-
Notifications
You must be signed in to change notification settings - Fork 1.3k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Update PR Template Requiring Abuse Contact for Subdomain Registry Requestors #2201
Update PR Template Requiring Abuse Contact for Subdomain Registry Requestors #2201
Conversation
.github/pull_request_template.md
Outdated
|
||
* [ ] This request is made for a subdomain registry service. Abuse contact information (email or web form) is available and easily accessible. | ||
|
||
**URL where abuse contact or abuse reporting form can be found**: |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
**URL where abuse contact or abuse reporting form can be found**: | |
**Abuse contact email address or web form**: |
Maybe simplify it a bit
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thank you for the suggestion @wdhdev ! The difference between URL where abuse contact or abuse reporting form can be found
and Abuse contact email address or web form
is subtle but somewhat important though.
- The original wording "URL where abuse contact or abuse reporting form can be found" aims to ask subdomain registry operators to provide a direct method on their website where internet users can report abuse. Ideally, anyone can easily reach the responsible party (i.e., the registry, a DDNS service, etc.) directly without relying on PSL to identify the abuse contact or forward abuse cases, which is not PSL’s role.
- For example, if someone finds that a user at
fake-bank.ip-dynamic.org
(a subdomain managed by ClouDNS) is being malicious, they should be able to visitip-dynamic.org
, identify that the domain belongs to ClouDNS, and find clear instructions on how to report abuse directly to ClouDNS. The feedback loop from discovering abuse to reporting it should be straightforward and transparent.
- For example, if someone finds that a user at
- On the other hand, the alternative phrasing, "Abuse contact email address or web form," could lead requestors to only submit an abuse contact email address to PSL but not make it publicly visible or accessible to their users. However, I believe the intention of this change is to allow internet users to directly report abuse to the registry's website where they can access a properly maintained contact method (email or web form).
That said, I’m open to any further suggestions on how we can make this clearer or more effective in practice!
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I agree, ignore this review then.
I suggest we simplify this by always requiring an abuse contact. |
The comments above the checkbox have been simplified |
To address the issue:
This PR introduces updates to the PR submission template to address the issue raised in #1813 concerning the accountability of subdomain registries and the need for abuse contact information.
The new requirements aims to require that requestors who operate subdomain registries provide easily accessible abuse contact information, such as an email address or a web form, which allows responsible parties to be contacted in the event of abuse or malicious activities.
cc @dnsguru @simon-friedberger