Re: [arin-ppml] Fraud reporting question
On Jun 24, 2015, at 05:53 , Martin Hannigan hanni...@gmail.com wrote: On Tue, Jun 23, 2015 at 11:45 PM, Owen DeLong o...@delong.com mailto:o...@delong.com wrote: On Jun 23, 2015, at 19:34 , Martin Hannigan hanni...@gmail.com mailto:hanni...@gmail.com wrote: On Tue, Jun 23, 2015 at 6:11 PM, Richard Jimmerson richa...@arin.net mailto:richa...@arin.net wrote: Hello Adam, Thank you for submitting these questions about fraud reporting. We have found the fraud reporting system to be very helpful over the past few years. We receive many different types of fraud reports through this system. Some of them have helped ARIN begin investigations that have resulted in both the recovery of falsely registered resources and the denial of some IPv4 requests that might have otherwise been issued resources. According to the fraud results page, ~2% (of 146) resulted in further investigation. That''s a problem. Either. There is no real fraud or, ARIN is powerless to deal with it. The last time ARIN updated the Results page appears to be September 2014 based on the last noted ticket number of ARIN-20140929-F1760. There’s another possibility which seems entirely likely to me. Of 146 fraud reports, 2% cover legitimate fraud. Most fraud likely goes unreported. That's possible, but I think this raises a question. What exactly is fraud? Generally, my guess is the only person who has any clue as to what a fraud is or if its been committed is the person filling out the application. The numbers are generally null because it's near undetectable other than a whistle blower coming forward. I’ll let ARIN staff give the definitive answer, but my understanding (which may not be 100% correct but should be relatively close) is addresses obtained or held in a manner inconsistent with the policies stated in the NRPM and/or in violation of the RSA. On this we agree… The form letter I suggested should contain a link to this FAQ, as should the fraud report filing page. That's seems more like an abuse like auto-responder which is easy to fire and forget. I'd like to see more eyes on the complaints, but an attempt to increase the quality of what they will put eyes to. No, I’m specifically not suggesting an auto-responder. I’m suggesting a form letter where once the eyeballs have determined the complaint is out of scope, they don’t spend a bunch of time composing a message that may or may not be 100% correct, they pull up the stock message, maybe add a couple of details relevant to why this specific report was considered out of scope, and then send it off to the requestor. It shouldn’t be automatically sent to every requestor. Owen ___ PPML You are receiving this message because you are subscribed to the ARIN Public Policy Mailing List (ARIN-PPML@arin.net). Unsubscribe or manage your mailing list subscription at: http://lists.arin.net/mailman/listinfo/arin-ppml Please contact i...@arin.net if you experience any issues.
Re: [arin-ppml] Fraud reporting question
This is probably not the right place to ask, but I'm unsure where to best ask. And at least it's somewhat relevant given recent talk of large actors in the CNNIC area gaming ARIN... 1) when someone submits a fraud report to ARIN, how are they supposed to communicate additional information on that ticket? Nothing in the responses from ARIN provide a URL or email address for submitting further information. If the complainant submits further information through the fraud reporting form online, a brand new ticket gets created with no linkage to the original. 2) how long should someone expect to wait to hear back from a human? Even an acknowledgement (non-automated) would go a long way to addressing the feeling most people would have that their submission went into a black hole. 3) why can't I submit a fraud report if I'm logged in to ARIN online? Claiming it's about anonymity is questionable when any complainant has to provide contact info anyway! So, not policy-related per se, yet it sort-of is. -Adam -- Sent from my Android device with K-9 Mail. Please excuse my brevity. Adam – I wanted to acknowledge receipt of your questions posted to PPML and let you know that we will respond as soon as possible. Many of us, involved in the responses to your questions, are in various meetings today but will reply back to you (and PPML) as soon as we can. Regards, Nate Davis Chief Operating Officer American Registry for Internet Numbers ___ PPML You are receiving this message because you are subscribed to the ARIN Public Policy Mailing List (ARIN-PPML@arin.net). Unsubscribe or manage your mailing list subscription at: http://lists.arin.net/mailman/listinfo/arin-ppml Please contact i...@arin.net if you experience any issues.
