<html xmlns:v="urn:schemas-microsoft-com:vml" xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:w="urn:schemas-microsoft-com:office:word" xmlns:m="http://schemas.microsoft.com/office/2004/12/omml" xmlns="http://www.w3.org/TR/REC-html40"><head><meta http-equiv=Content-Type content="text/html; charset=utf-8"><meta name=Generator content="Microsoft Word 15 (filtered medium)"><style><!--
/* Font Definitions */
@font-face
{font-family:"Cambria Math";
panose-1:2 4 5 3 5 4 6 3 2 4;}
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
@font-face
{font-family:"Times New Roman \(Cuerpo en alfa";
panose-1:2 2 6 3 5 4 5 2 3 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0cm;
font-size:11.0pt;
font-family:"Calibri",sans-serif;}
a:link, span.MsoHyperlink
{mso-style-priority:99;
color:#0563C1;
text-decoration:underline;}
span.EstiloCorreo18
{mso-style-type:personal-reply;
font-family:"Calibri",sans-serif;
color:windowtext;}
.MsoChpDefault
{mso-style-type:export-only;
font-size:10.0pt;}
@page WordSection1
{size:612.0pt 792.0pt;
margin:72.0pt 72.0pt 72.0pt 72.0pt;}
div.WordSection1
{page:WordSection1;}
--></style><!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]--></head><body lang=ES link="#0563C1" vlink="#954F72" style='word-wrap:break-word'><div class=WordSection1><div><p class=MsoNormal style='margin-bottom:12.0pt'><span lang=EN-US style='font-size:12.0pt;color:black;mso-fareast-language:EN-US'>Hi,<o:p></o:p></span></p><p class=MsoNormal style='margin-bottom:12.0pt'><span lang=EN-US style='font-size:12.0pt;color:black;mso-fareast-language:EN-US'>Unless I misunderstood this proposal, I believe this is the wrong way to go.<o:p></o:p></span></p><p class=MsoNormal style='margin-bottom:12.0pt'><span lang=EN-US style='font-size:12.0pt;color:black;mso-fareast-language:EN-US'>Is this proposal suggesting that the abuse email must not be used anymore and instead a URL for abuse reports enforced?<o:p></o:p></span></p><p class=MsoNormal style='margin-bottom:12.0pt'><span lang=EN-US style='font-size:12.0pt;color:black;mso-fareast-language:EN-US'>If you look at all the other 4 RIRs, this is totally contrary to the practical experience.<o:p></o:p></span></p><p class=MsoNormal style='margin-bottom:12.0pt'><span lang=EN-US style='font-size:12.0pt;color:black;mso-fareast-language:EN-US'>If you enforce abuse to use a form, because each ISP can implement a totally different form format, this disallows automating the abuse reporting process, which is the only way it can be actually useful.<o:p></o:p></span></p><p class=MsoNormal style='margin-bottom:12.0pt'><span lang=EN-US style='font-size:12.0pt;color:black;mso-fareast-language:EN-US'>The problem is not that the abuse mailbox is not useful because it can get spam or something else, the problem is when it is not correctly processed, updated with the right contact, etc., so it must be periodically validated to become useful.<o:p></o:p></span></p><p class=MsoNormal style='margin-bottom:12.0pt'><span lang=EN-US style='font-size:12.0pt;color:black;mso-fareast-language:EN-US'>Alternatively, reporting could be done using via email and standard formats such as </span><span lang=EN-GB style='font-size:12.0pt;color:black;mso-fareast-language:EN-US'>X-ARF/RFC5965/RFC6650.<o:p></o:p></span></p><p class=MsoNormal style='margin-bottom:12.0pt'><span lang=EN-GB style='font-size:12.0pt;color:black;mso-fareast-language:EN-US'>APNIC and LACNIC have already implemented my abuse-c policy proposal that enforces the validation of the abuse-mailbox, and the results are awesome.<o:p></o:p></span></p><p class=MsoNormal style='margin-bottom:12.0pt'><span lang=EN-GB style='font-size:12.0pt;color:black;mso-fareast-language:EN-US'>It reached consensus also in AFRINIC but there is a pending appeal.