This policy is a trifle late though
This same setup kept getting used to route whole /14s a few years back.
I wonder what poor soul has those ranges now.
--srs
From: anti-abuse-wg on behalf of furio
ercolessi
Sent: Wednesday, March 20, 2019 4:30 PM
To: anti-a
+ Brian - how appropriate is it to call other posters liars like this?
--srs
From: anti-abuse-wg on behalf of Sascha Luck
[ml]
Sent: Wednesday, March 20, 2019 8:42 PM
To: Hank Nussbacher
Cc: Ricardo Patara; anti-abuse-wg@ripe.net
Subject: Re: [anti-abuse-wg] 201
achieving rough
consensus on the list and then in the WG meeting in which this proposal is
listed on the agenda.
From: Brian Nisbet
Date: Wednesday, 20 March 2019 at 10:43 PM
To: Suresh Ramasubramanian , "Sascha Luck [ml]"
, Hank Nussbacher
Cc: Ricardo Patara , "anti-abuse-wg@ripe
some very pointless discussion.
On 21/03/19, 8:27 AM, "Sascha Luck [ml]" wrote:
On Thu, Mar 21, 2019 at 07:06:40AM +0530, Suresh Ramasubramanian wrote:
>The discussion does seem to be going in circles. A series of objections
from Sascha and then various people countering i
Not at all silencing you. You have every right to talk. The list and the WG
have every right to establish a consensus that may not gel with your wishes.
On 21/03/19, 8:46 AM, "Sascha Luck [ml]" wrote:
On Thu, Mar 21, 2019 at 08:36:01AM +0530, Suresh Ramasubramanian wrote:
Ah that way. Then -
Do we have rough consensus? If not at what point is it reached?
--srs
From: Gert Doering
Sent: Thursday, March 21, 2019 1:07 PM
To: Suresh Ramasubramanian
Cc: Sascha Luck [ml]; Brian Nisbet; Ricardo Patara; anti-abuse-wg@ripe.net
Subject: Re
Ah good. So a few more days of this "sascha opposes it" while others chime in
+1s. Fine then .. thanks for enlightening me.
On 21/03/19, 1:12 PM, "Gert Doering" wrote:
Hi,
On Thu, Mar 21, 2019 at 07:38:34AM +, Suresh Ramasubramanian wrote:
It would be a much needed thing if ripe legal were to chime in here so that
they can issue an opinion on the proposal. This amateur theorizing isn't
getting the discussion anywhere.
--srs
From: anti-abuse-wg on behalf of Sascha Luck
[ml]
Sent: Saturday, March
There's also the interesting comparison of how some TLD registries - many of
them - act on canceling spam and phish domains while others go to every extreme
not to do so.
--srs
From: anti-abuse-wg on behalf of ac
Sent: Saturday, March 23, 2019 11:16 AM
To: an
Then again, this is my
opinion, so I may be completely wrong (or not) :)
On Sat, 23 Mar 2019 07:27:40 +0000
Suresh Ramasubramanian wrote:
> There's also the interesting comparison of how some TLD registries -
> many of them - act on canceling spam and phish domains while others
> go to
ll of the administration
> aspects themselves.
>
> Now, TLD (or RIPE NCC) managing **"external"** complaints about direct
> abuse, is, imho, outside the scope of an administrative authority and
> would be the scenario Nick Hilliard refers to. Then again, this is my
> opin
eh. All the power
theft examples in the world are best discussed over a beer in the next RIPE
meeting to spare the admins’ sanity here ☺
From: Lu Heng
Date: Saturday, 23 March 2019 at 4:05 PM
To: Suresh Ramasubramanian
Cc: ac , "anti-abuse-wg@ripe.net"
Subject: Re: [anti-abus
rgument is factually not relevant at all
> >
> > and, more so: 2019-03 not proceeding would be counter to the ethical
> > administration of resources, a dereliction of responsibility and a
> > breach of trust implied in any such administration (as well as
> > administrati
There are very few people who actively track BGP hijacks, the world over - even
among the larger community of network security folks.
More than one of those individuals is on this mailing list and has spoken up
during the discussion.
Identifying experts to detect and attest to cases of hijackin
explained my agreement to what was said I would appreciate that being
pointed out to myself)
On Wed, 03 Apr 2019 19:57:35 +0530
Suresh Ramasubramanian wrote:
> There are very few people who actively track BGP hijacks, the world
> over - even among the larger communit
Please. You keep trying to speak for the entire community and/or the ncc while
all the time it is about your personal preference.
