* Sergey wrote:

WHOIS/RDAP data of domain admins was cleaned up of personal data and e-mail addresses long time ago. Shall we follow this way maybe?

It was not cleared. Quiet contrary the personal data is now required and much more intensively checked for correctness. Only the access to anonymous or ordinary users - like those, which are on charge to solve acute technical problems - was restricted. For anybody, who is able to pay for or provide a legitimate interest, the access was streamlined - ignoring local law -, bulky, and sped up considerably. You are welcome.

On 10/12/2025 17:11, Michele Neylon - Blacknight wrote:

the bulk of email addresses that I see in the DB are role accounts and they need to be public for a variety of reasons. As others have mentioned, for example, the abuse-c needs to be public. And I sincerely doubt that removing email addresses from anything run by RIPE will stop me or anyone else being spammed by IPv4 brokers etc.

Technically, the DB is required to give contact info to whoever wants to use it *then and there*. Allowing that info to have a *limited lifetime* would sour spammers' activities at least *some* (data would cease to be *collectible*). (Example implementation: LIR registers a secret key with RIPE DB, DB lookup causes a HMAC being computed from secret and timestamp and the result being folded into "plussed user addresses" (which Exchange supports these days, too), recipient can filter out HMACs according to whatever timeout period they prefer.) Kind regards, -- Jochen Bern Systemingenieur Binect GmbH https://www.binect.de/

Aleksi, I understand that any action will cause expenses. But the same database e-mails are used by spammers and by the RIPE NCC, and spammer e-mails will cause expenses for NCC members. So I guess this initiative will be in the best interests of the RIPE NCC membership.

Further, the emails are already in public, any action now will take decades for full effect.

I create a new e-mail addresses for every occasion. It's easy to replace the address in the database. -- Best, Sergey

On Dec 9, 2025, at 08:09, Aleksi <aleksi@magnacapax.fi> wrote:

Hi,

Simply use email address you can have as spam box - or use that data as a signal. YOUR OWN antispam protection hardly falls on the RIPE.

This is the reality we live in; Any (semi)public email address WILL get spam.

If RIPE starts taking measures on that, it means RIPE is spending resources on something which is not part of their mission. Only thing it leads to is increased RIPE membership costs, more complicated operation for all legit operators (friction), and _zero_ protection from nefarious actors who do not care about your little T&C or little friction for antispam, they will simply circumvent whatever means were used if it is valuable enough.

Further, the emails are already in public, any action now will take decades for full effect.

I hate spam probably just as much as you do, but just sending this reply means my email address "leaked" to many people, some of which will add it to their mailing lists. This is simply the world we live in.

Instead, turn this into a victory; Any operator which spams you -> Never buy from them. This works far better than anything RIPE could do. Blacklist them. Before buying IPv4 addresses from spammer, check if they ever spammed you. Then find a seller who did not spam.

Best Regards, Aleksi MCX

On 08/12/2025 19.57, Sergey Myasoedov via members-discuss wrote:

...

Dear RIPE NCC members,

I’d like to raise the topic of introducing and applying administrative anti-spam measures against RIPE NCC members who deliberately violate Article 4 of the RIPE Database Terms and Conditions.

RIPE NCC requires members to publish up-to-date contact email addresses in the RIPE DB. However, these publicly listed addresses are actively harvested and used for spam by IPv4 brokers and address traders, while RIPE NCC does not take any measures to protect members from this type of abuse.

This issue has been around since the IPv4 market appeared, and although it’s well known, at some point the RIPE NCC staff chose not to act against members who don’t follow the RIPE Database T&C.

My proposal is to freeze transfer operations for members who are repeatedly abusing the RIPE Database.

I’d be glad to hear your thoughts and discuss this further.

-- Best regards, Sergey Myasoedov

...

Begin forwarded message:

From: "HostM" <info@hostmaster.lt> Subject: Quick question about IPv4 Date: December 8, 2025 at 04:54:23 EST To: <for-spammers@net-art.cz>

Hello, my apologies if this message has arrived at an inconvenient time.

I wanted to check whether you might be interested in acquiring an IPv4 /24 sub-net registered with RIPE. I also have IPv6 resources and an ASN available, which can be included (for free) if you are interested in the IPv4 block.

The ipv4 sub-net is currently unused and fully clean.

The transfer can be completed securely via an escrow service.

If this could be of interest, please feel free to reply to this email, and we can discuss the next steps in more detail.

Regards, Zydrunas To unsubscribe or manage your subscription, log in to the LIR Portal with your RIPE NCC Access account and go to the LIR Account page: https://my.ripe.net/#/account-details.

Scroll down to Membership Mailing Lists to update your 'members-discuss' subscription.

Having issues unsubscribing? More information about managing your subscription can be found at: https://www.ripe.net/s/members-discuss-subscription-options/ To unsubscribe or manage your subscription, log in to the LIR Portal with your RIPE NCC Access account and go to the LIR Account page: https://my.ripe.net/#/account-details.

Scroll down to Membership Mailing Lists to update your 'members-discuss' subscription.

Having issues unsubscribing? More information about managing your subscription can be found at: https://www.ripe.net/s/members-discuss-subscription-options/

Hi Guys, I am seeing my name as main contact person together with Aleksi (To: Magdub Saleh <saleh.magdub@everyware.ch>; Aleksi <aleksi@magnacapax.fi>). Are you expecting an answer from me? I am not working at RIPE 😊 BRs Saleh -----Original Message----- From: Sergey Myasoedov via members-discuss <members-discuss@ripe.net> Sent: Wednesday, 10 December 2025 05:20 To: Magdub Saleh <saleh.magdub@everyware.ch>; Aleksi <aleksi@magnacapax.fi> Cc: members-discuss@ripe.net Subject: [members-discuss] Re: Systematic RIPE DB abuse Aleksi, I understand that any action will cause expenses. But the same database e-mails are used by spammers and by the RIPE NCC, and spammer e-mails will cause expenses for NCC members. So I guess this initiative will be in the best interests of the RIPE NCC membership.

Further, the emails are already in public, any action now will take decades for full effect.

I create a new e-mail addresses for every occasion. It's easy to replace the address in the database. -- Best, Sergey

On Dec 9, 2025, at 08:09, Aleksi <aleksi@magnacapax.fi> wrote:

Hi,

Simply use email address you can have as spam box - or use that data as a signal. YOUR OWN antispam protection hardly falls on the RIPE.

This is the reality we live in; Any (semi)public email address WILL get spam.

If RIPE starts taking measures on that, it means RIPE is spending resources on something which is not part of their mission. Only thing it leads to is increased RIPE membership costs, more complicated operation for all legit operators (friction), and _zero_ protection from nefarious actors who do not care about your little T&C or little friction for antispam, they will simply circumvent whatever means were used if it is valuable enough.

Further, the emails are already in public, any action now will take decades for full effect.

I hate spam probably just as much as you do, but just sending this reply means my email address "leaked" to many people, some of which will add it to their mailing lists. This is simply the world we live in.

Instead, turn this into a victory; Any operator which spams you -> Never buy from them. This works far better than anything RIPE could do. Blacklist them. Before buying IPv4 addresses from spammer, check if they ever spammed you. Then find a seller who did not spam.

Best Regards, Aleksi MCX

On 08/12/2025 19.57, Sergey Myasoedov via members-discuss wrote:

...

Dear RIPE NCC members,

I’d like to raise the topic of introducing and applying administrative anti-spam measures against RIPE NCC members who deliberately violate Article 4 of the RIPE Database Terms and Conditions.

RIPE NCC requires members to publish up-to-date contact email addresses in the RIPE DB. However, these publicly listed addresses are actively harvested and used for spam by IPv4 brokers and address traders, while RIPE NCC does not take any measures to protect members from this type of abuse.

This issue has been around since the IPv4 market appeared, and although it’s well known, at some point the RIPE NCC staff chose not to act against members who don’t follow the RIPE Database T&C.

My proposal is to freeze transfer operations for members who are repeatedly abusing the RIPE Database.

I’d be glad to hear your thoughts and discuss this further.

-- Best regards, Sergey Myasoedov

...

Begin forwarded message:

From: "HostM" <info@hostmaster.lt> Subject: Quick question about IPv4 Date: December 8, 2025 at 04:54:23 EST To: <for-spammers@net-art.cz>

Hello, my apologies if this message has arrived at an inconvenient time.

I wanted to check whether you might be interested in acquiring an IPv4 /24 sub-net registered with RIPE. I also have IPv6 resources and an ASN available, which can be included (for free) if you are interested in the IPv4 block.

The ipv4 sub-net is currently unused and fully clean.

The transfer can be completed securely via an escrow service.

If this could be of interest, please feel free to reply to this email, and we can discuss the next steps in more detail.

Regards, Zydrunas To unsubscribe or manage your subscription, log in to the LIR Portal with your RIPE NCC Access account and go to the LIR Account page: https://my.ripe.net/#/account-details.

Scroll down to Membership Mailing Lists to update your 'members-discuss' subscription.

Having issues unsubscribing? More information about managing your subscription can be found at: https://www.ripe.net/s/members-discuss-subscription-options/ To unsubscribe or manage your subscription, log in to the LIR Portal with your RIPE NCC Access account and go to the LIR Account page: https://my.ripe.net/#/account-details.

Scroll down to Membership Mailing Lists to update your 'members-discuss' subscription.

Having issues unsubscribing? More information about managing your subscription can be found at: https://www.ripe.net/s/members-discuss-subscription-options/

To unsubscribe or manage your subscription, log in to the LIR Portal with your RIPE NCC Access account and go to the LIR Account page: https://my.ripe.net/#/account-details. Scroll down to Membership Mailing Lists to update your 'members-discuss' subscription. Having issues unsubscribing? More information about managing your subscription can be found at: https://www.ripe.net/s/members-discuss-subscription-options/

You can hide it in whois, like the "changed" attribute a few years ago. On 12/9/25 17:36, Ben Cartwright-Cox wrote:

This does not solve the problem that you can use whois/RDAP to get a abuse contact email, for example:

[16:34:11] ben@metropolis:~$ whois AS51786 | grep contact % Abuse contact for 'AS51786' is 'ripe-eoseeR8x@velder.li' [16:34:12] ben@metropolis:~$

And I don't think whois/RDAP is going anywhere any time soon...

Such whois fetches are already rate limited (so much that it already causes problems, for example it's hard to onboard to Microsoft's postmaster tools because RIPE's whois server has perma banned their IPs...), so I dont think tightening these will help

On Tue, 9 Dec 2025 at 16:18, <lists@velder.li> wrote:

...

I fully agree that something must change.

Another idea: Just introduce mandatory login to see contact data and limit it to 3 per day. Problem solved.

