<html>
<head>
<meta http-equiv="content-type" content="text/html; charset=utf-8">
</head>
<body bgcolor="#FFFFFF" text="#000000">
Dear WG members,<br>
<br>
As you may have noticed, most of the time, the WHOIS does not
display the abuse contact when you do a query for an inetnum or
inet6num or autnum resource.<br>
<br>
<tt>$> whois -h whois.afrinic.net 196/8</tt><tt><br>
</tt><tt>% This is the AfriNIC Whois server.</tt><tt><br>
</tt><tt><br>
</tt><tt>% Note: this output has been filtered.</tt><tt><br>
</tt><tt>% To receive output for a database update, use the
"-B" flag.</tt><tt><br>
</tt><tt><br>
</tt><tt>% Information related to '196.0.0.0 - 196.255.255.255'</tt><tt><br>
</tt><tt><br>
</tt><b><tt>% No abuse contact registered for 196.0.0.0 -
196.255.255.255</tt></b><tt><br>
</tt><tt><br>
</tt><tt>inetnum: 196.0.0.0 - 196.255.255.255</tt><tt><br>
</tt><tt>netname: ORG-AFNC1-AFRINIC-20050414</tt><tt><br>
</tt><tt>...</tt><br>
<br>
<br>
How is this supposed to work? The WHOIS used to get the abuse
mailbox attribute of the organisation referenced in the covering
inetnums. However, looking at the WHOIS DB, we have 5 organisations
that have a valid abuse-mailbox attribute (over 2081). There is
worse: approximately 125 organisations have an abuse email address
specified in a wrong attribute like notify or remarks. While it is
interesting to have this information, it is almost impossible to
parse correctly and to display it as a valid abuse email contact.<br>
<br>
There is more : the abuse-mailbox attribute is in fact present in 5
objects: irt, mntner, organisation, person and role.<br>
<br>
It is not easy to determine which one to display as an abuse
contact. To help solving this issue, since 2012, a policy encourages
the use of the irt object to carry the abuse contact information,
among others
(<a class="moz-txt-link-freetext" href="http://www.afrinic.net/en/library/policies/current/698-afpub-2010-gen-006">http://www.afrinic.net/en/library/policies/current/698-afpub-2010-gen-006</a>).
However, the policy does not force the use of this object and so
far, only a few objects use it (125/130014 inetnums, 5/14616
inet6nums and 13/1673 autnums).<br>
<br>
Our colleague Amreesh wrote a very interesting paper describing the
issue with many details. You will find it here :
<a class="moz-txt-link-freetext" href="http://afrinic.net/blog/component/content/article?id=6:afrinic-publishes-an-article-on-spam-from-an-rir-perspective">http://afrinic.net/blog/component/content/article?id=6:afrinic-publishes-an-article-on-spam-from-an-rir-perspective</a><br>
<br>
---<br>
<br>
The ideal situation would be, of course, to be able to retrieve the
abuse mailbox every time it is necessary, which would for example
help us having a webservice that would return the abuse contact for
a given resource.<br>
<br>
From our perspective, the solution would be:<br>
<ol>
<li>Remove the abuse-mailbox attribute from the mntner, person and
role objects.</li>
<li>Make the abuse-mailbox mandatory in the organisation object.
For the organisations that are already in the DB and that do not
have a valid abuse-mailbox attribute, the e-mail attribute will
be used.</li>
<li>[Sanitize the DB to add abuse-mailbox attributes on the
organisations that have an abuse contact email specified in a
remark or notify attribute (this has to be done manually and
would be an optional third phase)]<br>
</li>
</ol>
<p>For the query, the process would be:<br>
</p>
<ol>
<li>If the resource (inetnum, inet6num or autnum) has an mnt-irt,
display the abuse-mailbox of that object.<br>
</li>
<li>Else, display the abuse-mailbox of the referenced
organisation.<br>
</li>
</ol>
Please let me know what you think about this.<br>
<br>
Regards,<br>
Michel<br>
<br>
<br>
</body>
</html>