[ppml] Abstract of proposed Internet Draft for Best Current Practice (please comment)

Brian Bergin arin_ppml at comcept.net
Tue Feb 18 12:03:54 EST 2003 

At 10:57 18 02 03 Tuesday, you wrote:
>so color me naive, but how does one "buy a block of 30-40 /24's" ??

Sorry, perhaps not 30-40, but try this: 
http://ws.arin.net/cgi-bin/whois.pl?queryinput=!%20NET-209-236-0-0-1. 
There are 64 and a prime example of this.  They have had their share of 
abusive customers.

>your analogy to the FCC has a small flaw.  The FCC is a gov org and
>as such is protected from certain actions that ARIN, which isn't a gov
>org, is not.

Not true.  Any organization can setup rules by which anyone who wishes to 
work with them must abide by.  No one's forcing the spammers to buy blocks 
of IPs and no one is forcing the ISPs to sell them.  It's totally 
voluntary.  No one forces people to use the Internet and therefore abide by 
their ISP's AUP and yet all of them find ways of enforcing them.  It's 
called a contract.

>ICANN doesn't revoke a fraudulent or invalid domain name, the registrar
>or the registry does.  if they don't then ICANN could revoke the registrar
>or registry's certification.

Semantics.  If say Register.com refuses to update a domain registration 
reported to ICANN as containing invalid or fraudulent information and they 
refuse to delete the registration ICANN, as you say, simple revoke the 
registrar.  Either way the invalid domain registration is revoked.

>For ARIN to "go after" fraud is mission creep for ARIN.  Its not their job
>and they are NOT the Net.Police.  Fraud is between two people, the victim
>and the person committing fraud.  ARIN is not a direct party to that event

IMHO, If ARIN knowingly allows someone to commit fraud and provides a way 
for them to do it then they become party to the fraud.  Once ARIN has been 
notified of the fraud they should be required to remove the 
registration.  If a gun dealer sells a gun to a known criminal they become 
party to any acts committed with the gun.  Before you flame me saying this 
is different, IPs don't kill, it's back to the culpability.

>But most importantly ARIN can not make a "moral or otherwise" decision
>on the potential us of allocated IP space.  To say some can and some can't
>have IP space based on intended use would land ARIN in court on anti-trust
>or other legal hot water.

ISPs get sued often over AUP enforcements.  I've not seen one case lead to 
the reinstatement of a user's account.  AUPs are contracts.  ARIN members 
agree to certain terms and those terms can be updated to include things 
like no fraudulent or invalid information.

>
>I believe the "gov" will keep its fingers out of the pie, for if they 
>don't it will
>then go the way of the ITU, and *nobody* wants that to happen

No it won't.  Businesses are ever increasingly yelling at Washington to do 
something.  I've seen reports that 50-60% of all e-mail delivered to 
corporate America is junk.  It's costing them, and therefore us in the form 
of passed on costs, billions each year.  The Gov will get involved if 
something is not done by the industry.

Brian

>If I might, while I'm new to this list, I deal with the junk daily.  The 
>problem is ISPs and individuals buying large blocks of IPs then reselling 
>them to others and then washing their hands of the mess.  I can point you 
>to dozens of examples of this.  Someone goes out and buy 30-40 /24's then 
>sells them to whomever will pay for them and since they're not hosted on 
>the same backbone as the address owner they are not held liable by their 
>upstream provider(s) for the spam generated on the resold blocks.  Those 
>blocks often end up in Asia or South America where ISPs often do not 
>enforce any kind of AUP.
>
>As for the vocal anti-spammers not agreeing on what constitutes UE, I 
>disagree.  UE is any mail sent unsolicited and without the addressee's 
>permission.  Furthermore, forged headers or relayed mail is abusive.  Go 
>look at the major backbone providers like C&W & uu.net.  Their AUPs are 
>quite clear.
>To top it all off, many of these blocks, when SWIP'd, contain fraudulent 
>information.  ICANN will revoke a fraudulent or invalid domain 
>registration why can't ARIN revoke a fraudulent IP SWIP and if the block 
>owner is found to also have fraudulent or invalid registration information 
>they should have their entire block revoked.  That's the way the rest of 
>the world works.  Do you think the FCC would allow someone to buy a block 
>of frequencies and give them false contact info?  The FCC would yank the 
>licenses immediately with NO refund.  ARIN must evolve to function like 
>the rest of the world.  Apply existing fraud laws.  If someone obtains 
>goods or services under misleading or fraudulent circumstances no matter 
>the intended use they have violated criminal laws in every state and 
>Federal laws as well.  Why can't ARIN use existing laws to go after them?
>Anyway, if ARIN doesn't get its act together count on the government 
>coming up with a "solution" that doesn't work and is impossible to 
>enforce.  Simple rules work best.  Register your IPs with valid 
>info.  Keep that info up to date.  Follow an established AUP with those 
>IPs.  Violate any one and you lose them all with no refund.
>Sincerely,
>ComCept Solutions, LLC.
>Brian S. Bergin
>Network Systems Administrator
>(828) 265-1234
>http://www.comcept.net
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.arin.net/pipermail/arin-ppml/attachments/20030218/4e1519ca/attachment.htm>

More information about the ARIN-PPML mailing list