<o:p></o:p></span></p><p class=MsoNormal style='margin-bottom:12.0pt'><span lang=EN-GB style='font-size:12.0pt;color:black;mso-fareast-language:EN-US'>In the case of RIPE NCC, there is already a validation policy in place. I tried to improve it, but didn’t reached consensus (yet).</span><span lang=EN-US style='font-size:12.0pt;color:black;mso-fareast-language:EN-US'><o:p></o:p></span></p><p class=MsoNormal style='margin-bottom:12.0pt'><span lang=EN-US style='font-size:12.0pt;color:black;mso-fareast-language:EN-US'><o:p> </o:p></span></p><p class=MsoNormal style='margin-bottom:12.0pt'><span lang=EN-US style='font-size:12.0pt;color:black;mso-fareast-language:EN-US'>Regards,<o:p></o:p></span></p><p class=MsoNormal style='margin-bottom:12.0pt'><span lang=EN-US style='font-size:12.0pt;color:black;mso-fareast-language:EN-US'>Jordi<o:p></o:p></span></p><p class=MsoNormal style='margin-bottom:12.0pt'><span lang=EN-US style='font-size:12.0pt;color:black;mso-fareast-language:EN-US'>@jordipalet<o:p></o:p></span></p><p class=MsoNormal style='margin-bottom:12.0pt'><span lang=EN-US style='font-size:12.0pt;color:black;mso-fareast-language:EN-US'><o:p> </o:p></span></p></div><p class=MsoNormal><span lang=EN-US style='font-size:12.0pt;mso-fareast-language:EN-US'><o:p> </o:p></span></p><p class=MsoNormal><span lang=EN-US style='font-size:12.0pt;mso-fareast-language:EN-US'><o:p> </o:p></span></p><div><div><p class=MsoNormal style='margin-left:35.4pt'><span lang=EN-US>El 26/10/21 22:19, "ARIN-PPML en nombre de ARIN" <<a href="mailto:arin-ppml-bounces@arin.net">arin-ppml-bounces@arin.net</a> en nombre de <a href="mailto:info@arin.net">info@arin.net</a>> escribió:<o:p></o:p></span></p></div></div><div><p class=MsoNormal style='margin-left:35.4pt'><span lang=EN-US><o:p> </o:p></span></p></div><p class=MsoNormal style='margin-left:35.4pt'><span lang=EN-US>On 21 October 2021, the ARIN Advisory Council (AC) accepted "ARIN-prop-303: Make Abuse Contact Useful" as a Draft Policy. <o:p></o:p></span></p><p class=MsoNormal style='margin-left:35.4pt'><span lang=EN-US><o:p> </o:p></span></p><p class=MsoNormal style='margin-left:35.4pt'><span lang=EN-US>Draft Policy ARIN-2021-7 is below and can be found at:<o:p></o:p></span></p><p class=MsoNormal style='margin-left:35.4pt'><span lang=EN-US><o:p> </o:p></span></p><p class=MsoNormal style='margin-left:35.4pt'><span lang=EN-US><a href="https://www.arin.net/participate/policy/drafts/2021_7/">https://www.arin.net/participate/policy/drafts/2021_7/</a><o:p></o:p></span></p><p class=MsoNormal style='margin-left:35.4pt'><span lang=EN-US><o:p> </o:p></span></p><p class=MsoNormal style='margin-left:35.4pt'><span lang=EN-US>You are encouraged to discuss all Draft Policies on PPML. The AC will evaluate the discussion in order to assess the conformance of this draft policy with ARIN's Principles of Internet number resource policy as stated in the Policy Development Process (PDP). Specifically, these principles are:<o:p></o:p></span></p><p class=MsoNormal style='margin-left:35.4pt'><span lang=EN-US><o:p> </o:p></span></p><p class=MsoNormal style='margin-left:35.4pt'><span lang=EN-US>* Enabling Fair and Impartial Number Resource Administration<o:p></o:p></span></p><p class=MsoNormal style='margin-left:35.4pt'><span lang=EN-US>* Technically Sound<o:p></o:p></span></p><p class=MsoNormal style='margin-left:35.4pt'><span lang=EN-US>* Supported by the Community<o:p></o:p></span></p><p class=MsoNormal style='margin-left:35.4pt'><span lang=EN-US><o:p> </o:p></span></p><p class=MsoNormal style='margin-left:35.4pt'><span lang=EN-US>The PDP can be found at:<o:p></o:p></span></p><p class=MsoNormal