Policy Proposal 2002-1

Allen Smith easmith at beatrice.rutgers.edu
Fri Mar 8 12:09:51 EST 2002


On Mar 8, 11:20am, internetadmin at bestchecks.com wrote:
> Hopefully this is not off-subject, nor addressed earlier.

It appears to be at least somewhat on-subject, given that if ARIN uses the
contact addresses in the WHOIS database to do notifications of lame
delegation problems, it will find out about invalid addresses.

> In addition to monitoring for lame servers I would like to see ARIN also
> monitor and verify email addresses for the POC.

Strongly agreed. This can be unobtrusively done in many cases simply by
making sure that there _is_ an email address and that the hostname resolves
to an A record or an MX. Additional user-submitted information regarding
WHOIS problems can be gotten through http://www.rfc-ignorant.org (and used
for email or other blacklisting via ipwhois.rfc-ignorant.org).

> As a user who forwards spam and DOS attempts to the originating block
> owner,

WHOIS contact addresses are also used for notifications of other network
problems (if you think spam (UBE) isn't a network problem, try telling AT&T
WorldNet that...), of course, including non-deliberate ones which
nonetheless cause problems for others (a programming error resulting in an
infinite loop in a network-accessing program, for instance).

> I find that about 5% of the email addresses are invalid. Since email is
> the preferred method of contacting the block owner, it's important that
> the address be correct. So important in fact, that the delegation should
> be removed if the email address is found to be invalid or not working.

Agreed.

> The addresses should be checked at least monthly, and whenever a change is
> make to the database record.

A full check - as in sending email to the address - should definitely be
done whenever a change is made to the database record or whenever there are
other indications of problems. I'm not sure whether an actual monthly email
to every single contact address is a good idea when there are _not_ such
indications of problems.

> On another issue, although this may be a little late for the database
> implementation: has any provision been made for additional POC contacts in
> the database, like for violations of the AUP (i.e. an abuse email address)?
> I think it is inappropriate to send spam/malicious URL complaints to the NOC
> email address, but if this is the only address available for a less
> well-known block owner, this is where the complaints are sent to.

RPSL's differentiation between a tech-c and an admin-c address is useful in
this regard.

	-Allen

-- 
Allen Smith			http://cesario.rutgers.edu/easmith/
September 11, 2001		A Day That Shall Live In Infamy II
"They that can give up essential liberty to obtain a little temporary
safety deserve neither liberty nor safety." - Benjamin Franklin



More information about the Dbwg mailing list