IETF Logo Mail Archive

[marf] Abuse reporting, was draft-jdfalk-marf-as

Alessandro Vesely <vesely@tana.it> Fri, 24 June 2011 16:17 UTC

Return-Path: <vesely@tana.it>
X-Original-To: marf@ietfa.amsl.com
Delivered-To: marf@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 61F5F11E8096 for <marf@ietfa.amsl.com>; Fri, 24 Jun 2011 09:17:29 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -5.189
X-Spam-Level:
X-Spam-Status: No, score=-5.189 tagged_above=-999 required=5 tests=[AWL=-0.470, BAYES_00=-2.599, HELO_EQ_IT=0.635, HOST_EQ_IT=1.245, RCVD_IN_DNSWL_MED=-4]
Received: from mail.ietf.org ([64.170.98.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id GdPIwomUO+6I for <marf@ietfa.amsl.com>; Fri, 24 Jun 2011 09:17:28 -0700 (PDT)
Received: from wmail.tana.it (www.tana.it [62.94.243.226]) by ietfa.amsl.com (Postfix) with ESMTP id 457AB11E808E for <marf@ietf.org>; Fri, 24 Jun 2011 09:17:28 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=tana.it; s=test; t=1308932246; bh=Wg+bz8/teVjfiayFgVKgLxGDAHZ6+UNglN+5QQ2VqY8=; l=1276; h=Message-ID:Date:From:MIME-Version:To:References:In-Reply-To: Content-Transfer-Encoding; b=bgY9XrK3YLSP4bUKC78HkAegAkzaF4vAqED1Qk0Jlj0labZ5HJqFj5bPUgM3+kwgB UvLedpALYswyDR+zUHEbCKH+SlhANSuj+jpyvUjeXgAuzDBrWDnuMWqCwcbUoZPNwB 7x094zjSF0elX+iQE/eCvP066yjmdkB6cnAzqYQM=
Received: from [172.25.197.158] (pcale.tana [172.25.197.158]) (AUTH: CRAM-MD5 515, TLS: TLS1.0,256bits,RSA_AES_256_CBC_SHA1) by wmail.tana.it with ESMTPSA; Fri, 24 Jun 2011 18:17:26 +0200 id 00000000005DC03F.000000004E04B896.000019CA
Message-ID: <4E04B896.5010604@tana.it>
Date: Fri, 24 Jun 2011 18:17:26 +0200
From: Alessandro Vesely <vesely@tana.it>
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.2.18) Gecko/20110616 Lightning/1.0b2 Thunderbird/3.1.11
MIME-Version: 1.0
To: marf@ietf.org
References: <20110623192929.13813.qmail@joyce.lan>
In-Reply-To: <20110623192929.13813.qmail@joyce.lan>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Subject: [marf] Abuse reporting, was draft-jdfalk-marf-as
X-BeenThere: marf@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Message Abuse Report Format working group discussion list <marf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/marf>, <mailto:marf-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/marf>
List-Post: <mailto:marf@ietf.org>
List-Help: <mailto:marf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/marf>, <mailto:marf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 24 Jun 2011 16:17:29 -0000

On 23/Jun/11 21:29, John Levine wrote:
> My experience, which may or may not be typical of what other people
> would find, is that sending reports in ARF format works fine, but
> figuring out where to send them is a big challenge.

Yes.

> In particular, getting the addresses from WHOIS works poorly both
> because of the iffy quality of WHOIS data, and because WHOIS
> servers don't have the capacity to handle high volume scraping.

I don't agree.  WHOIS is trying and getting better.  IIRC, I found an
abuse POC in Arin saying something like they haven't been able to
verify such address for a while.  A rather non-formal statement that
suggests they do routinely check those email addresses.
https://www.arin.net/policy/nrpm.html#three6

The abuse contact is mandatory in Apnic
http://www.apnic.net/policy/proposals/prop-079

Ripe has an abuse finder tool, and a task force is discussing the
introduction of an abuse-c.
http://apps.db.ripe.net/search/abuse-finder.html
http://www.ripe.net/ripe/groups/tf/abuse-contact

I think a document is needed in order to state the "obvious" facts
that RIRs don't have the scope for discussing.  Since JD said it
cannot be part of the FBL AS, we'd probably better write a new one.

Is it possible to do so?

v2.23.0 | Report a Bug | By Email