—srs
From: anti-abuse-wg on behalf of Sascha Luck
[ml]
Sent: Friday, April 5, 2019 4:03 AM
To: anti-abuse-wg@ripe.net
Subject: Re:
You might find a hijacked prefix advertised solely to a single asn at an ix
where it peers, and this for the purpose of spamming to or otherwise attacking
whoever owns the asn. Most of these targeted announcements might not even be
visible to anyone else.
—srs
gt; On 5. Apr 2019, at 01:43, Suresh Ramasubramanian
wrote:
>
> You might find a hijacked prefix advertised solely to a single asn at an
ix where it peers, and this for the purpose of spamming to or otherwise
attacking whoever owns the asn. Most of these targeted announcements mi
Right. You don't agree with it. So "we all" don't agree with it. Excellent
reasoning there.
On 05/04/19, 5:44 PM, "anti-abuse-wg on behalf of Sascha Luck [ml]"
wrote:
On Thu, Apr 04, 2019 at 06:41:52PM -0700, Ronald F. Guilmette wrote:
>RIPE can't tell anyone either what to announce
t get unanimous agreement on this. Hence rough consensus.
--srs
From: Gert Doering
Sent: Friday, April 5, 2019 6:35 PM
To: Suresh Ramasubramanian
Cc: Sascha Luck [ml]; anti-abuse-wg@ripe.net
Subject: Re: [anti-abuse-wg] On +1s and Policy Awareness AND Astro...
some
On 15/04/19, 9:26 AM, "anti-abuse-wg on behalf of ac"
wrote:
>Sorry for top posting, but I fail to see how any of this is abuse related?
Given that it is RFG raising this, I think it is a pretty safe bet that this
ASN is associated with some abusive activity that he has seen.
of it, and won't ask him about it till he's
ready to disclose.
On 15/04/19, 10:02 AM, "anti-abuse-wg on behalf of ac"
wrote:
On Mon, 15 Apr 2019 09:40:35 +0530
Suresh Ramasubramanian wrote:
> On 15/04/19, 9:26 AM, "anti-abuse-wg on behalf of ac"
Is this despite RIPE operating a routing registry as a subset of the IRR and
allowing ASNs to announce their routing policies? Despite RIPE allocating ASNs
that are used in routing?
On 17/04/19, 7:09 PM, "anti-abuse-wg on behalf of Peter Koch"
wrote:
On Tue, Mar 19, 2019 at 01:41:22PM +
For those saying "Dutch court" etc please do be careful what you're asking for.
Experience in two decades of anti abuse work says that if a particular form of
abuse is allowed and even waved away so there's an enforcement gap, and that
form of abuse is used to successfully attack something impor
They had a fiduciary duty not to hand out whole /14s of v4 space to snowshoe
spammers set up as eastern european LIRs not too long back
They would now as well if such duty wasn't abdicated each time
The duty doesn't magically go away of course even if it is abdicated and denied
--srs
Are they is the question
For example - ARIN just reclaimed a large number of IPs from an actor that
created a large number of shell companies. http://m.slashdot.org/story/355802
--srs
From: anti-abuse-wg on behalf of Nick Hilliard
Sent: Friday, May 17, 2019
How was ARIN able to reclaim 750k IPs showing fraud including shell company
setup then? The USA is if anything even more litigious than Europe is.
You also go to court with "clean hands", so if the invalid abuse contact is
also accompanied by a proliferation of malware etc a judge may not react
But if a policy asking ripe ncc to investigate fraud and withdraw resources
were to be proposed we would again hear the "we are not the internet police"
trope :(
--srs
From: Alex de Joode
Sent: Friday, May 17, 2019 11:32 AM
To: Suresh Ramasubramania
As I read the proposal cutting off bogus LIRs seems to be the goal rather than
cutting off a legitimate but careless player. There seem to be quite a few
such given the coming wg meeting has a preso on just this topic.
