[ppml] Question?

Dr. Jeffrey Race jrace at attglobal.net
Fri Nov 29 23:34:56 EST 2002

On Fri, 29 Nov 2002 18:08:39 -0500, McBurnett, Jim wrote:
>When an ISP is given IP addresses are they not required to have the normal abuse@ 
and security@ and postmaster@ addresses?
>>I have a security issue with a remote ISP, and they do not have any of these.. 
only the contact email for IP admin.
>>and shouldn't there be a policy on this? if there isn't one already that is...

  Note: RFC822 requires all domains exchanging e-mail to have a
  <postmaster> address which is to be read by a person.  RFC2142 
  states they SHOULD have an <abuse> address.


          It often is necessary to send mail to a site, without  know-
     ing  any  of its valid addresses.  For example, there may be mail
     system dysfunctions, or a user may wish to find  out  a  person's
     correct address, at that site.

          This standard specifies a single, reserved  mailbox  address
     (local-part)  which  is  to  be valid at each site.  Mail sent to
     that address is to be routed to  a  person  responsible  for  the
     site's mail system or to a person with responsibility for general
     site operation.  The name of the reserved local-part address is:


     so that "Postmaster at domain" is required to be valid.

     Note:  This reserved local-part must be  matched  without  sensi-
            tivity to alphabetic case, so that "POSTMASTER", "postmas-
            ter", and even "poStmASteR" is to be accepted.


Separately I am sending you my private reference file on RFCs.

The relevant RFC states that EVERY system exchanging mail MUST have a 
case-insensitive <postmaster> address, and a HUMAN must read the mail.

Systems possibly emitting spam are recommended to enable an <abuse>
address as current best practice.

However, the system falls down on enforcement.   I am currently having
a controversy with APNIC about Chinanet, which enables <postmaster> but
bounces all the mail.  I asked APNIC to discipline this miscreant and was
told (just yesterday!):

  Thank you for your concern; however, APNIC has no control over how any 
  network in the Asia Pacific region implements its email addressing 
  system. If there is a problem with invalid contacts listed in the APNIC 
  Whois Database, please feel free to report those. However, any invalid 
  addresses that are not listed in the APNIC Whois Database are outside 
  APNIC's control. 

In other words, APNIC assumes no responsibility for destructive or hostile
use of the address space for which it has a duty of care.   It is a suicidal
policy about which the last word has not been said.

In view of the Pilate-like attitude of the (ir)responsible bodies, the
victims have resorted to self-help.   You may nominate the miscreant for the 
RFC-Ignorant blocklist, which has the eventual effect of getting his 
attention when his subs can't send mail.

You should raise the details of this matter on Spam-L which has a wealth
of smart minds who are also responsible persons.

Jeffrey Race

More information about the ARIN-PPML mailing list