[DBWG] Abuse contacts in the WHOIS

Michel ODOU michel.odou at afrinic.net
Thu Oct 13 04:25:46 UTC 2016


Hi Mark,

The email adress abuse at posix.co.za is indeed stored in my.afrinic.net.
On ORG-PS1-AFRINIC, it is listed as simple e-mail, not abuse-mailbox.
The sanitization process on the WHOIS should include a step where data
available on my.afrinic.net is retrieved and added to the WHOIS record.

Regards,
Michel

On 12/10/2016 16:48, Mark Elkins wrote:
> When I run "whois -h whois.afrinic.net ORG-PS1-AFRINIC" I see no abuse
> contact.
> When I login to my.afrinic.net, Under my organisational Information - I
> see.... 
>
> E-mails:	
>   mje at posix.co.za (Administrative)
>   abuse at posix.co.za (Abuse)
>
> i.e I have an "abuse" email address. I would have though that would be
> the correct source of an abuse email address to be used whenever a
> record that is associated with me needs an abuse address and there is
> not one actually directly associated with that record. Its then easy to
> manage this nice "default" source for the abuse email address.
>
> On Wed, 2016-10-12 at 16:19 +0400, Michel ODOU wrote:
>> Dear WG members,
>>
>> As you may have noticed, most of the time, the WHOIS does not display
>> the abuse contact when you do a query for an inetnum or inet6num or
>> autnum resource.
>>
>> $> whois -h whois.afrinic.net 196/8
>> % This is the AfriNIC Whois server.
>>
>> % Note: this output has been filtered.
>> %       To receive output for a database update, use the "-B" flag.
>>
>> % Information related to '196.0.0.0 - 196.255.255.255'
>>
>> % No abuse contact registered for 196.0.0.0 - 196.255.255.255
>>
>> inetnum:        196.0.0.0 - 196.255.255.255
>> netname:        ORG-AFNC1-AFRINIC-20050414
>> ...
>>
>>
>> How is this supposed to work? The WHOIS used to get the abuse mailbox
>> attribute of the organisation referenced in the covering inetnums.
>> However, looking at the WHOIS DB, we have 5 organisations that have a
>> valid abuse-mailbox attribute (over 2081). There is worse:
>> approximately 125 organisations have an abuse email address specified
>> in a wrong attribute like notify or remarks. While it is interesting
>> to have this information, it is almost impossible to parse correctly
>> and to display it as a valid abuse email contact.
>>
>> There is more : the abuse-mailbox attribute is in fact present in 5
>> objects: irt, mntner, organisation, person and role.
>>
>> It is not easy to determine which one to display as an abuse contact.
>> To help solving this issue, since 2012, a policy encourages the use
>> of the irt object to carry the abuse contact information, among
>> others (http://www.afrinic.net/en/library/policies/current/698-afpub-
>> 2010-gen-006). However, the policy does not force the use of this
>> object and so far, only a few objects use it (125/130014 inetnums, 
>> 5/14616 inet6nums and 13/1673 autnums).
>>
>> Our colleague Amreesh wrote a very interesting paper describing the
>> issue with many details. You will find it here : http://afrinic.net/b
>> log/component/content/article?id=6:afrinic-publishes-an-article-on-
>> spam-from-an-rir-perspective
>>
>> ---
>>
>> The ideal situation would be, of course, to be able to retrieve the
>> abuse mailbox every time it is necessary, which would for example
>> help us having a webservice that would return the abuse contact for a
>> given resource.
>>
>> From our perspective, the solution would be:
>> Remove the abuse-mailbox attribute from the mntner, person and role
>> objects.
>> Make the abuse-mailbox mandatory in the organisation object. For the
>> organisations that are already in the DB and that do not have a valid
>> abuse-mailbox attribute, the e-mail attribute will be used.
>> [Sanitize the DB to add abuse-mailbox attributes on the organisations
>> that have an abuse contact email specified in a remark or notify
>> attribute (this has to be done manually and would be an optional
>> third phase)]
>> For the query, the process would be:
>> If the resource (inetnum, inet6num or autnum) has an mnt-irt, display
>> the abuse-mailbox of that object.
>> Else, display the abuse-mailbox of the referenced organisation.
>> Please let me know what you think about this.
>>
>> Regards,
>> Michel
>>
>>
>> _______________________________________________
>> DBWG mailing list
>> DBWG at afrinic.net
>> https://lists.afrinic.net/mailman/listinfo/dbwg
>>
>>
>> _______________________________________________
>> DBWG mailing list
>> DBWG at afrinic.net
>> https://lists.afrinic.net/mailman/listinfo/dbwg

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.afrinic.net/pipermail/dbwg/attachments/20161013/67f2f224/attachment-0001.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: OpenPGP digital signature
URL: <https://lists.afrinic.net/pipermail/dbwg/attachments/20161013/67f2f224/attachment-0001.sig>


More information about the DBWG mailing list