--srs
From: anti-abuse-wg on behalf of Ca
Gert Doering; Suresh Ramasubramanian; anti-abuse-wg@ripe.net
Subject: Re: [anti-abuse-wg] 2019-04 New Policy Proposal (Validation of
"abuse-mailbox")
Hi,
On Fri, May 17, 2019 at 12:13:12PM +0200, JORDI PALET MARTINEZ wrote:
> Anyway, this is a curious thing ... last week I was a
nt: Friday, May 17, 2019 3:59 PM
To: Suresh Ramasubramanian
Cc: Gert Doering; JORDI PALET MARTINEZ; Brian Nisbet; anti-abuse-wg@ripe.net
Subject: Re: [anti-abuse-wg] 2019-04 New Policy Proposal (Validation of
"abuse-mailbox")
Hi,
On Fri, May 17, 2019 at 10:24:51AM +, Suresh Ramasubra
I am sorry but where did I say close down all LIRs?
--srs
From: Gert Doering
Sent: Friday, May 17, 2019 4:09 PM
To: Suresh Ramasubramanian
Cc: Gert Doering; JORDI PALET MARTINEZ; Brian Nisbet; anti-abuse-wg@ripe.net
Subject: Re: [anti-abuse-wg] 2019-04 New
I would instead suggest that RIPE wind itself up and transfer it's operations
to ARIN or APNIC, if we are about to make broad and sweeping thought experiment
proposals
--srs
From: Gert Doering
Sent: Friday, May 17, 2019 4:37 PM
To: Suresh Ramasubramani
n
Sent: Friday, May 17, 2019 5:51 PM
To: Suresh Ramasubramanian
Subject: Re: [anti-abuse-wg] 2019-04 New Policy Proposal (Validation of
"abuse-mailbox")
top post
--
Bengt Gördén
Resilans AB
From: Bengt Gördén
Sent: Friday, May 17, 2019 6:50 PM
To: Suresh Ramasubramanian
Subject: Re: [anti-abuse-wg] 2019-04 New Policy Proposal (Validation of
"abuse-mailbox")
no
--
Bengt Gördén
Resilans AB
If it weren't effectively property there wouldn't be firms listing large blocks
of v4 space as an asset while going out of business, and there wouldn't be
brokers specializing in acquiring and reselling this space. And yet in the RIR
paperwork this is a simple reassignment of a netblocks regist
A case can be made that lax "not the internet police" policies that earlier
allowed a single shady LIR to get multiple /14s and now, as per Furio, allows
serial registration of bogus LIRs to gather up IP space is actually making
abuse and security teams worldwide expend rather more man hours th
7:33 PM
To: Suresh Ramasubramanian
Cc: Ronald F. Guilmette; anti-abuse-wg@ripe.net
Subject: Re: [anti-abuse-wg] 2019-04 New Policy Proposal (Validation of
"abuse-mailbox")
On Sat, May 18, 2019, 3:44 AM Suresh Ramasubramanian
mailto:ops.li...@gmail.com>> wrote:
If it weren't
More a question of locus standi - how many court cases have we seen so far
where an RIR has filed a brief or an affidavit making such a point?
--srs
From: anti-abuse-wg on behalf of Töma
Gavrichenkov
Sent: Sunday, May 19, 2019 2:37 PM
To: Ronald F. Guilmette
C
Any abuse / acceptable use policy presupposes that while the vast majority of
your users are legitimate a non trivial percentage of them are bad actors who
need to be dealt with appropriately.
Making that call on which customer to apply which policy on is something any
abuse desk does literally
19 9:37 PM
To: Suresh Ramasubramanian
Cc: JORDI PALET MARTINEZ; anti-abuse-wg@ripe.net
Subject: Re: [anti-abuse-wg] 2019-04 New Policy Proposal (Validation of
"abuse-mailbox")
Hi,
indeed, and this is why we should just not go there.
Gert Doering
-- NetMaster
--
have you enabled IPv
So I don't know about other regions not having the same needs. APNIC has
adopted this for example.
https://www.apnic.net/community/policy/proposals/prop-125
--srs
From: anti-abuse-wg on behalf of Sérgio Rocha
Sent: Wednesday, May 22, 2019 11:10 PM
To: anti-ab
ot by deploying unsuitable anti spam
measures category and have to delay accepting mail.
--srs
From: Suresh Ramasubramanian
Sent: Thursday, May 23, 2019 4:18 AM
To: Sérgio Rocha; anti-abuse-wg@ripe.net
Subject: Re: [anti-abuse-wg] 2019-04 New Policy Proposal (Valid
Without looking at the other received headers there's no way to say that this
is header forgery.
