On 11/03/2013 3:50 PM, Tobias Knecht wrote:

Hi Arnold,

...

Since I have been reporting SPAM for some time, missing, out-of-date or inaccurate contact information has always been a problem.

Absolutely agree. That is one part of the data accuracy part we want to face now. Thank you for your comments, Tobias,

I have just now run into a database entry where the users seem to be confused as to what to enter into the fields and we end up with circular definition as in this case http://apps.db.ripe.net/whois/lookup/ripe/person/MM29699-RIPE.html I was looking for MM29699-RIPE it's entry pointed to NIC-Handle nic-hdl:MM29699-RIPE <http://apps.db.ripe.net/whois/lookup/ripe/person/MM29699-RIPE.html> where it is defined as: MM29699-RIPE which brought me full circle :-) This sort of thing happens on a regular basis Arnold -- Fight Spam - report it with wxSR 0.5 Vista & Win7 ready http://www.columbinehoney.net/wxSR.shtml

Dear Arnold

I am afraid I am a little confused as to what you were trying to find in the database. Hello Denis, What I am typically looking for is an e-mail address to which I can send a SPAM report. First I look up the originating IP address in the source code of the SPAM message,

On 12/03/2013 2:35 AM, Denis Walker wrote: plug it into a WhoIs look up via the IANA ipv4-address-space.xml files. Often enough this gives me the abuse handler address. For RIPE, when no abuse address is given, I try to find one using the admin-c: ?????-RIPE and plugging it into http://apps.db.ripe.net/search/query.html to find the NIC handle, which some times has an e-mail address, sometimes it has a circular reference to itself and other times it may have a gmail or hotmail address which often enough bounce because the mail box is full .

You looked up a PERSON object by the Nic Hdl. The Nic Hdl is the primary key of a PERSON object in the database. So you found what you were looking for, the person.

Now I see that this Nic Hdl is referenced in an INETNUM object. If you were looking for the abuse contact for that resource, it is possible to find one by doing many queries manually yourself, but it is not the recommended way. This PERSON object, has a MNTNER, which has an admin-c, which references another PERSON that has an abuse-mailbox.

If you used the Abuse Finder tool to look up the resource, it would return you the same abuse-mailbox without the need for you to do all the individual queries. http://apps.db.ripe.net/search/abuse-finder.html

I have tried to use the abuse finder tool a few times, but have never really had enough luck with it to keep using it. Just now I tried both with 217.75.223.120 - abuse-finder.html gave me nothing at all, The query tool gave me - in this case a whole slew of contacts as admin-c, tech-c & NIC-hdl. At least one of these got me a usable e-mail address to which I will send my report.

I noticed that this resource is an allocation object. Within the next 6 months this resource WILL have an abuse-c reference. So it will be even easier to find the abuse contact details without needing to lookup any personal data.

When I first learned of the abuse finder, I tried it - with much the same success as this time. Perhaps I am feeding it the wrong questions and data. In that case I need more information about what sort of things I can feed it - but it would have to be things I can glean from the SPAM e-mail. Clicking on the '?' for the Resource field in the abuse finder did not give me enough to make it work as I would expect it to work - i.e. give me a useful contact e-mail address. Hoping that helps explain how I look for data. Please let me know if there are better or quicker ways to come by the needed data. That being said, I do find that these days I do run into a lot more WhoIS records with usable e-mail addresses compared to even a year ago. Regards, Arnold -- Fight Spam - report it with wxSR 0.5 Vista & Win7 ready http://www.columbinehoney.net/wxSR.shtml

On 3/12/2013 6:03 PM, Leo Vegoda wrote:

Hi,

Arnold wrote:

[...]

...

First I look up the originating IP address in the source code of the SPAM message, plug it into a WhoIs look up via the IANA ipv4-address-space.xml files. Why would you do this instead of using the whois service at whois.iana.org or http://www.iana.org/whois? The whois service will always return the most specific answer in an IANA registry.

Regards,

Leo Because that way it is all contained within my SPAM reporter program.

