[arin-ppml] Policy Proposal: Annual WHOIS POC Validation

John Santos JOHN at egh.com
Mon Aug 25 20:58:13 EDT 2008 

On Mon, 25 Aug 2008, Ted Mittelstaedt wrote:

> 
> 
> > -----Original Message-----
> > From: arin-ppml-bounces at arin.net 
> > [mailto:arin-ppml-bounces at arin.net] On Behalf Of Keith W. Hare
> > Sent: Monday, August 25, 2008 7:25 AM
> > To: arin-ppml at arin.net
> > Subject: Re: [arin-ppml] Policy Proposal: Annual WHOIS POC Validation
> > 
> > 
> > > If a valid response
> > >is not received within 14 days, every instance of the unresponsive 
> > >email address will be replaced with "REFUSED RESPONSE" in the whois 
> > >directory.
> > 
> > Since my background is database design and performance, I 
> > cringe at the idea of overloading the email address field 
> > with what should really be a separate field.
> > 
> 
> Keith,
> 
>   Adding a field could possibly break web-whois-lookup forms
> that are out there who don't have good parsers.
> 
>   Technically, there is no standard for an e-mail address.  There's a
> standard for a DOMAIN-style e-mail address, but if your database parser
> that parses the e-mail address field of ARIN whois is dependent on
> seeing an '@' then you already are doing it wrong.
> 
>   Because the string "REFUSED RESPONSE" doesen't follow the
> standards for domain-style addressing, it isn't going to appear
> in a legitimate POC e-mail address.  Because there's a space
> it isn't a legitimate UUCP address or BITNET address either.  It
> is pretty simple for any COMPETENT programmer writing automated
> query tools to code for this.  And we want to discourage people
> from bulk-queries of the whois database anyway - if you don't
> know how to code for this, we really don't want you harvesting
> e-mail addresses out of whois since your likely a spammer.
> 
>   If we simply remove the POC e-mail address then people don't
> know if it was removed because it's bogus or because someone made
> a mistake with a SWIP record.
> 
>   This is why I did not set it to "unavailable at example.com" or some
> such in my proposal from which this proposal is derived.  There is no
> point in overloading someone's mailserver
> somewhere by some spammer trying to send 20,000 mails to a data item that 
> looks like an e-mail address but isn't.

How about:

   No response (was: <original_e-mail_address>)

This way no information is lost and it has a space in it so the resulting
e-mail address is still invalid, and it makes no presumptions about the
type of e-mail address was originally there.  Also, it would be easy to
restore the address if it turns out that it is valid but the mail was
getting spam-trapped or the recipient was on vacation or otherwise didn't
see it promptly.

BTW, any kind of automatic second attempt at contacting the POC should
use significantly different wording in case the original had fallen
afoul of a Bayesian SPAM filter. 

I think the details should be left to the ARIN staff, though.
Suggestions about specifics probably shouldn't be in the policy
itself, but just in the rationale and the discussion.

> 
> Ted
> 
> > However, aside from this implementation detail in a policy 
> > proposal, I support the proposal. This will achieve the goal 
> > of freezing orphaned resources while sidesteping the quagmire 
> > of (L)RSAs and legacy resource holders.
> > 
> > Keith
> > 
> > 
> > ______________________________________________________________
> >  
> > Keith W. Hare                     JCC Consulting, Inc.
> > keith at jcc.com                     600 Newark Road
> > Phone: 740-587-0157               P.O. Box 381
> > Fax: 740-587-0163                 Granville, Ohio 43023
> > http://www.jcc.com                USA
> > ______________________________________________________________
> >  
> > 
> > 
> > 
> > _______________________________________________
> > PPML
> > You are receiving this message because you are subscribed to 
> > the ARIN Public Policy Mailing List (ARIN-PPML at arin.net). 
> > Unsubscribe or manage your mailing list subscription at: 
> > http://lists.arin.net/mailman/listinfo/arin-ppml
> > Please contact info at arin.net if you experience any issues.
> > 
> 
> _______________________________________________
> PPML
> You are receiving this message because you are subscribed to
> the ARIN Public Policy Mailing List (ARIN-PPML at arin.net).
> Unsubscribe or manage your mailing list subscription at:
> http://lists.arin.net/mailman/listinfo/arin-ppml
> Please contact info at arin.net if you experience any issues.
> 
> 

-- 
John Santos
Evans Griffiths & Hart, Inc.
781-861-0670 ext 539

More information about the ARIN-PPML mailing list