Hi. I am a problem with RIPE mis-applying it anti-abuse procedures for the RIPE database. I have operated Network-Tools.com for 13 years. The site is often used by people tracing spam or other security issues that includes IP address block lookups so people can send in a complaint or otherwise contact the network they have an issue with. I find my web site is suddenly blocked from accessing the RIPE database and I cannot get answers to my questions from contacting the database administrator or IANA. First - I am being accused of wanting "bulk access" to the database. That is not true. My system is a pass-through system where many different people make requests through network-tools.com. The web site is merely a pass-through. I have asked many times how I can pass the requestor's IP address through so my web site won't be "penalized." I never get an answer from RIPE. ARIN told me they don't support such a scheme. One purpose of the whois is so that individuals can contact abuse contacts, verfify who owns address blocks, etc. so blocking pass-through systems thwarts the whole purpose of the RIPE database. Second- RIPE keeps claims the requests are for "personal information." IP address and abuse contacts are business contacts and role accounts meant for the public. this is nor "personal information" (ARIN calls it "sensitive" data). These are business contacts meant for the public, not "personal information" or "sensitive." If if were "sensitive" it would not be available to the public. In any case I do not want to display sensitive data or personal information, I want to display the abuse contacts. As for blocking IP from accessing the database I do not see the purpose anyway. Most harvesters use a distributed system of IP addresses so blocking IP only serves to disrupt pass-through systems doing legitimate tasks while harvesters continue to freely collect their data. For the most part the only thing it does is disrupt legitimate users and cause expense to those users for no purpose. How can I get answers to these questions? Thank you
On 15 Dec 2011, at 12:28, russ@consumer.net wrote:
Hi. I am a problem with RIPE mis-applying it anti-abuse procedures for the RIPE database.
I have operated Network-Tools.com for 13 years. The site is often used by people tracing spam or other security issues that includes IP address block lookups so people can send in a complaint or otherwise contact the network they have an issue with. I find my web site is suddenly blocked from accessing the RIPE database and I cannot get answers to my questions from contacting the database administrator or IANA.
First - I am being accused of wanting "bulk access" to the database. That is not true.
Yes it is. You want bulk access.
My system is a pass-through system where many different people make requests through network-tools.com. The web site is merely a pass-through.
It's irrelevant that you think your site is a "pass through" as you haven't coded your requests in such a manner as to pass the requesting IP over.
I have asked many times how I can pass the requestor's IP address through so my web site won't be "penalized." I never get an answer from RIPE. ARIN told me they don't support such a scheme. One purpose of the whois is so that individuals can contact abuse contacts, verfify who owns address blocks, etc. so blocking pass-through systems thwarts the whole purpose of the RIPE database.
No it doesn't Someone can go to the RIPE or ARIN website and request the information for free.
Second- RIPE keeps claims the requests are for "personal information." IP address and abuse contacts are business contacts and role accounts meant for the public. this is nor "personal information" (ARIN calls it "sensitive" data). These are business contacts meant for the public, not "personal information" or "sensitive." If if were "sensitive" it would not be available to the public.
In any case I do not want to display sensitive data or personal information, I want to display the abuse contacts.
As for blocking IP from accessing the database I do not see the purpose anyway. Most harvesters use a distributed system of IP addresses so blocking IP only serves to disrupt pass-through systems doing legitimate tasks while harvesters continue to freely collect their data. For the most part the only thing it does is disrupt legitimate users and cause expense to those users for no purpose.
How can I get answers to these questions?