Assuming that IANA updated their DB files at reasonable intervals - my program checks to see if it has the latest file and if not it downloads the latest one - so it should end up being much easier - no cut-n-paste. Only if I can't find it within the latest IANA data do I consult other sources and in several years worth of using this, most of the time IANA does the job for me. Arnold -- Fight Spam - report it with wxSR 0.5 - ready for Vista & Win7 http://www.columbinehoney.net/wxSR.shtml

On 3/14/2013 12:45 PM, Leo Vegoda wrote:

Hi Arnold,

Arnold wrote:

[...]

...

Assuming that IANA updated their DB files at reasonable intervals - my program checks to see if it has the latest file and if not it downloads the latest one - so it should end up being much easier - no cut-n-paste. New registry files are published within seconds of the registry being updated. Good - though from my experience this updating does not happen very frequently.

Having just barely recovered from a hardware crash, I unfortunately have not gotten all my records fully restored, but if I had to guess, in the past year there have not been any more then a handful of updates, if that. Regards, Arnold -- Fight Spam - report it with wxSR 0.5 - ready for Vista & Win7 http://www.columbinehoney.net/wxSR.shtml

Dear Arnold On 13/03/2013 00:31, Arnold wrote:

...

Dear Arnold

I am afraid I am a little confused as to what you were trying to find in the database. Hello Denis, What I am typically looking for is an e-mail address to which I can send a SPAM report. First I look up the originating IP address in the source code of the SPAM message,

On 12/03/2013 2:35 AM, Denis Walker wrote: plug it into a WhoIs look up via the IANA ipv4-address-space.xml files. Often enough this gives me the abuse handler address. For RIPE, when no abuse address is given, I try to find one using the admin-c: ?????-RIPE and plugging it into http://apps.db.ripe.net/search/query.html to find the NIC handle, which some times has an e-mail address, sometimes it has a circular reference to itself and other times it may have a gmail or hotmail address which often enough bounce because the mail box is full .

The RIPE Database contains many email addresses. These addresses are there for different reasons. Many attributes may point you to an email address, for example: admin-c: tech-c: zone-c: ping-hdl: notify: ref-nfy: mnt-ref: changed: and abuse-mailbox: Only this last one is specifically intended for abuse complaints. The problem we had in the past is that this attribute was always optional and if used could be put in many different places. With the new abuse-c:, to be deployed very soon, it will be mandatory and fixed in one place. Within the next 6 months all PA address space allocated by the RIPE NCC and all the more specific assignments WILL be covered by this mandatory abuse-mailbox: using the abuse-c: reference.

...

You looked up a PERSON object by the Nic Hdl. The Nic Hdl is the primary key of a PERSON object in the database. So you found what you were looking for, the person.

Now I see that this Nic Hdl is referenced in an INETNUM object. If you were looking for the abuse contact for that resource, it is possible to find one by doing many queries manually yourself, but it is not the recommended way. This PERSON object, has a MNTNER, which has an admin-c, which references another PERSON that has an abuse-mailbox.

If you used the Abuse Finder tool to look up the resource, it would return you the same abuse-mailbox without the need for you to do all the individual queries. http://apps.db.ripe.net/search/abuse-finder.html

I have tried to use the abuse finder tool a few times, but have never really had enough luck with it to keep using it. Just now I tried both with 217.75.223.120 - abuse-finder.html gave me nothing at all, The query tool gave me - in this case a whole slew of contacts as admin-c, tech-c & NIC-hdl. At least one of these got me a usable e-mail address to which I will send my report.

I think in this context 'usable' may have different interpretations. One of the functions of the RIPE Database is for engineers to be able to contact each other to resolve network and routing problems. Sending an abuse report to a network engineer because he has a 'usable' email address in the database may not achieve the result you were expecting. The Abuse Finder tool returns the email addresses that have been provided for receiving abuse reports. If no such address has been provided the tool will return nothing, even if there are other email addresses in the database that are intended for other purposes. Over the next few months, as the abuse-c: data is entered into the database, the Abuse Finder tool will return more positive results. This will be the quickest and most reliable way to find abuse contacts for any resource. Regards Denis Walker Business Analyst RIPE NCC Database Group

...