On 12/8/25 18:57, Sergey Myasoedov via members-discuss wrote:

...

Dear RIPE NCC members,

I’d like to raise the topic of introducing and applying administrative anti-spam measures against RIPE NCC members who deliberately violate Article 4 of the RIPE Database Terms and Conditions.

RIPE NCC requires members to publish up-to-date contact email addresses in the RIPE DB. However, these publicly listed addresses are actively harvested and used for spam by IPv4 brokers and address traders, while RIPE NCC does not take any measures to protect members from this type of abuse.

This issue has been around since the IPv4 market appeared, and although it’s well known, at some point the RIPE NCC staff chose not to act against members who don’t follow the RIPE Database T&C.

My proposal is to freeze transfer operations for members who are repeatedly abusing the RIPE Database.

I’d be glad to hear your thoughts and discuss this further.

-- Best regards, Sergey Myasoedov

...

Begin forwarded message:

From: "HostM" <info@hostmaster.lt> Subject: Quick question about IPv4 Date: December 8, 2025 at 04:54:23 EST To: <for-spammers@net-art.cz>

Hello, my apologies if this message has arrived at an inconvenient time.

I wanted to check whether you might be interested in acquiring an IPv4 /24 sub-net registered with RIPE. I also have IPv6 resources and an ASN available, which can be included (for free) if you are interested in the IPv4 block.

The ipv4 sub-net is currently unused and fully clean.

The transfer can be completed securely via an escrow service.

If this could be of interest, please feel free to reply to this email, and we can discuss the next steps in more detail.

Regards, Zydrunas To unsubscribe or manage your subscription, log in to the LIR Portal with your RIPE NCC Access account and go to the LIR Account page: https://my.ripe.net/#/account-details.

Scroll down to Membership Mailing Lists to update your 'members-discuss' subscription.

Having issues unsubscribing? More information about managing your subscription can be found at: https://www.ripe.net/s/members-discuss-subscription-options/ To unsubscribe or manage your subscription, log in to the LIR Portal with your RIPE NCC Access account and go to the LIR Account page: https://my.ripe.net/#/account-details.

Scroll down to Membership Mailing Lists to update your 'members-discuss' subscription.

Having issues unsubscribing? More information about managing your subscription can be found at: https://www.ripe.net/s/members-discuss-subscription-options/

There definitely needs to be some more enforcement on this than what there is. There is a lot of spam emails that come around from "IPv4 Brokers". Rate limits should be tightened for showing contact information in whois On Tue, 9 Dec 2025 at 16:18, <lists@velder.li> wrote:

I fully agree that something must change.

Another idea: Just introduce mandatory login to see contact data and limit it to 3 per day. Problem solved.

On 12/8/25 18:57, Sergey Myasoedov via members-discuss wrote:

...

Dear RIPE NCC members,

I’d like to raise the topic of introducing and applying administrative anti-spam measures against RIPE NCC members who deliberately violate Article 4 of the RIPE Database Terms and Conditions.

RIPE NCC requires members to publish up-to-date contact email addresses in the RIPE DB. However, these publicly listed addresses are actively harvested and used for spam by IPv4 brokers and address traders, while RIPE NCC does not take any measures to protect members from this type of abuse.

This issue has been around since the IPv4 market appeared, and although it’s well known, at some point the RIPE NCC staff chose not to act against members who don’t follow the RIPE Database T&C.

My proposal is to freeze transfer operations for members who are repeatedly abusing the RIPE Database.

I’d be glad to hear your thoughts and discuss this further.

-- Best regards, Sergey Myasoedov

...

Begin forwarded message:

From: "HostM" <info@hostmaster.lt [info@hostmaster.lt]> Subject: Quick question about IPv4 Date: December 8, 2025 at 04:54:23 EST To: <for-spammers@net-art.cz [for-spammers@net-art.cz]>

Hello, my apologies if this message has arrived at an inconvenient time.

I wanted to check whether you might be interested in acquiring an IPv4 /24 sub-net registered with RIPE. I also have IPv6 resources and an ASN available, which can be included (for free) if you are interested in the IPv4 block.

The ipv4 sub-net is currently unused and fully clean.

The transfer can be completed securely via an escrow service.

If this could be of interest, please feel free to reply to this email, and we can discuss the next steps in more detail.

Regards, Zydrunas To unsubscribe or manage your subscription, log in to the LIR Portal with your RIPE NCC Access account and go to the LIR Account page: https://my.ripe.net/#/account-details [https://my.ripe.net/#/account-details].

Scroll down to Membership Mailing Lists to update your 'members-discuss' subscription.

Having issues unsubscribing? More information about managing your subscription can be found at: https://www.ripe.net/s/members -discuss-subscription-options/ [https://www.ripe.net/s/members-discuss-subscription-options/] To unsubscribe or manage your subscription, log in to the LIR Portal with your RIPE NCC Access account and go to the LIR Account page: https://my.ripe.net/#/account-details [https://my.ripe.net/#/account-details].

Scroll down to Membership Mailing Lists to update your 'members-discuss' subscription.

Having issues unsubscribing? More information about managing your subscription can be found at: https://www.ripe.net/s/members-discuss-subscription-options/ [https://www.ripe.net/s/members-discuss-subscription-options/]

[data:image/gif;base64,R0lGODlhAQABAIAAAP///wAAACwAAAAAAQABAAACAkQBADs=3D]

And.... No one can find our email addresses for more than 3 organizations per day? Are you sure that the reference book is published for this purpose? And if the authorities need it, for example? We (RIPE NCC) are an open organization, and every member of the community should understand that his email is open information. Therefore, we need to protect our public email ourselves. If someone doesn't do this, it's the IT department's problem, not RIPE NCC's. Any serious organization has a public email address, and there is spam in it. For me, the best solution is to block the transfer of new IP addresses to LIRs, which transmit their networks to spammers, without any reaction and feedback on abuse! Dmitry Serbulov.

I fully agree that something must change.

Another idea: Just introduce mandatory login to see contact data and limit it to 3 per day. Problem solved.

On 12/8/25 18:57, Sergey Myasoedov via members-discuss wrote:

...

Dear RIPE NCC members,

I’d like to raise the topic of introducing and applying administrative anti-spam measures against RIPE NCC members who deliberately violate Article 4 of the RIPE Database Terms and Conditions.

RIPE NCC requires members to publish up-to-date contact email addresses in the RIPE DB. However, these publicly listed addresses are actively harvested and used for spam by IPv4 brokers and address traders, while RIPE NCC does not take any measures to protect members from this type of abuse.

This issue has been around since the IPv4 market appeared, and although it’s well known, at some point the RIPE NCC staff chose not to act against members who don’t follow the RIPE Database T&C.

My proposal is to freeze transfer operations for members who are repeatedly abusing the RIPE Database.

I’d be glad to hear your thoughts and discuss this further.

-- Best regards, Sergey Myasoedov

...

Begin forwarded message:

From: "HostM" <info@hostmaster.lt> Subject: Quick question about IPv4 Date: December 8, 2025 at 04:54:23 EST To: <for-spammers@net-art.cz>

Hello, my apologies if this message has arrived at an inconvenient time.

I wanted to check whether you might be interested in acquiring an IPv4 /24 sub-net registered with RIPE. I also have IPv6 resources and an ASN available, which can be included (for free) if you are interested in the IPv4 block.

The ipv4 sub-net is currently unused and fully clean.

The transfer can be completed securely via an escrow service.

If this could be of interest, please feel free to reply to this email, and we can discuss the next steps in more detail.

Regards, Zydrunas To unsubscribe or manage your subscription, log in to the LIR Portal with your RIPE NCC Access account and go to the LIR Account page: https://my.ripe.net/#/account-details.

Scroll down to Membership Mailing Lists to update your 'members-discuss' subscription.

Having issues unsubscribing? More information about managing your subscription can be found at: https://www.ripe.net/s/members-discuss-subscription-options/ To unsubscribe or manage your subscription, log in to the LIR Portal with your RIPE NCC Access account and go to the LIR Account page: https://my.ripe.net/#/account-details.

Scroll down to Membership Mailing Lists to update your 'members-discuss' subscription.

Having issues unsubscribing? More information about managing your subscription can be found at: https://www.ripe.net/s/members-discuss-subscription-options/

Lu Sorry but I cannot agree with your position on this. By your logic RIPE NCC would have zero right to take action against a member who was in breach of the policies, rules etc., Trust in the system is only possible when the system is stable and predictable, which you seem to agree with, however if there are no rules then any system will be abused by somebody at some point. Regards Michele -- Mr Michele Neylon Blacknight Solutions Hosting, Colocation & Domains https://www.blacknight.com/ https://blacknight.blog/ Intl. +353 (0) 59 9183072<tel:+353599183072> Personal blog: https://michele.blog/ Some thoughts: https://ceo.hosting/ ------------------------------- Blacknight Internet Solutions Ltd, Unit 12A,Barrowside Business Park,Sleaty Road,Graiguecullen,Carlow,R93 X265,Ireland Company No.: 370845 I have sent this email at a time that is convenient for me. I do not expect you to respond to it outside of your usual working hours. From: Lu Heng <h.lu@anytimechinese.com> Date: Wednesday, 10 December 2025 at 13:15 To: Brett Sheffield <ripe@gladserv.com> Cc: Sergey Myasoedov via members-discuss <members-discuss@ripe.net> Subject: [members-discuss] Re: Systematic RIPE DB abuse [EXTERNAL EMAIL] Please use caution when opening attachments from unrecognised sources. Hi I agree entirely NCC should not do anything. A registry’s role is administrative, not enforcement. Asking a bookkeeping-type institution to police behavior is simply outside its mandate and purpose. There are countless legitimate ways to address concerns or resolve disputes. But withholding a fundamental registry service—such as assigning an address—because someone “did or did not do X” is irrational and unprecedented. It is the equivalent of a government refusing to give a home an address instead of contacting law enforcement or using proper legal channels. No responsible system operates that way, and no credible governance framework treats essential registry functions as a tool for punishment or leverage. A registry should remain neutral, predictable, and strictly procedural. Using it as an enforcement mechanism undermines trust in the entire system. -- Kind regards. Lu On Wed, Dec 10, 2025 at 14:38 Brett Sheffield <ripe@gladserv.com<mailto:ripe@gladserv.com>> wrote: On 2025-12-08 12:57, Sergey Myasoedov via members-discuss wrote:

Dear RIPE NCC members,

I’d like to raise the topic of introducing and applying administrative anti-spam measures against RIPE NCC members who deliberately violate Article 4 of the RIPE Database Terms and Conditions.

