Best practices on logical separation of abuse@ vs dmca@ role inboxes
If you were setting up something new from a clean sheet of paper design - do you consider it appropriate to have an abuse role inbox that's dedicated to actual network abuse issues (security problems, DDoS, IP hijacks, misbehavior of downstream customers, etc), and keep that separate from DMCA notifications? Automated sorting tools *can* pull things which match regexes for automatically-generated DMCA notifications out of an inbox and route them to the appropriate place. However, I'm pondering whether it's better to have an ISP's ARIN IP space whois entries state clearly that copyright violation type notices should go to a dedicated-purpose dmca@ispname inbox.
I'd keep them separate since it's a different set of people that needs to handle dmca vs actual abuse. On Sat, Aug 4, 2018, 1:07 AM Eric Kuhnke <eric.kuhnke@gmail.com> wrote:
If you were setting up something new from a clean sheet of paper design - do you consider it appropriate to have an abuse role inbox that's dedicated to actual network abuse issues (security problems, DDoS, IP hijacks, misbehavior of downstream customers, etc), and keep that separate from DMCA notifications?
Automated sorting tools *can* pull things which match regexes for automatically-generated DMCA notifications out of an inbox and route them to the appropriate place.
However, I'm pondering whether it's better to have an ISP's ARIN IP space whois entries state clearly that copyright violation type notices should go to a dedicated-purpose dmca@ispname inbox.
On Fri, Aug 03, 2018 at 10:04:17PM -0700, Eric Kuhnke wrote:
If you were setting up something new from a clean sheet of paper design - do you consider it appropriate to have an abuse role inbox that's dedicated to actual network abuse issues (security problems, DDoS, IP hijacks, misbehavior of downstream customers, etc), and keep that separate from DMCA notifications?
Separate, because you'll need to design/implement different defenses for them. For example: abuse@ *must* accept traffic with attached malware, since victims of abuse may forward messages containing said malware. But dmca@ doesn't need to and shouldn't. ---rsk
On 8/4/2018 01:04:17, "Eric Kuhnke" <eric.kuhnke@gmail.com> wrote:
If you were setting up something new from a clean sheet of paper design - do you consider it appropriate to have an abuse role inbox that's dedicated to actual network abuse issues (security problems, DDoS, IP hijacks, misbehavior of downstream customers, etc), and keep that separate from DMCA notifications?
Automated sorting tools *can* pull things which match regexes for automatically-generated DMCA notifications out of an inbox and route them to the appropriate place.
However, I'm pondering whether it's better to have an ISP's ARIN IP space whois entries state clearly that copyright violation type notices should go to a dedicated-purpose dmca@ispname inbox.
The main issue with the notion of keeping abuse@ separate from a dedicated DMCA takedown mailbox is companies like IP Echelon will just blindly E-mail whatever abuse POC is associated with either the AS record or whichever POCs are specifically associated with the NET block. So it becomes kind of difficult to keep them routing to different places. The guys doing the DMCA takedowns use automated tooling. So asking them nicely isn't going to help you.
On 8/4/2018 01:04:17, "Eric Kuhnke" <eric.kuhnke@gmail.com> wrote:
Automated sorting tools *can* pull things which match regexes for automatically-generated DMCA notifications out of an inbox and route them to the appropriate place.
By "appropriate place", you mean "the trash bin" ? Sieve filters are enough for this task
Hi Jack, Le 05/08/2018 à 21:51, nanog@jack.fr.eu.org a écrit :
By "appropriate place", you mean "the trash bin" ?
Nope, that would eat-up storage and IOs. The proper destination is /dev/null, unless they provide you with the required informations to send a bill. Best regards, -- Jérôme Nicolle +33 6 19 31 27 14
Le 2018-08-06 16:03, Jérôme Nicolle a écrit :
Hi Jack,
Le 05/08/2018 à 21:51, nanog@jack.fr.eu.org a écrit :
By "appropriate place", you mean "the trash bin" ?
Nope, that would eat-up storage and IOs. The proper destination is /dev/null, unless they provide you with the required informations to send a bill.
Straight to unless, right ;-) mh
Best regards,
In article <em0d4f8349-621d-4edf-90ea-c8ab95df44d1@desktop-k5pu39b> you write:
The main issue with the notion of keeping abuse@ separate from a dedicated DMCA takedown mailbox is companies like IP Echelon will just blindly E-mail whatever abuse POC is associated with either the AS record or whichever POCs are specifically associated with the NET block.
So it becomes kind of difficult to keep them routing to different places.
The guys doing the DMCA takedowns use automated tooling. So asking them nicely isn't going to help you.
Seems to me that if you've registered your DMCA address in the Library of Congress database, and they send takedowns somewhere else, that's their problem, not not yours. If you haven't registered, you should. You can do the whole thing online in a couple of minutes. The fee is $6 per update no matter how many business names and domain names you register. See https://www.copyright.gov/dmca-directory/ R's, John
On 8/5/2018 16:53:35, "John Levine" <johnl@iecc.com> wrote:
Seems to me that if you've registered your DMCA address in the Library of Congress database, and they send takedowns somewhere else, that's their problem, not not yours.