I noticed that this resource is an allocation object. Within the next 6 months this resource WILL have an abuse-c reference. So it will be even easier to find the abuse contact details without needing to lookup any personal data.

When I first learned of the abuse finder, I tried it - with much the same success as this time. Perhaps I am feeding it the wrong questions and data. In that case I need more information about what sort of things I can feed it - but it would have to be things I can glean from the SPAM e-mail. Clicking on the '?' for the Resource field in the abuse finder did not give me enough to make it work as I would expect it to work - i.e. give me a useful contact e-mail address.

Hoping that helps explain how I look for data.

Please let me know if there are better or quicker ways to come by the needed data.

That being said, I do find that these days I do run into a lot more WhoIS records with usable e-mail addresses compared to even a year ago.

Regards, Arnold

I have never seen an email asking me to confirm that I still do the stuff that is listed in my local RIR... David -----Oorspronkelijk bericht----- Van: anti-abuse-wg-bounces@ripe.net [mailto:anti-abuse-wg-bounces@ripe.net] Namens Arnold Verzonden: vrijdag 15 maart 2013 09:29 Aan: Denis Walker CC: Tobias Knecht; anti-abuse-wg@ripe.net Onderwerp: Re: [anti-abuse-wg] Abuse Reporting Issues On 3/14/2013 3:28 AM, Denis Walker wrote:

The RIPE Database contains many email addresses. These addresses are there for different reasons. Many attributes may point you to an email address, for example: admin-c: tech-c: zone-c: ping-hdl: notify: ref-nfy: mnt-ref: changed:

and abuse-mailbox:

Only this last one is specifically intended for abuse complaints. The problem we had in the past is that this attribute was always optional and if used could be put in many different places.

I applaud the motion to make the attribute mandatory; whether it will have much effect in reality I'll wait and see. I realize there are many addresses in the RIPE database and if at all possible - for records without an abuse -email address - I tend to address my report to the admin-c, as I see those people as the most likely to have any influence on getting the 'problem' fixed.

I think in this context 'usable' may have different interpretations. One of the functions of the RIPE Database is for engineers to be able to contact each other to resolve network and routing problems. Sending an abuse report to a network engineer because he has a 'usable' email address in the database may not achieve the result you were expecting.

No disagreement on this from me. I merely pointed out that for _my_ purposes, the Abuse Finder is less useful than the IANA files or the RIPE query page.

The Abuse Finder tool returns the email addresses that have been provided for receiving abuse reports. If no such address has been provided the tool will return nothing, even if there are other email addresses in the database that are intended for other purposes. Understood and accepted, but I have to and have had to work with what there was available. If the available resources change, with time my approach will change as well.

Over the next few months, as the abuse-c: data is entered into the database, the Abuse Finder tool will return more positive results. This will be the quickest and most reliable way to find abuse contacts for any resource. Hope your expectations will become reality.

Regards Arnold -- Fight Spam - report it with wxSR 0.5 - ready for Vista & Win7 http://www.columbinehoney.net/wxSR.shtml

Hi Frederik, I am such a person (DH3195-RIPE). I entered my email a long time ago. Unlike passwords that expire and accounts that get locked when not used, this vital contact info is never re-validated. We never get mail that says: "Ripe wants to confirm that you are still having Role X in your organisation. Click here to confirm.". A full-inbox bounce could trigger a phone call. Etc. Ripe should charge money for not keeping records up to date. In my (ESP) world, an email address that has not been used by the list-owner for over a year is a risk for a spam trap ;-). Bye, David -----Oorspronkelijk bericht----- Van: Fredrik Widell [mailto:fredrik@resilans.se] Verzonden: vrijdag 15 maart 2013 09:30 Aan: MailPlus| David Hofstee CC: Arnold; Denis Walker; Tobias Knecht; anti-abuse-wg@ripe.net Onderwerp: Re: [anti-abuse-wg] Abuse Reporting Issues On Fri, 15 Mar 2013, MailPlus| David Hofstee wrote: There is a way of always reaching the correct recipients when it comes to reporting abuse, which it seems every single abuse-department is neglecting to use. Why not take a look at the source, see which Autonomous System is actually announcing the prefix the address belongs to, it is quite hard to hide that information. (there are a lot of free looking-glasses on the Internet for those of you who does not have access to a router, or, why not use ripes riswhois :) When you know the AS, return to the whois-databases and look for the contact information for that Autonomous System, and contact them instead, they will always know which the offending customer is, they can always do something about the problem. And the best part, it actually works :)

I have never seen an email asking me to confirm that I still do the stuff that is listed in my local RIR...

