[arin-ppml] Draft Policy ARIN-2021-7: Make Abuse Contact Useful

JORDI PALET MARTINEZ jordi.palet at consulintel.es
Tue Oct 26 18:17:11 EDT 2021


Hi,

Unless I misunderstood this proposal, I believe this is the wrong way to go.

Is this proposal suggesting that the abuse email must not be used anymore and instead a URL for abuse reports enforced?

If you look at all the other 4 RIRs, this is totally contrary to the practical experience.

If you enforce abuse to use a form, because each ISP can implement a totally different form format, this disallows automating the abuse reporting process, which is the only way it can be actually useful.

The problem is not that the abuse mailbox is not useful because it can get spam or something else, the problem is when it is not correctly processed, updated with the right contact, etc., so it must be periodically validated to become useful.

Alternatively, reporting could be done using via email and standard formats such as X-ARF/RFC5965/RFC6650.

APNIC and LACNIC have already implemented my abuse-c policy proposal that enforces the validation of the abuse-mailbox, and the results are awesome.

It reached consensus also in AFRINIC but there is a pending appeal.

In the case of RIPE NCC, there is already a validation policy in place. I tried to improve it, but didn’t reached consensus (yet).

 

Regards,

Jordi

@jordipalet

 

 

 

El 26/10/21 22:19, "ARIN-PPML en nombre de ARIN" <arin-ppml-bounces at arin.net en nombre de info at arin.net> escribió:

 

On 21 October 2021, the ARIN Advisory Council (AC) accepted "ARIN-prop-303: Make Abuse Contact Useful" as a Draft Policy. 

 

Draft Policy ARIN-2021-7 is below and can be found at:

 

https://www.arin.net/participate/policy/drafts/2021_7/

 

You are encouraged to discuss all Draft Policies on PPML. The AC will evaluate the discussion in order to assess the conformance of this draft policy with ARIN's Principles of Internet number resource policy as stated in the Policy Development Process (PDP). Specifically, these principles are:

 

* Enabling Fair and Impartial Number Resource Administration

* Technically Sound

* Supported by the Community

 

The PDP can be found at:

 

https://www.arin.net/participate/policy/pdp/

 

Draft Policies and Proposals under discussion can be found at:

 

https://www.arin.net/participate/policy/drafts/

 

Regards,

 

Sean Hopkins

Senior Policy Analyst

American Registry for Internet Numbers (ARIN)

 

Draft Policy ARIN-2021-7: Make Abuse Contact Useful

 

Problem Statement:

 

ARIN’s process of attaching an abuse contact to resource records is of limited utility. The phone number is often an unmanned voicemail that refers the caller to a web page while the email address is commonly an auto-responder which does the same. Because the emails often involve problematic content they can get lost in filters making it hard to even find the URL let alone get an abuse report to go through. This is further exacerbated by folks who write programs to automatically generate unverified abuse reports and email them to the ARIN contact, flooding the mailbox with useless reports that no human being is assigned to look through.

 

With responsible network providers, the process for dealing with network abuse instead usually starts with a web page. The web page provides instructions and may offer forms for describing the abuse and uploading supporting material of the nature that the service provider needs in order to take action.

 

It would be helpful for ARIN to support the abuse reporting process they actually use.

 

Policy statement:

 

Strike -

 

>From 2.12 “and one valid abuse”

 

>From 3.6.2 “Abuse”

 

Add:

 

2.1.2 To “organization information must include…zip code equivalent,” add “an abuse reporting URL”

 

4.2.3.7.3.2: replace “upstream Abuse and Technical POCs " with “upstream Technical POCs and URLs for reporting abuse”

 

6.5.5.3.1: replace “upstream Abuse and Technical POCs " with “upstream Technical POCs and URLs for reporting abuse”

 

Timetable for implementation: Whenever

 

Anything Else:

 

Initial implementation suggested to replace the abuse POC with a URL pointing to ARIN’s display of the same POC record which was used for abuse reporting. Should support multiple URLs so that if desired an organization can specify both “mailto:somebody at here” and “tel:1234567” if that’s how they actually want abuse reported to them.

 

_______________________________________________ ARIN-PPML You are receiving this message because you are subscribed to the ARIN Public Policy Mailing List (ARIN-PPML at arin.net). Unsubscribe or manage your mailing list subscription at: https://lists.arin.net/mailman/listinfo/arin-ppml Please contact info at arin.net if you experience any issues. 



**********************************************
IPv4 is over
Are you ready for the new Internet ?
http://www.theipv6company.com
The IPv6 Company

This electronic message contains information which may be privileged or confidential. The information is intended to be for the exclusive use of the individual(s) named above and further non-explicilty authorized disclosure, copying, distribution or use of the contents of this information, even if partially, including attached files, is strictly prohibited and will be considered a criminal offense. If you are not the intended recipient be aware that any disclosure, copying, distribution or use of the contents of this information, even if partially, including attached files, is strictly prohibited, will be considered a criminal offense, so you must reply to the original sender to inform about this communication and delete it.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.arin.net/pipermail/arin-ppml/attachments/20211027/1ba39f54/attachment-0001.htm>


More information about the ARIN-PPML mailing list