[sig-policy] prop-079-v003: Abuse contact information

  • To: Policy SIG <sig-policy at apnic dot net>
  • Subject: [sig-policy] prop-079-v003: Abuse contact information
  • From: Randy Bush <randy at psg dot com>
  • Date: Tue, 23 Feb 2010 18:07:15 -0600
  • Delivered-to: sig-policy at mailman dot apnic dot net
  • List-archive: <http://mailman.apnic.net/mailing-lists/sig-policy>
  • List-help: <mailto:sig-policy-request@lists.apnic.net?subject=help>
  • List-id: APNIC SIG on resource management policy <sig-policy.lists.apnic.net>
  • List-post: <mailto:sig-policy@lists.apnic.net>
  • List-subscribe: <http://mailman.apnic.net/mailman/listinfo/sig-policy>, <mailto:sig-policy-request@lists.apnic.net?subject=subscribe>
  • List-unsubscribe: <http://mailman.apnic.net/mailman/listinfo/sig-policy>, <mailto:sig-policy-request@lists.apnic.net?subject=unsubscribe>
  • User-agent: Wanderlust/2.15.9 (Almost Unreal) Emacs/22.3 Mule/5.0 (SAKAKI)
    • 
      Version 3 of the proposal 'Abuse contact information' has been sent to
      the Policy SIG for review. It will be presented at the Policy SIG at
      APNIC 29 in Kuala Lumpur, 1-5 March 2010.
      
      Information about this and other policy proposals is available from:
      
               http://www.apnic.net/policy/proposals
      
      This new version of the proposal reflects feedback from the community
      received on the Policy SIG mailing list:
      
           - The wording of section 1 has been simplified.
      
           - The "Summary of the current problem" in section 2 has been
             rewritten.
      
           - Section 4.1 has been reworded slightly.
      
           - The last bullet point in section 5.1 has been rewritten.
      
           - Section 5.2 refers to the discussion on whois data accuracy that
             has taken place on the Policy SIG list.
      
      
      We encourage you to express your views on the proposal:
      
                - Do you support or oppose this proposal?
                - Is there anything in the proposal that is not clear?
                - What changes could be made to this proposal to make it more
                  effective?
      
      Randy, Ching-Heng, and Terence
      
      
      
      ________________________________________________________________________
      
      prop-079-v003: Abuse contact information
      ________________________________________________________________________
      
      
      Author:    Tobias Knecht <tk at abusix dot org>
      
      Version:   3
      
      Date:      24 February 2010
      
      
      
      1.  Introduction
      ----------------
      
      This is a proposal to introduce a mandatory reference to IRT objects in
      the inetnum, inet6num and aut-num objects in the APNIC Whois Database.
      
      The proposal aims provide a more accurate and efficient way for abuse
      reports to reach the correct network contact.
      
      
      2.  Summary of current problem
      ------------------------------
      
      Network owners increasingly operate dedicated abuse handling
      departments, distinct from the basic operations department.
      
      More and more network owners and other institutions are also starting to
      exchange data about abusive behavior with each other, to more quickly
      allow networks to identify internal abuse, external abuse, and other
      security problems.
      
      Currently within the APNIC region, the growing amount of abuse reports
      are sent to tech-c or admin-c contacts, as encouraged on the APNIC
      website.[1] These addresses are used because the APNIC Whois Database
      currently has no mandatory, specialised contact object for abuse
      departments. Instead, all abuse reports are sent to contact that has
      broader responsibilities or different responsibilities.
      
      
      3.  Situation in other RIRs
      ---------------------------
      
      AfriNIC:
      
           There are currently no specific abuse-related fields implemented in
           the AfriNIC Whois Database. However, if the current proposal is
           successful in the APNIC region, the author plans to submit a
           similar proposal for the AfriNIC region.
      
      ARIN:
      
           An abuse-POC exists for Organizational ID identifiers.[2]
      
      LACNIC:
      
           An abuse-c exists for aut-num, inetnum and inet6num objects.[3]
      
      RIPE:
      
           An optional IRT (Incident Response Team) object can be linked to
           inetnum and inet6num objects.[4] If the current proposal is
           successful in the APNIC region, the author plans to submit a
           similar proposal for the RIPE region.
      
      
      4.  Details of the proposal
      ---------------------------
      
      It is proposed that APNIC:
      
      4.1 Institute a mandatory reference to an IRT object in inetnum,
          inet6num and aut-num objects.
      
          In terms of implementing a mandatory IRT reference, it is
          suggested that this be part of two established actions:
      
          - The next time an organization attempts to update an existing
            inetnum, inet6num or aut-num object
      
          - When new inetnum, inet6num or aut-num objects are added to the
            database
      
      4.2 Have a mandatory abuse-mailbox field in the IRT object.
      
      4.3 Delete abuse-mailbox fields in all objects that do not refer to an
           IRT, and delete the trouble field everywhere starting 2011.
      
      
      5.  Advantages and disadvantages of the proposal
      ------------------------------------------------
      
      5.1 Advantages
      
          - Networks will be able to supply their own, direct contact
            information for abuse departments.
      
          - Abuse complaints will not be sent to the "wrong" contact any more.
      
          - This permits greater administrative and operational flexibility,
            and faster abuse handling will be possible.
      
      5.2 Disadvantages
      
          - Introducing a mandatory reference to the IRT Object will establish
            a new object. This object, like all other existing objects, will
            face the data accuracy problem. This proposal aims to address the
            issue of a missing place for abuse contact information and will
            not improve data accuracy in the whois database. Data accuracy
            will be part of another proposal that is already being discussed
            on the policy mailing list.
      
      
      6.  Effect on APNIC members
      ---------------------------
      
      There will be no immediate affect for APNIC members with existing
      resource registrations already in the APNIC Whois Database.
      
      However, members will need to add a reference to the mandatory IRT
      object in the following situations:
      
          - The first time members attempt to update an existing inetnum,
            inet6num or aut-num object
      
          - When members add new inetnum, inet6num or aut-num objects
      
      
      7.  Effect on NIRs
      ------------------
      
      It would be of benefit to the whole Internet community if NIRs were to
      implement a similar abuse contact scheme in their whois databases. But
      this would be another proposal.
      
      
      8.  References
      --------------
      
      [1] Reporting abuse and spam http://www.apnic.net/reporting-abuse
      
      [2] Introduction to ARIN's Database
           https://www.arin.net/knowledge/database.html#abusepoc
      
      [3] There is no formal documentation on abuse-c in inetnum and inet6num
           objects, but for documentation on the abuse-c in ASN records, see
           LACNIC Policy Manual (v1.3 - 07/11/2009)
           http://lacnic.net/en/politicas/manual4.html
      
      [4] IRT Object FAQ
           http://www.ripe.net/db/support/security/irt/faq.html