Thank you
Mr Michele Neylon Blacknight Solutions ♞ Hosting & Colocation, Brand Protection ICANN Accredited Registrar http://www.blacknight.com/ http://blog.blacknight.com/ http://blacknight.biz http://mneylon.tel Intl. +353 (0) 59 9183072 US: 213-233-1612 UK: 0844 484 9361 Locall: 1850 929 929 Facebook: http://fb.me/blacknight Twitter: http://twitter.com/mneylon ------------------------------- Blacknight Internet Solutions Ltd, Unit 12A,Barrowside Business Park,Sleaty Road,Graiguecullen,Carlow,Ireland Company No.: 370845
Thanks for all the replies. As for passing through the IP of the requesters of the whois records I have asked about this several times. ARIN told me they don't support it and RIPE won't answer my inquiries. Are there standards for that or any other information about setting up some sort of ip address pass-through or proxy for whois queries for the RIR's? As I understand it the fact that the abuse contact is not associated with the object record is a design flaw. It seems to me this matter should have been dealt with before the RIPE blocking initiatives. The definition of "personal data" in Directive 95/46/EC is not really useful when you talk about protection of the data. This definition groups information that is mandated by law to be public with truly private or sensitive data. For instance, company "Example.com" has an e-mail address "president@example.com." The company is legally required to file documents declaring who their president is and make that publicly available so the address "president@example.com" falls under this definition. Now if you have his private cell phone number that is also "personal data" but it is not mandated to be public information. The cell phone number deserves a high level of protection while but the e-mail address does not so treating them the same is not useful. In any case I have no desire to access persoanl contacts or other data other than contact information meant for public consumption. If I understand things correctly the so-called "bulk access" option is using a "-r" which would not display the abuse contact. Since getting the abuse contacts is often the main purpose of the query this does not seem to be viable option. In actuality I am not requesting "bulk access" and I don't save any of the data myself. My system is a pass-though where the users get the data and I package the data with other functions. It may appear as if it is bulk access because it all comes from a single IP but it is not. The same thing happened with ARIN several years ago. Once I showed them the web site they agreed that is was a pass-through system and removed the block. Now we have a situation where different RIR's have different policies for the same type of whois requests. In my case I use a commercial whois component from hexillion.com and i cannot go in and change the queries just to RIPE without going back to the software vendor or completely reprogramming my site. I have plans to do that anyway but I cannot do it overnight or during the Christmas season because someone at RIPE woke up one day after 13 years and decided to block my site. One purpose of the database is to provide access to the public for IP address allocations. While it is true people can visit the RIPE database themselves it is not practical (the person suggesting this has ads in his signature for a business that combines several services people could get on their own). As I see it the problem lies with ICANN/IANA. They are contractually obligated with the US Department of Commerce to "ensure the authentication, integrity, and reliability of the data in performing the IANA requirements, including the data relevant to DNS, root zone file, and IP address allocation." Obviously there should a single WHOIS interface with standard policies and procedures for accessing it and not this hodgepodge system where users of the data have to deal with each RIR separately. The funny part about this whole thing is that I contacted a busines that provides whois services (they are not a spammer or harvester). One of the first things they told me was that they use a distributed IP address system for requests to avoid the blocking. the current policy forces legitimate business to use hacking techniques to access data that is supposed to publicly variable. The current IP address blocking scheme has no practical purpose other than preventing DOS attacks. Harvesters continue collected data using distributed IP's while small sites like mine suffer and possibly get run out of business. The impression I have is that the people doing the blocking have no concern whatsoever about the collateral damage they are casing or the fact that their actions have little or no purpose. Then if someone complains they are often ignored or ridiculed. Thank You
On 15/12/11 16:42, russ@consumer.net wrote:
As for passing through the IP of the requesters of the whois records I have asked about this several times. ARIN told me they don't support it and RIPE won't answer my inquiries. Are there standards for that or any other information about setting up some sort of ip address pass-through or proxy for whois queries for the RIR's?
That's because whois is one of the simplest protocols there is. For example, to get the details for 192.0.2.1, just telnet into port 43 of whois.ripe.net. As soon as the disclaimer comes up, type "192.0.2.1" followed by enter, and you get the results. Why would you want to mess up as simple a protocol as that with something like the X-Forwarded-For header in HTTP? RIPE can only see the IP you're connecting from, and it's doing a lot more traffic than a normal IP. If you have a legit need, they can and will give you bulk access for that ip. Niall. -- Niall Donegan ---------------- http://www.blacknight.com Blacknight Internet Solutions Ltd, Unit 12A, Barrowside Business Park, Sleaty Road, Graiguecullen, Carlow, Ireland Company No.: 370845
I don't want to change anything, I just want to get my site unblocked from RIPE. ARIN has agreed that I have a legit need and has removed all blocks. After 13 years RIPE suddenly blocked me and will not remove the block no matter what explanation I give and they won't answer my questions. They just tell me I have to change my queries to include a "-r" I am in contact with the software vendor and I am trying to get something done but I had no prior notice. I am getting complaints and the following I have built up over 13 years is being lost. Even if I can include the "-r" the abuse contact will no longer show up and people are going to leave my site anyway. This is a major disaster for me and I cannot get any of my questions answered from RIPE or ICANN/IANA. They couldn't care less.
As for passing through the IP of the requesters of the whois records I have asked about this several times. ARIN told me they don't support it and RIPE won't answer my inquiries. Are there standards for that or any other information about setting up some sort of ip address pass-through or proxy for whois queries for the RIR's? That's because whois is one of the simplest protocols there is. For example, to get the details for 192.0.2.1, just telnet into port 43 of whois.ripe.net. As soon as the disclaimer comes up, type "192.0.2.1" followed by enter, and you get the results.