Many mail clients will HELO as whatever IP they're provisioned on, and both IPs
belong to a provider in Belarus.
So unless this header was inserted in a way that there's no continuity with the
othe
elf, with the goal of attacking 3rd parties (or
"framing" 3rd parties) is still a very evil form of internet abuse
that is not really discussed or talked about much?
Andre
On Sat, 01 Jun 2019 14:27:13 +0530
Suresh Ramasubramanian wrote:
> Without look
Hijacked route announcements can be carefully targeted to just a victim AS for
any attack.
If that victim AS holder complains to their national CERT the language here
precludes the CERT from reporting into RIPE.
That is a technicality as I can't imagine RIPE would refuse reports from a
CERT,
You are right. I have very little hope of anything concrete coming out of this
process, however.
On 10/09/19, 4:04 PM, "anti-abuse-wg on behalf of Sérgio Rocha"
wrote:
Hi,
I agree with Carlos. It is better to have an imperfect policy than not to
have any policy and watch these
Vicarious liability / criminal negligence is also a thing in several
jurisdictions so “let us do nothing and we won’t be liable” doesn’t always work.
--srs
From: Nuno Vieira
Sent: Tuesday, September 10, 2019 5:11 PM
To: Suresh Ramasubramanian
Cc: Sérgio Rocha
Congratulations, Ron Guilmette. You’ve been doing this for years and this is
your biggest success yet.
https://mybroadband.co.za/news/internet/330379-how-internet-resources-worth-r800-million-were-stolen-and-sold-on-the-black-market.html
tl;dr - The insider is apparently Ernest Byaruhanga, AFRI
I can only commend LACNIC for doing the right thing and serving as a clearing
house for such community outreach.
Route hijacks that cause major operational impact are certainly something that
impacts the community as a whole, and while this is resolvable by operators,
quite often finding the ri
Ruediger has a nice full list of all the other ways a prefix can be
mis-announced or route leaked. Typos, incompetence in setting up load
balancers, so on and forth. However, the number of these that are malicious
and that’d be of interest to the AAWG, is much smaller, wouldn’t you say?
From:
I am not a member. However, the increase in such incidents and the risk of
regulators or lawsuits occurring mean that RIPE NCC does need to perform more
due diligence than would be consistent with a “we are not the internet police”
position.
It is in their own members’ interest that they’re abl
Ramasubramanian
Cc: Michele Neylon - Blacknight , Sergey Myasoedov
, Nikolas Pediaditis ,
anti-abuse-wg@ripe.net
Subject: Re: [anti-abuse-wg] [routing-wg] An arrest in Russia
Hi,
On Fri, Jan 03, 2020 at 03:55:07PM +, Suresh Ramasubramanian wrote:
> I am not a member. However, the increase
Applause.
--srs
From: anti-abuse-wg on behalf of Richard
Clayton
Sent: Wednesday, January 15, 2020 8:32 PM
To: anti-abuse-wg@ripe.net
Subject: Re: [anti-abuse-wg] working in new version of 2019-04 (Validation of
"abuse-mailbox")
In message <02d201d5cb84$89d6
Is Dutch law really the inhibitor here? Or the possibilities that Richard
outlined?
I seem to recall previous opta nl proposals that took a sensible view of
network abuse, some years back
--srs
From: anti-abuse-wg on behalf of Brian Nisbet
Sent: Wednesday,
It would be interesting if a large number of people who actually work for the
security / infosec / abuse teams of various ripe members were to attend the
aawg meetings instead of a clutch of mostly IP / dns / network people.
That won’t take away the impact of organisations that don’t want to do
abused customer and a malicious actor, that is a judgement call that every
large provider abuse team has had to face so far
--srs
From: anti-abuse-wg on behalf of Randy Bush
Sent: Thursday, January 16, 2020 9:38 PM
To: Suresh Ramasubramanian
Cc: anti-abuse-wg
It’d be interesting to take individual names of the people most vocal in their
objections and feed them through LinkedIn - that assumption you made about
dealing with spam would soon be tested.
