Email as a reporting mechanism does seem old these days.
I'd might be ok with a URL, but not just "any URL" if the community is
really interested in improving reporting, we likely need a structured
data format and API so that input can be better used by those receiving
the reports.
Andrew
On 10/26/21 2:59 PM, John Santos wrote:
My domain has a valid abuse contact (me), and it's been years since I
actually received anything except spam. (I check the spam detector
output daily to make sure it actually is spam, and it always is. It's
usually no more than a handful of spam emails daily, probably because
I never respond to it or originate any email from the "abuse" address,
so there is nothing for the spammers to harvest.)
Under this new scheme, would I still be able to handle abuse the exact
same way? Or would we be required to create a web page solely to
provide an email address and phone number for abuse reporting,
duplicating what is already in whois?
BTW, our fairly extensive web site is almost entirely private, with
only a half dozen or so public pages of simple, static information.
Which are inaccessible if our Internet access or electrical power is
down.
In other words, any change for us would be a pain the keister for no
discernible benefit to us or any one else.
Unless this is a NO-OP, my vote is NO.
On 10/26/2021 4:18 PM, ARIN wrote:
On 21 October 2021, the ARIN Advisory Council (AC) accepted
"ARIN-prop-303: Make Abuse Contact Useful" as a Draft Policy.
Draft Policy ARIN-2021-7 is below and can be found at:
https://www.arin.net/participate/policy/drafts/2021_7/
<https://www.arin.net/participate/policy/drafts/2021_7/>
You are encouraged to discuss all Draft Policies on PPML. The AC will
evaluate the discussion in order to assess the conformance of this
draft policy with ARIN's Principles of Internet number resource
policy as stated in the Policy Development Process (PDP).
Specifically, these principles are:
* Enabling Fair and Impartial Number Resource Administration
* Technically Sound
* Supported by the Community
The PDP can be found at:
https://www.arin.net/participate/policy/pdp/
<https://www.arin.net/participate/policy/pdp/>
Draft Policies and Proposals under discussion can be found at:
https://www.arin.net/participate/policy/drafts/
<https://www.arin.net/participate/policy/drafts/>
Regards,
Sean Hopkins
Senior Policy Analyst
American Registry for Internet Numbers (ARIN)
Draft Policy ARIN-2021-7: Make Abuse Contact Useful
Problem Statement:
ARIN’s process of attaching an abuse contact to resource records is
of limited utility. The phone number is often an unmanned voicemail
that refers the caller to a web page while the email address is
commonly an auto-responder which does the same. Because the emails
often involve problematic content they can get lost in filters making
it hard to even find the URL let alone get an abuse report to go
through. This is further exacerbated by folks who write programs to
automatically generate unverified abuse reports and email them to the
ARIN contact, flooding the mailbox with useless reports that no human
being is assigned to look through.
With responsible network providers, the process for dealing with
network abuse instead usually starts with a web page. The web page
provides instructions and may offer forms for describing the abuse
and uploading supporting material of the nature that the service
provider needs in order to take action.
It would be helpful for ARIN to support the abuse reporting process
they actually use.
Policy statement:
Strike -
From 2.12 “and one valid abuse”
From 3.6.2 “Abuse”
Add:
2.1.2 To “organization information must include…zip code equivalent,”
add “an abuse reporting URL”
4.2.3.7.3.2: replace “upstream Abuse and Technical POCs " with
“upstream Technical POCs and URLs for reporting abuse”
6.5.5.3.1: replace “upstream Abuse and Technical POCs " with
“upstream Technical POCs and URLs for reporting abuse”
Timetable for implementation: Whenever
Anything Else:
Initial implementation suggested to replace the abuse POC with a URL
pointing to ARIN’s display of the same POC record which was used for
abuse reporting. Should support multiple URLs so that if desired an
organization can specify both “mailto:somebody@here” and
“tel:1234567” if that’s how they actually want abuse reported to them.
_______________________________________________
ARIN-PPML
You are receiving this message because you are subscribed to
the ARIN Public Policy Mailing List ([email protected]).
Unsubscribe or manage your mailing list subscription at:
https://lists.arin.net/mailman/listinfo/arin-ppml
Please contact [email protected] if you experience any issues.
_______________________________________________
ARIN-PPML
You are receiving this message because you are subscribed to
the ARIN Public Policy Mailing List ([email protected]).
Unsubscribe or manage your mailing list subscription at:
https://lists.arin.net/mailman/listinfo/arin-ppml
Please contact [email protected] if you experience any issues.