RIPE NCC requires members to publish up-to-date contact email addresses in the RIPE DB. However, these publicly listed addresses are actively harvested and used for spam by IPv4 brokers and address traders, while RIPE NCC does not take any measures to protect members from this type of abuse.

This issue has been around since the IPv4 market appeared, and although it’s well known, at some point the RIPE NCC staff chose not to act against members who don’t follow the RIPE Database T&C.

My proposal is to freeze transfer operations for members who are repeatedly abusing the RIPE Database.

I’d be glad to hear your thoughts and discuss this further.

Compared to other sources, our RIPE contact address gets a tiny amount of spam, and all of it from IPv4 brokers. I've now received more emails in this single thread in the past 24 hours than I have spam to our RIPE contact address in the past 5 years. No action from RIPE is required here. Tighten your spam controls if this is a problem for you, and lets move on. Cheers, Brett -- Brett Sheffield (he/him) Gladserv To unsubscribe or manage your subscription, log in to the LIR Portal with your RIPE NCC Access account and go to the LIR Account page: https://my.ripe.net/#/account-details. Scroll down to Membership Mailing Lists to update your 'members-discuss' subscription. Having issues unsubscribing? More information about managing your subscription can be found at: https://www.ripe.net/s/members-discuss-subscription-options/

This is not about punishing or violating laws but violating the rules of usage of the registry. While doing so, it should be normal to get banned from that registry and the usage of the abused resources like the Mailing list. So far fully fits in your position, as the rules of usage are given by the registry it's also the only given authority that can enforce them. Von: Lu Heng <h.lu@anytimechinese.com> Gesendet: Mittwoch, 10. Dezember 2025 21:49 An: Michele Neylon - Blacknight <michele@blacknight.com> Cc: Sergey Myasoedov via members-discuss <members-discuss@ripe.net> Betreff: [members-discuss] Re: Systematic RIPE DB abuse Michele, Let me clarify, because this is not a question of "no rules." My position is straightforward: A registry is a registry. Its mandate is to maintain accurate records-nothing more. You do not use an address book as an instrument of punishment. When a registry begins using essential administrative functions to reward or punish individuals, the system becomes unpredictable and open to abuse. This is, in fact, a major reason the RIR environment has struggled with instability and governance issues: registries have, at times, stepped outside their neutral role and attempted to use resource administration as leverage. Rules absolutely must exist, and compliance is essential. But those rules are defined and enforced by sovereign law-courts, regulators, and proper authorities-not by a voluntary address book. A registry cannot impose its own rules above nations, nor can it act as police, prosecutor, and judge. Punishment, when warranted, must come through established legal channels. A registry that assumes enforcement powers beyond its mandate ultimately undermines its own legitimacy and the trust of the global community. That is the core of my position. Regards, Lu On Wed, Dec 10, 2025 at 16:19 Michele Neylon - Blacknight <michele@blacknight.com<mailto:michele@blacknight.com>> wrote: Lu Sorry but I cannot agree with your position on this. By your logic RIPE NCC would have zero right to take action against a member who was in breach of the policies, rules etc., Trust in the system is only possible when the system is stable and predictable, which you seem to agree with, however if there are no rules then any system will be abused by somebody at some point. Regards Michele -- Mr Michele Neylon Blacknight Solutions Hosting, Colocation & Domains https://www.blacknight.com/ https://blacknight.blog/ Intl. +353 (0) 59 9183072<tel:+353599183072> Personal blog: https://michele.blog/ Some thoughts: https://ceo.hosting/ ------------------------------- Blacknight Internet Solutions Ltd, Unit 12A,Barrowside Business Park,Sleaty Road,Graiguecullen,Carlow,R93 X265,Ireland Company No.: 370845 I have sent this email at a time that is convenient for me. I do not expect you to respond to it outside of your usual working hours. From: Lu Heng <h.lu@anytimechinese.com<mailto:h.lu@anytimechinese.com>> Date: Wednesday, 10 December 2025 at 13:15 To: Brett Sheffield <ripe@gladserv.com<mailto:ripe@gladserv.com>> Cc: Sergey Myasoedov via members-discuss <members-discuss@ripe.net<mailto:members-discuss@ripe.net>> Subject: [members-discuss] Re: Systematic RIPE DB abuse [EXTERNAL EMAIL] Please use caution when opening attachments from unrecognised sources. Hi I agree entirely NCC should not do anything. A registry's role is administrative, not enforcement. Asking a bookkeeping-type institution to police behavior is simply outside its mandate and purpose. There are countless legitimate ways to address concerns or resolve disputes. But withholding a fundamental registry service-such as assigning an address-because someone "did or did not do X" is irrational and unprecedented. It is the equivalent of a government refusing to give a home an address instead of contacting law enforcement or using proper legal channels. No responsible system operates that way, and no credible governance framework treats essential registry functions as a tool for punishment or leverage. A registry should remain neutral, predictable, and strictly procedural. Using it as an enforcement mechanism undermines trust in the entire system. -- Kind regards. Lu On Wed, Dec 10, 2025 at 14:38 Brett Sheffield <ripe@gladserv.com<mailto:ripe@gladserv.com>> wrote: On 2025-12-08 12:57, Sergey Myasoedov via members-discuss wrote:

Dear RIPE NCC members,

I'd like to raise the topic of introducing and applying administrative anti-spam measures against RIPE NCC members who deliberately violate Article 4 of the RIPE Database Terms and Conditions.

RIPE NCC requires members to publish up-to-date contact email addresses in the RIPE DB. However, these publicly listed addresses are actively harvested and used for spam by IPv4 brokers and address traders, while RIPE NCC does not take any measures to protect members from this type of abuse.

This issue has been around since the IPv4 market appeared, and although it's well known, at some point the RIPE NCC staff chose not to act against members who don't follow the RIPE Database T&C.

My proposal is to freeze transfer operations for members who are repeatedly abusing the RIPE Database.

I'd be glad to hear your thoughts and discuss this further.

Compared to other sources, our RIPE contact address gets a tiny amount of spam, and all of it from IPv4 brokers. I've now received more emails in this single thread in the past 24 hours than I have spam to our RIPE contact address in the past 5 years. No action from RIPE is required here. Tighten your spam controls if this is a problem for you, and lets move on. Cheers, Brett -- Brett Sheffield (he/him) Gladserv To unsubscribe or manage your subscription, log in to the LIR Portal with your RIPE NCC Access account and go to the LIR Account page: https://my.ripe.net/#/account-details. Scroll down to Membership Mailing Lists to update your 'members-discuss' subscription. Having issues unsubscribing? More information about managing your subscription can be found at: https://www.ripe.net/s/members-discuss-subscription-options/

Lu, If I take your position at face value, it implies that anyone, no matter how often they ignore the rules or breach the obligations they agreed to, should still have uninterrupted access to registry services simply because the registry is administrative. That is not realistic. RIPE NCC, like every RIR, operates under policies and contractual terms the community itself created. These rules govern how resources are requested, registered, maintained and transferred. They exist for a reason and they only work if they can be enforced. If a registry cannot act when members repeatedly disregard those obligations, then the policies become optional. A system where rules are optional is not neutral or stable. It is unworkable. Neutrality does not mean the registry has no authority. It means the registry applies the established framework consistently and without bias. That is not punishment. It is basic operational responsibility. The idea that a registry must continue providing services even when a member openly refuses to follow the agreed rules would undermine trust far more than any action taken within the policy and contractual framework. Regards, Michele -- Mr Michele Neylon Blacknight Solutions Hosting, Colocation & Domains https://www.blacknight.com/ https://blacknight.blog/ Intl. +353 (0) 59 9183072<tel:+353599183072> Direct Dial: +353 (0)59 9183090<tel:+353599183090> Personal blog: https://michele.blog/ Some thoughts: https://ceo.hosting/ ------------------------------- Blacknight Internet Solutions Ltd, Unit 12A,Barrowside Business Park,Sleaty Road,Graiguecullen,Carlow,R93 X265,Ireland Company No.: 370845 I have sent this email at a time that is convenient for me. I do not expect you to respond to it outside of your usual working hours. From: Lu Heng <h.lu@anytimechinese.com> Date: Thursday, 11 December 2025 at 10:48 To: Peering <peering@all-for-one.com> Cc: Michele Neylon - Blacknight <michele@blacknight.com>, Sergey Myasoedov via members-discuss <members-discuss@ripe.net> Subject: Re: [members-discuss] Re: Systematic RIPE DB abuse [EXTERNAL EMAIL] Please use caution when opening attachments from unrecognised sources. You are mixing two fundamentally different things: 1. Community-platform rules (like mailing lists) 2. Number-resource administration (the registry function) A registry absolutely may moderate its mailing list or remove someone from a community forum. That is not the issue. That is not resource governance. That is not number administration. The problem arises when you conflate the mailing list with the registry function and assume the same “ban power” applies to number resources. It does not. A registry’s authority over number resources is administrative, not discretionary: • It has no sovereign power. • It cannot impose penalties outside the law. • It cannot “ban” someone from holding number resources because it dislikes their actions. • It cannot create new enforcement powers through internal rules. Mailing-list rules are internal community guidelines. Number-resource allocation is part of global critical infrastructure. These are not equivalent domains. The fact that a registry can enforce behavior on a mailing list does not grant it the authority to punish a member by altering or revoking their number resources. The two functions exist on different legal, operational, and governance layers. If you do not separate these layers, you end up with exactly the instability we see today: registries treating essential resource administration as if it were a social-media moderation problem. A registry is allowed to moderate conversations. A registry is not allowed to weaponize the address book. That is the distinction you must not blur. On Thu, 11 Dec 2025 at 12:33, Peering <peering@all-for-one.com<mailto:peering@all-for-one.com>> wrote: This is not about punishing or violating laws but violating the rules of usage of the registry. While doing so, it should be normal to get banned from that registry and the usage of the abused resources like the Mailing list. So far fully fits in your position, as the rules of usage are given by the registry it’s also the only given authority that can enforce them. Von: Lu Heng <h.lu@anytimechinese.com<mailto:h.lu@anytimechinese.com>> Gesendet: Mittwoch, 10. Dezember 2025 21:49 An: Michele Neylon - Blacknight <michele@blacknight.com<mailto:michele@blacknight.com>> Cc: Sergey Myasoedov via members-discuss <members-discuss@ripe.net<mailto:members-discuss@ripe.net>> Betreff: [members-discuss] Re: Systematic RIPE DB abuse Michele, Let me clarify, because this is not a question of “no rules.” My position is straightforward: A registry is a registry. Its mandate is to maintain accurate records—nothing more. You do not use an address book as an instrument of punishment. When a registry begins using essential administrative functions to reward or punish individuals, the system becomes unpredictable and open to abuse. This is, in fact, a major reason the RIR environment has struggled with instability and governance issues: registries have, at times, stepped outside their neutral role and attempted to use resource administration as leverage. Rules absolutely must exist, and compliance is essential. But those rules are defined and enforced by sovereign law—courts, regulators, and proper authorities—not by a voluntary address book. A registry cannot impose its own rules above nations, nor can it act as police, prosecutor, and judge. Punishment, when warranted, must come through established legal channels. A registry that assumes enforcement powers beyond its mandate ultimately undermines its own legitimacy and the trust of the global community. That is the core of my position. Regards, Lu On Wed, Dec 10, 2025 at 16:19 Michele Neylon - Blacknight <michele@blacknight.com<mailto:michele@blacknight.com>> wrote: Lu Sorry but I cannot agree with your position on this. By your logic RIPE NCC would have zero right to take action against a member who was in breach of the policies, rules etc., Trust in the system is only possible when the system is stable and predictable, which you seem to agree with, however if there are no rules then any system will be abused by somebody at some point. Regards Michele -- Mr Michele Neylon Blacknight Solutions Hosting, Colocation & Domains https://www.blacknight.com/ https://blacknight.blog/ Intl. +353 (0) 59 9183072<tel:+353599183072> Personal blog: https://michele.blog/ Some thoughts: https://ceo.hosting/ ------------------------------- Blacknight Internet Solutions Ltd, Unit 12A,Barrowside Business Park,Sleaty Road,Graiguecullen,Carlow,R93 X265,Ireland Company No.: 370845 I have sent this email at a time that is convenient for me. I do not expect you to respond to it outside of your usual working hours. From: Lu Heng <h.lu@anytimechinese.com<mailto:h.lu@anytimechinese.com>> Date: Wednesday, 10 December 2025 at 13:15 To: Brett Sheffield <ripe@gladserv.com<mailto:ripe@gladserv.com>> Cc: Sergey Myasoedov via members-discuss <members-discuss@ripe.net<mailto:members-discuss@ripe.net>> Subject: [members-discuss] Re: Systematic RIPE DB abuse [EXTERNAL EMAIL] Please use caution when opening attachments from unrecognised sources. Hi I agree entirely NCC should not do anything. A registry’s role is administrative, not enforcement. Asking a bookkeeping-type institution to police behavior is simply outside its mandate and purpose. There are countless legitimate ways to address concerns or resolve disputes. But withholding a fundamental registry service—such as assigning an address—because someone “did or did not do X” is irrational and unprecedented. It is the equivalent of a government refusing to give a home an address instead of contacting law enforcement or using proper legal channels. No responsible system operates that way, and no credible governance framework treats essential registry functions as a tool for punishment or leverage. A registry should remain neutral, predictable, and strictly procedural. Using it as an enforcement mechanism undermines trust in the entire system. -- Kind regards. Lu On Wed, Dec 10, 2025 at 14:38 Brett Sheffield <ripe@gladserv.com<mailto:ripe@gladserv.com>> wrote: On 2025-12-08 12:57, Sergey Myasoedov via members-discuss wrote:

