuse inbox

Hello all First of all, I'm glad Cynthia opened this discussion, as it's a typical complaint for requiring abuse mailboxes. It's good to have a healthy discussion about that. With regards to the query itself, I do think it is acceptable to block the sending email. If after manual inspection those

Re: [anti-abuse-wg] On the abuse handling policy of manitu.net (AS34240)

JORDI PALET MARTINEZ writes: > Even worst ... > > You've read that, but automated systems will not do, just use the > abuse mailbox. > > Anyway, I think in general the information will get if an automated > abuse report is sent, will be not personal, but from an organization. > > In fact, if the

Re: [anti-abuse-wg] Anti-social assholes

First of all, can we please avoid insulting people here, particularly on email subjects? I understand how we are all fed up at times with the abuse handling of certain providers (or lack thereof) but, even if it wasn't what rfg was intending this could easily be construed as a personal attack by c

Re: [anti-abuse-wg] Question about spam to abuse inbox

On 21-02-2021 03:44 +0100, Cynthia Revström writes: > Ronald, > > Can you please stop attacking ideas (such as web forms) implying that > they only have malicious use cases. > > > I hold them responsible because they obviously > > fail to have in place contractual clauses that would persuasively

Re: [anti-abuse-wg] Question about spam to abuse inbox

Cynthia Revström writes: > > It seems to me that if your abuse@ email is being overloaded and > you are unable to keep your network spam free, then you shouldn't be > taking on any more customers until you figure things out. > > As has been noted before in this thread, just because you are getting

Re: [anti-abuse-wg] UCEPROTECT DNSBL possibly abusive practice and RIPEStat Blacklist entries widget

El jue, 04-03-2021 a las 17:16 +0100, Christian Teuschel wrote: > Hi Elvis and Suresh, dear colleagues, > > Putting exact numbers on how many operators are using UCEProtect is > difficult, but through feedback from users, network operators and > members we understand that it is in use and that the

Re: [anti-abuse-wg] Input request for system on how to approach abuse filtering on Route Servers - bad hosters

Hans-Martin Mosner wrote: One problem with the approach is that there isn't a single measure of badness, as the topic list already shows. It's a multi-dimensional vector, and its dimensions are not easily defined in a non-controversial way. The criteria for including a network in a top N list wi

Re: [anti-abuse-wg] False positive CSAM blocking attributed to RIPE

El mar, 28-09-2021 a las 11:56 -0700, Jeremy Malcolm escribió: Dear all, I am new to this list, although I am not completely new to the Internet technical community, as I am a long-time IGF (and occasionally ICANN) participant. I am writing about a case that has been referred to my organization

Re: [anti-abuse-wg] Abuse address checking

Lol, a vacation autoreply to pass RIPE email address validation. 🤭 It kinda misses the point if they don't read them as well. -- INCIBE-CERT - Spanish National CSIRT https://www.incibe-cert.es/ PGP keys: https://www.incibe-cert.es/en/what-is-incibe-cert/pgp-public-keys =

Re: [anti-abuse-wg] Anti-Abuse Training: Questions for the WG

Hello all > Shouldn't there be a standard for automatically forwarding messages > destined to abuse-c following a path similar to that of RFC 2317 > delegations? I'd love if AA training encouraged such behavior. I don't think the standard should be for automatically forwarding messages. You woul

Re: [anti-abuse-wg] Is there any analysis on root causes of mail account break-ins?

Hans-Martin Mosner schrieb: Hi folks, I'm trying to understand the root causes and vulnerabilities that lead to hacked mailboxes. Currently, we can handle dynamic IP ranges pretty well, and we have an extensive list of network ranges whose owner are spammers or knowingly accept spammers as cus

Re: [anti-abuse-wg] Potential New Co-Chair

El jue, 20-01-2022 a las 10:04 +, Brian Nisbet escribió: > So, as a first stage, does any object to this happening "out of > cycle"? I'm very happy to say that silence indicates consent here, > but if you have any objections then please state them here or to > aa-wg-cha...@ripe.net before 17:0

Re: [anti-abuse-wg] Proposal: Publish effective users' abuse-c

Alessandro Vesely wrote: > Hi all, > > (...) > > I propose that RIPE accepts abuse-c email addresses from verified effective > users of a range of IP numbers, stores them in the database, and serves them > in > RDAP/ WHOIS queries besides the abuse-c addresses provided by the ISP. > Various

Re: [anti-abuse-wg] Proposal: Publish effective users' abuse-c

Alessandro Vesely wrote: > > > And, if yes, would it be acceptable by the resource holder or are > > > there > > > contractual impediments? Finally, if feasibility is ok, would > > > operators > > > take advantage of it or is it only me? > > > > > If you are talking about adding extra abuse addres

Re: [anti-abuse-wg] Proposal: Publish effective users' abuse-c

> This bit is not possible. The "abuse-c:" attribute is 'single'. So the > resource object can only ever reference one abuse contact. Thanks Denis. abuse-c arity is a point I was dubious about. Thus, it is not currently possible to publish an abuse-c with the customer address and keep the ISP co

Re: [anti-abuse-wg] RIPE NCC Anti-Abuse Training: Next Steps & WG Input!