If you haven't registered, you should. You can do the whole thing online in a couple of minutes. The fee is $6 per update no matter how many business names and domain names you register.
Thanks. I didn't know this was a thing.
John Levine:
In article <em0d4f8349-621d-4edf-90ea-c8ab95df44d1@desktop-k5pu39b> you write:
The main issue with the notion of keeping abuse@ separate from a dedicated DMCA takedown mailbox is companies like IP Echelon will just blindly E-mail whatever abuse POC is associated with either the AS record or whichever POCs are specifically associated with the NET block.
So it becomes kind of difficult to keep them routing to different places.
The guys doing the DMCA takedowns use automated tooling. So asking them nicely isn't going to help you.
Seems to me that if you've registered your DMCA address in the Library of Congress database, and they send takedowns somewhere else, that's their problem, not not yours.
If you haven't registered, you should. You can do the whole thing online in a couple of minutes. The fee is $6 per update no matter how many business names and domain names you register.
thanks this is useful. has anyone practical experience with how many of the usual DMCA email sending companies actually take this into account when they send their automated emails? Does creating a record there actually result in a substantial fraction of DMCA emails being routed to the email address given there? -- https://twitter.com/nusenu_ https://mastodon.social/@nusenu
On Sun, Aug 05, 2018 at 07:43:36PM +0000, Daniel Corbe wrote:
The main issue with the notion of keeping abuse@ separate from a dedicated DMCA takedown mailbox is companies like IP Echelon will just blindly E-mail whatever abuse POC is associated with either the AS record or whichever POCs are specifically associated with the NET block.
So it becomes kind of difficult to keep them routing to different places.
This is a solvable problem. If they're sending unsolicited bulk email (aka "spam"), then they are, by definition, spammers. Block them and move on. If/when they decide to send proper DMCA notices and send them to the proper address, perhaps you can then allow them to petition for the privilege of access to your mail system. ---rsk
On 8/5/2018 18:46:36, "Rich Kulawiec" <rsk@gsp.org> wrote:
On Sun, Aug 05, 2018 at 07:43:36PM +0000, Daniel Corbe wrote:
This is a solvable problem. If they're sending unsolicited bulk email (aka "spam"), then they are, by definition, spammers. Block them and move on. If/when they decide to send proper DMCA notices and send them to the proper address, perhaps you can then allow them to petition for the privilege of access to your mail system.
It doesn't work like that though. I can't just bitbucket DMCA takedown requests because I also provide people with cable TV service. That means I have content contracts and these contracts are all very specific about what I need to do to process DMCA takedown requests. I'm sure that they receive reports regularly from the companies they contract to do DMCA enforcment. Or maybe they don't and I have no idea what I'm talking about. But I'm still not going to put my content contracts at risk because I think my users would be even more pissed off if their cable TV packages were suddenly unavailable to them.
Hi Daniel, Le 06/08/2018 à 16:48, Daniel Corbe a écrit :
It doesn't work like that though. I can't just bitbucket DMCA takedown requests because I also provide people with cable TV service. That means I have content contracts and these contracts are all very specific about what I need to do to process DMCA takedown requests. I'm sure that they receive reports regularly from the companies they contract to do DMCA enforcment. Or maybe they don't and I have no idea what I'm talking about. But I'm still not going to put my content contracts at risk because I think my users would be even more pissed off if their cable TV packages were suddenly unavailable to them.
I'm very sorry to read that, as an ISP, you have to comply with a para-judicial process that puts you in charge of censorship. I'd like to think that you'd have some margin to let these "copyright holders" fuck-off when it comes to your mere-pipe services. But I guess it depends on the jurisdiction you're operating under. Providing IP services and CATV are two different things that should not be liable one to another. If you have any right to give them a finger, please, on behalf of our community, give it to them. If not, please work harder on denouncing those indecent contracts. Best regards, -- Jérôme Nicolle +33 6 19 31 27 14
In article <ace5e592-b82f-1e26-fd8c-aa4831c6b91e@ceriz.fr> you write:
I'm very sorry to read that, as an ISP, you have to comply with a para-judicial process that puts you in charge of censorship.
Dealing with DMCA notices is a matter of statute law in the US, and it is a really, really bad idea to ignore them unread. It doesn't matter what anyone here thinks about it. R's, John PS: Here's why: https://www.techdirt.com/articles/20180802/17420540355/sensing-blood-water-a...
at 8:56 PM, John Levine <johnl@iecc.com> wrote:
In article <ace5e592-b82f-1e26-fd8c-aa4831c6b91e@ceriz.fr> you write:
I'm very sorry to read that, as an ISP, you have to comply with a para-judicial process that puts you in charge of censorship.