Dear RIPE NCC members,

I’d like to raise the topic of introducing and applying administrative anti-spam measures against RIPE NCC members who deliberately violate Article 4 of the RIPE Database Terms and Conditions.

RIPE NCC requires members to publish up-to-date contact email addresses in the RIPE DB. However, these publicly listed addresses are actively harvested and used for spam by IPv4 brokers and address traders, while RIPE NCC does not take any measures to protect members from this type of abuse.

This issue has been around since the IPv4 market appeared, and although it’s well known, at some point the RIPE NCC staff chose not to act against members who don’t follow the RIPE Database T&C.

My proposal is to freeze transfer operations for members who are repeatedly abusing the RIPE Database.

I’d be glad to hear your thoughts and discuss this further.

Compared to other sources, our RIPE contact address gets a tiny amount of spam, and all of it from IPv4 brokers. I've now received more emails in this single thread in the past 24 hours than I have spam to our RIPE contact address in the past 5 years. No action from RIPE is required here. Tighten your spam controls if this is a problem for you, and lets move on. Cheers, Brett -- Brett Sheffield (he/him) Gladserv To unsubscribe or manage your subscription, log in to the LIR Portal with your RIPE NCC Access account and go to the LIR Account page: https://my.ripe.net/#/account-details. Scroll down to Membership Mailing Lists to update your 'members-discuss' subscription. Having issues unsubscribing? More information about managing your subscription can be found at: https://www.ripe.net/s/members-discuss-subscription-options/ -- -- Kind regards. Lu

Lu, I understand your point about the historical role of registries and the importance of neutrality and non-discrimination. However, the reality is that RIPE NCC (and all RIRs) operate under a framework of community-developed policies and contractual obligations. These are not mere “internal sentiment” - they are binding rules agreed upon by the community and the members. If a member consistently fails to comply with these policies, the registry must have the means to enforce them, or the system collapses. Neutrality means applying the agreed rules consistently, not ignoring breaches simply because the registry’s role is “administrative.” Without enforcement, the policies become meaningless, and trust in the system erodes far more than any action taken within the established framework. The registry’s authority doesn’t come from “preference” or “pressure” - it comes from the policies and contracts that all parties have agreed to. Staying “within mandate” means enforcing those policies, not refusing to act whenever a dispute arises. Regards Michele -- Mr Michele Neylon Blacknight Solutions Hosting, Colocation & Domains https://www.blacknight.com/ https://blacknight.blog/ Intl. +353 (0) 59 9183072<tel:+353599183072> Direct Dial: +353 (0)59 9183090<tel:+353599183090> Personal blog: https://michele.blog/ Some thoughts: https://ceo.hosting/ ------------------------------- Blacknight Internet Solutions Ltd, Unit 12A,Barrowside Business Park,Sleaty Road,Graiguecullen,Carlow,R93 X265,Ireland Company No.: 370845 I have sent this email at a time that is convenient for me. I do not expect you to respond to it outside of your usual working hours. From: Lu Heng <h.lu@anytimechinese.com> Date: Thursday, 11 December 2025 12:35 To: Michele Neylon - Blacknight <michele@blacknight.com> Cc: Peering <peering@all-for-one.com>, Sergey Myasoedov via members-discuss <members-discuss@ripe.net> Subject: Re: [members-discuss] Re: Systematic RIPE DB abuse [EXTERNAL EMAIL] Please use caution when opening attachments from unrecognised sources. Hi Michele, A registry cannot remove someone from the Internet simply because a small group of individuals believes they should not appear in the address book. Authority of that kind does not arise from community discussions or internal interpretations; it exists only within sovereign legal systems. What began decades ago as a voluntary address book maintained by a small circle of technical collaborators has evolved into the documentation layer of the global Internet. In such a context, the old notion of “we can choose not to play with you because we don't like you” no longer applies. Universal, nondiscriminatory access principles govern essential infrastructure. For that reason, the registry’s role is strictly administrative: to maintain accurate records and apply clearly defined procedures solely for that purpose. It is not empowered to impose penalties, revoke resources, or exclude parties except where actions are explicitly grounded in law. Operational policies support coordination, but they are not legal authority—and they cannot justify shutting a network down because a handful of participants in a working group believe an organisation should not have an address. When a registry moves beyond its administrative mandate and begins treating essential Internet resources as leverage based on internal sentiment or discretionary judgment, it introduces instability rather than accountability. Enforcement, when appropriate, belongs to courts, regulators, and governments. The registry must remain neutral, predictable, and tightly bound to its documented processes, without expanding its powers based on preference, pressure, or interpretation. That is the central point: administrative bodies must stay within their mandate, and critical infrastructure must never depend on the opinions of a few individuals, however well-intentioned they may be. On Thu, 11 Dec 2025 at 14:00, Michele Neylon - Blacknight <michele@blacknight.com<mailto:michele@blacknight.com>> wrote: Lu, If I take your position at face value, it implies that anyone, no matter how often they ignore the rules or breach the obligations they agreed to, should still have uninterrupted access to registry services simply because the registry is administrative. That is not realistic. RIPE NCC, like every RIR, operates under policies and contractual terms the community itself created. These rules govern how resources are requested, registered, maintained and transferred. They exist for a reason and they only work if they can be enforced. If a registry cannot act when members repeatedly disregard those obligations, then the policies become optional. A system where rules are optional is not neutral or stable. It is unworkable. Neutrality does not mean the registry has no authority. It means the registry applies the established framework consistently and without bias. That is not punishment. It is basic operational responsibility. The idea that a registry must continue providing services even when a member openly refuses to follow the agreed rules would undermine trust far more than any action taken within the policy and contractual framework. Regards, Michele -- Mr Michele Neylon Blacknight Solutions Hosting, Colocation & Domains https://www.blacknight.com/ https://blacknight.blog/ Intl. +353 (0) 59 9183072<tel:+353599183072> Direct Dial: +353 (0)59 9183090<tel:+353599183090> Personal blog: https://michele.blog/ Some thoughts: https://ceo.hosting/ ------------------------------- Blacknight Internet Solutions Ltd, Unit 12A,Barrowside Business Park,Sleaty Road,Graiguecullen,Carlow,R93 X265,Ireland Company No.: 370845 I have sent this email at a time that is convenient for me. I do not expect you to respond to it outside of your usual working hours. From: Lu Heng <h.lu@anytimechinese.com<mailto:h.lu@anytimechinese.com>> Date: Thursday, 11 December 2025 at 10:48 To: Peering <peering@all-for-one.com<mailto:peering@all-for-one.com>> Cc: Michele Neylon - Blacknight <michele@blacknight.com<mailto:michele@blacknight.com>>, Sergey Myasoedov via members-discuss <members-discuss@ripe.net<mailto:members-discuss@ripe.net>> Subject: Re: [members-discuss] Re: Systematic RIPE DB abuse [EXTERNAL EMAIL] Please use caution when opening attachments from unrecognised sources. You are mixing two fundamentally different things: 1. Community-platform rules (like mailing lists) 2. Number-resource administration (the registry function) A registry absolutely may moderate its mailing list or remove someone from a community forum. That is not the issue. That is not resource governance. That is not number administration. The problem arises when you conflate the mailing list with the registry function and assume the same “ban power” applies to number resources. It does not. A registry’s authority over number resources is administrative, not discretionary: • It has no sovereign power. • It cannot impose penalties outside the law. • It cannot “ban” someone from holding number resources because it dislikes their actions. • It cannot create new enforcement powers through internal rules. Mailing-list rules are internal community guidelines. Number-resource allocation is part of global critical infrastructure. These are not equivalent domains. The fact that a registry can enforce behavior on a mailing list does not grant it the authority to punish a member by altering or revoking their number resources. The two functions exist on different legal, operational, and governance layers. If you do not separate these layers, you end up with exactly the instability we see today: registries treating essential resource administration as if it were a social-media moderation problem. A registry is allowed to moderate conversations. A registry is not allowed to weaponize the address book. That is the distinction you must not blur. On Thu, 11 Dec 2025 at 12:33, Peering <peering@all-for-one.com<mailto:peering@all-for-one.com>> wrote: This is not about punishing or violating laws but violating the rules of usage of the registry. While doing so, it should be normal to get banned from that registry and the usage of the abused resources like the Mailing list. So far fully fits in your position, as the rules of usage are given by the registry it’s also the only given authority that can enforce them. Von: Lu Heng <h.lu@anytimechinese.com<mailto:h.lu@anytimechinese.com>> Gesendet: Mittwoch, 10. Dezember 2025 21:49 An: Michele Neylon - Blacknight <michele@blacknight.com<mailto:michele@blacknight.com>> Cc: Sergey Myasoedov via members-discuss <members-discuss@ripe.net<mailto:members-discuss@ripe.net>> Betreff: [members-discuss] Re: Systematic RIPE DB abuse Michele, Let me clarify, because this is not a question of “no rules.” My position is straightforward: A registry is a registry. Its mandate is to maintain accurate records—nothing more. You do not use an address book as an instrument of punishment. When a registry begins using essential administrative functions to reward or punish individuals, the system becomes unpredictable and open to abuse. This is, in fact, a major reason the RIR environment has struggled with instability and governance issues: registries have, at times, stepped outside their neutral role and attempted to use resource administration as leverage. Rules absolutely must exist, and compliance is essential. But those rules are defined and enforced by sovereign law—courts, regulators, and proper authorities—not by a voluntary address book. A registry cannot impose its own rules above nations, nor can it act as police, prosecutor, and judge. Punishment, when warranted, must come through established legal channels. A registry that assumes enforcement powers beyond its mandate ultimately undermines its own legitimacy and the trust of the global community. That is the core of my position. Regards, Lu On Wed, Dec 10, 2025 at 16:19 Michele Neylon - Blacknight <michele@blacknight.com<mailto:michele@blacknight.com>> wrote: Lu Sorry but I cannot agree with your position on this. By your logic RIPE NCC would have zero right to take action against a member who was in breach of the policies, rules etc., Trust in the system is only possible when the system is stable and predictable, which you seem to agree with, however if there are no rules then any system will be abused by somebody at some point. Regards Michele -- Mr Michele Neylon Blacknight Solutions Hosting, Colocation & Domains https://www.blacknight.com/ https://blacknight.blog/ Intl. +353 (0) 59 9183072<tel:+353599183072> Personal blog: https://michele.blog/ Some thoughts: https://ceo.hosting/ ------------------------------- Blacknight Internet Solutions Ltd, Unit 12A,Barrowside Business Park,Sleaty Road,Graiguecullen,Carlow,R93 X265,Ireland Company No.: 370845 I have sent this email at a time that is convenient for me. I do not expect you to respond to it outside of your usual working hours. From: Lu Heng <h.lu@anytimechinese.com<mailto:h.lu@anytimechinese.com>> Date: Wednesday, 10 December 2025 at 13:15 To: Brett Sheffield <ripe@gladserv.com<mailto:ripe@gladserv.com>> Cc: Sergey Myasoedov via members-discuss <members-discuss@ripe.net<mailto:members-discuss@ripe.net>> Subject: [members-discuss] Re: Systematic RIPE DB abuse [EXTERNAL EMAIL] Please use caution when opening attachments from unrecognised sources. Hi I agree entirely NCC should not do anything. A registry’s role is administrative, not enforcement. Asking a bookkeeping-type institution to police behavior is simply outside its mandate and purpose. There are countless legitimate ways to address concerns or resolve disputes. But withholding a fundamental registry service—such as assigning an address—because someone “did or did not do X” is irrational and unprecedented. It is the equivalent of a government refusing to give a home an address instead of contacting law enforcement or using proper legal channels. No responsible system operates that way, and no credible governance framework treats essential registry functions as a tool for punishment or leverage. A registry should remain neutral, predictable, and strictly procedural. Using it as an enforcement mechanism undermines trust in the entire system. -- Kind regards. Lu On Wed, Dec 10, 2025 at 14:38 Brett Sheffield <ripe@gladserv.com<mailto:ripe@gladserv.com>> wrote: On 2025-12-08 12:57, Sergey Myasoedov via members-discuss wrote:

