[ppml] Policy Proposal 2003-1: Human Point of Contact

McBurnett, Jim jmcburnett at msmgmt.com
Thu Mar 6 14:46:38 EST 2003 

>> Take a look at: http://www.ietf.org/rfc/rfc2142.txt?number=2142
>> Also take a look at: http://www.rfc-ignorant.com/
>
>Thank you for the reference.  I personally disagree with rfc-ignorant
>on interpretation of some RFCs.

Yeah - they, as us all, differ.. I find it helpful sometimes when sending
	abuse complaints and get bounces... Makes a nice piece of 
	news to send to an ISP that cares less about the rest of us.

>Which WHOIS database are you using?  If you get spam from 
>bulkmailer at spam.net you can report it to abuse at spam.net without even
>looking it up.  You can look in the headers and report it to every 
>relay, and report it to abuse at everylistedrelay.com.  Or you can try to
>pick an IP address, look up the ARIN record for that IP address, and
>report it to the Abuse POC given in ARIN's records.  Only the latter
>case is on topic for ARIN PPML.

The later PPML topic is the one that confuses me sometimes, and hence the
RFC ignorant.  A few ISP's I have been spammed from 
don't accept abuse@ secuirty@ etc.. And the ARIN POC is often inaccurate for
the <fill in your choice word(s) here> people on purpose. And as of late, 
many spammers are forging most of the header anyway....

>Also, RFC2142 does not describe the possibility of multiple domains 
>being associated with an IP address.  If I assign a /24 to a customer
>who is a web hosting company, do you want the Abuse POC to be every
>domain name they host, one of their own domain names (.com or .net?) 
>or one of my domain names?  I'm not asking about the email address
>ABUSE at domain, which is described in the RFC, I'm asking about 
>the Abuse 
>POC given in ARIN's WHOIS database.

Good Point.. I guess my answer is let's push the POC Policy to get the POC's 
to a higher level of accuracy... 
 
>I have neither said nor implied that abuse@ any particular domain name
>is an invalid account.  What I have said is that we have chosen to list
>a specific email address as the Abuse POC in ARIN's WHOIS.  You can use
>abuse at whatever.  I've listed the address I prefer you use, in 
>the public
>WHOIS database that ARIN maintains.  As far as I can tell, we are both
>a) RFC-compliant in this regard, and b) excercising our 
>ability to list 
>the most accurate contact in the Abuse POC records.  

My apologies. I did not mean any implications... 
You did say something here I wish the community as a whole would adopt...
"excercising our ability to list the most accurate contact" 
That is the whole problem..
I can't remember which "famed spammer" it was, but one spammer,
his ISP and the every domain in relation has wrong WHOIS data..
Check out www.spamhaus.org


>
>In summary, I am asking if there is a proposal to require 
>something more
>than reachability for the Abuse POC.  If there is, I am asking for 
>clarification, and whether this should be part of proposal 2003-1 or a
>separate proposal.  If there is no such proposal, then there 
>is no debate.
>

Correction if there is no such proposal we need to create one...
AND if it takes it, send the idea to the IETF..

Jim

More information about the ARIN-PPML mailing list