[arin-ppml] Policy Proposal: Annual WHOIS POC Validation

Ted Mittelstaedt tedm at ipinc.net
Mon Aug 25 17:37:41 EDT 2008

> -----Original Message-----
> From: arin-ppml-bounces at arin.net 
> [mailto:arin-ppml-bounces at arin.net] On Behalf Of Keith W. Hare
> Sent: Monday, August 25, 2008 7:25 AM
> To: arin-ppml at arin.net
> Subject: Re: [arin-ppml] Policy Proposal: Annual WHOIS POC Validation
> > If a valid response
> >is not received within 14 days, every instance of the unresponsive 
> >email address will be replaced with "REFUSED RESPONSE" in the whois 
> >directory.
> Since my background is database design and performance, I 
> cringe at the idea of overloading the email address field 
> with what should really be a separate field.


  Adding a field could possibly break web-whois-lookup forms
that are out there who don't have good parsers.

  Technically, there is no standard for an e-mail address.  There's a
standard for a DOMAIN-style e-mail address, but if your database parser
that parses the e-mail address field of ARIN whois is dependent on
seeing an '@' then you already are doing it wrong.

  Because the string "REFUSED RESPONSE" doesen't follow the
standards for domain-style addressing, it isn't going to appear
in a legitimate POC e-mail address.  Because there's a space
it isn't a legitimate UUCP address or BITNET address either.  It
is pretty simple for any COMPETENT programmer writing automated
query tools to code for this.  And we want to discourage people
from bulk-queries of the whois database anyway - if you don't
know how to code for this, we really don't want you harvesting
e-mail addresses out of whois since your likely a spammer.

  If we simply remove the POC e-mail address then people don't
know if it was removed because it's bogus or because someone made
a mistake with a SWIP record.

  This is why I did not set it to "unavailable at example.com" or some
such in my proposal from which this proposal is derived.  There is no
point in overloading someone's mailserver
somewhere by some spammer trying to send 20,000 mails to a data item that 
looks like an e-mail address but isn't.


> However, aside from this implementation detail in a policy 
> proposal, I support the proposal. This will achieve the goal 
> of freezing orphaned resources while sidesteping the quagmire 
> of (L)RSAs and legacy resource holders.
> Keith
> ______________________________________________________________
> Keith W. Hare                     JCC Consulting, Inc.
> keith at jcc.com                     600 Newark Road
> Phone: 740-587-0157               P.O. Box 381
> Fax: 740-587-0163                 Granville, Ohio 43023
> http://www.jcc.com                USA
> ______________________________________________________________
> _______________________________________________
> You are receiving this message because you are subscribed to 
> the ARIN Public Policy Mailing List (ARIN-PPML at arin.net). 
> Unsubscribe or manage your mailing list subscription at: 
> http://lists.arin.net/mailman/listinfo/arin-ppml
> Please contact info at arin.net if you experience any issues.

More information about the ARIN-PPML mailing list