[arin-ppml] Draft Policy ARIN-2021-7: Make Abuse Contact Useful
JORDI PALET MARTINEZ
jordi.palet at consulintel.es
Thu Oct 28 03:23:08 EDT 2021
I don't think this is correct and it may be a language appreciation, because I'm not native English, so how you and I understand "enforce" or similar words may differ. Let me explain.
For example, if we, as a community, have the power to define the policies and we decide that as part of the policies, all the resource holders must register the assignments, that's fine, right?
Following that logic, if we also say that only assignments equal/bigger than (in IPv6) /48 must be registered is fine, right?
If we also define that the registration must be done using this or that data fields is fine also.
So in summary, how depth we got, depends (and yes, it may be a bit subjective) on what is better for the global community, not an specific resource holder or group of them, and that's why we use consensus and not voting.
Exactly the same we can say that the abuse-mailbox (or in the future the abuse-URL or whatever is the standard protocol that gets adopted), must accept X-ARF, is fine. Exactly the same that we can enforce using other protocols that we call for in our policy manuals (in all the RIRs).
If in addition to that we say: you must ack to that abuse report, it is just fine.
We are not saying "you must agree that the abuse reported is actually an abuse for you and you will fine or cancel the contract to your customer". We are saying:
- you must confirm that you are going to take actions, even if the actions mean (for example) a) initial automatic confirmation of the report reception, b) automatic process or escalation to an human, c) effectively warning the abuser or if it has been a persistent "recognized abuse in my AUP or jurisdiction" I've cancelled or blocked this customer, or d) this is not abuse for me, sorry.
I'm also happy if the action is: "ack, we got your report, but we are a wild and criminal supporter, we don't recognize abuse cases, we allow customers to do whatever they want". And in this case, the rest of the world can decide if they actually want to block you.
Right now, the situation is like my last paragraph. When a victim discovers persistent abuses and is not able to report or the abuses don't cease, they just block (temporarily or forever). This is not good for anyone.
El 28/10/21 4:41, "William Herrin" <bill at herrin.us> escribió:
On Wed, Oct 27, 2021 at 2:07 PM JORDI PALET MARTINEZ via ARIN-PPML
<arin-ppml at arin.net> wrote:
> However, right now 2 above doesn’t exist and instead
> if we keep using email but making a policy that enforces
> a transition to X-ARF/RFC5965/RFC6650, resolves the
> problems for spam into abuse mailboxes (because it is
> automatically processed and the spams get rejected by
> the system), facilitates the transition (a period of time where
> plain emails and X-ARF/RFC5965/RFC6650 are accepted,
> then only X-ARF/RFC5965/RFC6650).
The moment you say "enforce," you've left the realm of the possible in
the ARIN region. ARIN can require a contact to exist. They can't
require you to do anything specific with information sent to it; that
exceeds the contract with the registrant.
Insisting on no progress without the impossible is simply insisting on
bill at herrin.us
IPv4 is over
Are you ready for the new Internet ?
The IPv6 Company
This electronic message contains information which may be privileged or confidential. The information is intended to be for the exclusive use of the individual(s) named above and further non-explicilty authorized disclosure, copying, distribution or use of the contents of this information, even if partially, including attached files, is strictly prohibited and will be considered a criminal offense. If you are not the intended recipient be aware that any disclosure, copying, distribution or use of the contents of this information, even if partially, including attached files, is strictly prohibited, will be considered a criminal offense, so you must reply to the original sender to inform about this communication and delete it.
More information about the ARIN-PPML