[arin-ppml] Draft Policy ARIN-2021-7: Make Abuse Contact Useful

Fri Dec 17 23:32:50 EST 2021

> On Dec 16, 2021, at 12:57 , Amy Potter <amybpotter at gmail.com> wrote:
> 
> Hi all,
> 
> Opinions were fairly divided here, but it sounds like a decent number of you may be open to or prefer if we made adding an abuse URL optional, and keeping the abuse POC as mandatory. I've edited the text of this draft policy in that direction. Please let me know what you think.

I suggest require at least one of the two. An organization that has a (working) abuse URL should not be forced to maintain an abuse POC IMHO.

While I think the text below is a step towards a good solution, I do not think it is quite there yet.

Owen

> Amy
> Section 2.12- add “Organizations may provide an optional abuse URL for reporting abuse.” to end of paragraph.
> Section 4.2.3.7.3.2: add “and may have an optional abuse URL” after “Each private downstream residential reassignment must have accurate upstream Abuse and Technical POCs” so the sentence reads…
> “Each private downstream residential reassignment must have accurate upstream Abuse and Technical POCs and may have an optional abuse URL visible on the WHOIS or Distributed Information Service record for that block.”
> Section 6.5.5.3.1:  add “and may have an optional abuse URL” after “Each private downstream residential reassignment must have accurate upstream Abuse and Technical POCs” so that the sentence reads...
>  “Each private downstream residential reassignment must have accurate upstream Abuse and Technical POCs and may have an optional abuse URL visible on the WHOIS or Distributed Information Service record for that block.”
> 
> 
> 
> 
> On Tue, Oct 26, 2021 at 4:18 PM ARIN <info at arin.net <mailto:info at arin.net>> wrote:
> On 21 October 2021, the ARIN Advisory Council (AC) accepted "ARIN-prop-303: Make Abuse Contact Useful" as a Draft Policy.
> 
>  
> 
> Draft Policy ARIN-2021-7 is below and can be found at:
> 
>  
> 
> https://www.arin.net/participate/policy/drafts/2021_7/ <https://www.arin.net/participate/policy/drafts/2021_7/>
>  
> 
> You are encouraged to discuss all Draft Policies on PPML. The AC will evaluate the discussion in order to assess the conformance of this draft policy with ARIN's Principles of Internet number resource policy as stated in the Policy Development Process (PDP). Specifically, these principles are:
> 
>  
> 
> * Enabling Fair and Impartial Number Resource Administration
> 
> * Technically Sound
> 
> * Supported by the Community
> 
>  
> 
> The PDP can be found at:
> 
>  
> 
> https://www.arin.net/participate/policy/pdp/ <https://www.arin.net/participate/policy/pdp/>
>  
> 
> Draft Policies and Proposals under discussion can be found at:
> 
>  
> 
> https://www.arin.net/participate/policy/drafts/ <https://www.arin.net/participate/policy/drafts/>
>  
> 
> Regards,
> 
>  
> 
> Sean Hopkins
> 
> Senior Policy Analyst
> 
> American Registry for Internet Numbers (ARIN)
> 
>  
> 
> Draft Policy ARIN-2021-7: Make Abuse Contact Useful
> 
>  
> 
> Problem Statement:
> 
>  
> 
> ARIN’s process of attaching an abuse contact to resource records is of limited utility. The phone number is often an unmanned voicemail that refers the caller to a web page while the email address is commonly an auto-responder which does the same. Because the emails often involve problematic content they can get lost in filters making it hard to even find the URL let alone get an abuse report to go through. This is further exacerbated by folks who write programs to automatically generate unverified abuse reports and email them to the ARIN contact, flooding the mailbox with useless reports that no human being is assigned to look through.
> 
>  
> 
> With responsible network providers, the process for dealing with network abuse instead usually starts with a web page. The web page provides instructions and may offer forms for describing the abuse and uploading supporting material of the nature that the service provider needs in order to take action.
> 
>  
> 
> It would be helpful for ARIN to support the abuse reporting process they actually use.
> 
>  
> 
> Policy statement:
> 
>  
> 
> Strike -
> 
>  
> 
> From 2.12 “and one valid abuse”
> 
>  
> 
> From 3.6.2 “Abuse”
> 
>  
> 
> Add:
> 
>  
> 
> 2.1.2 To “organization information must include…zip code equivalent,” add “an abuse reporting URL”
> 
>  
> 
> 4.2.3.7.3.2: replace “upstream Abuse and Technical POCs " with “upstream Technical POCs and URLs for reporting abuse”
> 
>  
> 
> 6.5.5.3.1: replace “upstream Abuse and Technical POCs " with “upstream Technical POCs and URLs for reporting abuse”
> 
>  
> 
> Timetable for implementation: Whenever
> 
>  
> 
> Anything Else:
> 
>  
> 
> Initial implementation suggested to replace the abuse POC with a URL pointing to ARIN’s display of the same POC record which was used for abuse reporting. Should support multiple URLs so that if desired an organization can specify both “mailto:somebody at here <mailto:somebody at here>” and “tel:1234567” if that’s how they actually want abuse reported to them.
> 
>  
> 
> _______________________________________________
> ARIN-PPML
> You are receiving this message because you are subscribed to
> the ARIN Public Policy Mailing List (ARIN-PPML at arin.net <mailto:ARIN-PPML at arin.net>).
> Unsubscribe or manage your mailing list subscription at:
> https://lists.arin.net/mailman/listinfo/arin-ppml <https://lists.arin.net/mailman/listinfo/arin-ppml>
> Please contact info at arin.net <mailto:info at arin.net> if you experience any issues.
> _______________________________________________
> ARIN-PPML
> You are receiving this message because you are subscribed to
> the ARIN Public Policy Mailing List (ARIN-PPML at arin.net).
> Unsubscribe or manage your mailing list subscription at:
> https://lists.arin.net/mailman/listinfo/arin-ppml
> Please contact info at arin.net if you experience any issues.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.arin.net/pipermail/arin-ppml/attachments/20211217/5e0773c1/attachment.htm>