[ppml] /29 limit for ARIN SWIP whois

Divins, David dsd at servervault.com
Wed Jan 9 13:18:04 EST 2008

I recognize that people use SWIP and RWHOIS information for a variety of
different things.  I also acknowledge that I probably will never get my
way but that does not make the question not worth raising.

I think Leo Bicknell has provided many great presentations on the
accuracy and breakdown of this information (thanks Leo!).

As for "Bad Actors", I believe they can get around any restrictions we
try and pose on them and chances are the abuse/technical contact info is
a bit bucket which violates my "as long as I provide valid info" clause.
For many bad actors you end up having to go up a branch to complain


David Divins
Principal Engineer
ServerVault Corp.

-----Original Message-----
From: ppml-bounces at arin.net [mailto:ppml-bounces at arin.net] On Behalf Of
Steve Atkins
Sent: Wednesday, January 09, 2008 1:07 PM
To: Public Policy Mailing List
Subject: ***POSSIBLE SPAM*** Re: [ppml] /29 limit for ARIN SWIP whois

On Jan 9, 2008, at 9:58 AM, <michael.dillon at bt.com> wrote:

> For instance, suppose we no longer publish any whois info at all for 
> people who have reassigned addresses. None at all. This lulls the bad 
> actors into a false sense of security and then, when they are not 
> expecting it, the law pounces on them and uses the reasonably accurate

> records of their 20 hosting providers as evidence in a court of law. 
> We replace the technical attack vector with a legal one. After all 
> these bad actors are not just network undesirables, they are 
> LAWBREAKERS and the system, outside of ARIN, already has processes to 
> deal with lawbreakers.

No, they're usually not. The majority of bad traffic is legal or grey

Spam is perfectly legal, for instance, in most places.

> A smart bad actor already knows all of this and he prefers that ARIN 
> require ISPs to publish detailled whois info so that he can cover his 
> tracks and let the unskilled bad actors, many of whom are customers of

> his "bad actor toolkits" to take the heat.

Sometimes, yes.

> I believe that society, and law enforcement agencies, would be better 
> served by getting rid of most whois information. Only organizations 
> with a direct, contractual, relationship with ARIN would be in the 
> whois directory.
> ISPs with an ARIN allocation would be forced to either bear the costs 
> of managing abuse reports for their customer base, or publish their 
> own whois directory if they so wish.

It's a tempting idea in some respects, certainly.

If you want your entire address space to have the same reputation as the
worst of your customers (either current or within the previous year or
so) that would be one approach.

(That's a generic "you" - I'm not attempting to discuss BT's reputation
or history here.)

I can see the attraction of doing that, but I also see the


You are receiving this message because you are subscribed to the ARIN
Public Policy Mailing List (PPML at arin.net).
Unsubscribe or manage your mailing list subscription at:
Please contact the ARIN Member Services Help Desk at info at arin.net if
you experience any issues.

More information about the ARIN-PPML mailing list