Dear RIPE NCC members,

I’d like to raise the topic of introducing and applying administrative anti-spam measures against RIPE NCC members who deliberately violate Article 4 of the RIPE Database Terms and Conditions.

RIPE NCC requires members to publish up-to-date contact email addresses in the RIPE DB. However, these publicly listed addresses are actively harvested and used for spam by IPv4 brokers and address traders, while RIPE NCC does not take any measures to protect members from this type of abuse.

This issue has been around since the IPv4 market appeared, and although it’s well known, at some point the RIPE NCC staff chose not to act against members who don’t follow the RIPE Database T&C.

My proposal is to freeze transfer operations for members who are repeatedly abusing the RIPE Database.

I’d be glad to hear your thoughts and discuss this further.

Compared to other sources, our RIPE contact address gets a tiny amount of spam, and all of it from IPv4 brokers. I've now received more emails in this single thread in the past 24 hours than I have spam to our RIPE contact address in the past 5 years. No action from RIPE is required here. Tighten your spam controls if this is a problem for you, and lets move on. Cheers, Brett -- Brett Sheffield (he/him) Gladserv To unsubscribe or manage your subscription, log in to the LIR Portal with your RIPE NCC Access account and go to the LIR Account page: https://my.ripe.net/#/account-details. Scroll down to Membership Mailing Lists to update your 'members-discuss' subscription. Having issues unsubscribing? More information about managing your subscription can be found at: https://www.ripe.net/s/members-discuss-subscription-options/ -- -- Kind regards. Lu -- -- Kind regards. Lu

Spam issue can be partially solved by following logic: 1. Advertisement mail received from some IPv4 broker. At this point we do not know if it’s indeed sent by them - 99% it is, but we need proof. 2. We reply pretending we are interested. 3. When broker reply back we have proof it was indeed targeted spam from them. 4. We open ticket with RIPE providing all the details and RIPE implements punishment for LIRs involved in spam activity. With this trap logic it seems doable.

On 11 Dec 2025, at 14:52, Lu Heng <h.lu@anytimechinese.com> wrote:

Michele,

Thank you for your message. The question is not whether rules exist, but whether the current structure for creating and enforcing them is adequate for a global system of this scale.

The “community” model in practice consists of only a few dozen active individuals. This small group is neither representative across regions nor accountable to any broader public, yet its decisions can affect networks operating in vastly different legal, cultural, and political environments. That lack of representation creates a structural risk of capture, bias, and instability.

This becomes even more pronounced when we consider the extreme diversity of national perspectives. From Saudi Arabia to the Netherlands, legal systems, societal values, regulatory expectations, and governance norms differ fundamentally. Expecting a small group of volunteers or industry participants to develop rules that all these jurisdictions should accept—and then enforce them as if they had sovereign authority—is simply unrealistic. No international body at continental scale can force uniform agreement on matters that are inherently rooted in law and national sovereignty.

This is why I argue for a clear separation of functions:

Registration and transfer of registration — the registry’s core mandate.

Its role must be limited to maintaining correct records and executing transfers accurately and neutrally.

Anything beyond those administrative tasks — including questions of legitimacy, suitability, conduct, or compliance —

belongs to sovereign authorities and legal systems, not to the registry or a small self-selected community around it.

When a registry attempts to go beyond its record-keeping role and act as an enforcement body, it oversteps into areas where it has neither the mandate nor the legitimacy—particularly in a world where countries do not and cannot agree on many fundamental issues.

In short:

• The registry must remain purely administrative.

• Enforcement belongs to sovereign powers.

• Critical infrastructure cannot depend on the opinions or decisions of a small, unrepresentative group.

• Decentralization and separation of powers are essential for long-term stability.

My position is not about ignoring rules, but about ensuring that the structures governing the Internet are legitimate, scalable, and sustainable in a globally diverse environment.

Regards,

Lu

On Thu, 11 Dec 2025 at 14:40, Michele Neylon - Blacknight <michele@blacknight.com <mailto:michele@blacknight.com>> wrote:

...

Lu,

I understand your point about the historical role of registries and the importance of neutrality and non-discrimination. However, the reality is that RIPE NCC (and all RIRs) operate under a framework of community-developed policies and contractual obligations. These are not mere “internal sentiment” - they are binding rules agreed upon by the community and the members. If a member consistently fails to comply with these policies, the registry must have the means to enforce them, or the system collapses.

Neutrality means applying the agreed rules consistently, not ignoring breaches simply because the registry’s role is “administrative.” Without enforcement, the policies become meaningless, and trust in the system erodes far more than any action taken within the established framework.

The registry’s authority doesn’t come from “preference” or “pressure” - it comes from the policies and contracts that all parties have agreed to. Staying “within mandate” means enforcing those policies, not refusing to act whenever a dispute arises.

Regards

Michele

-- Mr Michele Neylon Blacknight Solutions Hosting, Colocation & Domains https://www.blacknight.com/ https://blacknight.blog/ Intl. +353 (0) 59  9183072 <tel:+353599183072> Direct Dial: +353 (0)59 9183090 <tel:+353599183090> Personal blog: https://michele.blog/ Some thoughts: https://ceo.hosting/ ------------------------------- Blacknight Internet Solutions Ltd, Unit 12A,Barrowside Business Park,Sleaty Road,Graiguecullen,Carlow,R93 X265,Ireland Company No.: 370845

I have sent this email at a time that is convenient for me. I do not expect you to respond to it outside of your usual working hours.

From: Lu Heng <h.lu@anytimechinese.com <mailto:h.lu@anytimechinese.com>> Date: Thursday, 11 December 2025 12:35 To: Michele Neylon - Blacknight <michele@blacknight.com <mailto:michele@blacknight.com>> Cc: Peering <peering@all-for-one.com <mailto:peering@all-for-one.com>>, Sergey Myasoedov via members-discuss <members-discuss@ripe.net <mailto:members-discuss@ripe.net>> Subject: Re: [members-discuss] Re: Systematic RIPE DB abuse

[EXTERNAL EMAIL] Please use caution when opening attachments from unrecognised sources.

Hi Michele,

A registry cannot remove someone from the Internet simply because a small group of individuals believes they should not appear in the address book. Authority of that kind does not arise from community discussions or internal interpretations; it exists only within sovereign legal systems.

