[DBWG] Abuse contacts in the WHOIS

Madhvi madhvi at afrinic.net
Wed Nov 23 11:07:28 UTC 2016 

Hello

To make the mnt-irt mandatory necessitates a change in the policy.
Should it pass, then AFRINIC can enforce the policy and get each
resource member to have an IRT object and the latter referenced as
mnt-irt in the resource objects registered on the whois database. While
we cannot generate the irt object automatically , we, AFRINIC , should
be able to provide a tool to the member to make it as painless as possible.

Regards

Madhvi


On 19/11/2016 3:30 PM, Michel Odou wrote:
> Hi Amreesh,
>
> This is an interesting highlight, thanks.
>
> Making the mnt-irt mandatory would indeed be the ideal situation but
> how to handle the existing inet(6)num/aut-num objects? No update will
> be allowed until they comply with the template and creating the irt
> object is not trivial (many mandatory attributes are required), which
> means we cannot generate it automatically. I am curious to know how
> APNIC handled this issue.
>
> Of course, we can also wait until all the resource objects have a
> valid mnt-irt, then make it mandatory.
>
> Regards,
> Michel
>
> On 19/11/2016 8:00 PM, Amreesh Phokeer wrote:
>> Hi Michel,
>>
>> As you know, AFRINIC has an abuse contact policy [1], which is
>> unfortunately not serving its purpose.
>> The blog post/article [2] on spam tried to highlight this loophole, the
>> policy is implemented but is **optional**.
>> Table 3. shows that only 16 objects (mostly AFRINIC-owned objects) has
>> an "mnt-irt” attribute.
>>
>> Maybe the community should make it mandatory, as APNIC did:
>>
>> ITE-APL:~ Amreesh$ whois -hwhois.apnic.net <http://hwhois.apnic.net> -t
>> inetnum
>> % [whois.apnic.net <http://whois.apnic.net>]
>> % Whois data copyright terms    http://www.apnic.net/db/dbcopyright.html
>>
>> inetnum:        [mandatory]  [single]     [primary/lookup key]
>> netname:        [mandatory]  [single]     [lookup key]
>> descr:          [mandatory]  [multiple]   [ ]
>> country:        [mandatory]  [multiple]   [ ]
>> geoloc:         [optional]   [single]     [ ]
>> language:       [optional]   [multiple]   [ ]
>> org:            [optional]   [single]     [inverse key]
>> admin-c:        [mandatory]  [multiple]   [inverse key]
>> tech-c:         [mandatory]  [multiple]   [inverse key]
>> status:         [mandatory]  [single]     [ ]
>> remarks:        [optional]   [multiple]   [ ]
>> notify:         [optional]   [multiple]   [inverse key]
>> mnt-by:         [mandatory]  [multiple]   [inverse key]
>> mnt-lower:      [optional]   [multiple]   [inverse key]
>> mnt-routes:     [optional]   [multiple]   [inverse key]
>> mnt-irt:        [mandatory]  [multiple]   [inverse key]
>> <<<<<<<<<<<<<<<<<<<<
>> changed:        [mandatory]  [multiple]   [ ]
>> source:         [mandatory]  [single]     [ ]
>>
>>
>> [1]
>> http://afrinic.net/en/library/policies/current/698-abuse-contact-information-in-the-afrinic-service-region]
>> <http://afrinic.net/en/library/policies/current/698-abuse-contact-information-in-the-afrinic-service-region%5D>
>>
>> [2]
>> https://www.researchgate.net/profile/Amreesh_Phokeer/publication/303642445_A_Survey_of_Anti-Spam_Mechanisms_and_Their_Usage_from_a_Regional_Internet_Registry's_Perspective/links/574b18ed08ae5bf2e63f33a6.pdf
>>
>> Regards,
>> Amreesh
>>
>>> On Oct 13, 2016, at 6:25 AM, Michel ODOU <michel.odou at afrinic.net
>>> <mailto:michel.odou at afrinic.net>> wrote:
>>>
>>> Hi Mark,
>>>
>>> The email adress abuse at posix.co.za is indeed stored in my.afrinic.net
>>> <http://my.afrinic.net>. On ORG-PS1-AFRINIC, it is listed as simple
>>> e-mail, not abuse-mailbox.
>>> The sanitization process on the WHOIS should include a step where data
>>> available on my.afrinic.net <http://my.afrinic.net> is retrieved and
>>> added to the WHOIS record.
>>>
>>> Regards,
>>> Michel
>>>
>>> On 12/10/2016 16:48, Mark Elkins wrote:
>>>> When I run "whois -h whois.afrinic.net <http://whois.afrinic.net>
>>>> ORG-PS1-AFRINIC" I see no abuse
>>>> contact.
>>>> When I login to my.afrinic.net <http://my.afrinic.net>, Under my
>>>> organisational Information - I
>>>> see....
>>>>
>>>> E-mails:   
>>>>   mje at posix.co.za (Administrative)
>>>>   abuse at posix.co.za (Abuse)
>>>>
>>>> i.e I have an "abuse" email address. I would have though that would be
>>>> the correct source of an abuse email address to be used whenever a
>>>> record that is associated with me needs an abuse address and there is
>>>> not one actually directly associated with that record. Its then
