Search RPD Archives
Limit search to: Subject & Body Subject Author
Sort by:

[AfriNIC-rpd] abuse contact information in whois database (AFPUB-2010-GEN-002)

Tobias Knecht tk at abusix.com
Wed Jun 16 09:32:35 UTC 2010


Hi

>> Wrong. Our spamtrap network receives around 15 million spam messages a
>> day and that is just because we do not want to spend more money to
>> receive more. That is all over round about 48.000 different AS Numbers
>> world wide just in May 2010. 10% of the AS Numbers are based in the US.
> 
> This is an individual comment.  What percentage of those 15 million spam
> messages would generate a query for the AfriNIC region?  Owen DeLong
> mentioned aggregation and bulk whois access in a reply to your message. 
> Is your network doing that?

May: AfriNIC stats.

    1.363 unique AS Numbers
  340.583 unique IP Addresses
2.564.952 all over hits on our reference system

I can not exactly tell you how many whois requests that would have been,
because we are caching and at the moment just using the direct allocated
ranges for exactly these query issues.


bulk whois is as I know not available in the AfriNIC region. And even if
it would be able, it would be to complicated and expensive (RIPE was
selling this service) for reporters to use it and implement it. The
barrier would be to high to reports abusive behavior and that would be
the wrong way.

But as I said in another mail it would probably make sense to implement
something like a abuse-finder API as RIPE is doing at the moment,
exactly for this reason.

If there will be consensus on the object part there would even be a
possibility of setting up some kind of RBLDNSD Service where you put in
ip and get back abuse@ contact. Something like this
http://abusix.org/service/abuse-contact-db-beta

As soon as the RIRs are having something or something similar in place,
we will stop this service.


>> So in my opinion there is a need of unrestricted query access.
> 
> The need for unrestricted query access should not be turned into
> unlimited queries as it can affect Whois operations.

I fully agree on that. It really depends on how this would work.

Think about it this way:
Mandatory IRT Object for inet(6)num and asnum.
Mandatory abuse-mailbox attribute in that IRT Object.

whois -B 193.174.0.0/15 (all data - restricted queries)
whois  193.174.0.0/15 (less data - restricted queries)
whois  -b 193.174.0.0/15 (only abuse mailbox attribute - unrestricted)

That is the way it works at RIPE. And that's why I would like to use the
IRT Object, because all this is already in the AfriNIC Database and has
just to be activated.


Thanks,

Tobias




-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 262 bytes
Desc: OpenPGP digital signature
URL: <https://lists.afrinic.net/pipermail/rpd/attachments/20100616/ab754f43/attachment.sig>


More information about the RPD mailing list