What began decades ago as a voluntary address book maintained by a small circle of technical collaborators has evolved into the documentation layer of the global Internet. In such a context, the old notion of “we can choose not to play with you because we don't like you” no longer applies. Universal, nondiscriminatory access principles govern essential infrastructure.

For that reason, the registry’s role is strictly administrative:

to maintain accurate records and apply clearly defined procedures solely for that purpose.

It is not empowered to impose penalties, revoke resources, or exclude parties except where actions are explicitly grounded in law.

Operational policies support coordination, but they are not legal authority—and they cannot justify shutting a network down because a handful of participants in a working group believe an organisation should not have an address. When a registry moves beyond its administrative mandate and begins treating essential Internet resources as leverage based on internal sentiment or discretionary judgment, it introduces instability rather than accountability.

Enforcement, when appropriate, belongs to courts, regulators, and governments.

The registry must remain neutral, predictable, and tightly bound to its documented processes, without expanding its powers based on preference, pressure, or interpretation.

That is the central point:

administrative bodies must stay within their mandate, and critical infrastructure must never depend on the opinions of a few individuals, however well-intentioned they may be.

On Thu, 11 Dec 2025 at 14:00, Michele Neylon - Blacknight <michele@blacknight.com <mailto:michele@blacknight.com>> wrote: Lu,

If I take your position at face value, it implies that anyone, no matter how often they ignore the rules or breach the obligations they agreed to, should still have uninterrupted access to registry services simply because the registry is administrative.

That is not realistic.

RIPE NCC, like every RIR, operates under policies and contractual terms the community itself created. These rules govern how resources are requested, registered, maintained and transferred. They exist for a reason and they only work if they can be enforced.

If a registry cannot act when members repeatedly disregard those obligations, then the policies become optional. A system where rules are optional is not neutral or stable. It is unworkable.

Neutrality does not mean the registry has no authority. It means the registry applies the established framework consistently and without bias.

That is not punishment. It is basic operational responsibility.

The idea that a registry must continue providing services even when a member openly refuses to follow the agreed rules would undermine trust far more than any action taken within the policy and contractual framework.

Regards, Michele

-- Mr Michele Neylon Blacknight Solutions Hosting, Colocation & Domains https://www.blacknight.com/ https://blacknight.blog/ Intl. +353 (0) 59  9183072 <tel:+353599183072> Direct Dial: +353 (0)59 9183090 <tel:+353599183090> Personal blog: https://michele.blog/ Some thoughts: https://ceo.hosting/ ------------------------------- Blacknight Internet Solutions Ltd, Unit 12A,Barrowside Business Park,Sleaty Road,Graiguecullen,Carlow,R93 X265,Ireland Company No.: 370845

I have sent this email at a time that is convenient for me. I do not expect you to respond to it outside of your usual working hours. From: Lu Heng <h.lu@anytimechinese.com <mailto:h.lu@anytimechinese.com>> Date: Thursday, 11 December 2025 at 10:48 To: Peering <peering@all-for-one.com <mailto:peering@all-for-one.com>> Cc: Michele Neylon - Blacknight <michele@blacknight.com <mailto:michele@blacknight.com>>, Sergey Myasoedov via members-discuss <members-discuss@ripe.net <mailto:members-discuss@ripe.net>> Subject: Re: [members-discuss] Re: Systematic RIPE DB abuse

[EXTERNAL EMAIL] Please use caution when opening attachments from unrecognised sources.

You are mixing two fundamentally different things:

1. Community-platform rules (like mailing lists)

2. Number-resource administration (the registry function)

A registry absolutely may moderate its mailing list or remove someone from a community forum.

That is not the issue.

That is not resource governance.

That is not number administration.

The problem arises when you conflate the mailing list with the registry function and assume the same “ban power” applies to number resources. It does not.

A registry’s authority over number resources is administrative, not discretionary:

• It has no sovereign power.

• It cannot impose penalties outside the law.

• It cannot “ban” someone from holding number resources because it dislikes their actions.

• It cannot create new enforcement powers through internal rules.

Mailing-list rules are internal community guidelines.

Number-resource allocation is part of global critical infrastructure.

These are not equivalent domains.

The fact that a registry can enforce behavior on a mailing list does not grant it the authority to punish a member by altering or revoking their number resources. The two functions exist on different legal, operational, and governance layers.

If you do not separate these layers, you end up with exactly the instability we see today: registries treating essential resource administration as if it were a social-media moderation problem.

A registry is allowed to moderate conversations.

A registry is not allowed to weaponize the address book.

That is the distinction you must not blur.

On Thu, 11 Dec 2025 at 12:33, Peering <peering@all-for-one.com <mailto:peering@all-for-one.com>> wrote: This is not about punishing or violating laws but violating the rules of usage of the registry. While doing so, it should be normal to get banned from that registry and the usage of the abused resources like the Mailing list. So far fully fits in your position, as the rules of usage are given by the registry it’s also the only given authority that can enforce them.

Von: Lu Heng <h.lu@anytimechinese.com <mailto:h.lu@anytimechinese.com>> Gesendet: Mittwoch, 10. Dezember 2025 21:49 An: Michele Neylon - Blacknight <michele@blacknight.com <mailto:michele@blacknight.com>> Cc: Sergey Myasoedov via members-discuss <members-discuss@ripe.net <mailto:members-discuss@ripe.net>> Betreff: [members-discuss] Re: Systematic RIPE DB abuse

Michele,

Let me clarify, because this is not a question of “no rules.”

My position is straightforward:

A registry is a registry.

Its mandate is to maintain accurate records—nothing more.

You do not use an address book as an instrument of punishment.

When a registry begins using essential administrative functions to reward or punish individuals, the system becomes unpredictable and open to abuse. This is, in fact, a major reason the RIR environment has struggled with instability and governance issues: registries have, at times, stepped outside their neutral role and attempted to use resource administration as leverage.

Rules absolutely must exist, and compliance is essential.

But those rules are defined and enforced by sovereign law—courts, regulators, and proper authorities—not by a voluntary address book. A registry cannot impose its own rules above nations, nor can it act as police, prosecutor, and judge.

Punishment, when warranted, must come through established legal channels. A registry that assumes enforcement powers beyond its mandate ultimately undermines its own legitimacy and the trust of the global community.

That is the core of my position.

Regards,

Lu

On Wed, Dec 10, 2025 at 16:19 Michele Neylon - Blacknight <michele@blacknight.com <mailto:michele@blacknight.com>> wrote:

Lu

Sorry but I cannot agree with your position on this.

By your logic RIPE NCC would have zero right to take action against a member who was in breach of the policies, rules etc.,

Trust in the system is only possible when the system is stable and predictable, which you seem to agree with, however if there are no rules then any system will be abused by somebody at some point.

Regards

Michele

-- Mr Michele Neylon Blacknight Solutions Hosting, Colocation & Domains https://www.blacknight.com/ https://blacknight.blog/ Intl. +353 (0) 59  9183072 <tel:+353599183072> Personal blog: https://michele.blog/ Some thoughts: https://ceo.hosting/ ------------------------------- Blacknight Internet Solutions Ltd, Unit 12A,Barrowside Business Park,Sleaty Road,Graiguecullen,Carlow,R93 X265,Ireland Company No.: 370845

I have sent this email at a time that is convenient for me. I do not expect you to respond to it outside of your usual working hours. From: Lu Heng <h.lu@anytimechinese.com <mailto:h.lu@anytimechinese.com>> Date: Wednesday, 10 December 2025 at 13:15 To: Brett Sheffield <ripe@gladserv.com <mailto:ripe@gladserv.com>> Cc: Sergey Myasoedov via members-discuss <members-discuss@ripe.net <mailto:members-discuss@ripe.net>> Subject: [members-discuss] Re: Systematic RIPE DB abuse

[EXTERNAL EMAIL] Please use caution when opening attachments from unrecognised sources.

Hi

I agree entirely NCC should not do anything. A registry’s role is administrative, not enforcement. Asking a bookkeeping-type institution to police behavior is simply outside its mandate and purpose.

There are countless legitimate ways to address concerns or resolve disputes. But withholding a fundamental registry service—such as assigning an address—because someone “did or did not do X” is irrational and unprecedented. It is the equivalent of a government refusing to give a home an address instead of contacting law enforcement or using proper legal channels. No responsible system operates that way, and no credible governance framework treats essential registry functions as a tool for punishment or leverage.

A registry should remain neutral, predictable, and strictly procedural. Using it as an enforcement mechanism undermines trust in the entire system.

-- Kind regards. Lu

On Wed, Dec 10, 2025 at 14:38 Brett Sheffield <ripe@gladserv.com <mailto:ripe@gladserv.com>> wrote:

On 2025-12-08 12:57, Sergey Myasoedov via members-discuss wrote:

...

Dear RIPE NCC members,

I’d like to raise the topic of introducing and applying administrative anti-spam measures against RIPE NCC members who deliberately violate Article 4 of the RIPE Database Terms and Conditions.

RIPE NCC requires members to publish up-to-date contact email addresses in the RIPE DB. However, these publicly listed addresses are actively harvested and used for spam by IPv4 brokers and address traders, while RIPE NCC does not take any measures to protect members from this type of abuse.

This issue has been around since the IPv4 market appeared, and although it’s well known, at some point the RIPE NCC staff chose not to act against members who don’t follow the RIPE Database T&C.

My proposal is to freeze transfer operations for members who are repeatedly abusing the RIPE Database.

I’d be glad to hear your thoughts and discuss this further.

Compared to other sources, our RIPE contact address gets a tiny amount of spam, and all of it from IPv4 brokers.

I've now received more emails in this single thread in the past 24 hours than I have spam to our RIPE contact address in the past 5 years. No action from RIPE is required here.

Tighten your spam controls if this is a problem for you, and lets move on.

Cheers,

Brett -- Brett Sheffield (he/him) Gladserv To unsubscribe or manage your subscription, log in to the LIR Portal with your RIPE NCC Access account and go to the LIR Account page: https://my.ripe.net/#/account-details.

Scroll down to Membership Mailing Lists to update your 'members-discuss' subscription.

Having issues unsubscribing? More information about managing your subscription can be found at: https://www.ripe.net/s/members-discuss-subscription-options/

-- -- Kind regards. Lu

-- -- Kind regards. Lu

-- -- Kind regards. Lu

To unsubscribe or manage your subscription, log in to the LIR Portal with your RIPE NCC Access account and go to the LIR Account page: https://my.ripe.net/#/account-details.

Scroll down to Membership Mailing Lists to update your 'members-discuss' subscription.

