[ppml] Draft for proposal for Whois AUP (fwd)

Mury mury at goldengate.net
Tue Mar 4 17:25:04 EST 2003 

Too bad it's impractical to allow exceptions for frequent use.  I
certainly understand what the author is trying to accomplish, yet I see
yours and other valid uses.

It seems to me that despite all the evil that can be done with the
information it's only asking for trouble to limit access to the data.

I also see it as a losing cause trying to enforce an AUP on a regular
basis.  It certainly doesn't hurt to have one, but except in some rare
cases where there are serious repeat offenders it's not going to
accomplish much.

Mury

On Tue, 4 Mar 2003 william at elan.net wrote:

> I'v received permission from author of this email to post it on the mailing
> list. He has important comments regarding the proposal which I think must
> be mentioned on ppml. I'll see forward my response in next next email.
>
> ---------- Forwarded message ----------
> Date: Mon, 03 Mar 2003 11:49:48 -0700
> From: spammaster <spammaster at spamx.com>
> To: william at elan.net
> Subject: Re: [ppml] Draft for proposal for Whois AUP
>
> Please see comments below...
> --
> Jeff
> SpamX support
> support at spamx.com
>
> {
>   NoList();
>   NoSPAM();
> }
>
>
> > From: william at elan.net
> > Date: Mon, 3 Mar 2003 06:57:46 -0800 (PST)
> > To: ppml at arin.net
> > Cc: dbwg at arin.net
> > Subject: [ppml] Draft for proposal for Whois AUP
> >
> > I have draft read for my last proposal - this is to change current bulk
> > whois data only AUP to general Whois AUP. It requires for all whois
> > queries (no matter what protocol - which is meant to include rwhois, ldap,
> > protocol developed by crisp WG or any other protocal that ARIN may want to
> > use) to include a link to whois aup and for those that need access to
> > entire data (including through ftp but also including other means such as
> > cdrom, etc) to have to sign bulk whois aup agreement (as is done already)
> > but does allow that once signed same access can be used more then one
> > time with new agreement having to be signed after one month.
> >
> > The draft is available at:
> > http://www.elan.net/~william/arin_proposal_whois_aup.htm
> >
> > Please comment what needs to be included in AUP, what needs to be changed
> > in the draft, etc. etc. I'll submit this as actual proposal no later then
> > Friday and if no substantial comments are received then on Wednesday.
> >
> > Here is a text version of the current draft:
> > ---------------------------------------------------------------------
> >
> > This proposal changes current Bulk Whois Acceptable Use Policy to become
> > general Whois Acceptable Use policy that would apply to all whois queries.
> >
> > In particular:
> >
> > 1. A new acceptable use policy called "Whois Acceptable Use Policy" is to
> > be published on ARIN website as follows:
> >
> > "The ARIN Whois Data is for Internet operations and technical research
> > purposes pertaining to Internet Operations only. It may not be used for
> > advertising, direct marketing, marketing research or similar purposes. Use
> > of ARIN whois date for these activities is explicitly forbidden. ARIN
> > requests to be notified
> > of any such activities or suspicions thereof.
> To this I can agree in principle however, the "suspicions thereof" part
> makes me rather nervous lest we enter another "McCarthy" era...
>
> > ARIN reserves the right to restrict access to the whois database in its
> > sole discretion to ensure operational stability. ARIN may may restrict or
> > terminate your access to the whois database for failure to abide by these
> > terms of use."
>
> Same as above.
>
> >
> > 2. Access to whois data with individual queries (such as by using whois
> > protocol) must in the output either include entire 'ARIN Whois Acceptable
> > Use Policy' in the comments
>
> Please put them at THE BOTTOM of the output
>
> > or provide a one-line statement that data is
> > provided and can only be used according to 'ARIN Whois Acceptable Use
> > Policy' with a link to where the policy is published on ARIN website.
>
> This would be more acceptable as the ENTIRE policy is going to chew up
> bandwidth and whois access needs to be relatively instantaneous in some
> cases - particularly mine as described in further detail below.
>
> >
> > 3. High frequency individual query access
>
> This needs to be defined in excruciating detail - I run an ANTI-spam program
> that accesses the arin database regularly [every 5 minutes is the default
> check interval, it only accesses arin data when spam is detected, however,
> there may be more than one spam during any given check as this junk seems to
> come in waves, as it were].  What you are saying, if implemented, may
> disable what I am trying to do which is to eliminate spam.  My program uses
> arin data to determine contact addresses to which to email spam reports and
> does it on the inbound side to speed the user interface - Your proposal, in
> this particular regard, stands to eliminate my ability [my program's
> ability] to properly determine reporting addresses.  I already implemented a
> caching feature in the software over a year ago to reduce the number of
> accesses to the various whois servers of which arin is one however, as
> spammers jump from IP to IP on a regular basis, there is NO caching scheme
> that can possibly guarantee the software will not be required to access
> whois data at some sort of the "high frequency" to which you allude.  Check
> http://www.spamx.com for additional details on the software.
>
> > and access to either entire
> > whois database or large portion of it must be provided with authentication
> > to persons and organizations authorized by ARIN. These organizations
>
> JUST organizations or PERSONS as well!?  If each and every PERSON who wishes
> to perform a whois query needs to SIGN some form of agreement the paperwork
> load will be indescribable.  We cannot keep the Internet running with such
> draconian measures and let us NOT make arin and the other RIRs like the IRS
> in the U.S., please and thank you very much.
>
> > must
> > sign 'Acceptable Use Policy for Bulk Copies of ARIN Whois Data' agreement
> > which shall include 'Whois Acceptable Use Policy' and additional statement
> > that
> >
> > "Redistributing bulk ARIN Whois Data is explicitly forbidden. It is
> > permissible to publish data on an individual query or small number of
> > queries at a time basis as long as reasonable precautions are taken to
> > prevent automated querying by database harvesters"
>
> This requires some strict definition with regard to "automated querying".
> It is, at best, extremely problematic.
>
> >
> > Organizations that need access to ARIN whois data on regular basis maybe
> > required to resubmit the agreement on monthly basis at which time
> > authentication settings may need to be changed.
> Once again, just WHO is going to handle the paperwork and WHO is going to
> $PAY$ for it!?
>
> >
> Bear in mind as well that spammers also harvest email addresses from mailto:
> links on websites, make up addresses from domain names, get them from a
> number of other sources, don't care whether they bounce or not and this
> proposal will do little to stop any of that, little to stop spammers
> harvesting addresses from whois data and, most likely, do a great deal to
> eliminate legitimate use of whois data by the rest of us who are trying to
> use the Internet in a proper manner.
>
> How about we devote our energies in the spamfighting arena to raising the
> awareness level of ISPs to their open relays and, particularly, OPEN
> PROXIES, which have become so popular to the spammers recently?  My program
> relies on access to whois data in order to do exactly that!
>
> Thanks for listening.
>
>

More information about the ARIN-PPML mailing list