David

-----Oorspronkelijk bericht----- Van: anti-abuse-wg-bounces@ripe.net [mailto:anti-abuse-wg-bounces@ripe.net] Namens Arnold Verzonden: vrijdag 15 maart 2013 09:29 Aan: Denis Walker CC: Tobias Knecht; anti-abuse-wg@ripe.net Onderwerp: Re: [anti-abuse-wg] Abuse Reporting Issues

On 3/14/2013 3:28 AM, Denis Walker wrote:

...

The RIPE Database contains many email addresses. These addresses are there for different reasons. Many attributes may point you to an email address, for example: admin-c: tech-c: zone-c: ping-hdl: notify: ref-nfy: mnt-ref: changed:

and abuse-mailbox:

Only this last one is specifically intended for abuse complaints. The problem we had in the past is that this attribute was always optional and if used could be put in many different places.

I applaud the motion to make the attribute mandatory; whether it will have much effect in reality I'll wait and see.

I realize there are many addresses in the RIPE database and if at all possible - for records without an abuse -email address - I tend to address my report to the admin-c, as I see those people as the most likely to have any influence on getting the 'problem' fixed.

...

I think in this context 'usable' may have different interpretations. One of the functions of the RIPE Database is for engineers to be able to contact each other to resolve network and routing problems. Sending an abuse report to a network engineer because he has a 'usable' email address in the database may not achieve the result you were expecting.

No disagreement on this from me. I merely pointed out that for _my_ purposes, the Abuse Finder is less useful than the IANA files or the RIPE query page.

...

The Abuse Finder tool returns the email addresses that have been provided for receiving abuse reports. If no such address has been provided the tool will return nothing, even if there are other email addresses in the database that are intended for other purposes. Understood and accepted, but I have to and have had to work with what there was available. If the available resources change, with time my approach will change as well.

Over the next few months, as the abuse-c: data is entered into the database, the Abuse Finder tool will return more positive results. This will be the quickest and most reliable way to find abuse contacts for any resource. Hope your expectations will become reality.

Regards Arnold

-- Mvh Fredrik Widell Resilans AB http://www.resilans.se/ mail: info@resilans.se , fredrik@resilans.se phone: +46 8 688 11 82

Hi Frederik, Who has an interest in a clean database? The sloppy Org or Ripe? The answer is Ripe, therefore it should also spend energy [via Ripe Ncc] in (making sure that Orgs are) keeping it clean. Kids do not grow up themselves, it requires an active process. Organisations are not much different. David -----Oorspronkelijk bericht----- Van: Fredrik Widell [mailto:fredrik@resilans.se] Verzonden: vrijdag 15 maart 2013 10:37 Aan: MailPlus| David Hofstee CC: anti-abuse-wg@ripe.net Onderwerp: RE: [anti-abuse-wg] Abuse Reporting Issues On Fri, 15 Mar 2013, MailPlus| David Hofstee wrote: Well, that is probably more a sign of a sloppy organisation, it is up to the LIR to keep the ripedb up to date, this is not the role of RIPE. You probably dont expect RIPE to keep track of your old DNS-entrys and give you a phone-call if it seems that a customer-name is wrong do you?

Hi Frederik,

I am such a person (DH3195-RIPE). I entered my email a long time ago. Unlike passwords that expire and accounts that get locked when not used, this vital contact info is never re-validated. We never get mail that says: "Ripe wants to confirm that you are still having Role X in your organisation. Click here to confirm.". A full-inbox bounce could trigger a phone call. Etc. Ripe should charge money for not keeping records up to date.

In my (ESP) world, an email address that has not been used by the list-owner for over a year is a risk for a spam trap ;-).