Having issues unsubscribing? More information about managing your subscription can be found at: https://www.ripe.net/s/members-discuss-subscription-options/

I like these emails; maybe there will finally be an IPv4 offer I can afford. I got a /24 address from RIPE after 560 days, and that was it. I'm hoping that someday they'll offer me something at a price that would be helpful for my business. In the last discussion about IPv4, I already asked those who were making a big fuss about it, but who themselves are on IPv4 networks, to give me one for a small fee. Nobody wanted it. But maybe an offer will come along sometime. It's always a matter of perspective. Regards, Dirk Best regards / Mit freundlichen Grüßen Walde IT-Systemhaus - CEO Dirk Walde - IT-Specialist Mangenberger Str. 76 - D-42655 Solingen - Germany +49(0)212-3833235 - info@walde-it.de - http://www.walde-it.de NETWORK AS203226 + AS199679 + AS199681 / ABUSE: abuse@waldeit.de ** RIPE NCC Full Member - RIPE LIR Service ** DREG ID: 11/075 (§6 TKG) - TAX ID: DE159795091 Andreas Grabmüller | QuarIT GmbH schrieb:

Why in the name of sanity would we want to do that? On average I get maybe one of those spam mails per month. I can then use that funny “Delete” button my mail client provides, and it costs me maybe three seconds. The amount of mails this thread causes is way higher and costs way more time.

Trying to engage them would be much more time consuming, and then working with RIPE would create a huge workload for them (which we pay for, after all). Also, those who send spam are not exactly trustworthy, I expect most of them are not a legit company, let alone RIPE member. Just because they reply and maybe even impersonate a legit RIPE member doesn’t mean much, in my opinion. Usually, the spammers use Gmail or something like that which is not linkable to anyone.

BR,

Andreas

*Von:* Mihail Fedorov <mihail@fedorov.net> *Gesendet:* Donnerstag, 11. Dezember 2025 17:48 *An:* Sergey Myasoedov via members-discuss <members-discuss@ripe.net> *Betreff:* [members-discuss] Re: Systematic RIPE DB abuse

Spam issue can be partially solved by following logic:

1. Advertisement mail received from some IPv4 broker. At this point we do not know if it’s indeed sent by them - 99% it is, but we need proof.

2. We reply pretending we are interested.

3. When broker reply back we have proof it was indeed targeted spam from them.

4. We open ticket with RIPE providing all the details and RIPE implements punishment for LIRs involved in spam activity.

With this trap logic it seems doable.

On 11 Dec 2025, at 14:52, Lu Heng <h.lu@anytimechinese.com <mailto:h.lu@anytimechinese.com>> wrote:

Michele,

Thank you for your message. The question is not whether rules exist, but whether the current structure for creating and enforcing them is adequate for a global system of this scale.

The “community” model in practice consists of only a few dozen active individuals. This small group is neither representative across regions nor accountable to any broader public, yet its decisions can affect networks operating in vastly different legal, cultural, and political environments. That lack of representation creates a structural risk of capture, bias, and instability.

This becomes even more pronounced when we consider the extreme diversity of national perspectives. From Saudi Arabia to the Netherlands, legal systems, societal values, regulatory expectations, and governance norms differ fundamentally. Expecting a small group of volunteers or industry participants to develop rules that all these jurisdictions should accept—and then enforce them as if they had sovereign authority—is simply unrealistic. No international body at continental scale can force uniform agreement on matters that are inherently rooted in law and national sovereignty.

This is why I argue for a clear separation of functions:

1. Registration and transfer of registration — the registry’s core mandate.

Its role must be limited to maintaining correct records and executing transfers accurately and neutrally.

2. Anything beyond those administrative tasks — including questions of legitimacy, suitability, conduct, or compliance —

belongs to sovereign authorities and legal systems, not to the registry or a small self-selected community around it.

When a registry attempts to go beyond its record-keeping role and act as an enforcement body, it oversteps into areas where it has neither the mandate nor the legitimacy—particularly in a world where countries do not and cannot agree on many fundamental issues.

In short:

• The registry must remain purely administrative.

• Enforcement belongs to sovereign powers.

• Critical infrastructure cannot depend on the opinions or decisions of a small, unrepresentative group.

• Decentralization and separation of powers are essential for long-term stability.

My position is not about ignoring rules, but about ensuring that the structures governing the Internet are legitimate, scalable, and sustainable in a globally diverse environment.

Regards,

Lu

On Thu, 11 Dec 2025 at 14:40, Michele Neylon - Blacknight <michele@blacknight.com <mailto:michele@blacknight.com>> wrote:

Lu,

I understand your point about the historical role of registries and the importance of neutrality and non-discrimination. However, the reality is that RIPE NCC (and all RIRs) operate under a framework of community-developed policies and contractual obligations. These are not mere “internal sentiment” - they are binding rules agreed upon by the community and the members. If a member consistently fails to comply with these policies, the registry must have the means to enforce them, or the system collapses.

Neutrality means applying the agreed rules consistently, not ignoring breaches simply because the registry’s role is “administrative.” Without enforcement, the policies become meaningless, and trust in the system erodes far more than any action taken within the established framework.

The registry’s authority doesn’t come from “preference” or “pressure” - it comes from the policies and contracts that all parties have agreed to. Staying “within mandate” means enforcing those policies, not refusing to act whenever a dispute arises.

Regards

Michele

--

Mr Michele Neylon

Blacknight Solutions

Hosting, Colocation & Domains

_https://www.blacknight.com/_

_https://blacknight.blog/_

Intl. _+353 (0) 59 9183072 <tel:+353599183072>_

Direct Dial: _+353 (0)59 9183090 <tel:+353599183090>_

Personal blog: _https://michele.blog/_

Some thoughts: _https://ceo.hosting/_

-------------------------------

Blacknight Internet Solutions Ltd, Unit 12A,Barrowside Business Park,Sleaty Road,Graiguecullen,Carlow,R93 X265,Ireland Company No.: 370845

I have sent this email at a time that is convenient for me. I do not expect you to respond to it outside of your usual working hours.

*From:** *Lu Heng <h.lu@anytimechinese.com <mailto:h.lu@anytimechinese.com>> *Date: *Thursday, 11 December 2025 12:35 *To: *Michele Neylon - Blacknight <michele@blacknight.com <mailto:michele@blacknight.com>> *Cc: *Peering <peering@all-for-one.com <mailto:peering@all-for-one.com>>, Sergey Myasoedov via members-discuss <members-discuss@ripe.net <mailto:members-discuss@ripe.net>> *Subject: *Re: [members-discuss] Re: Systematic RIPE DB abuse

*[EXTERNAL EMAIL]* Please use caution when opening attachments from unrecognised sources.

Hi Michele,

A registry cannot remove someone from the Internet simply because a small group of individuals believes they should not appear in the address book. Authority of that kind does not arise from community discussions or internal interpretations; it exists only within sovereign legal systems.

What began decades ago as a voluntary address book maintained by a small circle of technical collaborators has evolved into the documentation layer of the global Internet. In such a context, the old notion of “we can choose not to play with you because we don't like you” no longer applies. Universal, nondiscriminatory access principles govern essential infrastructure.

For that reason, the registry’s role is strictly administrative:

to maintain accurate records and apply clearly defined procedures solely for that purpose.

It is not empowered to impose penalties, revoke resources, or exclude parties except where actions are explicitly grounded in law.

Operational policies support coordination, but they are not legal authority—and they cannot justify shutting a network down because a handful of participants in a working group believe an organisation should not have an address. When a registry moves beyond its administrative mandate and begins treating essential Internet resources as leverage based on internal sentiment or discretionary judgment, it introduces instability rather than accountability.

Enforcement, when appropriate, belongs to courts, regulators, and governments.

The registry must remain neutral, predictable, and tightly bound to its documented processes, without expanding its powers based on preference, pressure, or interpretation.

That is the central point:

*administrative bodies must stay within their mandate, and critical infrastructure must never depend on the opinions of a few individuals, however well-intentioned they may be.*

On Thu, 11 Dec 2025 at 14:00, Michele Neylon - Blacknight <michele@blacknight.com <mailto:michele@blacknight.com>> wrote:

Lu,

If I take your position at face value, it implies that anyone, no matter how often they ignore the rules or breach the obligations they agreed to, should still have uninterrupted access to registry services simply because the registry is administrative.

That is not realistic.

RIPE NCC, like every RIR, operates under policies and contractual terms the community itself created. These rules govern how resources are requested, registered, maintained and transferred. They exist for a reason and they only work if they can be enforced.

If a registry cannot act when members repeatedly disregard those obligations, then the policies become optional. A system where rules are optional is not neutral or stable. It is unworkable.

Neutrality does not mean the registry has no authority. It means the registry applies the established framework consistently and without bias.

That is not punishment. It is basic operational responsibility.

The idea that a registry must continue providing services even when a member openly refuses to follow the agreed rules would undermine trust far more than any action taken within the policy and contractual framework.

Regards,

Michele

--

Mr Michele Neylon

Blacknight Solutions

Hosting, Colocation & Domains

_https://www.blacknight.com/_

_https://blacknight.blog/_

Intl. _+353 (0) 59 9183072 <tel:+353599183072>_

Direct Dial: _+353 (0)59 9183090 <tel:+353599183090>_

Personal blog: _https://michele.blog/_

Some thoughts: _https://ceo.hosting/_

-------------------------------

Blacknight Internet Solutions Ltd, Unit 12A,Barrowside Business Park,Sleaty Road,Graiguecullen,Carlow,R93 X265,Ireland Company No.: 370845

I have sent this email at a time that is convenient for me. I do not expect you to respond to it outside of your usual working hours.

*From: *Lu Heng <h.lu@anytimechinese.com <mailto:h.lu@anytimechinese.com>> *Date: *Thursday, 11 December 2025 at 10:48 *To: *Peering <peering@all-for-one.com <mailto:peering@all-for-one.com>> *Cc: *Michele Neylon - Blacknight <michele@blacknight.com <mailto:michele@blacknight.com>>, Sergey Myasoedov via members-discuss <members-discuss@ripe.net <mailto:members-discuss@ripe.net>> *Subject: *Re: [members-discuss] Re: Systematic RIPE DB abuse

*[EXTERNAL EMAIL]* Please use caution when opening attachments from unrecognised sources.

You are mixing two fundamentally different things:

*1. Community-platform rules (like mailing lists)*

*2. Number-resource administration (the registry function)*

A registry absolutely may moderate its mailing list or remove someone from a community forum.

That is /not/ the issue.

That is not resource governance.

That is not number administration.

The problem arises when you conflate the mailing list with the registry function and assume the same “ban power” applies to number resources. It does not.

A registry’s authority over number resources is /administrative/, not discretionary:

• It has no sovereign power.

• It cannot impose penalties outside the law.

