[arin-discuss] The joy of SWIPping

Dean Anderson dean at av8.net
Thu May 15 16:42:33 EDT 2008 

On Mon, 12 May 2008, Paul Vixie wrote:

> > As far as contacing customers via whois lookup, is there some reason
> > the ISP can't act as an agent for the customer?  This is sort of
> > like the various domain whois privacy services...but not nearly as
> > slimely IMO.

There is no reason the ISP can't act as the customer's agent.  There is
no reason the customer can't have anyone else they choose to act as
their agent.  Of course, there are obligations to acting as someone
else's agent, and liabilities for failing to meet the obligations.  But
ARIN cannot say that someone else can't have an agent, any more than
ARIN can dictate who my lawyer is. A lawyer is also an agent. In fact,
there is a whole body of law on the subject called the Law of Agency.

One thing that people have not brought up against SWIP is the public
perusal of the ISP customer list. The customer list can be used by
competitors.  The full customer list is usually a company secret.  One
wonders what the justification for SWIP was, when it seems that all the
RIR actually needs is the confidential list.

No doubt some companies aren't concerned about the competition getting
their customer list, or feel that the risk is offset by the benefit of
offloading abuse complaints directly to the customer.  SWIP should be
optional, and those companies that want to publish this information,
certainly should be able to publish that information via their own whois
servers. Those that don't want to publish this sensitive information,
shouldn't be forced to do so.  There is no benefit to ARIN in such
tactics.

> as far as that goes, is there general support here for the idea of the
> RIRs running mail forwarders for well-formatted non-robotic abuse
> complaints that can be forwarded to the registered operator of the
> netblock, without exposing the operator's internal ticket system
> e-mail address via whois?

The reason for not exposing the internal ticket system is due to abuse
of the ticket system itself.  There would be no difference in exposing
the ISP internal ticket system versus having the RIR forward to the ISP
internal ticket system.  Abuse just moves to the RIR, which quite
happily forwards it to the ISP, unless you expect the RIR to
abuse-filter.

Second, ARIN's purpose is to be a registry, not your spam filter.  This
scheme would cost ARIN a great deal for large ISPs, and perhaps very
little for small ISPs. So, unless ARIN charged each for the efforts
pro-rata, it would violate the 501(c6) rules and ARIN charter against
providing unequal benefits. Its odd that Board members wouldn't see that
problem, but they seem to have no regard the rules and laws.

The next problem if this were to be done, is that the current ARIN Board
and CEO would then be in charge of spam-filtering your abuse contacts.  
CEO Plzak, with apparent consent of the Board, has asserted in written
correspondence that my email to this list may be considered "spam", and
blocked as "spam". That even this very message could be considered
"spam" and subject to capricious blocking at the whim of the CEO and
Board. Who would want such people in charge of their email, or even just
their abuse ticket system email?

	--Dean



-- 
Av8 Internet   Prepared to pay a premium for better service?
www.av8.net         faster, more reliable, better service
617 344 9000

More information about the ARIN-discuss mailing list