Dealing with DMCA notices is a matter of statute law in the US, and it is a really, really bad idea to ignore them unread. It doesn't matter what anyone here thinks about it.
R's, John
PS: Here's why:
https://www.techdirt.com/articles/20180802/17420540355/sensing-blood-water-a...
This. Plus I’m largely indifferent to it. On one hand, I’m a firm believer in a free and open Internet. But on the other hand, it’s so easy to hide your online activity that I have a hard time feeling sorry for anyone who gets caught up in the drag net. Anyone who gets a notice from us is completely and utterly apathetic about online privacy and it’s astonishing to be just how lazy people really are. I only have a few hundred users, so definitely not a representative sample size, but in all my time here we’ve only had a single repeat offender.
On Sun, Aug 5, 2018 at 5:46 PM, Rich Kulawiec <rsk@gsp.org> wrote:
This is a solvable problem. If they're sending unsolicited bulk email (aka "spam"), then they are, by definition, spammers. Block them and move on. If/when they decide to send proper DMCA notices and send them to the proper address, perhaps you can then allow them to petition for the privilege of access to your mail system.
---rsk
But then the question becomes "how are they supposed to find the 'proper address' for their reports?" If you run a whois server and link it from your RIRs or create a custom "DMCA Compliance" POC in the RIR listings then you could maybe list that sort of thing there, but most address maintainers do neither, so by default whatever address is listed on those net block records with the RIR seems appropriate enough to me. There's no other established protocol for determining an appropriate contact (like calling the associated phone number and asking, or trying to determine your web url and browing that site for it, or something else much more involved.) If there should be a different protocol established for that, then we need to figure it out and document that and get a critical mass of reporters to buy in to it.
On Mon, 06 Aug 2018 09:51:17 -0500, Matt Harris said:
But then the question becomes "how are they supposed to find the 'proper address' for their reports?"
Asked and answered already. On 8/5/2018 16:53:35, "John Levine" <johnl@iecc.com> wrote:
If you are in fact registered there, it becomes *their* problem to send their reports to the address you registered.
On Mon, Aug 6, 2018 at 10:09 AM, <valdis.kletnieks@vt.edu> wrote:
Asked and answered already.
On 8/5/2018 16:53:35, "John Levine" <johnl@iecc.com> wrote:
If you are in fact registered there, it becomes *their* problem to send their reports to the address you registered.
I forgot that exists; seems like the only legitimate source for that information, then.
Unless the e-mail is to the contact on file with the FCC, it isn't an official DMCA take down request, so the request is garbage. ----- Mike Hammett Intelligent Computing Solutions Midwest Internet Exchange The Brothers WISP ----- Original Message ----- From: "Daniel Corbe" <dcorbe@hammerfiber.com> To: "Eric Kuhnke" <eric.kuhnke@gmail.com>, "nanog@nanog.org list" <nanog@nanog.org> Sent: Sunday, August 5, 2018 2:43:36 PM Subject: Re: Best practices on logical separation of abuse@ vs dmca@ role inboxes On 8/4/2018 01:04:17, "Eric Kuhnke" <eric.kuhnke@gmail.com> wrote:
If you were setting up something new from a clean sheet of paper design - do you consider it appropriate to have an abuse role inbox that's dedicated to actual network abuse issues (security problems, DDoS, IP hijacks, misbehavior of downstream customers, etc), and keep that separate from DMCA notifications?
Automated sorting tools *can* pull things which match regexes for automatically-generated DMCA notifications out of an inbox and route them to the appropriate place.
However, I'm pondering whether it's better to have an ISP's ARIN IP space whois entries state clearly that copyright violation type notices should go to a dedicated-purpose dmca@ispname inbox.
The main issue with the notion of keeping abuse@ separate from a dedicated DMCA takedown mailbox is companies like IP Echelon will just blindly E-mail whatever abuse POC is associated with either the AS record or whichever POCs are specifically associated with the NET block. So it becomes kind of difficult to keep them routing to different places. The guys doing the DMCA takedowns use automated tooling. So asking them nicely isn't going to help you.
In article <627928051.4141.1533644391202.JavaMail.mhammett@ThunderFuck> you write:
Unless the e-mail is to the contact on file with the FCC, it isn't an official DMCA take down request, so the request is garbage.
It's not the FCC, it's the copyright office. The law also says that the contact address should be on your web site somewhere. R's, John
----- Mike Hammett Intelligent Computing Solutions
Midwest Internet Exchange
The Brothers WISP
participants (12)
-
Daniel Corbe
-
Eric Kuhnke
-
John Levine
-
Jérôme Nicolle
-
Matt Harris
-
Michael Hallgren
-
Mike Hammett
-
nanog@jack.fr.eu.org
-
nusenu
-
Rich Kulawiec
-
Ross Tajvar
-
valdis.kletnieks@vt.edu