Re: [arin-ppml] Fraud reporting question
Hello Adam, Thank you for submitting these questions about fraud reporting. We have found the fraud reporting system to be very helpful over the past few years. We receive many different types of fraud reports through this system. Some of them have helped ARIN begin investigations that have resulted in both the recovery of falsely registered resources and the denial of some IPv4 requests that might have otherwise been issued resources. From: Adam Thompson athom...@athompso.netmailto:athom...@athompso.net 1) when someone submits a fraud report to ARIN, how are they supposed to communicate additional information on that ticket? Nothing in the responses from ARIN provide a URL or email address for submitting further information. If the complainant submits further information through the fraud reporting form online, a brand new ticket gets created with no linkage to the original. 2) how long should someone expect to wait to hear back from a human? Even an acknowledgement (non-automated) would go a long way to addressing the feeling most people would have that their submission went into a black hole. Fraud reports receive an initial automated response from ARIN. The majority of the fraud reports we receive are out of scope. These often include someone attempting to sell services to ARIN or to lodge a complaint about the poor quality of service being delivered by their ISP. Not all fraud reports receive a response from a human at ARIN, for this reason. In the case of a legitimate fraud report, we respond to the reporter letting them know we are looking into the issue. Once this communication has been made, ARIN and the person reporting the fraud are engaged in a ticketed email exchange. We typically are able to respond within a few business days, however our response times have slowed in the past months due to an increased workload related to the depletion of the IPv4 resource pool. If you have submitted a report in the last fourteen days, you should hear back from us shortly. You are also welcome to contact us via our telephone help-desk for status information. 3) why can't I submit a fraud report if I'm logged in to ARIN online? Claiming it's about anonymity is questionable when any complainant has to provide contact info anyway! Tickets submitted in ARIN Online are visible to other points of contact associated with the same organization. We require users submit fraud reports outside of ARIN Online for that reason. Even so, users should still be able to submit information using the fraud reporting tool without having to log out of ARIN Online. We will take a closer look to make sure that is working. Thank you again. Richard Jimmerson CIO Acting Director of Registration Services American Registry for Internet Numbers ___ PPML You are receiving this message because you are subscribed to the ARIN Public Policy Mailing List (ARIN-PPML@arin.net). Unsubscribe or manage your mailing list subscription at: http://lists.arin.net/mailman/listinfo/arin-ppml Please contact i...@arin.net if you experience any issues.
Re: [arin-ppml] Fraud reporting question
+1 Owen's remarks. There’s another possibility which seems entirely likely to me. Of 146 fraud reports, 2% cover legitimate fraud. Most fraud likely goes unreported. As noted by ARIN staff earlier in this conversation, the vast majority of fraud reports they receive are out of scope… General ISP complaints SPAM complaints etc. This is not surprising as probably about 1% of all internet users even know what an RIR is, let alone how to distinguish between RIR Fraud and other issues. -- Brian On Tue, Jun 23, 2015 at 10:45 PM, Owen DeLong o...@delong.com wrote: On Jun 23, 2015, at 19:34 , Martin Hannigan hanni...@gmail.com wrote: On Tue, Jun 23, 2015 at 6:11 PM, Richard Jimmerson richa...@arin.net wrote: Hello Adam, Thank you for submitting these questions about fraud reporting. We have found the fraud reporting system to be very helpful over the past few years. We receive many different types of fraud reports through this system. Some of them have helped ARIN begin investigations that have resulted in both the recovery of falsely registered resources and the denial of some IPv4 requests that might have otherwise been issued resources. According to the fraud results page, ~2% (of 146) resulted in further investigation. That''s a problem. Either. There is no real fraud or, ARIN is powerless to deal with it. The last time ARIN updated the Results page appears to be September 2014 based on the last noted ticket number of ARIN-20140929-F1760. There’s another possibility which seems entirely likely to me. Of 146 fraud reports, 2% cover legitimate fraud. Most fraud likely goes unreported. As noted by ARIN staff earlier in this conversation, the vast majority of fraud reports they receive are out of scope… General ISP complaints SPAM complaints etc. This is not surprising as probably about 1% of all internet users even know what an RIR is, let alone how to distinguish between RIR Fraud and other issues. Some sort of additional resources like a FAQ on what might or might not be out of scope could help to reduce the amount of baseless submissions as well as additional questions on the form that if selected nack a report. If staff isn't going to keep the page updated why keep it at all? On this we agree… The form letter I suggested should contain a link to this FAQ, as should the fraud report filing page. Owen Best, -M ___ PPML You are receiving this message because you are subscribed to the ARIN Public Policy Mailing List (ARIN-PPML@arin.net). Unsubscribe or manage your mailing list subscription at: http://lists.arin.net/mailman/listinfo/arin-ppml Please contact i...@arin.net if you experience any issues. ___ PPML You are receiving this message because you are subscribed to the ARIN Public Policy Mailing List (ARIN-PPML@arin.net). Unsubscribe or manage your mailing list subscription at: http://lists.arin.net/mailman/listinfo/arin-ppml Please contact i...@arin.net if you experience any issues. ___ PPML You are receiving this message because you are subscribed to the ARIN Public Policy Mailing List (ARIN-PPML@arin.net). Unsubscribe or manage your mailing list subscription at: http://lists.arin.net/mailman/listinfo/arin-ppml Please contact i...@arin.net if you experience any issues.
