[ppml] Last Call for Comment: Policy Proposal 2003-3

J Bacher jb at jbacher.com
Wed Nov 19 10:00:08 EST 2003 

Owen:
 > Note that this policy has no size limit, so, depending on the
 > "residential" customer and the willingness of the upstream to condone
 > abuse and risk blacklisting, it doesn't put much of an onus.  As written,
 > it is a blank check for abuse.

If the upstream condones spam abuse, where is your data that supports that 
the upstream's client will adhere to your request?   You made the comment 
at the meeting about wanting to use legal means to contact the client 
directly.  I'll say it again, if you have a valid legal complaint, go 
through standard legal channels and file a complaint with the police.


Owen:
 > Any provider taking advantage of the residential customer privacy policy
 > shall comply with the following restrictions on that policy:
 > 1.	Said provider must agree to address abuse complaints about
 > 	any blocks which are assigned under that policy promptly.

We've had the discussion about ARIN playing babysitter and enforcer for 
abuse.  It doesn't scale.


Marla:
 > I dont take this as a way to stop spam really....but I do feel that unless
 > your customer falls into a dial pool or DSL pool of some sort that they
 > should have to have their info swiped on WHOIS so that any abuse issues
 > coming from their usage can be handled directly with that user first before
 > getting the upstream provider involved.

I don't want you to handle abuse complaints directly with my residential 
customers.  As a zero tolerance for spam ISP, I want the prerogative to 
shut down that connection before I see chunks of my address space black 
listed.  This policy does not prevent you from SWIPing your residential 
customer information.


John:
 > And why would your mother or daughter need more than a single
 > IP address ??"

We have residential accounts with a local area network that do not use a 
centralized firewall and that use personal firewalls and do not NAT or PAT.

We have clients that work from home.  I will not subject these clients' 
families to harassment and abuse.


Jeff:
 > Owen DeLong says his concern is with spammers and spam tolerant transit
 > vendors abusing the residential application for 2003-3."

And I say again, if the upstream is tolerant, where does anyone think that 
the client will be any more proactive in fixing the problem?  The majority 
(99%) of our customer spammers are infected and are not sending spam 
intentionally.  Because of our zero tolerance for spam, we track infected 
customers, advise them, and shut them down (regardless of the type of 
connection) if they fail to fix the problem within our required time period.
--------------------------------

I realize that there are ARIN members that operate outside of the United 
States.  However, being a company within the United States, I have an 
obligation to protect the privacy of my customer base.

Thank you, Dave, for presenting this proposal.

More information about the ARIN-PPML mailing list