[arin-ppml] Draft Policy ARIN-2021-7: Make Abuse Contact Useful

Andrew Dul andrew.dul at quark.net
Tue Oct 26 20:33:48 EDT 2021


Email as a reporting mechanism does seem old these days.

I'd might be ok with a URL, but not just "any URL" if the community is 
really interested in improving reporting, we likely need a structured 
data format and API so that input can be better used by those receiving 
the reports.

Andrew


On 10/26/21 2:59 PM, John Santos wrote:
> My domain has a valid abuse contact (me), and it's been years since I 
> actually received anything except spam.  (I check the spam detector 
> output daily to make sure it actually is spam, and it always is.  It's 
> usually no more than a handful of spam emails daily, probably because 
> I never respond to it or originate any email from the "abuse" address, 
> so there is nothing for the spammers to harvest.)
>
> Under this new scheme, would I still be able to handle abuse the exact 
> same way?  Or would we be required to create a web page solely to 
> provide an email address and phone number for abuse reporting, 
> duplicating what is already in whois?
>
> BTW, our fairly extensive web site is almost entirely private, with 
> only a half dozen or so public pages of simple, static information.  
> Which are inaccessible if our Internet access or electrical power is 
> down.
>
> In other words, any change for us would be a pain the keister for no 
> discernible benefit to us or any one else.
>
> Unless this is a NO-OP, my vote is NO.
>
>
>
> On 10/26/2021 4:18 PM, ARIN wrote:
>> On 21 October 2021, the ARIN Advisory Council (AC) accepted 
>> "ARIN-prop-303: Make Abuse Contact Useful" as a Draft Policy.
>>
>> Draft Policy ARIN-2021-7 is below and can be found at:
>>
>> https://www.arin.net/participate/policy/drafts/2021_7/ 
>> <https://www.arin.net/participate/policy/drafts/2021_7/>
>>
>> You are encouraged to discuss all Draft Policies on PPML. The AC will 
>> evaluate the discussion in order to assess the conformance of this 
>> draft policy with ARIN's Principles of Internet number resource 
>> policy as stated in the Policy Development Process (PDP). 
>> Specifically, these principles are:
>>
>> * Enabling Fair and Impartial Number Resource Administration
>>
>> * Technically Sound
>>
>> * Supported by the Community
>>
>> The PDP can be found at:
>>
>> https://www.arin.net/participate/policy/pdp/ 
>> <https://www.arin.net/participate/policy/pdp/>
>>
>> Draft Policies and Proposals under discussion can be found at:
>>
>> https://www.arin.net/participate/policy/drafts/ 
>> <https://www.arin.net/participate/policy/drafts/>
>>
>> Regards,
>>
>> Sean Hopkins
>>
>> Senior Policy Analyst
>>
>> American Registry for Internet Numbers (ARIN)
>>
>> Draft Policy ARIN-2021-7: Make Abuse Contact Useful
>>
>> Problem Statement:
>>
>> ARIN’s process of attaching an abuse contact to resource records is 
>> of limited utility. The phone number is often an unmanned voicemail 
>> that refers the caller to a web page while the email address is 
>> commonly an auto-responder which does the same. Because the emails 
>> often involve problematic content they can get lost in filters making 
>> it hard to even find the URL let alone get an abuse report to go 
>> through. This is further exacerbated by folks who write programs to 
>> automatically generate unverified abuse reports and email them to the 
>> ARIN contact, flooding the mailbox with useless reports that no human 
>> being is assigned to look through.
>>
>> With responsible network providers, the process for dealing with 
>> network abuse instead usually starts with a web page. The web page 
>> provides instructions and may offer forms for describing the abuse 
>> and uploading supporting material of the nature that the service 
>> provider needs in order to take action.
>>
>> It would be helpful for ARIN to support the abuse reporting process 
>> they actually use.
>>
>> Policy statement:
>>
>> Strike -
>>
>>  From 2.12 “and one valid abuse”
>>
>>  From 3.6.2 “Abuse”
>>
>> Add:
>>
>> 2.1.2 To “organization information must include…zip code equivalent,” 
>> add “an abuse reporting URL”
>>
>> 4.2.3.7.3.2: replace “upstream Abuse and Technical POCs " with 
>> “upstream Technical POCs and URLs for reporting abuse”
>>
>> 6.5.5.3.1: replace “upstream Abuse and Technical POCs " with 
>> “upstream Technical POCs and URLs for reporting abuse”
>>
>> Timetable for implementation: Whenever
>>
>> Anything Else:
>>
>> Initial implementation suggested to replace the abuse POC with a URL 
>> pointing to ARIN’s display of the same POC record which was used for 
>> abuse reporting. Should support multiple URLs so that if desired an 
>> organization can specify both “mailto:somebody at here” and 
>> “tel:1234567” if that’s how they actually want abuse reported to them.
>>
>>
>> _______________________________________________
>> ARIN-PPML
>> You are receiving this message because you are subscribed to
>> the ARIN Public Policy Mailing List (ARIN-PPML at arin.net).
>> Unsubscribe or manage your mailing list subscription at:
>> https://lists.arin.net/mailman/listinfo/arin-ppml
>> Please contact info at arin.net if you experience any issues.
>>
>


More information about the ARIN-PPML mailing list