Re: [arin-ppml] Fraud reporting question
On Tue, Jun 23, 2015 at 6:11 PM, Richard Jimmerson richa...@arin.net wrote: Hello Adam, Thank you for submitting these questions about fraud reporting. We have found the fraud reporting system to be very helpful over the past few years. We receive many different types of fraud reports through this system. Some of them have helped ARIN begin investigations that have resulted in both the recovery of falsely registered resources and the denial of some IPv4 requests that might have otherwise been issued resources. According to the fraud results page, ~2% (of 146) resulted in further investigation. That''s a problem. Either. There is no real fraud or, ARIN is powerless to deal with it. The last time ARIN updated the Results page appears to be September 2014 based on the last noted ticket number of ARIN-20140929-F1760. Some sort of additional resources like a FAQ on what might or might not be out of scope could help to reduce the amount of baseless submissions as well as additional questions on the form that if selected nack a report. If staff isn't going to keep the page updated why keep it at all? Best, -M ___ PPML You are receiving this message because you are subscribed to the ARIN Public Policy Mailing List (ARIN-PPML@arin.net). Unsubscribe or manage your mailing list subscription at: http://lists.arin.net/mailman/listinfo/arin-ppml Please contact i...@arin.net if you experience any issues.
Re: [arin-ppml] Fraud reporting question
On Jun 23, 2015, at 19:34 , Martin Hannigan hanni...@gmail.com wrote: On Tue, Jun 23, 2015 at 6:11 PM, Richard Jimmerson richa...@arin.net mailto:richa...@arin.net wrote: Hello Adam, Thank you for submitting these questions about fraud reporting. We have found the fraud reporting system to be very helpful over the past few years. We receive many different types of fraud reports through this system. Some of them have helped ARIN begin investigations that have resulted in both the recovery of falsely registered resources and the denial of some IPv4 requests that might have otherwise been issued resources. According to the fraud results page, ~2% (of 146) resulted in further investigation. That''s a problem. Either. There is no real fraud or, ARIN is powerless to deal with it. The last time ARIN updated the Results page appears to be September 2014 based on the last noted ticket number of ARIN-20140929-F1760. There’s another possibility which seems entirely likely to me. Of 146 fraud reports, 2% cover legitimate fraud. Most fraud likely goes unreported. As noted by ARIN staff earlier in this conversation, the vast majority of fraud reports they receive are out of scope… General ISP complaints SPAM complaints etc. This is not surprising as probably about 1% of all internet users even know what an RIR is, let alone how to distinguish between RIR Fraud and other issues. Some sort of additional resources like a FAQ on what might or might not be out of scope could help to reduce the amount of baseless submissions as well as additional questions on the form that if selected nack a report. If staff isn't going to keep the page updated why keep it at all? On this we agree… The form letter I suggested should contain a link to this FAQ, as should the fraud report filing page. Owen Best, -M ___ PPML You are receiving this message because you are subscribed to the ARIN Public Policy Mailing List (ARIN-PPML@arin.net). Unsubscribe or manage your mailing list subscription at: http://lists.arin.net/mailman/listinfo/arin-ppml Please contact i...@arin.net if you experience any issues. ___ PPML You are receiving this message because you are subscribed to the ARIN Public Policy Mailing List (ARIN-PPML@arin.net). Unsubscribe or manage your mailing list subscription at: http://lists.arin.net/mailman/listinfo/arin-ppml Please contact i...@arin.net if you experience any issues.
