Shane Kerr wrote:
Thor, [...] This is probably more something for the services working group.
And|Or the Anti-Spam/Anti-Abuse WG which is in the process of agreeing on an updated charter pretty soon. One thing that might be useful to mention and to keep in mind - for historical reasons the RIPE NCC and the RIPE WGs are not directly and efficiently linked in with the Incident Response (in the wider sense) community in Europe and worldwide. While there are (pretty efficient) mechanisms to register response contacts for "Incidents" in the DB (that should be used more widely!), there are other (and imho better) paths to pursue in case of phishing, botnet-hunting and the like. Either FIRST or TERENA's TF-CSIRT and the Trusted Introducer activity, ENISA's CERT Directory, or simply the connectivity providers as seen in a traceroute, come to my mind immediately.
(*) There is a proposal to fix this problem: http://www.ripe.net/ripe/policies/proposals/2007-01.html But there is a lot of resistance. You can view the various threads on the address policy working group for a sense of the discussion.
-- Shane
Wilfried, NOT wearing my DB-WG hat!