Implementing the code of conduct for combating abuse might seem to be a lot of work but in practice that is not the case. Hosting/cloud providers who have followed the phased plan described below satisfy the code of conduct.
- Make a policy document for your employees who are responsible for following up abuse reports and incidents.
- Decide whether you want to use the best practices of the M3AAWG (full of practical tips) for the implementation or instead give your own interpretation.
- Make an abuse policy for your clients. In that policy, link consequences to repeated or substantial violations and give yourself the right to quarantine or close down content.
- Require your clients to have notified vulnerabilities or leaks patched and to remove abuse.
- Require your clients to be reachable for (your) abuse notifications; do not accept them being unreachable, slow to respond or not responding to abuse notifications that you send them.
- Ensure that you are easily reachable for abuse notifications. Also at the weekend: much abuse takes place at hosting providers that “the bad guys” know are not easily reachable.
- At the very least you should publish an abuse@ mailaddress on your primary domain, in relevant WHOIS registrations, and at RIPE. Ideally, it should be possible to lodge abuse notifications with you by telephone or via chat.
- Ensure that abuse notifications can easily reach you by removing red tape and complex forms. You should read and process notifications daily and always follow up on these.
- If you really cannot process abuse notifications, then do not switch off the notifier but transfer it to the right receiver if you know or could know who that should be, or give the sender information that makes it easier for them to find the right target. You know exactly how it works, but the sender often does not.
- On your website, make it clear to your clients that you adhere to this code of conduct and the NTD code of conduct.
- Establish which flaggers you consider to be trusted. Examples are the Dutch INHOPE organisation (EOKM), SIDN via Netcraft and the Bureau for Internet Fraud of the Dutch police. In the case of notifications from these trusted flaggers, no internal assessment of the notification is necessary, and you can immediately remove/block content or have that done for you.
- Instruct your employees that any notifications they receive about child pornography that have not been received via the EOKM must be sent to the EOKM for assessment. This ensures that your employees do not need to examine the material, which in itself is a criminal offence.
- Install AbuseIO or similar software for receiving and processing abuse notifications, in any case those from the EOKM, and preferably for information from/via NBIP.
Extra steps for providers with their own network (AS)
- Consider connecting to the Abuse Information Exchange, also referred to as AbuseHUB. If you do not want to do that, then you should at least subscribe to similar abuse feeds. From October 2018 onwards, NBIP will also send aggregated data inAbuse-IO format
- Connect to the network abuse performance portal that has been developed by TU Delft in collaboration with NBIP. Though this portal you will receive direct information about abuse in your network. The portal shows how clean your network is compared with those of your peers, and you receive abuse reports, some of which cannot be obtained via existing feeds.
- Implement the measures as described in the routing security manifest MANRS.
Extra steps for registrars
- Familiarise yourself with the abuse204.nl approach for SIDN and apply that programme.