<html>
<body>
<font size=3>At 10:57 18 02 03 Tuesday, you wrote:<br>
</font><blockquote type=cite class=cite cite><font face="arial" size=2 color="#0000FF">so
color me naive, but how does one "buy a block of 30-40 /24's"
??</font></blockquote><font size=3><br>
Sorry, perhaps not 30-40, but try this:
<a href="http://ws.arin.net/cgi-bin/whois.pl?queryinput=!%20NET-209-236-0-0-1. " eudora="autourl">http://ws.arin.net/cgi-bin/whois.pl?queryinput=!%20NET-209-236-0-0-1.
</a> There are 64 and a prime example of this. They have had their
share of abusive customers.<br><br>
</font><blockquote type=cite class=cite cite><font face="arial" size=2 color="#0000FF">your
analogy to the FCC has a small flaw. The FCC is a gov org
and</font><font size=3><br>
</font><font face="arial" size=2 color="#0000FF">as such is protected
from certain actions that ARIN, which isn't a
gov</font><font size=3><br>
</font><font face="arial" size=2 color="#0000FF">org, is
not.</font></blockquote><font size=3><br>
Not true. Any organization can setup rules by which anyone who
wishes to work with them must abide by. No one's forcing the
spammers to buy blocks of IPs and no one is forcing the ISPs to sell
them. It's totally voluntary. No one forces people to use the
Internet and therefore abide by their ISP's AUP and yet all of them find
ways of enforcing them. It's called a contract.<br><br>
</font><blockquote type=cite class=cite cite><font face="arial" size=2 color="#0000FF">ICANN
doesn't revoke a fraudulent or invalid domain name, the
registrar</font><font size=3><br>
</font><font face="arial" size=2 color="#0000FF">or the registry
does. if they don't then ICANN could revoke the
registrar</font><font size=3><br>
</font><font face="arial" size=2 color="#0000FF">or registry's
certification.</font></blockquote><font size=3><br>
Semantics. If say Register.com refuses to update a domain
registration reported to ICANN as containing invalid or fraudulent
information and they refuse to delete the registration ICANN, as you say,
simple revoke the registrar. Either way the invalid domain
registration is revoked.<br><br>
</font><blockquote type=cite class=cite cite><font face="arial" size=2 color="#0000FF">For
ARIN to "go after" fraud is mission creep for ARIN. Its
not their job</font><font size=3><br>
</font><font face="arial" size=2 color="#0000FF">and they are NOT the
Net.Police. Fraud is between two people, the
victim</font><font size=3><br>
</font><font face="arial" size=2 color="#0000FF">and the person
committing fraud. ARIN is not a direct party to that
event</font></blockquote><font size=3><br>
IMHO, If ARIN knowingly allows someone to commit fraud and provides a way
for them to do it then they become party to the fraud. Once ARIN
has been notified of the fraud they should be required to remove the
registration. If a gun dealer sells a gun to a known criminal they
become party to any acts committed with the gun. Before you flame
me saying this is different, IPs don't kill, it's back to the
culpability.<br><br>
</font><blockquote type=cite class=cite cite><font face="arial" size=2 color="#0000FF">But
most importantly ARIN can not make a "moral or otherwise"
decision</font><font size=3><br>
</font><font face="arial" size=2 color="#0000FF">on the potential us of
allocated IP space. To say some can and some
can't</font><font size=3><br>
</font><font face="arial" size=2 color="#0000FF">have IP space based on
intended use would land ARIN in court on
anti-trust</font><font size=3><br>
</font><font face="arial" size=2 color="#0000FF">or other legal hot
water.</font></blockquote><font size=3><br>
ISPs get sued often over AUP enforcements. I've not seen one case
lead to the reinstatement of a user's account. AUPs are
contracts. ARIN members agree to certain terms and those terms can
be updated to include things like no fraudulent or invalid
information.<br><br>
<blockquote type=cite class=cite cite> <br>
</font><font face="arial" size=2 color="#0000FF">I believe the
"gov" will keep its fingers out of the pie, for if they don't
it will</font><font size=3><br>
</font><font face="arial" size=2 color="#0000FF">then go the way of the
ITU, and *nobody* wants that to
happen</font></blockquote><font size=3><br>
No it won't. Businesses are ever increasingly yelling at Washington
to do something. I've seen reports that 50-60% of all e-mail
delivered to corporate America is junk. It's costing them, and
therefore us in the form of passed on costs, billions each year.
The Gov will get involved if something is not done by the
industry.<br><br>
Brian<br><br><blockquote type=cite class=cite cite>
<dl>
<dd>If I might, while I'm new to this list, I deal with the junk
daily. The problem is ISPs and individuals buying large blocks of
IPs then reselling them to others and then washing their hands of the
mess. I can point you to dozens of examples of this. Someone
goes out and buy 30-40 /24's then sells them to whomever will pay for
them and since they're not hosted on the same backbone as the address
owner they are not held liable by their upstream provider(s) for the spam
generated on the resold blocks. Those blocks often end up in Asia
or South America where ISPs often do not enforce any kind of AUP.
<br><br>
<dd>As for the vocal anti-spammers not agreeing on what constitutes UE, I
disagree. UE is any mail sent unsolicited and without the
addressee's permission. Furthermore, forged headers or relayed mail
is abusive. Go look at the major backbone providers like C&W
& uu.net. Their AUPs are quite clear.<br>
<dd>To top it all off, many of these blocks, when SWIP'd, contain
fraudulent information. ICANN will revoke a fraudulent or invalid
domain registration why can't ARIN revoke a fraudulent IP SWIP and if the
block owner is found to also have fraudulent or invalid registration
information they should have their entire block revoked. That's the
way the rest of the world works. Do you think the FCC would allow
someone to buy a block of frequencies and give them false contact
info? The FCC would yank the licenses immediately with NO
refund. ARIN must evolve to function like the rest of the
world. Apply existing fraud laws. If someone obtains goods or
services under misleading or fraudulent circumstances no matter the
intended use they have violated criminal laws in every state and Federal
laws as well. Why can't ARIN use existing laws to go after
them?<br>
<dd>Anyway, if ARIN doesn't get its act together count on the government
coming up with a "solution" that doesn't work and is impossible
to enforce. Simple rules work best. Register your IPs with
valid info. Keep that info up to date. Follow an established
AUP with those IPs. Violate any one and you lose them all with no
refund. <br>
<dd>Sincerely,
<dd>ComCept Solutions, LLC.<br>
<dd>Brian S. Bergin
<dd>Network Systems Administrator<br>
<dd>(828) 265-1234
<dd><a href="http://www.comcept.net/" eudora="autourl">http://www.comcept.net</a>
</font>
</dl></blockquote></body>
</html>