Re: [anti-spam-wg] Non-cooperation of RIPE ISP in investigating report of email abuse (spam)

  • To: der Mouse mouse@localhost
  • From: John Draper lists@localhost
  • Date: Sun, 13 Jan 2008 02:02:17 -0800

der Mouse wrote:
That aside, however, currently there is no policy or procedures for
RIPE to follow up on incorrect contact information in the database.
[...]
In addition while RIPE has produced a number of documents [...]
neither the NCC nor this WG are empowered to act to stop an ISP or
their customers from [emitting abuse].

And there you have in a nutshell the reason why the net is so
abuse-ridden - RIPE should hever have had even so much as one address
assigned for them to delegate as long as either of those is true.

Authority without responsibility.  Bad news wherever it's found.

RIPE's authority needs to be revoked (their allocations yanked) until
they accept responsibility concomitant with it.  Of course, that won't
happen - and, as a result, we'll see abuse from RIPE space continue to
escalate.

So, in short, we are not the right people to whom to report this
issue.

You are *exactly* the right people to report it to.  That you are
determined to wash your hands of the responsibility that goes with your
authority is in large part why RIPE space is so abuse-ridden; that
ICANN and the IANA are letting you get away with it is why it has
continued that way for so long (and, because they do the same nothing
with other RIRs, why the rest of the world has similar problems).

/~\ The ASCII				der Mouse
\ / Ribbon Campaign
 X  Against HTML	       mouse@localhost
/ \ Email!	     7D C8 61 52 5D E7 2D 39  4E F1 31 3E E8 B3 27 4B


I totally agree - when I was running SpamCrunchers, I very aggressively went after RIPE, APNIC and bitterly complained about some of their database updating policies. Eventually, after really hitting them hard with "Bogus Whois" complaints, I started to get SOME action, but that was back in 2004. No telling HOW irresponsible they are now, and it almost gives me the impression they RIPE and others, are on the take and helping spammers.

Upstream providers can also help identify the spammers if one comes across a BOGUS WHOIS. I have UNIX Daemons that automatically deal with BOGUS WHOIS complaining, as it automatically checks every 3 weeks, after a 3rd time, it automatically sends another BOGUS WHOIS complaint... then sends one to the upstream provider.

I definately agree that RIPE, ARIN, and other IP Block assignment agencies HAVE to take a good part of the responsibility for making it very difficult to track down hostile traffic.

WHOIS queries were designed to allow security folks to track down network problems of all sorts, and they (RIPE, ARIN) have the responsibiity to keep their data updated. So they should be part of the solution instead of being part of the problem.

John