--srs
From: anti-abuse-wg on behalf of Randy Bush
Sent: Thursday,
From: anti-abuse-wg on behalf of Randy Bush
Sent: Friday, January 17, 2020 5:21 AM
To: Suresh Ramasubramanian
Cc: anti-abuse-wg@ripe.net
Subject: Re: [anti-abuse-wg] @EXT: RE: working in new version of 2019-04
(Validation of "abuse-mailbox")
> Itʼd be intere
Stewardship and fiduciary responsibility for IP space. Now that’s a much needed
and sadly lacking thing.
--srs
From: anti-abuse-wg on behalf of Randy Bush
Sent: Friday, January 17, 2020 8:33 AM
To: Suresh Ramasubramanian
Cc: anti-abuse-wg@ripe.net
Subject: Re
Not you either. There are many others vocally arguing for complete inaction.
—srs
From: Gert Doering
Sent: Friday, January 17, 2020 1:34 PM
To: Suresh Ramasubramanian
Cc: Randy Bush; anti-abuse-wg@ripe.net
Subject: Re: [anti-abuse-wg] @EXT: RE: working in new
The we are not the internet police crowd for instance
And the amazing number of ripe luminiaries, wg chairs etc that just happened to
be in the room for an AOB session during a previous wg with the intention of
voting Richard Cox out of his co chair position.
There just doesn’t seem to be any a
If they were all kids in their mommies basements instead of part of an
organised crime underground as often as not ..
--srs
From: anti-abuse-wg on behalf of Javier Martín
Sent: Friday, April 17, 2020 2:39:05 PM
To: Marcolla, Sara Veronica ; Maxi
; JORDI PALET
The email he sent has been positively presidential in style I must say. For a
specific value of president of course.
--srs
From: anti-abuse-wg on behalf of Töma
Gavrichenkov
Sent: Saturday, April 18, 2020 12:02:58 PM
To: anti-abuse-wg@ripe.net
Subject: Re: [an
> remove this ability to conduct business, there would need to be sound
> legal justification for doing so.
>
> Nick
>
--
Suresh Ramasubramanian (ops.li...@gmail.com)
this are probably voices in the wilderness
at this point.
—srs
--srs
From: Nick Hilliard
Sent: Thursday, April 30, 2020 2:16:34 AM
To: Suresh Ramasubramanian
Cc: Serge Droz ; anti-abuse-wg@ripe.net
Subject: Re: [anti-abuse-wg] 2019-04 Discussion Phase
: Suresh Ramasubramanian
Cc: anti-abuse-wg@ripe.net
Subject: Re: [anti-abuse-wg] 2019-04 Discussion Phase (Validation of
"abuse-mailbox")
Suresh Ramasubramanian wrote on 30/04/2020 01:58:
> Why would I ask about something I am posting as an individual in my
> personal capacity?
PM
To: anti-abuse-wg@ripe.net
Subject: Re: [anti-abuse-wg] 2019-04 Discussion Phase (Validation of
"abuse-mailbox")
On Thu, Apr 30, 2020 at 12:42:09PM +0000, Suresh Ramasubramanian wrote:
>RIPE NCC need not decide whether a behaviour is legal or not in order to
>prohibit use of r
: Thursday, April 30, 2020 7:58:14 PM
To: Suresh Ramasubramanian
Cc: Sascha Luck [ml] ; anti-abuse-wg@ripe.net
Subject: Re: [anti-abuse-wg] 2019-04 Discussion Phase (Validation of
"abuse-mailbox")
Suresh Ramasubramanian wrote on 30/04/2020 14:07:
> What would get discussed in an
Vernon Schryver’s FUSSP is still relevant since what, 2000 or so?
--srs
From: anti-abuse-wg on behalf of Richard
Clayton
Sent: Friday, May 1, 2020 6:28:42 AM
To: anti-abuse-wg@ripe.net
Subject: Re: [anti-abuse-wg] 2019-04 Discussion Phase (Validation of
"abuse
As long as the ASNs that are not maintaining an abuse address are published
along with the no complaints list, I personally have no complaints.
From: anti-abuse-wg
Date: Monday, 4 May 2020 at 3:59 PM
To: anti-abuse-wg@ripe.net
Subject: Re: [anti-abuse-wg] 2019-04 Discussion Phase (Validation of
Has this even been put to a vote or is it the same group of extremely vocal
RIPE regulars against it and the same group of extremely vocal security types
for it? Rough consensus has its limitations in such cases.
