________________________________________________________________________ prop-079-v002: Abuse contact information ________________________________________________________________________ Author: Tobias Knecht Version: 2 Date: 10 February 2010 1. Introduction ---------------- This is a proposal to introduce a mandatory reference to IRT objects in the inetnum, inet6num and aut-num objects in the APNIC Whois Database to provide a more efficient way for abuse reports to reach the correct network contact. 2. Summary of current problem ------------------------------ More and more network owners are starting to establish dedicated abuse handling departments. More and more network owners and other institutions are also starting to exchange data about abusive behavior with each other to help networks identify internal abuse and security problems faster Currently within the APNIC region, the growing amount of abuse reports are sent to tech-c or admin-c contacts as encouraged on the APNIC website.[1] This is because APNIC Whois Database currently has no mandatory specialised contact object for abuse departments. Instead, all abuse reports are sent to the "wrong" contact first. 3. Situation in other RIRs --------------------------- AfriNIC: There are currently no specific abuse-related fields implemented in the AfriNIC Whois Database. However, if the current proposal is successful in the APNIC region, the author plans to submit a similar proposal for the AfriNIC region. ARIN: An abuse-POC exists for Organizational ID identifiers.[2] LACNIC: An abuse-c exists for aut-num, inetnum and inet6num objects.[3] RIPE: An optional IRT (Incident Response Team) object can be linked to inetnum and inet6num objects.[4] If the current proposal is successful in the APNIC region, the author plans to submit a similar proposal for the RIPE region. 4. Details of the proposal --------------------------- It is proposed that APNIC: 4.1 Institute a mandatory reference to an IRT object in inetnum, inet6num and aut-num objects. In terms of implementing the mandatory IRT references, it is suggested that this occur in the following two ways: - The first time organization attempt to update an existing inetnum, inet6num or aut-num object - When new inetnum, inet6num or aut-num objects are added to the database 4.2 Have a mandatory abuse-mailbox field in the IRT object. 4.3 Delete abuse-mailbox fields in all objects without IRT and delete the trouble field everywhere starting 2011. 5. Advantages and disadvantages of the proposal ------------------------------------------------ 5.1 Advantages - Networks will be able to supply their own contact information for abuse departments. - Abuse complaints will not be sent to the "wrong" contact any more. - There will be more flexibility. Faster abuse handling will be possible leading to less abusive behavior. 5.2 Disadvantages - No disadvantages are foreseen. 6. Effect on APNIC members --------------------------- There will be no immediate affect for APNIC members with existing resource registrations already in the APNIC Whois Database. However, members will need to add a reference to the mandatory IRT object in the following situations: - The first time members attempt to update an existing inetnum, inet6num or aut-num object - When members add new inetnum, inet6num or aut-num objects 7. Effect on NIRs ------------------ It would be of benefit to the whole Internet community if NIRs were to implement a similar abuse contact scheme in their whois databases. But this would be another proposal. 8. References -------------- [1] Reporting abuse and spam http://www.apnic.net/reporting-abuse [2] Introduction to ARIN's Database https://www.arin.net/knowledge/database.html#abusepoc [3] There is no formal documentation on abuse-c in inetnum and inet6num objects, but for documentation on the abuse-c in ASN records, see LACNIC Policy Manual (v1.3 - 07/11/2009) http://lacnic.net/en/politicas/manual4.html [4] IRT Object FAQ http://www.ripe.net/db/support/security/irt/faq.html