While I think you are on the right track, Andrew, I think that standardizing the format and API is outside of ARIN’s remit and suggest that OPSAWG might be a good place to achieve that.
Owen > On Oct 26, 2021, at 17:33 , Andrew Dul <[email protected]> wrote: > > Email as a reporting mechanism does seem old these days. > > I'd might be ok with a URL, but not just "any URL" if the community is really > interested in improving reporting, we likely need a structured data format > and API so that input can be better used by those receiving the reports. > > Andrew > > > On 10/26/21 2:59 PM, John Santos wrote: >> My domain has a valid abuse contact (me), and it's been years since I >> actually received anything except spam. (I check the spam detector output >> daily to make sure it actually is spam, and it always is. It's usually no >> more than a handful of spam emails daily, probably because I never respond >> to it or originate any email from the "abuse" address, so there is nothing >> for the spammers to harvest.) >> >> Under this new scheme, would I still be able to handle abuse the exact same >> way? Or would we be required to create a web page solely to provide an >> email address and phone number for abuse reporting, duplicating what is >> already in whois? >> >> BTW, our fairly extensive web site is almost entirely private, with only a >> half dozen or so public pages of simple, static information. Which are >> inaccessible if our Internet access or electrical power is down. >> >> In other words, any change for us would be a pain the keister for no >> discernible benefit to us or any one else. >> >> Unless this is a NO-OP, my vote is NO. >> >> >> >> On 10/26/2021 4:18 PM, ARIN wrote: >>> On 21 October 2021, the ARIN Advisory Council (AC) accepted "ARIN-prop-303: >>> Make Abuse Contact Useful" as a Draft Policy. >>> >>> Draft Policy ARIN-2021-7 is below and can be found at: >>> >>> https://www.arin.net/participate/policy/drafts/2021_7/ >>> <https://www.arin.net/participate/policy/drafts/2021_7/> >>> >>> You are encouraged to discuss all Draft Policies on PPML. The AC will >>> evaluate the discussion in order to assess the conformance of this draft >>> policy with ARIN's Principles of Internet number resource policy as stated >>> in the Policy Development Process (PDP). Specifically, these principles are: >>> >>> * Enabling Fair and Impartial Number Resource Administration >>> >>> * Technically Sound >>> >>> * Supported by the Community >>> >>> The PDP can be found at: >>> >>> https://www.arin.net/participate/policy/pdp/ >>> <https://www.arin.net/participate/policy/pdp/> >>> >>> Draft Policies and Proposals under discussion can be found at: >>> >>> https://www.arin.net/participate/policy/drafts/ >>> <https://www.arin.net/participate/policy/drafts/> >>> >>> Regards, >>> >>> Sean Hopkins >>> >>> Senior Policy Analyst >>> >>> American Registry for Internet Numbers (ARIN) >>> >>> Draft Policy ARIN-2021-7: Make Abuse Contact Useful >>> >>> Problem Statement: >>> >>> ARIN’s process of attaching an abuse contact to resource records is of >>> limited utility. The phone number is often an unmanned voicemail that >>> refers the caller to a web page while the email address is commonly an >>> auto-responder which does the same. Because the emails often involve >>> problematic content they can get lost in filters making it hard to even >>> find the URL let alone get an abuse report to go through. This is further >>> exacerbated by folks who write programs to automatically generate >>> unverified abuse reports and email them to the ARIN contact, flooding the >>> mailbox with useless reports that no human being is assigned to look >>> through. >>> >>> With responsible network providers, the process for dealing with network >>> abuse instead usually starts with a web page. The web page provides >>> instructions and may offer forms for describing the abuse and uploading >>> supporting material of the nature that the service provider needs in order >>> to take action. >>> >>> It would be helpful for ARIN to support the abuse reporting process they >>> actually use. >>> >>> Policy statement: >>> >>> Strike - >>> >>> From 2.12 “and one valid abuse” >>> >>> From 3.6.2 “Abuse” >>> >>> Add: >>> >>> 2.1.2 To “organization information must include…zip code equivalent,” add >>> “an abuse reporting URL” >>> >>> 4.2.3.7.3.2: replace “upstream Abuse and Technical POCs " with “upstream >>> Technical POCs and URLs for reporting abuse” >>> >>> 6.5.5.3.1: replace “upstream Abuse and Technical POCs " with “upstream >>> Technical POCs and URLs for reporting abuse” >>> >>> Timetable for implementation: Whenever >>> >>> Anything Else: >>> >>> Initial implementation suggested to replace the abuse POC with a URL >>> pointing to ARIN’s display of the same POC record which was used for abuse >>> reporting. Should support multiple URLs so that if desired an organization >>> can specify both “mailto:somebody@here” and “tel:1234567” if that’s how >>> they actually want abuse reported to them. >>> >>> >>> _______________________________________________ >>> ARIN-PPML >>> You are receiving this message because you are subscribed to >>> the ARIN Public Policy Mailing List ([email protected]). >>> Unsubscribe or manage your mailing list subscription at: >>> https://lists.arin.net/mailman/listinfo/arin-ppml >>> Please contact [email protected] if you experience any issues. >>> >> > _______________________________________________ > ARIN-PPML > You are receiving this message because you are subscribed to > the ARIN Public Policy Mailing List ([email protected]). > Unsubscribe or manage your mailing list subscription at: > https://lists.arin.net/mailman/listinfo/arin-ppml > Please contact [email protected] if you experience any issues. _______________________________________________ ARIN-PPML You are receiving this message because you are subscribed to the ARIN Public Policy Mailing List ([email protected]). Unsubscribe or manage your mailing list subscription at: https://lists.arin.net/mailman/listinfo/arin-ppml Please contact [email protected] if you experience any issues.