Why would you want to mess up as simple a protocol as that with something like the X-Forwarded-For header in HTTP?
RIPE can only see the IP you're connecting from, and it's doing a lot more traffic than a normal IP. If you have a legit need, they can and will give you bulk access for that ip.
Niall.
russ@consumer.net wrote:
I don't want to change anything,
...so I could stop reading?
I just want to get my site unblocked from RIPE. ARIN has agreed that I have a legit need and has removed all blocks.
Fine, I'm sure ARIN had good reasons to act as they did, either favourably to your interests, or not, it simply doesn't matter in the RIPE Region.
After 13 years RIPE suddenly blocked me
Sorry, the bulk access/harvesting prevention mechanisms have been in place for a *very* long time. So, I guess the "suddenly" is more likely to be related to a change in your query pattern and/or frequency, than to a change in the mechanisms.
and will not remove the block no matter what explanation I give and they won't answer my questions.
Although I am not a native speaker, I think you are contradicting yourself within a single sentence?
They just tell me I have to change my queries to include a "-r" I am in contact with the software vendor and I am trying to get something done but I had no prior notice. I am getting complaints and the following I have built up over 13 years is being lost. Even if I can include the "-r" the abuse contact will no longer show up and people are going to leave my site anyway. This is a major disaster for me and I cannot get any of my questions answered from RIPE or ICANN/IANA. They couldn't care less.
Well - although this is formally outside the topic of discussion - looking at your style, approach and choice of words, I am not overly surprised...
As for passing through the IP of the requesters of the whois records I have asked about this several times. ARIN told me they don't support it and RIPE won't answer my inquiries. Are there standards for that or any other information about setting up some sort of ip address pass-through or proxy for whois queries for the RIR's?
For the full set of 5 RIRs? My educated geuss would be: NO.
That's because whois is one of the simplest protocols there is. For example, to get the details for 192.0.2.1, just telnet into port 43 of whois.ripe.net. As soon as the disclaimer comes up, type "192.0.2.1" followed by enter, and you get the results.
Why would you want to mess up as simple a protocol as that with something like the X-Forwarded-For header in HTTP?
RIPE can only see the IP you're connecting from, and it's doing a lot more traffic than a normal IP. If you have a legit need, they can and will give you bulk access for that ip.
Niall.
Wilfried. PS: and even I ( :-) ), or rather the lab where I am doing teaching this stuff, get blocked when we activate the triggers, for one reason or another. And that's how it is meant to work :-) PPS: regarding your contacts to entities "cleverly" circumventing the bulk access prevcention mechanisms, we'd be interested to get those leads, because there's a good chance that these parties are violating the "RIPE Database Terms and Conditions", aka AUP and need to be contacted.
I'm sure ARIN had good reasons to act as they did, either favourably to your interests, or not, it simply doesn't matter in the RIPE Region.
Sorry, the bulk access/harvesting prevention mechanisms have been in
Why would you be sure of that and why wouldn't it matter? It seems to me that all internet users have a stake in seeing that the services are reliable in all regions. place for a *very* long time. So, I guess the "suddenly" is more likely to be related to a change in your query pattern >and/or frequency, than to a change in the mechanisms. No, something has changed. They are claiming now there is some type of limit of 1000 queries per day. They have not blocked me in the past and the queries exceed that so something changed recently.
Well - although this is formally outside the topic of discussion - looking at your style, approach and choice of words, I am not overly surprised...
PS: and even I ( :-) ), or rather the lab where I am doing teaching
So you are saying Internet policy should be based on an evaluation of a person's choice of style? In other words if you are not part of a small clique then you don't matter? Many system admins act like this and they think their anti-spam systems trumps every other need and they don't care how much damage is done. There are many people like this involved in Internet governance and it is a big problem because they don't balance the needs of different parties. these are the people that often ridicule anyone who brings up issues or ideas that goers against their view of the world from their limited experience. this stuff, get blocked when we activate the triggers, for one reason or another. And that's how it is meant to work :-) Yes. Then there is supposed to be a policy in place to make a determination of what is allowed and what is not. the problem is that ARIN says it is allowed but RIPE says it is not. It is apparentky common to all the commercial whois providers that they use a distributed system of IP's so I don't have any special knowledge or information.
I believe many other players, including US-based ones, quite successfully use RIPE database contents for purposes similar to yours.
I was doing fine for 13 years until recently. Apparently the successful ones uses distributed IP's to avoid the blocking.
