[arin-ppml] Policy Proposal 2003-1: Required Performance of Abuse Contact
Scott Leibrand
scottleibrand at gmail.com
Thu Aug 28 20:14:18 EDT 2025
Just block them, as Matt suggested. Or sue them, if they're harming your
business in some meaningful way that can't be trivially handled by blocking
their abusive subnets. Or contact law enforcement if there's actual
criminal trespass or some other law being broken.
ARIN is not set up to be the Internet police, and I would oppose any
efforts to make it try to play that role. As Matt eloquently elucidated,
any requirements ARIN could enforce would likely make things worse for
everyone holding ARIN IP addresses for very little tangible social benefit.
-Scott
On Thu, Aug 28, 2025 at 4:57 PM Shawn Bakhtiar <shashaness at gmail.com> wrote:
> Thank You Bill!
>
> I really appreciate the input, and these are all great suggestions. I will
> certainly do my homework and reach out again to the group with more
> specific questions on the topic.
>
> As I said in my email to Alison,
>
> AWS (of all people), auto responds to any email sent to the abuse email on
> record for a given IP segment. It includes a ticket number, and without me
> having to follow up (usually a few days later) an email back often having
> remediated the issue, or in the rare instances where the they did not
> remedy the issue, explaining why the behavior is not abuse or a violation
> of their policies.
>
> Digital Ocean does the same thing (without a ticket number). So do several
> midsize providers. Hit and miss with anything smaller than a /24.
>
> Microsoft (where the preponderance of abusive behaviors come from) and
> Google. Do nothing. Literally nothing. I have OSSEC notification logs in
> which a single IP address with a Microsoft abuse POC, continues to scan
> different customer's networks, looking for Wordpress vulnerabilities, and
> has done so for over a month, without any remediation.
>
> The aforementioned policy is a common sense one already being
> (voluntarily) done by a good number of the providers out there. I am very
> curious as to what objections anyone could have to it, and how we can
> address those concerns so we can put what seems like a very common sense
> policy into place. We need to bring accountability back to the internet.
>
> Again, thank you for the guidance, I look forward to any and all
> questions, comments, and or concerns.
>
> > On Aug 28, 2025, at 3:24 AM, William Herrin <bill at herrin.us> wrote:
> >
> > On Wed, Aug 27, 2025 at 11:45 AM Shawn Bakhtiar <shashaness at gmail.com>
> wrote:
> >> I would like to re-introduce the following Policy Proposal from 2003 to
> hold abuse POCs accountable.
> >> https://www.arin.net/vault/participate/policy/drafts/2003/2003_1/
> >
> >>> Changes to ARIN’s policies may be made via submission of a policy
> proposal
> >>> via ARIN’s Policy Devcelopment Process - more details available here
> >>> - https://www.arin.net/participate/policy/pdp/
> >
> > Hi Shawn,
> >
> > I note that the practical question of "how do I submit a policy
> > proposal" is not answered in
> > https://www.arin.net/participate/policy/pdp/, or if it is, it's buried
> > so deeply I can't find it.
> >
> > What you probably want is the policy proposal template, which you can
> > find here: https://www.arin.net/participate/policy/pdp/appendix_b/
> >
> > You can also discuss policy changes here on the mailing list without
> > making a formal proposal. That would enable you to gather information
> > which could inform a formal proposal.
> >
> > I recommend you sift through the mailing list archives at
> > https://lists.arin.net/pipermail/arin-ppml/ and read the original
> > discussions around proposal 2003-1. This can help you understand what
> > defects in that proposal led to it failing to reach consensus.
> >
> > Finally, I note that there have been other off and on discussions
> > about the published POCs and their utility. It might be worth digging
> > into them as well. Try a Google search such as, "site:lists.arin.net
> > abuse poc"
> >
> > Regards,
> > Bill Herrin
> >
> >
> >
> > --
> > William Herrin
> > bill at herrin.us
> > https://bill.herrin.us/
>
> _______________________________________________
> ARIN-PPML
> You are receiving this message because you are subscribed to
> the ARIN Public Policy Mailing List (ARIN-PPML at arin.net).
> Unsubscribe or manage your mailing list subscription at:
> https://lists.arin.net/mailman/listinfo/arin-ppml
> Please contact info at arin.net if you experience any issues.
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.arin.net/pipermail/arin-ppml/attachments/20250828/e8e57dbe/attachment-0001.htm>
More information about the ARIN-PPML
mailing list