From: anti-abuse-wg
Date: Saturday, 9 May 2020 at 4:22 AM
To: Nick Hilliard
Cc:
Doering
Date: Saturday, 9 May 2020 at 3:57 PM
To: Suresh Ramasubramanian
Cc: Randy Bush , Nick Hilliard ,
anti-abuse-wg@ripe.net
Subject: Re: [anti-abuse-wg] 2019-04 Discussion Phase (Validation of
"abuse-mailbox")
Hi,
On Sat, May 09, 2020 at 01:12:32AM +0000, Suresh Ramasubramanian wr
6:10 PM
To: Suresh Ramasubramanian
Cc: Gert Doering , anti-abuse-wg@ripe.net
Subject: About "consensus" and "voting"...
Hi Suresh, Gert, All,
"member organizations represented by" -- this only happens at the RIPE NCC
GM, twice a year.
The PDP doesn't happen
The problem is that many of the people objecting - I won’t say all, I know many
of you over the years - are not from a security, or more properly an abuse and
policy enforcement background.
Almost all of it is layer 9
--srs
From: anti-abuse-wg on behalf of Carl
session introduced agenda item to boot Richard Cox from his
co chair role was one such example.
--srs
From: Nick Hilliard
Sent: Sunday, May 10, 2020 12:09:08 AM
To: Suresh Ramasubramanian
Cc: anti-abuse-wg@ripe.net
Subject: Re: [anti-abuse-wg] About "consensus
What Randy said applies in spades to the original strong community that the
Internet used to be.
Today and over the past several years we have -
1. Organisations evolving into or being taken over by corporations who are more
concerned with profit (keeping a bad customer despite pressure to the
://voices.washingtonpost.com/securityfix/2008/10/spam_volumes_plummet_after_atr.html
From: Nick Hilliard
Date: Monday, 11 May 2020 at 8:15 PM
To: Suresh Ramasubramanian
Cc: anti-abuse-wg@ripe.net
Subject: Re: [anti-abuse-wg] About "consensus" and "voting"...
Suresh Ramasubram
Weird. Forwarding a (redacted) offlist email that pointed out that the archive
URL I’d posted – which was dug out of my mailbox – is missing from the aawg
archive, along with the rest of the email from Jan 2011.
From: Suresh Ramasubramanian
Date: Monday, 11 May 2020 at 9:04 PM
That was from
want to go and filter spam for example.
From: anti-abuse-wg
Date: Monday, 11 May 2020 at 10:48 PM
To: anti-abuse-wg@ripe.net
Subject: Re: [anti-abuse-wg] 2019-04 Discussion Phase (Validation of
"abuse-mailbox")
On Sat, May 09, 2020 at 11:56:58AM +0000, Suresh Ramasubramanian wrote:
>In
and networking
people face from having resources taken away for originating such traffic.
From: Gert Doering
Date: Monday, 11 May 2020 at 11:12 PM
To: Suresh Ramasubramanian
Cc: Sascha Luck [ml] , anti-abuse-wg@ripe.net
Subject: Re: [anti-abuse-wg] 2019-04 Discussion Phase (Validation of
"
.
I keep getting the sense of a long running old closed club where anything above
packet pushing and dns aren’t quite operational and just barely tolerated /
mostly ignored for the most part.
--srs
From: Rob Evans
Date: Tuesday, 12 May 2020 at 12:21 AM
To: Suresh Ramasubramanian
Cc: Sascha
comments, or in a way that
did not make it clear where they stood on the proposal:
Job Snijders, Elad Cohen, Alistair Mackenzie, Suresh Ramasubramanian,
Hans-Martin Mosner, Shane Kerr, Sascha Luck, Arash Naderpur, Richard Clayton,
Alessandro Vesely, Randy Bush
The Review Phase of the proposal las
Probably through regulation as you say. If ripe doesn’t want to be the Internet
police they’ll suddenly find that there actually is such a thing created and
with oversight over them, sooner or later. Nobody is going to like the result
if that happens, neither the government nor ripe nor its memb
+1 – most of the activity on this list has been people from the anti abuse
community come up with suggestions that the RIPE regulars find unworkable, and
then many people spend lots of time pointing out why the proposal is unworkable.
