[arin-ppml] Policy Proposal: Annual WHOIS POC Validation - Revised

[Member Services]

The author submitted a revised version of the proposal.

The ARIN Advisory Council (AC) will review this proposal at their next
regularly scheduled meeting. The AC may decide to:

     1. Accept the proposal as written. If the AC accepts the proposal,
it will be posted as a formal policy proposal to PPML and it will be
presented at a Public Policy Meeting.

     2. Postpone their decision regarding the proposal until the next
regularly scheduled AC meeting in order to work with the author. The AC
will work with the author to clarify, combine or divide the proposal. At
their following meeting the AC will accept or not accept the proposal.

     3. Not accept the proposal. If the AC does not accept the proposal,
the AC will explain their decision via the PPML. If a proposal is not
accepted, then the author may elect to use the petition process to
advance their proposal. If the author elects not to petition or the
petition fails, then the proposal will be closed.

In the meantime, the AC invites everyone to comment on this proposal on
the PPML, particularly their support or non-support and the reasoning
behind their opinion. Such participation contributes to a thorough
vetting and provides important guidance to the AC in their deliberations.

The ARIN Internet Resource Policy Evaluation Process can be found at:
http://www.arin.net/policy/irpep.html

Mailing list subscription information can be found at:
http://www.arin.net/mailing_lists/

Regards,

Member Services
American Registry for Internet Numbers (ARIN)


## * ##


Policy Proposal Name: Annual WHOIS POC Validation

Author: Chris Grundemann

Proposal Version: 3

Submission Date: 20 October 2008

Proposal type: new

Policy term: permanent

Policy statement:

ARIN will validate each WHOIS POC at least annually.  Unresponsive POC
email addresses shall be marked as such in the database.  If ARIN
staff deems a POC to be completely and permanently abandoned or
otherwise illegitimate, the record shall be locked or deleted.  ARIN
will maintain, and make readily available to the community, a current
list of address-blocks with no valid POC.

Rationale:

The intention of this proposal is to ensure valid whois POC
information with an annual validation process.  It further aims to
mitigate any risk that it creates in so doing.

One of the most important resources when dealing with abuse (including
hijacking, spam, ddos, etc) is whois.  ARIN's whois data is only
useful if it is known to be valid.  The current NRPM does not address
this in a manner which ensures up to date POC contact information in
all cases.  The focus is on valid email addresses because this is the
contact method of choice for most in the Internet community when
dealing with abuse or hijacking issues.  POC information that can not
be confirmed can be judged as not valid.

A netblock with no valid POC presents a target to hijackers.  Once POC
info is marked or tagged as invalid (like this policy proposes), it
becomes possible for potential hijackers to locate such netblocks by
searching the whois database.  As a defense against such hijacking
attempts, this policy proposes that the information be presented in
full to the entire community.  This should do at least one of two
things; bring the netblock to the attention of whomever is responsible
for it and/or allow other network operators to understand the
potential risk and take appropriate action to mitigate.

Timetable for implementation: The first validation should take place
within one calendar year of the policy being accepted.