Mandatory Provision of Abuse Contact information
Udeme Ukutt, postmaster for our partner Synacor, contributed the following article.
An industry professional at Abusix named Tobias Knecht is the backbone behind a proposal to improve and create a better mitigation of abuse across different global internet networks. Basically, his series of proposals introduce a mandatory “abuse contact” field for objects in global whoIS databases. This provides a more efficient way for abuse reports to reach the correct network contact. Personally – as a Postmaster for a leading, white-label ISP, I applaud this with great happiness for multiple reasons. I also feel people who handle abuse desks, anti-abuse roles, etc should closely follow this.
Let’s take a look across the internet: we can review various RIRs (Regional Internet Registries) where a proposal has either already been approved, or in progress. Below,
• AfriNIC (Africa Region): Proposal draft submitted April 7, 2010. Read more here, and an update here.
• ARIN (North America Region): An abuse-POC already exists for Organizational ID identifiers. Read more here.
• LACNIC (Latin America and some Caribbean Islands): An “abuse-c:” exists for aut-num, inetnum and inet6num objects. Understand and note that there’s no formal documentation on “abuse-c:” in inetnum and inet6num objects, but for documentation on the “abuse-c” in ASN records, see LACNIC Policy Manual (v1.3 – 07/11/2009). Read more here.
• RIPE NCC (Europe, the Middle East, and Central Asia): Draft submitted November 8, 2010, which is open for discussion in the hands of RIPE’s anti-abuse working group. Read more here.
• APNIC (Asia/Pacific Region): “Prop-079” proposal implemented November 8, 2010. Read more here.
This brings me to the main reason for this blog post: APNIC just recently implemented their proposal about a fortnight ago. Above all, ensuring there’s a dedicated abuse contact/department that specifically resolves abuse & security issues will go a long way to limit potential damage and enhance recovery.
MAAWG submitted comments in August 2010 supporting this proposal as well.