> And now that you mention it, are you sure that CSAM is illegal in 100% of the > countries? Of course it's not. Or, CSAM itself might be illegal but the definition of 'CSAM', 'child' or 'abuse' varies, so the end result is still that X is illegal in country A but not in country B. See the var

Re: [anti-abuse-wg] 2017-02 Review Phase Reminder

On 20-02-2018 Malcolm Hutty writes: > It has been asserted that making sure admins have a functioning abuse > e-mail address will help combat abuse, but nobody has managed to explain > how in a way that I can understand. As far as I can see, this will > achieve nothing useful. Hello Malcolm Bein

Re: [anti-abuse-wg] 2017-02 Review Phase Reminder

El mar, 20-02-2018 a las 18:12 +, Nick Hilliard escribió: > Ángel González Berdasco wrote: > > Being able to contact the proper admins is the first step in combating > > the abuse. > > Ángel, > > There is nothing in the proposal about contacting admins or

Re: [anti-abuse-wg] GDPR - positive effects on email abuse

Volker Greimann wrote: > Hi Simon, > > that is a common misconception, but sadly untrue. > > > As things stand at the moment, the interpretations of GDPR and subsequent > > actions of some large organisations make it likely that fraud and other > > types of malpractice, largely aimed at indivi

Re: [anti-abuse-wg] addtess verification (was: personal data in the RIPE Database)

denis wrote: > This defeats your own argument. You were arguing you need to know the > addresses of these natural persons so you can link separate resources > having the same address. Using the IDs of random people and drunks > from a bar will give them all different addresses. Knowing these > addr

Re: [anti-abuse-wg] Adding a "Security Information" contact?

On 07-06-2022 12:42 +0200, Gert Doering wrote: > Hi, > > On Tue, Jun 07, 2022 at 12:35:47PM +0200, denis walker wrote: > > You could add an optional attribute "security-mailbox:" alongside > > the > > "abuse-mailbox:". If present it could be returned in a query with > > the > > abuse-mailbox addre

Re: [anti-abuse-wg] Adding a "Security Information" contact?

El mar, 07-06-2022 a las 13:14 +0200, Gert Doering escribió: > Hi, > > On Tue, Jun 07, 2022 at 11:02:19AM +0000, Ángel González Berdasco via > anti-abuse-wg wrote: > > I don't think the problem would be to add a new attribute if > needed. > > The problem would be

Re: [anti-abuse-wg] Adding a "Security Information" contact?

Gert Doering writes: > Hi, > > On Tue, Jun 07, 2022 at 12:36:10PM +0000, Ángel González Berdasco via > anti-abuse-wg wrote: > > abuse-c: GROBECKER-ABUSE > > > > and the GROBECKER-ABUSE object: > > abuse-mailbox: gene...@abuse.grobecker.info > > abuse-m

Re: [anti-abuse-wg] Adding a "Security Information" contact?

Cynthia Revström writes: > I think this sounds like a good idea as someone who is also very much > interested in security. > > > However I think the implementation details should be discussed in the > db-wg as opposed to the aa-wg. > > > -Cynthia It affects both anti-abuse and db-wg. If anti-a

Re: [anti-abuse-wg] Adding a "Security Information" contact?

Gert Doering wrote: > Hi, > > "whois, as in 'this particular way users interface with the DB'" :-) > > (I'm aware it's the server doing this - which makes changing the > implementation easier, as it's "just one place" - but in the end, > "it needs to be done" which was the point I tried to make

Re: [anti-abuse-wg] Autoresponders

On 2022-08-22 at 11:40 +0200, Alan Levin wrote: > On Mon, 22 Aug 2022 at 07:50, someone <…@ripe.net> wrote: > > I’m out of office till 22 August. Any RIPE Labs related queries can > > be sent to l...@ripe.net and one of my colleagues > > will get back to > >

Re: [anti-abuse-wg] Abuse Report ignored. What to do as next?

John Levine wrote: > It appears that U.Mutlu said: > > So, what to do if the hoster is uncooperative, like in this case? > > Where else to complain, what else to do? > > If their ASN info is to be believed, they're in Bulgaria. It's > unlikely anyone there cares. > > Just block their network 80

Re: [anti-abuse-wg] Abuse Report ignored. What to do as next?

U.Mutlu wrote: > Maybe there is a WHOIS or ASN error: > Trying the following gives a different company for the said IP: > > $ whois 80.94.94.254 > > % Abuse contact for '80.94.92.0 - 80.94.95.255' is 'ab...@bunea.eu' > > I now have filed the AR also to that new address. Asking for 80.94.94.x re