[DBWG] Abuse contacts in the WHOIS

Amreesh Phokeer amreesh at afrinic.net
Sat Nov 19 11:00:11 UTC 2016 

Hi Michel,

As you know, AFRINIC has an abuse contact policy [1], which is unfortunately not serving its purpose.
The blog post/article [2] on spam tried to highlight this loophole, the policy is implemented but is **optional**.
Table 3. shows that only 16 objects (mostly AFRINIC-owned objects) has an "mnt-irt” attribute.

Maybe the community should make it mandatory, as APNIC did:

ITE-APL:~ Amreesh$ whois -hwhois.apnic.net <http://hwhois.apnic.net/> -t inetnum
% [whois.apnic.net <http://whois.apnic.net/>]
% Whois data copyright terms    http://www.apnic.net/db/dbcopyright.html <http://www.apnic.net/db/dbcopyright.html>

inetnum:        [mandatory]  [single]     [primary/lookup key]
netname:        [mandatory]  [single]     [lookup key]
descr:          [mandatory]  [multiple]   [ ]
country:        [mandatory]  [multiple]   [ ]
geoloc:         [optional]   [single]     [ ]
language:       [optional]   [multiple]   [ ]
org:            [optional]   [single]     [inverse key]
admin-c:        [mandatory]  [multiple]   [inverse key]
tech-c:         [mandatory]  [multiple]   [inverse key]
status:         [mandatory]  [single]     [ ]
remarks:        [optional]   [multiple]   [ ]
notify:         [optional]   [multiple]   [inverse key]
mnt-by:         [mandatory]  [multiple]   [inverse key]
mnt-lower:      [optional]   [multiple]   [inverse key]
mnt-routes:     [optional]   [multiple]   [inverse key]
mnt-irt:        [mandatory]  [multiple]   [inverse key]   <<<<<<<<<<<<<<<<<<<<
changed:        [mandatory]  [multiple]   [ ]
source:         [mandatory]  [single]     [ ]


[1] http://afrinic.net/en/library/policies/current/698-abuse-contact-information-in-the-afrinic-service-region] <http://afrinic.net/en/library/policies/current/698-abuse-contact-information-in-the-afrinic-service-region%5D>
[2] https://www.researchgate.net/profile/Amreesh_Phokeer/publication/303642445_A_Survey_of_Anti-Spam_Mechanisms_and_Their_Usage_from_a_Regional_Internet_Registry's_Perspective/links/574b18ed08ae5bf2e63f33a6.pdf <https://www.researchgate.net/profile/Amreesh_Phokeer/publication/303642445_A_Survey_of_Anti-Spam_Mechanisms_and_Their_Usage_from_a_Regional_Internet_Registry's_Perspective/links/574b18ed08ae5bf2e63f33a6.pdf>