Re: [arin-ppml] Fraud reporting question
On 15-06-23 02:11 PM, Richard Jimmerson wrote: If you have submitted a report in the last fourteen days, you should hear back from us shortly. You are also welcome to contact us via our telephone help-desk for status information. 3) why can't I submit a fraud report if I'm logged in to ARIN online? Claiming it's about anonymity is questionable when any complainant has to provide contact info anyway! Tickets submitted in ARIN Online are visible to other points of contact associated with the same organization. We require users submit fraud reports outside of ARIN Online for that reason. Even so, users should still be able to submit information using the fraud reporting tool without having to log out of ARIN Online. We will take a closer look to make sure that is working. This brings up a good and interesting point. Should the door be opened to discussions regarding letting 'fraud' reports be open to the public, including ARIN's progress and handling of such reports? Having an open nature to such reports, will ensure that there is no suspicion of reports being ignored, swept under the rug, or not handled in accordance with ARIN's policies and guidelines. -- Catch the Magic of Linux... Michael Peddemors, President/CEO LinuxMagic Inc. Visit us at http://www.linuxmagic.com @linuxmagic A Wizard IT Company - For More Info http://www.wizard.ca LinuxMagic a Registered TradeMark of Wizard Tower TechnoServices Ltd. 604-682-0300 Beautiful British Columbia, Canada This email and any electronic data contained are confidential and intended solely for the use of the individual or entity to which they are addressed. Please note that any views or opinions presented in this email are solely those of the author and are not intended to represent those of the company. ___ PPML You are receiving this message because you are subscribed to the ARIN Public Policy Mailing List (ARIN-PPML@arin.net). Unsubscribe or manage your mailing list subscription at: http://lists.arin.net/mailman/listinfo/arin-ppml Please contact i...@arin.net if you experience any issues.
Re: [arin-ppml] Fraud reporting question
On Jun 23, 2015, at 14:11 , Richard Jimmerson richa...@arin.net wrote: Hello Adam, Thank you for submitting these questions about fraud reporting. We have found the fraud reporting system to be very helpful over the past few years. We receive many different types of fraud reports through this system. Some of them have helped ARIN begin investigations that have resulted in both the recovery of falsely registered resources and the denial of some IPv4 requests that might have otherwise been issued resources. From: Adam Thompson athom...@athompso.net mailto:athom...@athompso.net 1) when someone submits a fraud report to ARIN, how are they supposed to communicate additional information on that ticket? Nothing in the responses from ARIN provide a URL or email address for submitting further information. If the complainant submits further information through the fraud reporting form online, a brand new ticket gets created with no linkage to the original. 2) how long should someone expect to wait to hear back from a human? Even an acknowledgement (non-automated) would go a long way to addressing the feeling most people would have that their submission went into a black hole. Fraud reports receive an initial automated response from ARIN. The majority of the fraud reports we receive are out of scope. These often include someone attempting to sell services to ARIN or to lodge a complaint about the poor quality of service being delivered by their ISP. Not all fraud reports receive a response from a human at ARIN, for this reason. I suggest that it would not be hard to develop an out-of-scope form letter that could be sent to the submitters of such reports. This has multiple advantages: 1. It will potentially educate such submitters and reduce the number of these they submit in the future. 2. It shows that ARIN has seriously reviewed their submission, even if they aren’t able to do anything about it. I will note that if this conversation goes much further, it may be appropriate to take it to one of the mailing lists for operational discussions and/or technical discussions about ARIN operations. Owen ___ PPML You are receiving this message because you are subscribed to the ARIN Public Policy Mailing List (ARIN-PPML@arin.net). Unsubscribe or manage your mailing list subscription at: http://lists.arin.net/mailman/listinfo/arin-ppml Please contact i...@arin.net if you experience any issues.