________________________________________________________________________ prop-079-v003: Abuse contact information ________________________________________________________________________ Author: Tobias Knecht Version: 3 Date: 24 February 2010 1. Introduction ---------------- This is a proposal to introduce a mandatory reference to IRT objects in the inetnum, inet6num and aut-num objects in the APNIC Whois Database. The proposal aims provide a more accurate and efficient way for abuse reports to reach the correct network contact. 2. Summary of current problem ------------------------------ Network owners increasingly operate dedicated abuse handling departments, distinct from the basic operations department. More and more network owners and other institutions are also starting to exchange data about abusive behavior with each other, to more quickly allow networks to identify internal abuse, external abuse, and other security problems. Currently within the APNIC region, the growing amount of abuse reports are sent to tech-c or admin-c contacts, as encouraged on the APNIC website.[1] These addresses are used because the APNIC Whois Database currently has no mandatory, specialised contact object for abuse departments. Instead, all abuse reports are sent to contact that has broader responsibilities or different responsibilities. 3. Situation in other RIRs --------------------------- AfriNIC: There are currently no specific abuse-related fields implemented in the AfriNIC Whois Database. However, if the current proposal is successful in the APNIC region, the author plans to submit a similar proposal for the AfriNIC region. ARIN: An abuse-POC exists for Organizational ID identifiers.[2] LACNIC: An abuse-c exists for aut-num, inetnum and inet6num objects.[3] RIPE: An optional IRT (Incident Response Team) object can be linked to inetnum and inet6num objects.[4] If the current proposal is successful in the APNIC region, the author plans to submit a similar proposal for the RIPE region. 4. Details of the proposal --------------------------- It is proposed that APNIC: 4.1 Institute a mandatory reference to an IRT object in inetnum, inet6num and aut-num objects. In terms of implementing a mandatory IRT reference, it is suggested that this be part of two established actions: - The next time an organization attempts to update an existing inetnum, inet6num or aut-num object - When new inetnum, inet6num or aut-num objects are added to the database 4.2 Have a mandatory abuse-mailbox field in the IRT object. 4.3 Delete abuse-mailbox fields in all objects that do not refer to an IRT, and delete the trouble field everywhere starting 2011. 5. Advantages and disadvantages of the proposal ------------------------------------------------ 5.1 Advantages - Networks will be able to supply their own, direct contact information for abuse departments. - Abuse complaints will not be sent to the "wrong" contact any more. - This permits greater administrative and operational flexibility, and faster abuse handling will be possible. 5.2 Disadvantages - Introducing a mandatory reference to the IRT Object will establish a new object. This object, like all other existing objects, will face the data accuracy problem. This proposal aims to address the issue of a missing place for abuse contact information and will not improve data accuracy in the whois database. Data accuracy will be part of another proposal that is already being discussed on the policy mailing list. 6. Effect on APNIC members --------------------------- There will be no immediate affect for APNIC members with existing resource registrations already in the APNIC Whois Database. However, members will need to add a reference to the mandatory IRT object in the following situations: - The first time members attempt to update an existing inetnum, inet6num or aut-num object - When members add new inetnum, inet6num or aut-num objects 7. Effect on NIRs ------------------ It would be of benefit to the whole Internet community if NIRs were to implement a similar abuse contact scheme in their whois databases. But this would be another proposal. 8. References -------------- [1] Reporting abuse and spam http://www.apnic.net/reporting-abuse [2] Introduction to ARIN's Database https://www.arin.net/knowledge/database.html#abusepoc [3] There is no formal documentation on abuse-c in inetnum and inet6num objects, but for documentation on the abuse-c in ASN records, see LACNIC Policy Manual (v1.3 - 07/11/2009) http://lacnic.net/en/politicas/manual4.html [4] IRT Object FAQ http://www.ripe.net/db/support/security/irt/faq.html