Policy Proposal 2002-1
Allen Smith
easmith at beatrice.rutgers.edu
Fri Mar 8 12:09:51 EST 2002
On Mar 8, 11:20am, internetadmin at bestchecks.com wrote:
> Hopefully this is not off-subject, nor addressed earlier.
It appears to be at least somewhat on-subject, given that if ARIN uses the
contact addresses in the WHOIS database to do notifications of lame
delegation problems, it will find out about invalid addresses.
> In addition to monitoring for lame servers I would like to see ARIN also
> monitor and verify email addresses for the POC.
Strongly agreed. This can be unobtrusively done in many cases simply by
making sure that there _is_ an email address and that the hostname resolves
to an A record or an MX. Additional user-submitted information regarding
WHOIS problems can be gotten through http://www.rfc-ignorant.org (and used
for email or other blacklisting via ipwhois.rfc-ignorant.org).
> As a user who forwards spam and DOS attempts to the originating block
> owner,
WHOIS contact addresses are also used for notifications of other network
problems (if you think spam (UBE) isn't a network problem, try telling AT&T
WorldNet that...), of course, including non-deliberate ones which
nonetheless cause problems for others (a programming error resulting in an
infinite loop in a network-accessing program, for instance).
> I find that about 5% of the email addresses are invalid. Since email is
> the preferred method of contacting the block owner, it's important that
> the address be correct. So important in fact, that the delegation should
> be removed if the email address is found to be invalid or not working.
Agreed.
> The addresses should be checked at least monthly, and whenever a change is
> make to the database record.
A full check - as in sending email to the address - should definitely be
done whenever a change is made to the database record or whenever there are
other indications of problems. I'm not sure whether an actual monthly email
to every single contact address is a good idea when there are _not_ such
indications of problems.
> On another issue, although this may be a little late for the database
> implementation: has any provision been made for additional POC contacts in
> the database, like for violations of the AUP (i.e. an abuse email address)?
> I think it is inappropriate to send spam/malicious URL complaints to the NOC
> email address, but if this is the only address available for a less
> well-known block owner, this is where the complaints are sent to.
RPSL's differentiation between a tech-c and an admin-c address is useful in
this regard.
-Allen
--
Allen Smith http://cesario.rutgers.edu/easmith/
September 11, 2001 A Day That Shall Live In Infamy II
"They that can give up essential liberty to obtain a little temporary
safety deserve neither liberty nor safety." - Benjamin Franklin
More information about the Dbwg
mailing list