You are here: Home > Participate > Join a Discussion > Mailman Archives
<<< Chronological >>> Author Index    Subject Index <<< Threads >>>

Re: [anti-spam-wg@localhost] Contacts

  • From: Per Heldal < >
  • Date: 21 Jan 2003 01:30:03 +0100
  • Organization:

> > Basically RIPE administration is just doing the minimal amount to
> > collect their pensions. No leadership, no concern about fraud or
> > negligence in the database.
> Jeffrey, your document states many things which many people would like
> to see. However, your proposed role for registrars is completely
> unworkable in practice:

Maybe if you rely on manual procedures. Not necessarily so if you
automate the process.

> > Registrars shall ensure that contact data are active and that
> contact 
> > addresses (e.g. Postmaster and RFC-recommended role accounts) are 
> > properly operated by registrants. Failure to provide correct current
> > and complete contact data, failure to enable or to properly operate
> a 
> > role account, shall be deemed a cause for Admonishment and, if
> default 
> > continues, Enforcement per infra.
> Let's take a scenario which happened regularly during my time as lir
> manager: ISP registers contact X for company Y in RIPE database. 
> Contact X leaves company without notifying ISP, and information in
> database becomes stale. Who's to blame for this? How can it be
> rectified?

I'd argue that what's to blame is a lack of procedures to verify that
the information kept up2date. One thing is that there should be a
requirement to use role-accounts/aliases for such purposes and not the
addresses of individuals, but that is irrelevant wrt verification of the
data. How hard is it given a list of e-mail addresses to send periodic
messages that require a response and automate the maintenance of these
records? If it should be done centrally for all contact-records or as a
distributed responsibility can be discussed, but I believe this is the
way to go. If a certain contact has not responded given X reminders
within a given period of time, and the next responsible up the chain has
not intervened, all related information should go no matter what it is.
Nobody deserves any allocation of a resource, or be allowed to keep it,
unless they're willing to participate in a minimum of maintenance.
(Assuming they have been informed about their responsibilities)

> As for dealing with the complexity of the problem, take the difficulty
> of dealing with an individual situation like this, multiply the
> situation across 10E{3,4,5}'s of records for each company, multiply by
> a
> suitable factor to take into account the difficulty of maintaining
> multiple contact databases per company (it happens and it's not going
> to
> change), and then multiply by the number of LIRs. It is a practically
> impossible task. As Barbie might say, "Information management is
> hard!".
> RIPE requires that members adheres to its policy documents, but
> policing
> these is an entirely different matter, and certainly something that
> could not do without very significant effort and investment of
> substantial resources on an ongoing basis. And if you're looking for a
> means of combating spam, the money required to provide this service
> would almost certainly be better spent elsewhere.

The value of updated information goes beyond the means of combating spam
and should be well worth the effort. It'll take some effort to establish
a procedure and produce a flowchart to guide the implementation so that
it matches various policies (notification of relevant parties etc).
Maybe policies even need to be adjusted (w/appropriate approval) along
the way. Automation of the verification process otoh should be fairly

// Per

  • Post To The List:
<<< Chronological >>> Author    Subject <<< Threads >>>