The RIPE database is maintained by the RIPE NCC, and to the best of my knowledge, the RIPE-specific (non-mirrored) contents of the database have been contributed, update by update, by the RIPE NCC and the RIPE community. I totally fail to see how e.g. my person object would have been 'bought and paid for by the US taxpayer'.
I believe the data is under the ultimate control of the US Government based on the contract between the US and IANA. Here is an EC news release about it: http://europa.eu/rapid/pressReleasesAction.do?reference=IP/11/1345&format=HTML&aged=0&language=en&guiLanguage=en If someone has the contract between RIPE and IANA I would like to see that as well. It is interesting that nobody can explain why RIPE has one policy and ARIN has a different one. Also, nobody seems to agree that the services like whois need to be standardized across the Internet. Most shockingly nobody wants to address the fact that the IP address blocking does not do what it is intended to do. Most comments just assume RIPE must be right and that I must have done something wrong ... my stye is wrong and I present myself incorrectly, etc, etc. This is what happens when someone outside the closed community tries to bring issues to the table. The speaker is attacked and the issues are glossed over. It is interesting because I am usually on the other side of the privacy argument and I have testified before the US Federal Trade Commission arguing for greater privacy protection. thank you
russ@consumer.net wrote:
I'm sure ARIN had good reasons to act as they did, either favourably to your interests, or not, it simply doesn't matter in the RIPE Region.
Why would you be sure of that and why wouldn't it matter?
Because the policies to distribute and manage the number resources provided by IANA to the RIRs are a regional matter. Policy delvelopment in this context, when and if, it relates to the operation of IANA is a global policy process. Even this process is a bootom-up process, not a top-down mehanism as you seem to believe. ARIN operates in the legal framework of the United States of America, the RIPE NCC operates in the legal framework of the European Union in general and Dutch Law in particular. It is a pretty well-known fact that the legal systems in those regions are not identical. Thus, imho, ARIN's approach to managing access to whois data is not directly relevant to this region - in the sense that an aproach by ARIN has automatically to be copied by other regions.
It seems to me that all internet users have a stake in seeing that the services are reliable in all regions.
Agreed, totally, that's the reason why all the 5 RIRs do provide access to whois data for *users*, individually.
Sorry, the bulk access/harvesting prevention mechanisms have been in place for a *very* long time. So, I guess the "suddenly" is more likely to be related to a change in your query pattern >and/or frequency, than to a change in the mechanisms.
No, something has changed. They are claiming now there is some type of limit of 1000 queries per day. They have not blocked me in the past and the queries exceed that so something changed recently.
Well - although this is formally outside the topic of discussion - looking at your style, approach and choice of words, I am not overly surprised...
So you are saying Internet policy should be based on an evaluation of a person's choice of style?
No, what I am saying is that discussions regarding policy and discussions related to solving perceived problems SHOULD be conducted with respect to etiquette and mutual respect, rather than accusations.
In other words if you are not part of a small clique then you don't matter?
Like in any community, you will certainly receive the appropriate attention. You are getting pretty much attention on this list already, isn't it?
Many system admins act like this and they think their anti-spam systems trumps every other need and they don't care how much damage is done. There are many people like this involved in Internet governance and it is a big problem because they don't balance the needs of different parties. these are the people that often ridicule anyone who brings up issues or ideas that goers against their view of the world from their limited experience.
PS: and even I ( :-) ), or rather the lab where I am doing teaching this stuff, get blocked when we activate the triggers, for one reason or another. And that's how it is meant to work :-)
Yes. Then there is supposed to be a policy in place to make a determination of what is allowed and what is not. the problem is that ARIN says it is allowed but RIPE says it is not.
Please see above why there may (or probably will) be differences in the regions.
It is apparentky common to all the commercial whois providers that they use a distributed system of IP's so I don't have any special knowledge or information.
I believe many other players, including US-based ones, quite successfully use RIPE database contents for purposes similar to yours.
I was doing fine for 13 years until recently. Apparently the successful ones uses distributed IP's to avoid the blocking.
The RIPE database is maintained by the RIPE NCC, and to the best of my knowledge, the RIPE-specific (non-mirrored) contents of the database have been contributed, update by update, by the RIPE NCC and the RIPE community. I totally fail to see how e.g. my person object would have been 'bought and paid for by the US taxpayer'.
I believe the data is under the ultimate control of the US Government
Well, we keep hearing that generalized statement since quite a while, outside the US, and not limited to whois data :-)
based on the contract between the US and IANA. Here is an EC news release about it: http://europa.eu/rapid/pressReleasesAction.do?reference=IP/11/1345&format=HTML&aged=0&language=en&guiLanguage=en
Thanks for providing this URL. Alas, I do not see any indication in this text that would support your interpretation.