>>>> easy to
>>>> manage this nice "default" source for the abuse email address.
>>>>
>>>> On Wed, 2016-10-12 at 16:19 +0400, Michel ODOU wrote:
>>>>> Dear WG members,
>>>>>
>>>>> As you may have noticed, most of the time, the WHOIS does not display
>>>>> the abuse contact when you do a query for an inetnum or inet6num or
>>>>> autnum resource.
>>>>>
>>>>> $> whois -h whois.afrinic.net <http://whois.afrinic.net> 196/8
>>>>> % This is the AfriNIC Whois server.
>>>>>
>>>>> % Note: this output has been filtered.
>>>>> %       To receive output for a database update, use the "-B" flag.
>>>>>
>>>>> % Information related to '196.0.0.0 - 196.255.255.255'
>>>>>
>>>>> % No abuse contact registered for 196.0.0.0 - 196.255.255.255
>>>>>
>>>>> inetnum:        196.0.0.0 - 196.255.255.255
>>>>> netname:        ORG-AFNC1-AFRINIC-20050414
>>>>> ...
>>>>>
>>>>>
>>>>> How is this supposed to work? The WHOIS used to get the abuse mailbox
>>>>> attribute of the organisation referenced in the covering inetnums.
>>>>> However, looking at the WHOIS DB, we have 5 organisations that have a
>>>>> valid abuse-mailbox attribute (over 2081). There is worse:
>>>>> approximately 125 organisations have an abuse email address specified
>>>>> in a wrong attribute like notify or remarks. While it is interesting
>>>>> to have this information, it is almost impossible to parse correctly
>>>>> and to display it as a valid abuse email contact.
>>>>>
>>>>> There is more : the abuse-mailbox attribute is in fact present in 5
>>>>> objects: irt, mntner, organisation, person and role.
>>>>>
>>>>> It is not easy to determine which one to display as an abuse contact.
>>>>> To help solving this issue, since 2012, a policy encourages the use
>>>>> of the irt object to carry the abuse contact information, among
>>>>> others (http://www.afrinic.net/en/library/policies/current/698-afpub-
>>>>> 2010-gen-006). However, the policy does not force the use of this
>>>>> object and so far, only a few objects use it (125/130014 inetnums,
>>>>> 5/14616 inet6nums and 13/1673 autnums).
>>>>>
>>>>> Our colleague Amreesh wrote a very interesting paper describing the
>>>>> issue with many details. You will find it here : http://afrinic.net/b
>>>>> log/component/content/article?id=6:afrinic-publishes-an-article-on-
>>>>> spam-from-an-rir-perspective
>>>>>
>>>>> ---
>>>>>
>>>>> The ideal situation would be, of course, to be able to retrieve the
>>>>> abuse mailbox every time it is necessary, which would for example
>>>>> help us having a webservice that would return the abuse contact for a
>>>>> given resource.
>>>>>
>>>>> From our perspective, the solution would be:
>>>>> Remove the abuse-mailbox attribute from the mntner, person and role
>>>>> objects.
>>>>> Make the abuse-mailbox mandatory in the organisation object. For the
>>>>> organisations that are already in the DB and that do not have a valid
>>>>> abuse-mailbox attribute, the e-mail attribute will be used.
>>>>> [Sanitize the DB to add abuse-mailbox attributes on the organisations
>>>>> that have an abuse contact email specified in a remark or notify
>>>>> attribute (this has to be done manually and would be an optional
>>>>> third phase)]
>>>>> For the query, the process would be:
>>>>> If the resource (inetnum, inet6num or autnum) has an mnt-irt, display
>>>>> the abuse-mailbox of that object.
>>>>> Else, display the abuse-mailbox of the referenced organisation.
>>>>> Please let me know what you think about this.
>>>>>
>>>>> Regards,
>>>>> Michel
>>>>>
>>>>>
>>>>> _______________________________________________
>>>>> DBWG mailing list
>>>>> DBWG at afrinic.net
>>>>> https://lists.afrinic.net/mailman/listinfo/dbwg
>>>>>
>>>>>
>>>>> _______________________________________________
>>>>> DBWG mailing list
>>>>> DBWG at afrinic.net
>>>>> https://lists.afrinic.net/mailman/listinfo/dbwg
>>>
>>> _______________________________________________
>>> DBWG mailing list
>>> DBWG at afrinic.net <mailto:DBWG at afrinic.net>
>>> https://lists.afrinic.net/mailman/listinfo/dbwg
>>
>
> _______________________________________________
> DBWG mailing list
> DBWG at afrinic.net
> https://lists.afrinic.net/mailman/listinfo/dbwg

-- 
Mrs Madhvi Gokool
Registration Services Manager
AFRINIC Ltd.
t: +230 403 51 00 | f: +230 466 6758 | tt: @afrinic |
w: www.afrinic.net | facebook.com/afrinic | flickr.com/afrinic |
youtube.com/afrinicmedia
___________________________
Join us for the AFRINIC-25 meeting in Mauritius, 25 to 30 November 2016

More information about the DBWG mailing list