Bye,

David

On 3/15/2013 2:03 AM, MailPlus| David Hofstee wrote:

Hi Frederik,

I am such a person (DH3195-RIPE). I entered my email a long time ago. Unlike passwords that expire and accounts that get locked when not used, this vital contact info is never re-validated. We never get mail that says: "Ripe wants to confirm that you are still having Role X in your organisation. Click here to confirm.". A full-inbox bounce could trigger a phone call. Etc. Ripe should charge money for not keeping records up to date. My sentiments exactly. Without ongoing efforts to verify and costs to the client for failing to respond, all of this possibly keeps some people busy, but does nothing to help stem SPAM.

Arnold

In my (ESP) world, an email address that has not been used by the list-owner for over a year is a risk for a spam trap ;-).

Bye,

David

-----Oorspronkelijk bericht----- Van: Fredrik Widell [mailto:fredrik@resilans.se] Verzonden: vrijdag 15 maart 2013 09:30 Aan: MailPlus| David Hofstee CC: Arnold; Denis Walker; Tobias Knecht; anti-abuse-wg@ripe.net Onderwerp: Re: [anti-abuse-wg] Abuse Reporting Issues

On Fri, 15 Mar 2013, MailPlus| David Hofstee wrote:

There is a way of always reaching the correct recipients when it comes to reporting abuse, which it seems every single abuse-department is neglecting to use.

Why not take a look at the source, see which Autonomous System is actually announcing the prefix the address belongs to, it is quite hard to hide that information.

(there are a lot of free looking-glasses on the Internet for those of you who does not have access to a router, or, why not use ripes riswhois :)

When you know the AS, return to the whois-databases and look for the contact information for that Autonomous System, and contact them instead, they will always know which the offending customer is, they can always do something about the problem.

And the best part, it actually works :)

...

I have never seen an email asking me to confirm that I still do the stuff that is listed in my local RIR...

David

-----Oorspronkelijk bericht----- Van: anti-abuse-wg-bounces@ripe.net [mailto:anti-abuse-wg-bounces@ripe.net] Namens Arnold Verzonden: vrijdag 15 maart 2013 09:29 Aan: Denis Walker CC: Tobias Knecht; anti-abuse-wg@ripe.net Onderwerp: Re: [anti-abuse-wg] Abuse Reporting Issues

On 3/14/2013 3:28 AM, Denis Walker wrote:

...

The RIPE Database contains many email addresses. These addresses are there for different reasons. Many attributes may point you to an email address, for example: admin-c: tech-c: zone-c: ping-hdl: notify: ref-nfy: mnt-ref: changed:

and abuse-mailbox:

Only this last one is specifically intended for abuse complaints. The problem we had in the past is that this attribute was always optional and if used could be put in many different places. I applaud the motion to make the attribute mandatory; whether it will have much effect in reality I'll wait and see.

I realize there are many addresses in the RIPE database and if at all possible - for records without an abuse -email address - I tend to address my report to the admin-c, as I see those people as the most likely to have any influence on getting the 'problem' fixed.

...

I think in this context 'usable' may have different interpretations. One of the functions of the RIPE Database is for engineers to be able to contact each other to resolve network and routing problems. Sending an abuse report to a network engineer because he has a 'usable' email address in the database may not achieve the result you were expecting.

No disagreement on this from me. I merely pointed out that for _my_ purposes, the Abuse Finder is less useful than the IANA files or the RIPE query page.

...

The Abuse Finder tool returns the email addresses that have been provided for receiving abuse reports. If no such address has been provided the tool will return nothing, even if there are other email addresses in the database that are intended for other purposes. Understood and accepted, but I have to and have had to work with what there was available. If the available resources change, with time my approach will change as well. Over the next few months, as the abuse-c: data is entered into the database, the Abuse Finder tool will return more positive results. This will be the quickest and most reliable way to find abuse contacts for any resource. Hope your expectations will become reality.

Regards Arnold

-- Fight Spam - report it with wxSR 0.5 - ready for Vista & Win7 http://www.columbinehoney.net/wxSR.shtml

Arnold wrote:

On 3/15/2013 2:03 AM, MailPlus| David Hofstee wrote:

...

