Dr. Jeffrey Race
jrace at attglobal.net
Fri Nov 29 23:34:56 EST 2002
On Fri, 29 Nov 2002 18:08:39 -0500, McBurnett, Jim wrote:
>When an ISP is given IP addresses are they not required to have the normal abuse@
and security@ and postmaster@ addresses?
>>I have a security issue with a remote ISP, and they do not have any of these..
only the contact email for IP admin.
>>and shouldn't there be a policy on this? if there isn't one already that is...
Note: RFC822 requires all domains exchanging e-mail to have a
<postmaster> address which is to be read by a person. RFC2142
states they SHOULD have an <abuse> address.
6.3. RESERVED ADDRESS
It often is necessary to send mail to a site, without know-
ing any of its valid addresses. For example, there may be mail
system dysfunctions, or a user may wish to find out a person's
correct address, at that site.
This standard specifies a single, reserved mailbox address
(local-part) which is to be valid at each site. Mail sent to
that address is to be routed to a person responsible for the
site's mail system or to a person with responsibility for general
site operation. The name of the reserved local-part address is:
so that "Postmaster at domain" is required to be valid.
Note: This reserved local-part must be matched without sensi-
tivity to alphabetic case, so that "POSTMASTER", "postmas-
ter", and even "poStmASteR" is to be accepted.
Separately I am sending you my private reference file on RFCs.
The relevant RFC states that EVERY system exchanging mail MUST have a
case-insensitive <postmaster> address, and a HUMAN must read the mail.
Systems possibly emitting spam are recommended to enable an <abuse>
address as current best practice.
However, the system falls down on enforcement. I am currently having
a controversy with APNIC about Chinanet, which enables <postmaster> but
bounces all the mail. I asked APNIC to discipline this miscreant and was
told (just yesterday!):
Thank you for your concern; however, APNIC has no control over how any
network in the Asia Pacific region implements its email addressing
system. If there is a problem with invalid contacts listed in the APNIC
Whois Database, please feel free to report those. However, any invalid
addresses that are not listed in the APNIC Whois Database are outside
In other words, APNIC assumes no responsibility for destructive or hostile
use of the address space for which it has a duty of care. It is a suicidal
policy about which the last word has not been said.
In view of the Pilate-like attitude of the (ir)responsible bodies, the
victims have resorted to self-help. You may nominate the miscreant for the
RFC-Ignorant blocklist, which has the eventual effect of getting his
attention when his subs can't send mail.
You should raise the details of this matter on Spam-L which has a wealth
of smart minds who are also responsible persons.
More information about the ARIN-PPML