style='margin-left:35.4pt'><span lang=EN-US><o:p> </o:p></span></p><p class=MsoNormal style='margin-left:35.4pt'><span lang=EN-US><a href="https://www.arin.net/participate/policy/pdp/">https://www.arin.net/participate/policy/pdp/</a><o:p></o:p></span></p><p class=MsoNormal style='margin-left:35.4pt'><span lang=EN-US><o:p> </o:p></span></p><p class=MsoNormal style='margin-left:35.4pt'><span lang=EN-US>Draft Policies and Proposals under discussion can be found at:<o:p></o:p></span></p><p class=MsoNormal style='margin-left:35.4pt'><span lang=EN-US><o:p> </o:p></span></p><p class=MsoNormal style='margin-left:35.4pt'><span lang=EN-US><a href="https://www.arin.net/participate/policy/drafts/">https://www.arin.net/participate/policy/drafts/</a><o:p></o:p></span></p><p class=MsoNormal style='margin-left:35.4pt'><span lang=EN-US><o:p> </o:p></span></p><p class=MsoNormal style='margin-left:35.4pt'><span lang=EN-US>Regards,<o:p></o:p></span></p><p class=MsoNormal style='margin-left:35.4pt'><span lang=EN-US><o:p> </o:p></span></p><p class=MsoNormal style='margin-left:35.4pt'><span lang=EN-US>Sean Hopkins<o:p></o:p></span></p><p class=MsoNormal style='margin-left:35.4pt'><span lang=EN-US>Senior Policy Analyst<o:p></o:p></span></p><p class=MsoNormal style='margin-left:35.4pt'><span lang=EN-US>American Registry for Internet Numbers (ARIN)<o:p></o:p></span></p><p class=MsoNormal style='margin-left:35.4pt'><span lang=EN-US><o:p> </o:p></span></p><p class=MsoNormal style='margin-left:35.4pt'><span lang=EN-US>Draft Policy ARIN-2021-7: Make Abuse Contact Useful<o:p></o:p></span></p><p class=MsoNormal style='margin-left:35.4pt'><span lang=EN-US><o:p> </o:p></span></p><p class=MsoNormal style='margin-left:35.4pt'><span lang=EN-US>Problem Statement:<o:p></o:p></span></p><p class=MsoNormal style='margin-left:35.4pt'><span lang=EN-US><o:p> </o:p></span></p><p class=MsoNormal style='margin-left:35.4pt'><span lang=EN-US>ARIN’s process of attaching an abuse contact to resource records is of limited utility. The phone number is often an unmanned voicemail that refers the caller to a web page while the email address is commonly an auto-responder which does the same. Because the emails often involve problematic content they can get lost in filters making it hard to even find the URL let alone get an abuse report to go through. This is further exacerbated by folks who write programs to automatically generate unverified abuse reports and email them to the ARIN contact, flooding the mailbox with useless reports that no human being is assigned to look through.<o:p></o:p></span></p><p class=MsoNormal style='margin-left:35.4pt'><span lang=EN-US><o:p> </o:p></span></p><p class=MsoNormal style='margin-left:35.4pt'><span lang=EN-US>With responsible network providers, the process for dealing with network abuse instead usually starts with a web page. The web page provides instructions and may offer forms for describing the abuse and uploading supporting material of the nature that the service provider needs in order to take action.<o:p></o:p></span></p><p class=MsoNormal style='margin-left:35.4pt'><span lang=EN-US><o:p> </o:p></span></p><p class=MsoNormal style='margin-left:35.4pt'><span lang=EN-US>It would be helpful for ARIN to support the abuse reporting process they actually use.