ARIN-prop-303: Make Abuse Contact Useful [Archived]

OUT OF DATE?

Here in the Vault, information is published in its final form and then not changed or updated. As a result, some content, specifically links to other pages and other references, may be out-of-date or no longer available.

Date: 16 September 2021

Proposal Originator: William Herrin

Problem Statement:

ARIN’s process of attaching an abuse contact to resource records is of limited utility. The phone number is often an unmanned voicemail that refers the caller to a web page while the email address is commonly an auto-responder which does the same. Because the emails often involve problematic content they can get lost in filters making it hard to even find the URL let alone get an abuse report to go through. This is further exacerbated by folks who write programs to automatically generate unverified abuse reports and email them to the ARIN contact, flooding the mailbox with useless reports that no human being is assigned to look through.

With responsible network providers, the process for dealing with network abuse instead usually starts with a web page. The web page provides instructions and may offer forms for describing the abuse and uploading supporting material of the nature that the service provider needs in order to take action.

It would be helpful for ARIN to support the abuse reporting process they actually use.

Policy statement:

Strike -

From 2.12 “and one valid abuse”

From 3.6.2 “Abuse”

Add:

2.1.2 To “organization information must include…zip code equivalent,” add “an abuse reporting URL”

4.2.3.7.3.2: replace “upstream Abuse and Technical POCs " with “upstream Technical POCs and URLs for reporting abuse”

6.5.5.3.1: replace “upstream Abuse and Technical POCs " with “upstream Technical POCs and URLs for reporting abuse”

Timetable for implementation: Whenever

Anything Else:

Initial implementation suggested to replace the abuse POC with a URL pointing to ARIN’s display of the same POC record which was used for abuse reporting.

Should support multiple URLs so that if desired an organization can specify both “mailto:somebody@here” and “tel:1234567” if that’s how they actually want abuse reported to them.

OUT OF DATE?

Here in the Vault, information is published in its final form and then not changed or updated. As a result, some content, specifically links to other pages and other references, may be out-of-date or no longer available.