[ppml] Policy Proposal 2003-1: Human Point of Contact

Lee Howard lee.howard at wcom.com
Thu Mar 6 10:29:46 EST 2003 

I sense a little hostility here, but I'm not sure whether you're angry
that we changed the email address of our Abuse POC, or something I said.

I am trying to keep the conversation on track, as PPML is clearly the
wrong forum to air grievances against any entity, personal or corporate
(except ARIN, and maybe the ASO or ICANN in address-related ways).


Are you proposing a policy that the Abuse POC email address must be
abuse at domainname?  While I recognize the usefulness of certain well-known
email address, such as postmaster, hostmaster, webmaster, and root, I
don't know that "abuse" has been established and accepted by the 
community.  Is this in a Best Current Practices RFC?

If this is your proposal, how do you propose to assign domain names to 
network assignments?  If 172.16.0.0/16 is allocated to Acme Holdings,
who operates under the domain name acme.com, acme.net, acme.com.ca,
acmeholdings.com, and explodinganvil.mil, which domain will you require
to be on the Abuse POC?


As for the specific example you give below:
I believe you will find that abuse at uu.net does work.  Abuse-mail at uu.net
was created so users could separate Usenet abuse (abuse-news at uu.net),
ongoing intrusion attempts (security at uu.net), and spam (abuse-mail at uu.net).
Having separate aliases allows us to direct the reported incident to
the right people faster.  I agree that users would only know about these
if they did a WHOIS query or looked at our support page.  So abuse at uu.net
should still work, it just gets manually sorted, and therefore takes
longer.  As I'm sure you know, WorldCom bought MFS (which owned UUNET)
at the end of 1996, which may explain why there is a transition from
@uu.net aliases to @wcom.com aliases.


I've said before that I don't mind people using UUNET or WorldCom as
examples, positive or negative, in discussions on this list or at public
meetings.  My only request is that the example be used to support or
argue ARIN-related matters, and not as venues to air grievances.  If
you have a beef with me or the company I work for, email me privately
so the rest of the people on this list who are trying to get some work
done don't have to be involved.



Lee Howard	Lee.Howard at wcom.com  (703) 886-5231
Sr. Manager 	Internet Installations, 
WorldCom	IP Policy and Allocations


On Thu, 6 Mar 2003, JLS wrote:

> Date: Thu, 06 Mar 2003 00:00:19 -0700
> From: JLS <JEFFSL at COX.NET>
> To: Lee Howard <lee.howard at wcom.com>
> Cc: ppml at arin.net
> Subject: Re: [ppml] Policy Proposal 2003-1: Human Point of Contact
> 
> Seems a little STRANGE to me that "abuse-mail at wcom.com" should be the
> contact for uunet - I would be thinking that, in adhering to the de facto
> standard, the logical, sensible and practical address would be abuse at uu.net
> instead of any inventive permutations of such reasonable and imminently
> practical simplicity - can we please do away with the run amok "creativity"
> on the part of those who are supposed to know what they are doing to make
> things reasonably simple for the common person who, perhaps, does not have
> the time, inclination or even the wherewithal to go digging around in the
> whois world to find out just WHO to report abuse to -
> or we just trying to play "hard to get to", here!?
> Perhaps if UUNET had a STANDARD abuse address YOU would have never been put
> in such a position as you were.  Remember, the Internet does not have the
> geographical limitations that other, older, forms of communication like
> snail mail or pony express used to present and there is no reason that an
> address like abuse at uu.net cannot be properly set to forward instantaneously
> to any other address on the net so let's just please keep it as simple as it
> can be, ok?
> 
> Jeff S.
> 
> > From: Lee Howard <lee.howard at wcom.com>
> > Date: Wed, 5 Mar 2003 10:52:43 -0500 (EST)
> > To: Richard A Steenbergen <ras at e-gerbil.net>
> > Cc: ppml at arin.net
> > Subject: Re: [ppml] Policy Proposal 2003-1: Human Point of Contact
> > 
> > Speaking as the Admin contact for UUNET, I can say that in the seven
> > months I have been listed publically I have received thousands of spam
> > messages (about 100-150 per day), a dozen threats, and maybe a couple
> > hundred (about 10/week) spam or hacker/abuse/security reports.  I reply
> > politely to every one of the latter, explaining what information should
> > be provided to whom (abuse-mail at wcom.com).  Most of the abuse reports
> > I get are sent to me instead of the Abuse POC.
> > 
> > I have not seen any requests that I could handle other than referring
> > to the existing POCs.
> > 
> > I also read NANOG, where I often see requests for help of some kind
> > from someone at UUNET, and I almost always direct those requests to the
> > right place, or have someone call the queriant.  Many other UUNET people
> > do the same.  None of these requests has ever been sent to the Admin POC
> > of UUNET directly.
> > 
> > If the entire Internet user community could be trained to not spam the
> > Human POC, and to exhaust other POCs before trying the Human POC, I'd
> > support this proposal.  The proposal is based on an assumption that
> > personal email addresses are more likely to elicit responses than role
> > accounts. 
> > 
> > Lee
> > 
> > 
> > 
> > On Tue, 4 Mar 2003, Richard A Steenbergen wrote:
> > 
> >> Date: Tue, 04 Mar 2003 21:34:05 -0500
> >> From: Richard A Steenbergen <ras at e-gerbil.net>
> >> To: ppml at arin.net
> >> Subject: Re: [ppml] Policy Proposal 2003-1: Human Point of Contact
> >> 
> >> On Tue, Mar 04, 2003 at 11:36:19AM -0500, Member Services wrote:
> >>> Problems:
> >>> I understand the issue of hate mail, threats, and the general
> >>> difficulty of dealing with irate complainers.  However, in
> >>> any business, there are risks.  Being the human lightning rod
> >>> for these complaints at a large provider is not a lot of fun,
> >>> but it is a job which must be done.  Nobody likes to clean
> >>> the restroom.
> >> 
> >> That sounds like a volunteer to me... You're available 24/7 right?
> >> 
> >> Let's get real here, that policy isn't just bad it's absurd. Role accounts
> >> exist for a reason, and 99% of the time it is to improve communications.
> >> I'd suggest that trying to solve the 1% of the cases where people are
> >> hiding behind roles by breaking the other 99% is not the way to go.
> >> 
> >> I'd also suggest that it is a fallacy to project what you consider
> >> "reasonable" in your business onto others. For example, who is the 1
> >> person that you would recommend to handle all of UUNet's issues?
> >> 
> >> 
> > 
>

More information about the ARIN-PPML mailing list