<o:p></o:p></span></p><p class=MsoNormal style='margin-left:35.4pt'><span lang=EN-US><o:p> </o:p></span></p><p class=MsoNormal style='margin-left:35.4pt'><span lang=EN-US>Policy statement:<o:p></o:p></span></p><p class=MsoNormal style='margin-left:35.4pt'><span lang=EN-US><o:p> </o:p></span></p><p class=MsoNormal style='margin-left:35.4pt'><span lang=EN-US>Strike -<o:p></o:p></span></p><p class=MsoNormal style='margin-left:35.4pt'><span lang=EN-US><o:p> </o:p></span></p><p class=MsoNormal style='margin-left:35.4pt'><span lang=EN-US>From 2.12 “and one valid abuse”<o:p></o:p></span></p><p class=MsoNormal style='margin-left:35.4pt'><span lang=EN-US><o:p> </o:p></span></p><p class=MsoNormal style='margin-left:35.4pt'><span lang=EN-US>From 3.6.2 “Abuse”<o:p></o:p></span></p><p class=MsoNormal style='margin-left:35.4pt'><span lang=EN-US><o:p> </o:p></span></p><p class=MsoNormal style='margin-left:35.4pt'><span lang=EN-US>Add:<o:p></o:p></span></p><p class=MsoNormal style='margin-left:35.4pt'><span lang=EN-US><o:p> </o:p></span></p><p class=MsoNormal style='margin-left:35.4pt'><span lang=EN-US>2.1.2 To “organization information must include…zip code equivalent,” add “an abuse reporting URL”<o:p></o:p></span></p><p class=MsoNormal style='margin-left:35.4pt'><span lang=EN-US><o:p> </o:p></span></p><p class=MsoNormal style='margin-left:35.4pt'><span lang=EN-US>4.2.3.7.3.2: replace “upstream Abuse and Technical POCs " with “upstream Technical POCs and URLs for reporting abuse”<o:p></o:p></span></p><p class=MsoNormal style='margin-left:35.4pt'><span lang=EN-US><o:p> </o:p></span></p><p class=MsoNormal style='margin-left:35.4pt'><span lang=EN-US>6.5.5.3.1: replace “upstream Abuse and Technical POCs " with “upstream Technical POCs and URLs for reporting abuse”<o:p></o:p></span></p><p class=MsoNormal style='margin-left:35.4pt'><span lang=EN-US><o:p> </o:p></span></p><p class=MsoNormal style='margin-left:35.4pt'><span lang=EN-US>Timetable for implementation: Whenever<o:p></o:p></span></p><p class=MsoNormal style='margin-left:35.4pt'><span lang=EN-US><o:p> </o:p></span></p><p class=MsoNormal style='margin-left:35.4pt'><span lang=EN-US>Anything Else:<o:p></o:p></span></p><p class=MsoNormal style='margin-left:35.4pt'><span lang=EN-US><o:p> </o:p></span></p><p class=MsoNormal style='margin-left:35.4pt'><span lang=EN-US>Initial implementation suggested to replace the abuse POC with a URL pointing to ARIN’s display of the same POC record which was used for abuse reporting. Should support multiple URLs so that if desired an organization can specify both “mailto:somebody@here” and “tel:1234567” if that’s how they actually want abuse reported to them.<o:p></o:p></span></p><p class=MsoNormal style='margin-left:35.4pt'><span lang=EN-US><o:p> </o:p></span></p><p class=MsoNormal style='margin-left:35.4pt'>_______________________________________________ ARIN-PPML You are receiving this message because you are subscribed to the ARIN Public Policy Mailing List (ARIN-PPML@arin.net). Unsubscribe or manage your mailing list subscription at: https://lists.arin.net/mailman/listinfo/arin-ppml Please contact info@arin.net if you experience any issues. <o:p></o:p></p></div><br>**********************************************<br>
IPv4 is over<br>
Are you ready for the new Internet ?<br>
http://www.theipv6company.com<br>
The IPv6 Company<br>
<br>
This electronic message contains information which may be privileged or confidential. The information is intended to be for the exclusive use of the individual(s) named above and further non-explicilty authorized disclosure, copying, distribution or use of the contents of this information, even if partially, including attached files, is strictly prohibited and will be considered a criminal offense. If you are not the intended recipient be aware that any disclosure, copying, distribution or use of the contents of this information, even if partially, including attached files, is strictly prohibited, will be considered a criminal offense, so you must reply to the original sender to inform about this communication and delete it.<br>
<br>
</body></html>