[arin-ppml] Draft Policy ARIN-2021-7: Make Abuse Contact Useful
Andrew Dul
andrew.dul at quark.net
Tue Oct 26 20:33:48 EDT 2021
Email as a reporting mechanism does seem old these days.
I'd might be ok with a URL, but not just "any URL" if the community is
really interested in improving reporting, we likely need a structured
data format and API so that input can be better used by those receiving
the reports.
Andrew
On 10/26/21 2:59 PM, John Santos wrote:
> My domain has a valid abuse contact (me), and it's been years since I
> actually received anything except spam. (I check the spam detector
> output daily to make sure it actually is spam, and it always is. It's
> usually no more than a handful of spam emails daily, probably because
> I never respond to it or originate any email from the "abuse" address,
> so there is nothing for the spammers to harvest.)
>
> Under this new scheme, would I still be able to handle abuse the exact
> same way? Or would we be required to create a web page solely to
> provide an email address and phone number for abuse reporting,
> duplicating what is already in whois?
>
> BTW, our fairly extensive web site is almost entirely private, with
> only a half dozen or so public pages of simple, static information.
> Which are inaccessible if our Internet access or electrical power is
> down.
>
> In other words, any change for us would be a pain the keister for no
> discernible benefit to us or any one else.
>
> Unless this is a NO-OP, my vote is NO.
>
>
>
> On 10/26/2021 4:18 PM, ARIN wrote:
>> On 21 October 2021, the ARIN Advisory Council (AC) accepted
>> "ARIN-prop-303: Make Abuse Contact Useful" as a Draft Policy.
>>
>> Draft Policy ARIN-2021-7 is below and can be found at:
>>
>> https://www.arin.net/participate/policy/drafts/2021_7/
>> <https://www.arin.net/participate/policy/drafts/2021_7/>
>>
>> You are encouraged to discuss all Draft Policies on PPML. The AC will
>> evaluate the discussion in order to assess the conformance of this
>> draft policy with ARIN's Principles of Internet number resource
>> policy as stated in the Policy Development Process (PDP).
>> Specifically, these principles are:
>>
>> * Enabling Fair and Impartial Number Resource Administration
>>
>> * Technically Sound
>>
>> * Supported by the Community
>>
>> The PDP can be found at:
>>
>> https://www.arin.net/participate/policy/pdp/
>> <https://www.arin.net/participate/policy/pdp/>
>>
>> Draft Policies and Proposals under discussion can be found at:
>>
>> https://www.arin.net/participate/policy/drafts/
>> <https://www.arin.net/participate/policy/drafts/>
>>
>> Regards,
>>
>> Sean Hopkins
>>
>> Senior Policy Analyst
>>
>> American Registry for Internet Numbers (ARIN)
>>
>> Draft Policy ARIN-2021-7: Make Abuse Contact Useful
>>
>> Problem Statement:
>>
>> ARIN’s process of attaching an abuse contact to resource records is
>> of limited utility. The phone number is often an unmanned voicemail
>> that refers the caller to a web page while the email address is
>> commonly an auto-responder which does the same. Because the emails
>> often involve problematic content they can get lost in filters making
>> it hard to even find the URL let alone get an abuse report to go
>> through. This is further exacerbated by folks who write programs to
>> automatically generate unverified abuse reports and email them to the
>> ARIN contact, flooding the mailbox with useless reports that no human
>> being is assigned to look through.
>>
>> With responsible network providers, the process for dealing with
>> network abuse instead usually starts with a web page. The web page
>> provides instructions and may offer forms for describing the abuse
>> and uploading supporting material of the nature that the service
>> provider needs in order to take action.
>>
>> It would be helpful for ARIN to support the abuse reporting process
>> they actually use.
>>
>> Policy statement:
>>
>> Strike -
>>
>> From 2.12 “and one valid abuse”
>>
>> From 3.6.2 “Abuse”
>>
>> Add:
>>
>> 2.1.2 To “organization information must include…zip code equivalent,”
>> add “an abuse reporting URL”
>>
>> 4.2.3.7.3.2: replace “upstream Abuse and Technical POCs " with
>> “upstream Technical POCs and URLs for reporting abuse”
>>
>> 6.5.5.3.1: replace “upstream Abuse and Technical POCs " with
>> “upstream Technical POCs and URLs for reporting abuse”
>>
>> Timetable for implementation: Whenever
>>
>> Anything Else:
>>
>> Initial implementation suggested to replace the abuse POC with a URL
>> pointing to ARIN’s display of the same POC record which was used for
>> abuse reporting. Should support multiple URLs so that if desired an
>> organization can specify both “mailto:somebody at here” and
>> “tel:1234567” if that’s how they actually want abuse reported to them.
>>
>>
>> _______________________________________________
>> ARIN-PPML
>> You are receiving this message because you are subscribed to
>> the ARIN Public Policy Mailing List (ARIN-PPML at arin.net).
>> Unsubscribe or manage your mailing list subscription at:
>> https://lists.arin.net/mailman/listinfo/arin-ppml
>> Please contact info at arin.net if you experience any issues.
>>
>
More information about the ARIN-PPML
mailing list