Search RPD Archives
Limit search to: Subject & Body Subject Author
Sort by:

[rpd] Abuse addrsses

Frank Habicht geier at
Sun Oct 17 02:54:05 UTC 2021

Hi Ronald,

On 17/10/2021 03:01, Ronald F. Guilmette wrote:
> Was there a proposal in exiatance at one time to require members to add
> abuse reporting email addresses to their ASN and/or IP block WHOIS records?


> I seem to vaguely recall that there may have been one, but I'm not sure
> anymore.
> If there was one, whatever happened to that?

1. under discussion & under appeal
2. last call and under appeal

> P.S.  I am a bit annoyed right at the moment, because I just got a spam from
> which belongs to Maroc Telecom, and they don't have any abuse
> reporting address in the WHOIS data base.

resource holders have the ability to add abuse contacts using a "irt object"

[frank at fisi ~]$ whois -h -- -v inetnum | grep ^mnt-irt.
mnt-irt:        [optional]   [multiple]   [inverse key]
[frank at fisi ~]$ whois -h -- -v inetnum | grep -A 10

   May appear in an inetnum, inet6num or aut-num object. It points to an
   irt object representing a Computer Security Incident Response Team
   (CSIRT) that handles security incidents for the address space
   specified by the object.

     An irt name is made up of letters, digits, the character
     underscore "_", and the character hyphen "-"; it must start
     with "irt-", and the last character of a name must be a
     letter or a digit.
[frank at fisi ~]$ whois -h -- -v irt

these are *optional* currently.


> This company holds 8,404,992 AFRINIC-issued IPv4 addresses, so it is not
> exactly small.  The fact that all of that IPv4 space has been allocated
> to the company, by AFRINIC, but with absolutely NO abuse reporting contact
> is, well, crazy.
> P.P.S.  Based on the nature of the spam, I can say with nearly 100% certainty
> that the machine at has been security compromised.

More information about the RPD mailing list