So far I have not seen one case of a proposal coming in from
Please feel free to come up with workable proposals then 😊
At leat that way the conversation stays operational
From: Michele Neylon - Blacknight
Date: Wednesday, 2 December 2020 at 8:14 PM
To: Suresh Ramasubramanian , IP Abuse Research
, Serge Droz
Cc: "anti-abuse-wg@ripe.net"
S
I know him and trust him enough to have workable proposals. So, thank you very
much for your opinion but I’m afraid I fail to share it.
From: Elad Cohen
Date: Wednesday, 2 December 2020 at 8:38 PM
To: Suresh Ramasubramanian , Michele Neylon - Blacknight
, IP Abuse Research , Serge
Droz
Cc
They shot themselves in the foot.
The email was sent to ab...@vodafone.cz
It apparently forwards on to spa...@vf.dkm.cz and this forwarding breaks SPF,
and domains with strict -all SPF records like RFG's tristatelogic.com will fail
SPF validation.
I guess it is an interesting way to cut down o
Depends on the provider you work for and what services they provide. Randy is
(I think) still with NTT rather than a cloud service, vps operator type shop,
so a lot of your questions aren’t going to apply to his environment.
--srs
From: anti-abuse-wg on behalf
This is a standard problem with even Google
Domain name(s) registered on Google Registrar
Spam from google apps mail
Domains hosted on a google cloud IP
Redirect hosted on google firebase
Report to google safe browsing
Feed URLs to virus total - also owned by Google
Suppose you have a phish campa
True. If you’re listing only two BLs - one reputable and the other UCEPROTECT..
there are many other public block lists, ok fewer than there were in the 2000s
but still ..
--srs
From: anti-abuse-wg on behalf of Nuno Vieira
via anti-abuse-wg
Sent: Wednesday, Ma
Do you see email providers of significant size using it?
--srs
From: anti-abuse-wg on behalf of Christian
Teuschel
Sent: Wednesday, March 3, 2021 9:57:50 PM
To: anti-abuse-wg@ripe.net
Subject: Re: [anti-abuse-wg] UCEPROTECT DNSBL possibly abusive practice and
As far as I can see that is probably an artefact of an overly helpful customer
service person trying to troubleshoot mail delivery for you
--srs
From: Kristijonas Lukas Bukauskas
Sent: Thursday, March 4, 2021 5:47:38 AM
To: Suresh Ramasubramanian
Cc
Since you brought up m3aawg I will note that it does have a best current
practice for block lists which specifically declares that asking for payment
for removal is not acceptable
RIPE should consider only listing block lists that are managed according to
accepted best practices
https://www.m3
May I suggest that you add as many more blocklists as you can (RBL is a
specific blocklist founded by MAPS and now acquired by Trend Micro so that term
isn’t used in the industry), as long as they are well maintained and conform to
best practices.
Thanks
--srs
From: anti-abuse-wg on behalf of
Ask them, you’d be surprised.
From: anti-abuse-wg on behalf of Michele
Neylon - Blacknight via anti-abuse-wg
Date: Thursday, 20 May 2021 at 4:29 PM
To: Laura Atkins
Cc: anti-abuse-wg@ripe.net
Subject: Re: [anti-abuse-wg] Input request for system on how to approach abuse
filtering on Route Se
RIPE has so far firmly been in the “we are not the Internet police” category
and I don’t see that changing.
Not sure what happened here without any further context.
--srs
From: anti-abuse-wg on behalf of Jeremy
Malcolm
Sent: Wednesday, September 29, 2021 12:26
Good points here. There are no shortage of bad actors who will be happy to
register a netblock as a private individual if this means their data is
obfuscated (and in whois, even forged / fake data is quite useful as part of a
consistent pattern).
There have even been bogus LIRs - it used to be
, 2022 3:43:13 PM
To: Suresh Ramasubramanian
Cc: denis walker ; anti-abuse-wg
Subject: Re: [anti-abuse-wg] personal data in the RIPE Database
On Sun, 5 Jun 2022, Suresh Ramasubramanian wrote:
> Good points here. There are no shortage of bad actors who will be happy to
> register a netbloc
Yes and when private parties asking about whois get told “we are not the
internet police”, that is the ripe community’s very own “not in my backyard”
--srs
From: anti-abuse-wg on behalf of Richard
Clayton
Sent: Monday, June 6, 2022 7:45:03 PM
To: anti-abuse-wg
1 - 100 of 258 matches
Mail list logo
