[arin-ppml] ARIN IPs and Spammers? => Need for Governance

Ted Mittelstaedt tedm at ipinc.net
Mon Nov 10 14:27:00 EST 2014

On 11/10/2014 7:56 AM, Michael Peddemors wrote:
> On 14-11-10 07:34 AM, Kevin Kargel wrote:
>> I have to agree with Ted. ARIN is not in the 'acceptable use
>> enforcement' business and that is a line that should not be crossed.
>> There are many other agencies and venues more appropriate for the task
>> of spam regulation. ARIN is not a first amendment police, and they are
>> not responsible for misuse of member networks. ARIN's sole job is
>> registration of IP number resources.
>> I am 100% in favor of limiting and restricting spam and other
>> malicious internet abuses, but ARIN is not the appropriate agency to
>> assign the onus of policing these bad actors. I applaud all the
>> efforts to fight spam and encourage everyone to become much more
>> active and involved in combatting it, but please do it from a proper
>> agency.
>> Kevin
> However, ARIN does have the mandate regarding proper SWIP for delegated
> IP Addresses, and enforcement in that area might be the first step.
> Many of those 'spammers' use forged or false information, and while ARIN
> is not the right place to judge the usage of IP(s), it does have the
> mandate to determine whether an organization is entitled to new resources.
> This is a 'first step' which I believe ARIN needs more support in
> addressing, and stronger mandates in this area.
> This would help prevent abuse. Usage of a public resource such as an IP
> Address, should have clearly presented, accurate information as to the
> party using and responsible for such activity.
> Some providers are very forward in this regard, requiring identification
> of users/organizations who wish to use their IP resources, and using
> 'rwhois' servers and/or SWIP to clearly report this, while others simply
> ignore ARIN guidelines, can't be bothered, or turn a blind eye.
> It would be helpful to deal with the later in a more effective way, than
> simply 'taking a report' of this occurring.
> There are many 'can-spam' laws etc, that can address spammers, however
> if the information of the operators is false, inaccurate, or missing,
> that brings extra challenges.
> I believe if the information was more accurate, it would also curb some
> of that activity, freeing up IP addresses for better use.

There are many other criminals than spammers on the Internet that make 
use of forged or fake information that is given to their upstream networks.

I do not support penalizing the upstream address holders for this, however.

BUT, what I DO think should be happening is when evidence of a bogus 
SWIP entry is presented to the RIR, the RIR should be able to give the
upstream holder a week to investigate, and if the upstream holder is
unwilling to "back" the bogus SWIP, then the upstream holder should
remove the entry - or ARIN should.

I do NOT regard this as penalizing the address holder.

Fundamentally, when an address holder obtains addressing they are 
responsible for it's use.

If an address holder wants to become the world's spam and criminal 
hoster, that is perfectly fine with me.  I'll block all their IP 
addressing in my own gear.

But they should not be permitted to use the SWIP system to obfuscate
what they are doing.

If they want to host spammers, then either the spammers identify who
they are - so they can be easily found and prosecuted - or they assume 
responsibility for the spamming - so they themselves can be prosecuted.

If doing that results in removal of SWIP records and their inability
to meet utilization requirements to obtain more addressing then that
is just their tough luck.

Unfortunately, most of this discussion is purely academic for ARIN as
most spamming originates either overseas (where ARIN is not the 
responsible RIR) or it originates from hijacked machines on legitimate
networks in North America which will shut them down if informed.



More information about the ARIN-PPML mailing list