[arin-ppml] Draft Policy ARIN-2021-7: Make Abuse Contact Useful
Owen DeLong
owen at delong.com
Wed Oct 27 01:21:10 EDT 2021
While I think you are on the right track, Andrew, I think that standardizing the format and API is outside of ARIN’s remit and suggest that OPSAWG might be a good place
to achieve that.
Owen
> On Oct 26, 2021, at 17:33 , Andrew Dul <andrew.dul at quark.net> wrote:
>
> Email as a reporting mechanism does seem old these days.
>
> I'd might be ok with a URL, but not just "any URL" if the community is really interested in improving reporting, we likely need a structured data format and API so that input can be better used by those receiving the reports.
>
> Andrew
>
>
> On 10/26/21 2:59 PM, John Santos wrote:
>> My domain has a valid abuse contact (me), and it's been years since I actually received anything except spam. (I check the spam detector output daily to make sure it actually is spam, and it always is. It's usually no more than a handful of spam emails daily, probably because I never respond to it or originate any email from the "abuse" address, so there is nothing for the spammers to harvest.)
>>
>> Under this new scheme, would I still be able to handle abuse the exact same way? Or would we be required to create a web page solely to provide an email address and phone number for abuse reporting, duplicating what is already in whois?
>>
>> BTW, our fairly extensive web site is almost entirely private, with only a half dozen or so public pages of simple, static information. Which are inaccessible if our Internet access or electrical power is down.
>>
>> In other words, any change for us would be a pain the keister for no discernible benefit to us or any one else.
>>
>> Unless this is a NO-OP, my vote is NO.
>>
>>
>>
>> On 10/26/2021 4:18 PM, ARIN wrote:
>>> On 21 October 2021, the ARIN Advisory Council (AC) accepted "ARIN-prop-303: Make Abuse Contact Useful" as a Draft Policy.
>>>
>>> Draft Policy ARIN-2021-7 is below and can be found at:
>>>
>>> https://www.arin.net/participate/policy/drafts/2021_7/ <https://www.arin.net/participate/policy/drafts/2021_7/>
>>>
>>> You are encouraged to discuss all Draft Policies on PPML. The AC will evaluate the discussion in order to assess the conformance of this draft policy with ARIN's Principles of Internet number resource policy as stated in the Policy Development Process (PDP). Specifically, these principles are:
>>>
>>> * Enabling Fair and Impartial Number Resource Administration
>>>
>>> * Technically Sound
>>>
>>> * Supported by the Community
>>>
>>> The PDP can be found at:
>>>
>>> https://www.arin.net/participate/policy/pdp/ <https://www.arin.net/participate/policy/pdp/>
>>>
>>> Draft Policies and Proposals under discussion can be found at:
>>>
>>> https://www.arin.net/participate/policy/drafts/ <https://www.arin.net/participate/policy/drafts/>
>>>
>>> Regards,
>>>
>>> Sean Hopkins
>>>
>>> Senior Policy Analyst
>>>
>>> American Registry for Internet Numbers (ARIN)
>>>
>>> Draft Policy ARIN-2021-7: Make Abuse Contact Useful
>>>
>>> Problem Statement:
>>>
>>> ARIN’s process of attaching an abuse contact to resource records is of limited utility. The phone number is often an unmanned voicemail that refers the caller to a web page while the email address is commonly an auto-responder which does the same. Because the emails often involve problematic content they can get lost in filters making it hard to even find the URL let alone get an abuse report to go through. This is further exacerbated by folks who write programs to automatically generate unverified abuse reports and email them to the ARIN contact, flooding the mailbox with useless reports that no human being is assigned to look through.
>>>
>>> With responsible network providers, the process for dealing with network abuse instead usually starts with a web page. The web page provides instructions and may offer forms for describing the abuse and uploading supporting material of the nature that the service provider needs in order to take action.
>>>
>>> It would be helpful for ARIN to support the abuse reporting process they actually use.
>>>
>>> Policy statement:
>>>
>>> Strike -
>>>
>>> From 2.12 “and one valid abuse”
>>>
>>> From 3.6.2 “Abuse”
>>>
>>> Add:
>>>
>>> 2.1.2 To “organization information must include…zip code equivalent,” add “an abuse reporting URL”
>>>
>>> 4.2.3.7.3.2: replace “upstream Abuse and Technical POCs " with “upstream Technical POCs and URLs for reporting abuse”
>>>
>>> 6.5.5.3.1: replace “upstream Abuse and Technical POCs " with “upstream Technical POCs and URLs for reporting abuse”
>>>
>>> Timetable for implementation: Whenever
>>>
>>> Anything Else:
>>>
>>> Initial implementation suggested to replace the abuse POC with a URL pointing to ARIN’s display of the same POC record which was used for abuse reporting. Should support multiple URLs so that if desired an organization can specify both “mailto:somebody at here” and “tel:1234567” if that’s how they actually want abuse reported to them.
>>>
>>>
>>> _______________________________________________
>>> ARIN-PPML
>>> You are receiving this message because you are subscribed to
>>> the ARIN Public Policy Mailing List (ARIN-PPML at arin.net).
>>> Unsubscribe or manage your mailing list subscription at:
>>> https://lists.arin.net/mailman/listinfo/arin-ppml
>>> Please contact info at arin.net if you experience any issues.
>>>
>>
> _______________________________________________
> ARIN-PPML
> You are receiving this message because you are subscribed to
> the ARIN Public Policy Mailing List (ARIN-PPML at arin.net).
> Unsubscribe or manage your mailing list subscription at:
> https://lists.arin.net/mailman/listinfo/arin-ppml
> Please contact info at arin.net if you experience any issues.
More information about the ARIN-PPML
mailing list