[ppml] Policy Proposal 2003-1: Human Point of Contact

Lee Howard lee.howard at wcom.com
Thu Mar 6 12:45:51 EST 2003 

On Thu, 6 Mar 2003, McBurnett, Jim wrote:

> Date: Thu, 06 Mar 2003 10:46:33 -0500
> From: "McBurnett, Jim" <jmcburnett at msmgmt.com>
> To: Lee Howard <lee.howard at wcom.com>, JLS <JEFFSL at COX.NET>
> Cc: ppml at arin.net
> Subject: RE: [ppml] Policy Proposal 2003-1: Human Point of Contact
> 
> Email snipped to limit length..

> Take a look at: http://www.ietf.org/rfc/rfc2142.txt?number=2142
> Also take a look at: http://www.rfc-ignorant.com/

Thank you for the reference.  I personally disagree with rfc-ignorant
on interpretation of some RFCs.

> >If this is your proposal, how do you propose to assign domain names to 
> >network assignments?  If 172.16.0.0/16 is allocated to Acme Holdings,
> >who operates under the domain name acme.com, acme.net, acme.com.ca,
> >acmeholdings.com, and explodinganvil.mil, which domain will you require
> >to be on the Abuse POC?
> 
> According to the RFC. Each Organization...
> If I recieve spam from any of those domains how am I to know they are linked?

Which WHOIS database are you using?  If you get spam from 
bulkmailer at spam.net you can report it to abuse at spam.net without even
looking it up.  You can look in the headers and report it to every 
relay, and report it to abuse at everylistedrelay.com.  Or you can try to
pick an IP address, look up the ARIN record for that IP address, and
report it to the Abuse POC given in ARIN's records.  Only the latter
case is on topic for ARIN PPML.

Also, RFC2142 does not describe the possibility of multiple domains 
being associated with an IP address.  If I assign a /24 to a customer
who is a web hosting company, do you want the Abuse POC to be every
domain name they host, one of their own domain names (.com or .net?) 
or one of my domain names?  I'm not asking about the email address
ABUSE at domain, which is described in the RFC, I'm asking about the Abuse 
POC given in ARIN's WHOIS database.
 
> As I see it and as I implement it, I have 28 domain names tied to 
> different business entities owned by our parent company- therefore IT has
> 28 * 8 mailboxes-- acutally they are just aliases...
> We own newspapers, and the average person, and even the above average person
> may not make the connections.....


I have neither said nor implied that abuse@ any particular domain name
is an invalid account.  What I have said is that we have chosen to list
a specific email address as the Abuse POC in ARIN's WHOIS.  You can use
abuse at whatever.  I've listed the address I prefer you use, in the public
WHOIS database that ARIN maintains.  As far as I can tell, we are both
a) RFC-compliant in this regard, and b) excercising our ability to list 
the most accurate contact in the Abuse POC records.  


In summary, I am asking if there is a proposal to require something more
than reachability for the Abuse POC.  If there is, I am asking for 
clarification, and whether this should be part of proposal 2003-1 or a
separate proposal.  If there is no such proposal, then there is no debate.


> Later,
> Jim


I am only authoritative for IP addressing and WHOIS for UUNET and
WorldCom Internet services.  I am not authoritative for Abuse, Security,
Support, NOC, or domain names, so I cannot discuss those areas, which 
are not related to ARIN Public Policy anyway.


Thank you (in advance) for clarifying your position.

Lee

More information about the ARIN-PPML mailing list