Hi Frederik,

I am such a person (DH3195-RIPE). I entered my email a long time ago. Unlike passwords that expire and accounts that get locked when not used, this vital contact info is never re-validated. We never get mail that says: "Ripe wants to confirm that you are still having Role X in your organisation. Click here to confirm.". A full-inbox bounce could trigger a phone call. Etc. Ripe should charge money for not keeping records up to date.

My sentiments exactly. Without ongoing efforts to verify and costs to the client for failing to respond, all of this possibly keeps some people busy, but does nothing to help stem SPAM.

And even if there would be money involved, some way or another, SPAM would not go away or become less. It simply is a fact, that sending unsolicited messages simply is not illegal in some places. In some corners of the world it is even a business model. So whether the contact info is "correct" (for any definition of), working (for any definition of) or not, is mostly a non-issue in this case. Bothering the RIPE NCC again and again is also not going to have a too big impact. There are quite a few other well-established mechanisms to fight unwanted (again, for any definition of) activities. Like Regulators, Trade Commissions, national and sector-specific or ISP-related CERTs and so on. And - hopping on my soap-box - the real problem to solve is to educate the users to *not* react to SPAM. No business gained by spamming, costing money (even if it is cheap), would make it go away pretty quickly. End soap-box :-) Wilfried

Arnold

...

In my (ESP) world, an email address that has not been used by the list-owner for over a year is a risk for a spam trap ;-).

Bye,

David

-----Oorspronkelijk bericht----- Van: Fredrik Widell [mailto:fredrik@resilans.se] Verzonden: vrijdag 15 maart 2013 09:30 Aan: MailPlus| David Hofstee CC: Arnold; Denis Walker; Tobias Knecht; anti-abuse-wg@ripe.net Onderwerp: Re: [anti-abuse-wg] Abuse Reporting Issues

On Fri, 15 Mar 2013, MailPlus| David Hofstee wrote:

There is a way of always reaching the correct recipients when it comes to reporting abuse, which it seems every single abuse-department is neglecting to use.

Why not take a look at the source, see which Autonomous System is actually announcing the prefix the address belongs to, it is quite hard to hide that information.

(there are a lot of free looking-glasses on the Internet for those of you who does not have access to a router, or, why not use ripes riswhois :)

When you know the AS, return to the whois-databases and look for the contact information for that Autonomous System, and contact them instead, they will always know which the offending customer is, they can always do something about the problem.

And the best part, it actually works :)

...

I have never seen an email asking me to confirm that I still do the stuff that is listed in my local RIR...

David

-----Oorspronkelijk bericht----- Van: anti-abuse-wg-bounces@ripe.net [mailto:anti-abuse-wg-bounces@ripe.net] Namens Arnold Verzonden: vrijdag 15 maart 2013 09:29 Aan: Denis Walker CC: Tobias Knecht; anti-abuse-wg@ripe.net Onderwerp: Re: [anti-abuse-wg] Abuse Reporting Issues

On 3/14/2013 3:28 AM, Denis Walker wrote:

...

The RIPE Database contains many email addresses. These addresses are there for different reasons. Many attributes may point you to an email address, for example: admin-c: tech-c: zone-c: ping-hdl: notify: ref-nfy: mnt-ref: changed:

and abuse-mailbox:

Only this last one is specifically intended for abuse complaints. The problem we had in the past is that this attribute was always optional and if used could be put in many different places.

I applaud the motion to make the attribute mandatory; whether it will have much effect in reality I'll wait and see.

I realize there are many addresses in the RIPE database and if at all possible - for records without an abuse -email address - I tend to address my report to the admin-c, as I see those people as the most likely to have any influence on getting the 'problem' fixed.

...

I think in this context 'usable' may have different interpretations. One of the functions of the RIPE Database is for engineers to be able to contact each other to resolve network and routing problems. Sending an abuse report to a network engineer because he has a 'usable' email address in the database may not achieve the result you were expecting.

No disagreement on this from me. I merely pointed out that for _my_ purposes, the Abuse Finder is less useful than the IANA files or the RIPE query page.