If someone has the contract between RIPE and IANA I would like to see that as well.
To my knowledge, such a contract does not exist, but I may be wrong! However, there is an MoU in place, between ICANN and the NRO (the collective of the five RIRs)
It is interesting that nobody can explain why RIPE has one policy and ARIN has a different one.
I tried to do that above, to summarize: - different legal environment - different communities - regional policies apply
Also, nobody seems to agree that the services like whois need to be standardized across the Internet.
I do know quite a few parties which do share that view. I also know quit a few others which do not agree, for various reasons.
Most shockingly nobody wants to address the fact that the IP address blocking does not do what it is intended to do.
I presume most people who get in contact with that do not see a problem.
Most comments just assume RIPE must be right and that I must have done something wrong ... my stye is wrong and I present myself incorrectly, etc, etc. This is what happens when someone outside the closed community tries to bring issues to the table. The speaker is attacked and the issues are glossed over. It is interesting because I am usually on the other side of the privacy argument and I have testified before the US Federal Trade Commission arguing for greater privacy protection.
thank you
Best regards, Wilfried.
Because the policies to distribute and manage the number resources provided by IANA to the RIRs are a regional matter.
Yes, I would agree some things are a regional matter and should be handled regionally, in fact as much as possible. However, access to the whois abuse data should not be. The reason is that the purpose of this is to contact the administrator of ip blocks to notify them of issues. If someone is tracing an IP and they can get the data for some IP's and not others then I see a lack of standardization as a problem. I think the whole issue comes down to this. It is not possible to control how public information is used. people don't want to accept that fact that it can't be done so they come up with schemes to make it look like they are doing something, like IP address blocking. Then they get so focused on pursuing their IP address blocking policy that they lose sight of the fact that IP address blocking does essentially nothing to control the spam that is the core issue. There is a big mantra to stop "harvesting" when, in actuality, there is nothing illegal about harvesting publicly available information or Google would have been shut down long ago. Since there is no real basis for blocking access to public information this new argument has arisen where information is now mandated to be public yet is also protected and sensitive under privacy laws. None of this makes the slightest amount of sense to me. I do not believe blocking my network-tools.com is not going to affect the amount of spam sent to RIPE database contacts. This is the real issue here. My whois contacts for domains is in the Tucows whois. This is protected by IP address blocks, CAPCHA, etc. yet I get spam all the time, these measures do no good. I just change my address every few months. Maybe the RIR's should set up system like whois privacy where the published addresses are all under RIPE.net domain and forwarded to hidden addresses. The public RIPE.net e-mail addresses could also change periodically. That way you have no privacy issue and the addresses "time out" so harvesting for future use is useless. thank you.
I looked over the MOU for the RIR's and these seem to be the relevant clauses to whois data access: "The ICANN bylaws assign to the ASO the responsibility for the development of global policies relating to the following areas: Definition of global policies for the distribution and registration of Internet address space (currently IPv4 and IPv6);... Specifically this responsibility is limited to the above and does not extend to the business practices or local policies of the RIRs except as needed to ensure that the RIRs meet the criteria for ICANN approved RIRs. The RIRs are responsible to their own members and in most cases this must be their prime responsibility." ICANN/IANA has a responsibility under the US government contract: "The Contractor shall ensure the authentication, integrity, and reliability of the data in performing the IANA requirements, including the data relevant to DNS, root zone file, and IP address allocation."
russ@consumer.net wrote:
Because the policies to distribute and manage the number resources
Maybe the RIR's should set up system like whois privacy where the published addresses are all under RIPE.net domain and forwarded to hidden addresses. The public RIPE.net e-mail addresses could also change periodically. That way you have no privacy issue and the addresses "time out" so harvesting for future use is useless.
Thats what I already liked to discuss a year ago on this list, without big response. There defny should be a system like this to hide all personal email addresses from all kind of harvesting, simply because its personal data and RIPE NCC has no reason to give it to other people and it needs to be protected much better (at least according to German law). Kind regards, Frank -- PHADE Software - PowerWeb http://www.powerweb.de Inh. Dipl.-Inform. Frank Gadegast mailto:frank@powerweb.de Schinkelstrasse 17 fon: +49 33200 52920 14558 Nuthetal OT Rehbruecke, Germany fax: +49 33200 52921 ====================================================================== Public PGP Key available for frank@powerweb.de
thank god ripe is not located in germany --srs (iPad) On 16-Dec-2011, at 14:25, Frank Gadegast <ripe-anti-spam-wg@powerweb.de> wrote:
russ@consumer.net wrote:
Because the policies to distribute and manage the number resources
Maybe the RIR's should set up system like whois privacy where the published addresses are all under RIPE.net domain and forwarded to hidden addresses. The public RIPE.net e-mail addresses could also change periodically. That way you have no privacy issue and the addresses "time out" so harvesting for future use is useless.
