[ppml] Policy Proposal: Modification to Reverse Mapping Policy

David Schwartz davids at webmaster.com
Fri Sep 14 09:43:08 EDT 2007


> On 9/14/07, michael.dillon at bt.com <michael.dillon at bt.com> wrote:

> > ARIN is fully justified in providing number allocations and in-addr.arpa
> > services to spammers since nothing in ARIN policy give ARIN the right to
> > refuse such services. In fact, ARIN policy does not allow ARIN to
> > consider business models at all.

Number allocations are not operational in the sense they're just unique.
However, DNS delegations *are* operational in this sense.

> I think we should recognize that this is totally different from
> the situation
> with spam, just like putting advertising on your website or your
> FTP server
> is not like spam.

> Because noone forces anyone to try to reverse lookup their IP address
> -- if you attempt a reverse lookup, then it's because you took some manual
> action, or you have setup software on your  equipment that is
> automatically attempts reverse lookups on the DNS.

Nobody forces you to receive email either. If you put up an email server,
it's because you took some manual action, or you have setup software on your
equipment that automatically attempts to receive email.

See? Same thing.

DNS is an agreement. I do this, and you do that. If you violate the
agreement, and deliberately make me do more work than my share of the
agreement, that is abuse. If it wastes the time and resources of real human
beings, that's a bad thing.

The only difference is who reaches out first. But I'll bet in most of these
cases, the person with the lame delegation reaches out first and that's why
you attempt to reverse resolve them.

You have a right to reverse resolve people who connect to you, just like you
have a right to run a mail server. I have no right to make you work
overly-hard or slow down your reverse resolve just as I have no right to
push spam at you.

> You've gone out to their address block's DNS servers and made a
> request. This is different from the situation with spam, where a spammer
> connects to your mail server and gives you a big message you
> didn't want or
> ask for; it is actually the content of the message and the list of
> recipients that
> is what makes a spammer (not the remote connection to a publicly
> bound service).

No, it's the same thing conceptually. They give you a lame delegation that
you didn't want or ask for. (Does DNS have a way to ask for lame
delegations? I don't think so.)

Email works by cooperation. Spammers abuse that cooperation. DNS works by
cooperation. Intentional lame delegations abuse that cooperation. In both
cases, the time and resources of real human beings are wasted.

An ARIN address assignment is nothing like Internet service. But if ARIN
provided Internet services, it should impose operational controls on those
services, like disconnecting spammers.

Reverse address delegation is nothing like address assignment. It's more
like Internet service. It's a way of telling others "this is how to reach me
and you can access me for this purpose". It's an operational service, not a
registry service, and it should have operational controls.

However, even for address services, I think ARIN would apply operational
controls if the services caused operational problems. For example suppose
ARIN had a policy that allowed people to exchange their blocks for new
equally-sized blocks any time they wanted. If spammers were using this to
evade blacklists, I'm pretty confident ARIN would change the policy.

When you understand why the policy would be changed in that case, you will
understand why the policy could benefit from a change in this case. A flaw
in the policy permits direct operational harm.

Again, I'm not arguing that an intentional lame delegation is of anywhere
near the degree as spam, just that it's of the same type.

DS





More information about the ARIN-PPML mailing list