Mandatory Provision of Abuse Contact information

Posted by J.D. Falk on

Udeme Ukutt, postmaster for our partner Synacor, contributed the following article.

An industry professional at Abusix named Tobias Knecht is the backbone behind a proposal to improve and create a better mitigation of abuse across different global internet networks. Basically, his series of proposals introduce a mandatory “abuse contact” field for objects in global whoIS databases. This provides a more efficient way for abuse reports to reach the correct network contact. Personally – as a Postmaster for a leading, white-label ISP, I applaud this with great happiness for multiple reasons. I also feel people who handle abuse desks, anti-abuse roles, etc should closely follow this.

Let’s take a look across the internet: we can review various RIRs (Regional Internet Registries) where a proposal has either already been approved, or in progress. Below,

• AfriNIC (Africa Region): Proposal draft submitted April 7, 2010. Read more here, and an update here.
• ARIN (North America Region): An abuse-POC already exists for Organizational ID identifiers. Read more here.
• LACNIC (Latin America and some Caribbean Islands): An “abuse-c:” exists for aut-num, inetnum and inet6num objects. Understand and note that there’s no formal documentation on “abuse-c:” in inetnum and inet6num objects, but for documentation on the “abuse-c” in ASN records, see LACNIC Policy Manual (v1.3 – 07/11/2009). Read more here.
• RIPE NCC (Europe, the Middle East, and Central Asia): Draft submitted November 8, 2010, which is open for discussion in the hands of RIPE’s anti-abuse working group. Read more here.
• APNIC (Asia/Pacific Region): “Prop-079” proposal implemented November 8, 2010. Read more here.

This brings me to the main reason for this blog post: APNIC just recently implemented their proposal about a fortnight ago. Above all, ensuring there’s a dedicated abuse contact/department that specifically resolves abuse & security issues will go a long way to limit potential damage and enhance recovery.

MAAWG submitted comments in August 2010 supporting this proposal as well.

Udeme blogs about email compliance standards at Udeme’s anti-spam buzz, and on CircleID.


Popular this Month

 3 Trends Impacting Email: Persistent Fraud, Part 2

3 Trends Impacting Email: Persistent Fraud, Part 2

In part one of this three-part series, I examined the evolving landscape of...

Read More

 The Top 16 Topics of 2016

The Top 16 Topics of 2016

2017 is finally here! But before we focus on the year ahead, we wanted to...

Read More

 Think Fighting Email Fraud is Someone Else’s Job? Here’s the Real Cost of Doing Nothing.

Think Fighting Email Fraud is Someone Else’s Job? Here’s the Real Cost of Doing Nothing.

Cyberattacks against your brand can be very damaging and costly to both your...

Read More

Author Image

About J.D. Falk

Author Archive

Stay up to date

Enter your name and email address below to subscribe to our mailing list.

Your browser is out of date.
For a better Return Path experience, click a link below to get the latest version.