Thats what I already liked to discuss a year ago on this list, without big response.
There defny should be a system like this to hide all personal email addresses from all kind of harvesting, simply because its personal data and RIPE NCC has no reason to give it to other people and it needs to be protected much better (at least according to German law).
Kind regards, Frank -- PHADE Software - PowerWeb http://www.powerweb.de Inh. Dipl.-Inform. Frank Gadegast mailto:frank@powerweb.de Schinkelstrasse 17 fon: +49 33200 52920 14558 Nuthetal OT Rehbruecke, Germany fax: +49 33200 52921 ====================================================================== Public PGP Key available for frank@powerweb.de
* Frank Gadegast:
There defny should be a system like this to hide all personal email addresses from all kind of harvesting, simply because its personal data and RIPE NCC has no reason to give it to other people and it needs to be protected much better (at least according to German law).
Surely there are exceptions. Obviously, RIPE NCC should continue to operate mailing lists. Your proposal would prevent RIPE NCC from doing that. Come to think of it, from a privacy point of view, I don't see much of a difference between submitting a mail message to RIPE NCC for publication and distribution over a mailing list, and a person: object for publication and distribution using the RIPE database. -- Florian Weimer <fweimer@bfk.de> BFK edv-consulting GmbH http://www.bfk.de/ Kriegsstraße 100 tel: +49-721-96201-1 D-76133 Karlsruhe fax: +49-721-96201-99
Florian Weimer wrote:
* Frank Gadegast:
Hi Florian,
There defny should be a system like this to hide all personal email addresses from all kind of harvesting, simply because its personal data and RIPE NCC has no reason to give it to other people and it needs to be protected much better (at least according to German law).
Surely there are exceptions. Obviously, RIPE NCC should continue to operate mailing lists. Your proposal would prevent RIPE NCC from doing that.
Come to think of it, from a privacy point of view, I don't see much of a difference between submitting a mail message to RIPE NCC for publication and distribution over a mailing list, and a person: object for publication and distribution using the RIPE database.
Not every spammer can harvest all addresses daily ;o) eMail lists are collected by specialists over years and handed over to several spammers, thats why a lot of addresses are outdated before a spammer starts using them. And surely they cannot seperate working from outdated addresses, because the sending address is always faked and any "User unknown" return email, bounce or whatever feedback from the receivers mail server will never reach the spammer itself. So, spams will be heavily reduced, if the random address at ripe used to forward mails to a personal email address in any object is changing on a regular basis. Harvesting the proxy addresses, lets say, on a daily basis, will surely not be possible, because of the whois restructions on whois. Kind regards, Frank -- PHADE Software - PowerWeb http://www.powerweb.de Inh. Dipl.-Inform. Frank Gadegast mailto:frank@powerweb.de Schinkelstrasse 17 fon: +49 33200 52920 14558 Nuthetal OT Rehbruecke, Germany fax: +49 33200 52921 ====================================================================== Public PGP Key available for frank@powerweb.de
Not every spammer can harvest all addresses daily ;o)
I have been doing this for years with domain whois. I am listed in over 1000 domains. My experience (without taking detailed measurements) is that a small trickle of spam comes within a few hours (which is why I know IP restrictions don't work). However, it does not build up to any significant amount for a couple months. I suspect the RIPE database is not as desirable as .com whois so i suspect changing the address every few months will be more than sufficient. However, anyone can do this on your own and you don't need RIPE to do it for you as long as you can set up e-mail forwarding. What should have been is that honeypot addresses should have been set up to measure the effectiveness of any anti-spam methods used. has this been done in the case of RIPE? How did RIPE come up with this new 1,000 queries per day limit? Did someone just pick a number or was it tested with data? Are there ongoing efforts to test the effectiveness of these and any other tools? The other problem I see is that the operation of the whois databases are part of the requirements to be an RIR. The RIR's all agreed in the MOU that policies relating to the requirements to be an RIR be submitted to the consensus process. It is supposed to go to the "Address Council" of the "Address Supporting Organization (ASO)." Instead we have RIR's skipping the consensus process and establishing their own local policies. Thank You
On 15 Dec 2011, at 16:42, russ@consumer.net wrote:
Thanks for all the replies.
