[acm-tf] Abuse Contact Information - Policy Proposal
Alessandro Vesely vesely at tana.it
Mon Oct 17 20:29:48 CEST 2011
On 17/Oct/11 13:51, Tobias Knecht wrote: > Am 17.10.11 13:23, schrieb Alessandro Vesely: >> A couple of notes... >> >> On 15/Oct/11 13:18, Tobias Knecht wrote: >>> >>> Policy Text >>> >>> This is a proposal to introduce a new (mandatory) contact attribute >>> named "abuse-c:", which can be referenced by inetnum, inet6num and >>> aut-num objects. The "abuse-c:" reference to an abuse handler should >>> make use of the hierarchical nature of the resource data to minimize the >>> workload on resource holders and facilitate good database design. >> >> It is not clear from that text that we want abuse-c to be inherited. >> IMHO, optimizations and database principles should be considered a >> fortunate coincidence. The semantic point is that we consider ISPs >> responsible for the kind of traffic that their customers operate. >> (The recent A2B vs Spamhaus story may illustrate this concept.) > > Any suggestions for a better wording? How about The "abuse-c:" reference to an abuse handler should make use of the hierarchical nature of the resource data, so that a given abuse team retains its relationship with the relevant resources until a different "abuse-c:" reference explicitly overrides it for a given assignment. Such transfers of abuse handling to less specific assignments are not meant to be automated, yet they minimize the workload on resource holders and facilitate good database design. ? >>> The role should contain the following attributes: >>> >>> ... >>> address: [mandatory] >>> phone: [optional] >>> fax-no: [optional] >>> e-mail: [mandatory] [single] >>> abuse-mailbox: [mandatory] [single] >> * domain-name: [mandatory] [single] >> >> I re-propose adding a domain, the main domain that the abuse team >> belongs to, in order to avoid the email addresses to be meaningful in >> that respect. For example, one might want to outsource an >> abuse-mailbox, or to use external domains for fault-tolerance. > > Doesn't this destroy the simplicity for huge ISPs? United Internet is > 1&1 (1und1.de, 1and1.co.uk, 1and1.com, and lots more), web.de and GMX > (gmx.de, gmx.at, gmx.ch, gmx.com...) ... > > 1.) Which one would be the correct domain-name? The most important, according to their marketing taste. But a domain-name should be preferred if it has MX or NS records leading to IP addresses within the same object where the (main) reference to the given abuse-c is going to be put. > 2.) The addresses are not that meaningful, but isn't the company the > role belongs meaningful enough? Yes, we could set a "company-name" instead, but then we'd get stuff like "1&1 Internet Inc." (instead of 1and1.com) or "1&1 Mail & Media Inc." (gmx.com) that are less searchable and less meaningful than the domain names. As abuse-handling is rather cooperative than legally-enforced, I'd consider practical domain-names better than official company-names. For the meaning, we have lots of ways to go from domain names to IP addresses, but only rDNS for the way back. Since rDNS is often unreliable, people look after the @ in email contacts, thereby attributing them a meaning that addresses were not supposed to have. > I think this may lead into more trouble than additional value. Would "optional" be more manageable?
[ Acm-tf Archive ]