Regards,
Amreesh

> On Oct 13, 2016, at 6:25 AM, Michel ODOU <michel.odou at afrinic.net <mailto:michel.odou at afrinic.net>> wrote:
> 
> Hi Mark,
> 
> The email adress abuse at posix.co.za <mailto:abuse at posix.co.za> is indeed stored in my.afrinic.net <http://my.afrinic.net/>. On ORG-PS1-AFRINIC, it is listed as simple e-mail, not abuse-mailbox.
> The sanitization process on the WHOIS should include a step where data available on my.afrinic.net <http://my.afrinic.net/> is retrieved and added to the WHOIS record.
> 
> Regards,
> Michel
> 
> On 12/10/2016 16:48, Mark Elkins wrote:
>> When I run "whois -h whois.afrinic.net <http://whois.afrinic.net/> ORG-PS1-AFRINIC" I see no abuse
>> contact.
>> When I login to my.afrinic.net <http://my.afrinic.net/>, Under my organisational Information - I
>> see.... 
>> 
>> E-mails:	
>>   mje at posix.co.za <mailto:mje at posix.co.za> (Administrative)
>>   abuse at posix.co.za <mailto:abuse at posix.co.za> (Abuse)
>> 
>> i.e I have an "abuse" email address. I would have though that would be
>> the correct source of an abuse email address to be used whenever a
>> record that is associated with me needs an abuse address and there is
>> not one actually directly associated with that record. Its then easy to
>> manage this nice "default" source for the abuse email address.
>> 
>> On Wed, 2016-10-12 at 16:19 +0400, Michel ODOU wrote:
>>> Dear WG members,
>>> 
>>> As you may have noticed, most of the time, the WHOIS does not display
>>> the abuse contact when you do a query for an inetnum or inet6num or
>>> autnum resource.
>>> 
>>> $> whois -h whois.afrinic.net <http://whois.afrinic.net/> 196/8
>>> % This is the AfriNIC Whois server.
>>> 
>>> % Note: this output has been filtered.
>>> %       To receive output for a database update, use the "-B" flag.
>>> 
>>> % Information related to '196.0.0.0 - 196.255.255.255'
>>> 
>>> % No abuse contact registered for 196.0.0.0 - 196.255.255.255
>>> 
>>> inetnum:        196.0.0.0 - 196.255.255.255
>>> netname:        ORG-AFNC1-AFRINIC-20050414
>>> ...
>>> 
>>> 
>>> How is this supposed to work? The WHOIS used to get the abuse mailbox
>>> attribute of the organisation referenced in the covering inetnums.
>>> However, looking at the WHOIS DB, we have 5 organisations that have a
>>> valid abuse-mailbox attribute (over 2081). There is worse:
>>> approximately 125 organisations have an abuse email address specified
>>> in a wrong attribute like notify or remarks. While it is interesting
>>> to have this information, it is almost impossible to parse correctly
>>> and to display it as a valid abuse email contact.
>>> 
>>> There is more : the abuse-mailbox attribute is in fact present in 5
>>> objects: irt, mntner, organisation, person and role.
>>> 
>>> It is not easy to determine which one to display as an abuse contact.
>>> To help solving this issue, since 2012, a policy encourages the use
>>> of the irt object to carry the abuse contact information, among
>>> others (http://www.afrinic.net/en/library/policies/current/698-afpub <http://www.afrinic.net/en/library/policies/current/698-afpub>-
>>> 2010-gen-006). However, the policy does not force the use of this
>>> object and so far, only a few objects use it (125/130014 inetnums, 
>>> 5/14616 inet6nums and 13/1673 autnums).
>>> 
>>> Our colleague Amreesh wrote a very interesting paper describing the
>>> issue with many details. You will find it here : http://afrinic.net/b <http://afrinic.net/b>
>>> log/component/content/article?id=6:afrinic-publishes-an-article-on-
>>> spam-from-an-rir-perspective
>>> 
>>> ---
>>> 
>>> The ideal situation would be, of course, to be able to retrieve the
>>> abuse mailbox every time it is necessary, which would for example
>>> help us having a webservice that would return the abuse contact for a
>>> given resource.
>>> 
>>> From our perspective, the solution would be:
>>> Remove the abuse-mailbox attribute from the mntner, person and role
>>> objects.
>>> Make the abuse-mailbox mandatory in the organisation object. For the
>>> organisations that are already in the DB and that do not have a valid
>>> abuse-mailbox attribute, the e-mail attribute will be used.
>>> [Sanitize the DB to add abuse-mailbox attributes on the organisations
>>> that have an abuse contact email specified in a remark or notify
>>> attribute (this has to be done manually and would be an optional
>>> third phase)]
>>> For the query, the process would be:
>>> If the resource (inetnum, inet6num or autnum) has an mnt-irt, display
>>> the abuse-mailbox of that object.
>>> Else, display the abuse-mailbox of the referenced organisation.
>>> Please let me know what you think about this.
>>> 
>>> Regards,
>>> Michel
>>> 
>>> 
>>> _______________________________________________
>>> DBWG mailing list
>>> DBWG at afrinic.net <mailto:DBWG at afrinic.net>
>>> https://lists.afrinic.net/mailman/listinfo/dbwg <https://lists.afrinic.net/mailman/listinfo/dbwg>
>>> 
>>> 
>>> _______________________________________________
>>> DBWG mailing list
>>> DBWG at afrinic.net <mailto:DBWG at afrinic.net>
>>> https://lists.afrinic.net/mailman/listinfo/dbwg <https://lists.afrinic.net/mailman/listinfo/dbwg>
> 
> _______________________________________________
> DBWG mailing list
> DBWG at afrinic.net <mailto:DBWG at afrinic.net>
> https://lists.afrinic.net/mailman/listinfo/dbwg

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.afrinic.net/pipermail/dbwg/attachments/20161119/9d3aeb8a/attachment.html>

More information about the DBWG mailing list