As for passing through the IP of the requesters of the whois records I have asked about this several times. ARIN told me they don't support it and RIPE won't answer my inquiries. Are there standards for that or any other information about setting up some sort of ip address pass-through or proxy for whois queries for the RIR's?
You want bulk access. Stop pretending that you don't
As I understand it the fact that the abuse contact is not associated with the object record is a design flaw. It seems to me this matter should have been dealt with before the RIPE blocking initiatives.
Why? Because it puts you out?
The definition of "personal data" in Directive 95/46/EC is not really useful when you talk about protection of the data.
It's European law. Saying it's "not really useful" won't change that
This definition groups information that is mandated by law to be public with truly private or sensitive data. For instance, company "Example.com" has an e-mail address "president@example.com." The company is legally required to file documents declaring who their president is and make that publicly available so the address "president@example.com" falls under this definition. Now if you have his private cell phone number that is also "personal data" but it is not mandated to be public information. The cell phone number deserves a high level of protection while but the e-mail address does not so treating them the same is not useful. In any case I have no desire to access persoanl contacts or other data other than contact information meant for public consumption.
If I understand things correctly the so-called "bulk access" option is using a "-r" which would not display the abuse contact. Since getting the abuse contacts is often the main purpose of the query this does not seem to be viable option. In actuality I am not requesting "bulk access" and I don't save any of the data myself. My system is a pass-though where the users get the data and I package the data with other functions. It may appear as if it is bulk access because it all comes from a single IP but it is not. The same thing happened with ARIN several years ago. Once I showed them the web site they agreed that is was a pass-through system and removed the block. Now we have a situation where different RIR's have different policies for the same type of whois requests. In my case I use a commercial whois component from hexillion.com and i cannot go in and change the queries just to RIPE without going back to the software vendor or completely reprogramming my site. I have plans to do that anyway but I cannot do it overnight or during the Christmas season because someone at RIPE woke up one day after 13 years and decided to block my site.
One purpose of the database is to provide access to the public for IP address allocations. While it is true people can visit the RIPE database themselves it is not practical
Practical according to who?
(the person suggesting this has ads in his signature for a business that combines several services people could get on their own).
I assume that was aimed at me? If it was why don't you just say so instead of trying to be "clever" ?
As I see it the problem lies with ICANN/IANA. They are contractually obligated with the US Department of Commerce to "ensure the authentication, integrity, and reliability of the data in performing the IANA requirements, including the data relevant to DNS, root zone file, and IP address allocation." Obviously there should a single WHOIS interface with standard policies and procedures for accessing it and not this hodgepodge system where users of the data have to deal with each RIR separately.
IPs in the RIPE region are clearly delegated to RIPE by IANA. IANA has completed its function.
The funny part about this whole thing is that I contacted a busines that provides whois services (they are not a spammer or harvester).
Who? The only companies I know of that provider "whois services" are doing so by harvesting data from other people's systems.
One of the first things they told me was that they use a distributed IP address system for requests to avoid the blocking.
Which tells me that what they're harvesting. If their usage was "legitimate" then they would be able to get whitelisted
the current policy forces legitimate business to use hacking techniques to access data that is supposed to publicly variable. The current IP address blocking scheme has no practical purpose other than preventing DOS attacks. Harvesters continue collected data using distributed IP's while small sites like mine suffer and possibly get run out of business.
So you want to make money out of our data? And you're upset that EU law and RIPE's policies slows you down?
The impression I have is that the people doing the blocking have no concern whatsoever about the collateral damage they are casing or the fact that their actions have little or no purpose. Then if someone complains they are often ignored or ridiculed.