...

The Abuse Finder tool returns the email addresses that have been provided for receiving abuse reports. If no such address has been provided the tool will return nothing, even if there are other email addresses in the database that are intended for other purposes.

Understood and accepted, but I have to and have had to work with what there was available. If the available resources change, with time my approach will change as well.

...

Over the next few months, as the abuse-c: data is entered into the database, the Abuse Finder tool will return more positive results. This will be the quickest and most reliable way to find abuse contacts for any resource.

Hope your expectations will become reality.

Regards Arnold

Hi, On Mar 11, 2013, at 11:30 am, Arnold <wiegert@telus.net> wrote: […]

Since I have been reporting SPAM for some time, missing, out-of-date or inaccurate contact information has always been a problem.

It always will be. There were 43,809 maintainers in the database on 11 March according to ftp://ftp.ripe.net/ripe/dbase/split/ripe.db.mntner.gz. It doesn't take a particularly large churn in the staff or organisational structures at network operators for an appreciable fraction of the social data to become unreliable each year.

A number of contact addresses are listed as some public general mail server such as gmail, hotmail etc. All of those are pretty much useless. Since RIPE registers the actual user, it should insist on a usable contact address at the registering organization.

I think you are equating the requirement to list an address with a commitment to actually handle abuse reports. While there's nothing wrong with improving contact information publication tools, it's the will to handle the reports that's really important. If people want to receive reports and use the information to improve their network operations they will make sure they are easy to contact. The reason people do not publish useful contact information is because they have no interest in handling the reports and not because of a deficiency in the tools provided by the RIPE NCC or any other RIR. Regards, Leo

Examples of shady networks aside (and there seem to be rather more in the RIPE region than the average RIR has .. but that's another can of worms), this is not a tools deficiency in RIPE NCC, I fully agree with Leo there. These tools are great. I only wish I could say as much for the processes behind all this. --srs On Tuesday, March 12, 2013, Reza Farzan wrote:

Hello Leo,

You are right in stating that many networks "have no interest in handling the abuse reports."

A good example is DetectNetwork.US that manages Net Range: 173.245.64.0 - 173.245.64.255. They have listed "abuse@detectnetworks.us<javascript:;>" as their abuse contact, but this address is invalid and any report sent to this address comes back with an error message.

Apparently, www.egihosting.com is the parent company of DetectNetwork.US, and they might be aware of this problem, but the above incorrect address remains on the Whois listing.

Thank you,

Reza Farzan

***********

-----Original Message----- From: anti-abuse-wg-bounces@ripe.net <javascript:;> [mailto: anti-abuse-wg-bounces@ripe.net <javascript:;>] On Behalf Of Leo Vegoda Sent: Monday, March 11, 2013 10:25 PM To: Arnold Cc: anti-abuse-wg@ripe.net <javascript:;> Subject: Re: [anti-abuse-wg] Abuse Reporting Issues

Hi,

On Mar 11, 2013, at 11:30 am, Arnold <wiegert@telus.net <javascript:;>> wrote:

[.]

...

Since I have been reporting SPAM for some time, missing, out-of-date or inaccurate contact information has always been a problem.

It always will be. There were 43,809 maintainers in the database on 11 March according to ftp://ftp.ripe.net/ripe/dbase/split/ripe.db.mntner.gz. It doesn't take a particularly large churn in the staff or organisational structures at network operators for an appreciable fraction of the social data to become unreliable each year.

...

A number of contact addresses are listed as some public general mail server such as gmail, hotmail etc. All of those are pretty much useless. Since RIPE registers the actual user, it should insist on a usable contact address at the registering organization.

I think you are equating the requirement to list an address with a commitment to actually handle abuse reports. While there's nothing wrong with improving contact information publication tools, it's the will to handle the reports that's really important. If people want to receive reports and use the information to improve their network operations they will make sure they are easy to contact. The reason people do not publish useful contact information is because they have no interest in handling the reports and not because of a deficiency in the tools provided by the RIPE NCC or any other RIR.

Regards,

Leo

-- --srs (iPad)