Thank You
Mr Michele Neylon Blacknight Solutions ♞ Hosting & Colocation, Brand Protection ICANN Accredited Registrar http://www.blacknight.com/ http://blog.blacknight.com/ http://blacknight.biz http://mneylon.tel Intl. +353 (0) 59 9183072 US: 213-233-1612 UK: 0844 484 9361 Locall: 1850 929 929 Facebook: http://fb.me/blacknight Twitter: http://twitter.com/mneylon ------------------------------- Blacknight Internet Solutions Ltd, Unit 12A,Barrowside Business Park,Sleaty Road,Graiguecullen,Carlow,Ireland Company No.: 370845
So you want to make money out of our data? And you're upset that EU law and RIPE's policies slows you down? Mr Michele Neylon Blacknight Solutions
You may not like the response (I would not like it if I were outside the US) but the data is bought and paid for by the US taxpayer. IANA is done via contract to the US Department of Commerce NTIA. I have filed a formal Freedom of Information Act under US law requesting access since it appears to me the US Government owns the data. US Taxpayers are paying ICANN/IANA to standardize this data and ensure stuff like this does not happen. ARIN (and all the RIR's) should be under the same requirements and should supply data to other countries as well. It is an issue of supplying an Internet function to all users not an "our data" vs. "their data" issue. But, yes, I want to continue to make money off the data. Just like your business wants to continue make money off the fact that domain registration was changed from a one-company monopoly to a distributed competitive system so that companies like your can combine domain registration and web hosting. Since most of the Internet was developed in the US by the US government (not to say there weren't significant contributions elsewhere) an argument could be made the rest of the world is profiting off USA data. But I see nothing wrong with that. The more people involved in commerce, competition, and making money off the Internet the better it will be and more and better services will be offered. But none of your customers actually need to register a domain through you, they can all the US based Network Solutions. I bet before competition is they blocked your company from registering domains I expect you would have had a fit. As it is you are profiting from a US-developed system. I have no problem when data laws are applied correctly. The situation we have here is that you have data that is mandated to be public while, at the same time, there are claims it needs to be protected. You can't do both, either it is public or protected. On top of that we have methods that claim to protect the data that do no such thing and it is costing me money and inconveniencing Internet users and serves no real purpose. Thank you
-----Original Message----- From: anti-abuse-wg-bounces@ripe.net [mailto:anti-abuse-wg- bounces@ripe.net] On Behalf Of russ@consumer.net Sent: Thursday, December 15, 2011 8:42 PM Cc: anti-abuse-wg@ripe.net
So you want to make money out of our data? And you're upset that EU law and RIPE's policies slows you down? Mr Michele Neylon Blacknight Solutions
You may not like the response (I would not like it if I were outside the US) but the data is bought and paid for by the US taxpayer.
The RIPE database is maintained by the RIPE NCC, and to the best of my knowledge, the RIPE-specific (non-mirrored) contents of the database have been contributed, update by update, by the RIPE NCC and the RIPE community. I totally fail to see how e.g. my person object would have been 'bought and paid for by the US taxpayer'.
But, yes, I want to continue to make money off the data. Just like your business wants to continue make money off the fact that domain registration was changed from a one-company monopoly to a distributed competitive system so that companies like your can combine domain registration and web hosting.
I have no problem with that. If you can provide added value that attracts customers, more power to you. I believe many other players, including US-based ones, quite successfully use RIPE database contents for purposes similar to yours. -- Thor Kottelin http://www.anta.net/
-----Original Message----- From: anti-abuse-wg-bounces@ripe.net [mailto:anti-abuse-wg- bounces@ripe.net] On Behalf Of russ@consumer.net Sent: Thursday, December 15, 2011 2:29 PM To: anti-abuse-wg@ripe.net
I am being accused of wanting "bulk access" to the database. That is not true. My system is a pass-through system where many different people make requests through network-tools.com. The web site is merely a pass-through.
I would also describe your usage as bulk access. Can you not apply for such access? I have, and the RIPE NCC was most helpful.
RIPE keeps claims the requests are for "personal information." IP address and abuse contacts are business contacts and role accounts meant for the public. this is nor "personal information"
Directive 95/46/EC defines 'personal data' as 'any information relating to an identified or identifiable natural person ("data subject"); an identifiable person is one who can be identified, directly or indirectly, in particular by reference to an identification number or to one or more factors specific to his physical, physiological, mental, economic, cultural or social identity'. In other words, my email address in the RIPE database is personal data because it relates to a natural person, even though it is being published for business purposes. -- Thor Kottelin http://www.anta.net/
Second- RIPE keeps claims the requests are for "personal information." IP address and abuse contacts are business contacts and role accounts meant for the public.
In the RIPE database, the abuse contact information is not attached to resource objects, but to person (and role) objects, which are referenced from resource objects. This is a design flaw, and there are proposals currently under discussion to work around it. -- Florian Weimer <fweimer@bfk.de> BFK edv-consulting GmbH http://www.bfk.de/ Kriegsstraße 100 tel: +49-721-96201-1 D-76133 Karlsruhe fax: +49-721-96201-99
participants (8)
-
Florian Weimer -
Frank Gadegast -
Michele Neylon :: Blacknight -
Niall Donegan -
russ@consumer.net -
Suresh Ramasubramanian -
Thor Kottelin -
Wilfried Woeber, UniVie/ACOnet