• It cannot “ban” someone from holding number resources because it dislikes their actions.

• It cannot create new enforcement powers through internal rules.

Mailing-list rules are internal community guidelines.

Number-resource allocation is part of global critical infrastructure.

These are not equivalent domains.

The fact that a registry can enforce behavior on a mailing list does /not/ grant it the authority to punish a member by altering or revoking their number resources. The two functions exist on different legal, operational, and governance layers.

If you do not separate these layers, you end up with exactly the instability we see today: registries treating essential resource administration as if it were a social-media moderation problem.

A registry is allowed to moderate conversations.

A registry is /not/ allowed to weaponize the address book.

That is the distinction you must not blur.

On Thu, 11 Dec 2025 at 12:33, Peering <peering@all-for-one.com <mailto:peering@all-for-one.com>> wrote:

This is not about punishing or violating laws but violating the rules of usage of the registry. While doing so, it should be normal to get banned from that registry and the usage of the abused resources like the Mailing list. So far fully fits in your position, as the rules of usage are given by the registry it’s also the only given authority that can enforce them.

*Von:* Lu Heng <h.lu@anytimechinese.com <mailto:h.lu@anytimechinese.com>> *Gesendet:* Mittwoch, 10. Dezember 2025 21:49 *An:* Michele Neylon - Blacknight <michele@blacknight.com <mailto:michele@blacknight.com>> *Cc:* Sergey Myasoedov via members-discuss <members-discuss@ripe.net <mailto:members-discuss@ripe.net>> *Betreff:* [members-discuss] Re: Systematic RIPE DB abuse

Michele,

Let me clarify, because this is not a question of “no rules.”

My position is straightforward:

A registry is a registry.

Its mandate is to maintain accurate records—nothing more.

You do not use an address book as an instrument of punishment.

When a registry begins using essential administrative functions to reward or punish individuals, the system becomes unpredictable and open to abuse. This is, in fact, a major reason the RIR environment has struggled with instability and governance issues: registries have, at times, stepped outside their neutral role and attempted to use resource administration as leverage.

Rules absolutely must exist, and compliance is essential.

But those rules are defined and enforced by sovereign law—courts, regulators, and proper authorities—not by a voluntary address book. A registry cannot impose its own rules above nations, nor can it act as police, prosecutor, and judge.

Punishment, when warranted, must come through established legal channels. A registry that assumes enforcement powers beyond its mandate ultimately undermines its own legitimacy and the trust of the global community.

That is the core of my position.

Regards,

Lu

On Wed, Dec 10, 2025 at 16:19 Michele Neylon - Blacknight <michele@blacknight.com <mailto:michele@blacknight.com>> wrote:

Lu

Sorry but I cannot agree with your position on this.

By your logic RIPE NCC would have zero right to take action against a member who was in breach of the policies, rules etc.,

Trust in the system is only possible when the system is stable and predictable, which you seem to agree with, however if there are no rules then any system will be abused by somebody at some point.

Regards

Michele

--

Mr Michele Neylon

Blacknight Solutions

Hosting, Colocation & Domains

_https://www.blacknight.com/_

_https://blacknight.blog/_

Intl. _+353 (0) 59 9183072 <tel:+353599183072>_

Personal blog: _https://michele.blog/_

Some thoughts: _https://ceo.hosting/_

-------------------------------

Blacknight Internet Solutions Ltd, Unit 12A,Barrowside Business Park,Sleaty Road,Graiguecullen,Carlow,R93 X265,Ireland Company No.: 370845

I have sent this email at a time that is convenient for me. I do not expect you to respond to it outside of your usual working hours.

*From: *Lu Heng <h.lu@anytimechinese.com <mailto:h.lu@anytimechinese.com>> *Date: *Wednesday, 10 December 2025 at 13:15 *To: *Brett Sheffield <ripe@gladserv.com <mailto:ripe@gladserv.com>> *Cc: *Sergey Myasoedov via members-discuss <members-discuss@ripe.net <mailto:members-discuss@ripe.net>> *Subject: *[members-discuss] Re: Systematic RIPE DB abuse

*[EXTERNAL EMAIL]* Please use caution when opening attachments from unrecognised sources.

Hi

I agree entirely NCC should not do anything. A registry’s role is administrative, not enforcement. Asking a bookkeeping-type institution to police behavior is simply outside its mandate and purpose.

There are countless legitimate ways to address concerns or resolve disputes. But withholding a fundamental registry service—such as assigning an address—because someone “did or did not do X” is irrational and unprecedented. It is the equivalent of a government refusing to give a home an address instead of contacting law enforcement or using proper legal channels. No responsible system operates that way, and no credible governance framework treats essential registry functions as a tool for punishment or leverage.

A registry should remain neutral, predictable, and strictly procedural. Using it as an enforcement mechanism undermines trust in the entire system.

-- Kind regards. Lu

On Wed, Dec 10, 2025 at 14:38 Brett Sheffield <ripe@gladserv.com <mailto:ripe@gladserv.com>> wrote:

On 2025-12-08 12:57, Sergey Myasoedov via members-discuss wrote: > Dear RIPE NCC members, > > I’d like to raise the topic of introducing and applying administrative anti-spam measures against RIPE NCC members who deliberately violate Article 4 of the RIPE Database Terms and Conditions. > > RIPE NCC requires members to publish up-to-date contact email addresses in the RIPE DB. However, these publicly listed addresses are actively harvested and used for spam by IPv4 brokers and address traders, while RIPE NCC does not take any measures to protect members from this type of abuse. > > This issue has been around since the IPv4 market appeared, and although it’s well known, at some point the RIPE NCC staff chose not to act against members who don’t follow the RIPE Database T&C. > > My proposal is to freeze transfer operations for members who are repeatedly abusing the RIPE Database. > > I’d be glad to hear your thoughts and discuss this further.

Compared to other sources, our RIPE contact address gets a tiny amount of spam, and all of it from IPv4 brokers.

I've now received more emails in this single thread in the past 24 hours than I have spam to our RIPE contact address in the past 5 years. No action from RIPE is required here.

Tighten your spam controls if this is a problem for you, and lets move on.

Cheers,

Brett -- Brett Sheffield (he/him) Gladserv To unsubscribe or manage your subscription, log in to the LIR Portal with your RIPE NCC Access account and go to the LIR Account page: https://my.ripe.net/#/account-details.

Scroll down to Membership Mailing Lists to update your 'members-discuss' subscription.

Having issues unsubscribing? More information about managing your subscription can be found at: https://www.ripe.net/s/members-discuss-subscription-options/

--

-- Kind regards. Lu

--

-- Kind regards. Lu

--

-- Kind regards. Lu

To unsubscribe or manage your subscription, log in to the LIR Portal with your RIPE NCC Access account and go to the LIR Account page: https://my.ripe.net/#/account-details.

Scroll down to Membership Mailing Lists to update your 'members-discuss' subscription.

Having issues unsubscribing? More information about managing your subscription can be found at: https://www.ripe.net/s/members-discuss-subscription-options/

------------------------------------------------------------------------

To unsubscribe or manage your subscription, log in to the LIR Portal with your RIPE NCC Access account and go to the LIR Account page: https://my.ripe.net/#/account-details.

Scroll down to Membership Mailing Lists to update your 'members-discuss' subscription.

Having issues unsubscribing? More information about managing your subscription can be found at: https://www.ripe.net/s/members-discuss-subscription-options/

Purely theoretically, let's look at a flaw in that logic. If you ask a broker if they are selling IPs, they will always answer "yes." If you ask them if they sent the spam email, they will say "no," but will still try to close the deal. This behavior applies to both: 1. A legitimate broker (if someone tried to frame him, he still won't refuse a paying client). 2. A spammer broker (he knows the spam is illegal, so he will deny sending it and pretend to be legitimate). Therefore, receiving a reply is not proof of who sent the original spam. On Thu, 2025-12-11 at 18:47 +0200, Mihail Fedorov wrote:

Spam issue can be partially solved by following logic:

1. Advertisement mail received from some IPv4 broker. At this point we do not know if it’s indeed sent by them - 99% it is, but we need proof. 2. We reply pretending we are interested. 3. When broker reply back we have proof it was indeed targeted spam from them. 4. We open ticket with RIPE providing all the details and RIPE implements punishment for LIRs involved in spam activity.

With this trap logic it seems doable.

...

On 11 Dec 2025, at 14:52, Lu Heng <h.lu@anytimechinese.com> wrote:

Michele,

Thank you for your message. The question is not whether rules exist, but whether the current structure for creating and enforcing them is adequate for a global system of this scale.

The “community” model in practice consists of only a few dozen active individuals. This small group is neither representative across regions nor accountable to any broader public, yet its decisions can affect networks operating in vastly different legal, cultural, and political environments. That lack of representation creates a structural risk of capture, bias, and instability.

This becomes even more pronounced when we consider the extreme diversity of national perspectives. From Saudi Arabia to the Netherlands, legal systems, societal values, regulatory expectations, and governance norms differ fundamentally. Expecting a small group of volunteers or industry participants to develop rules that all these jurisdictions should accept—and then enforce them as if they had sovereign authority—is simply unrealistic. No international body at continental scale can force uniform agreement on matters that are inherently rooted in law and national sovereignty.

This is why I argue for a clear separation of functions:

1. Registration and transfer of registration — the registry’s core mandate.Its role must be limited to maintaining correct records and executing transfers accurately and neutrally. 2. Anything beyond those administrative tasks — including questions of legitimacy, suitability, conduct, or compliance —belongs to sovereign authorities and legal systems, not to the registry or a small self-selected community around it.

When a registry attempts to go beyond its record-keeping role and act as an enforcement body, it oversteps into areas where it has neither the mandate nor the legitimacy—particularly in a world where countries do not and cannot agree on many fundamental issues.

In short:

• The registry must remain purely administrative. • Enforcement belongs to sovereign powers. • Critical infrastructure cannot depend on the opinions or decisions of a small, unrepresentative group. • Decentralization and separation of powers are essential for long- term stability.

My position is not about ignoring rules, but about ensuring that the structures governing the Internet are legitimate, scalable, and sustainable in a globally diverse environment.

Regards, Lu

On Thu, 11 Dec 2025 at 14:40, Michele Neylon - Blacknight <michele@blacknight.com> wrote:

...

Lu,

I understand your point about the historical role of registries and the importance of neutrality and non-discrimination. However, the reality is that RIPE NCC (and all RIRs) operate under a framework of community-developed policies and contractual obligations. These are not mere “internal sentiment” - they are binding rules agreed upon by the community and the members. If a member consistently fails to comply with these policies, the registry must have the means to enforce them, or the system collapses.

Neutrality means applying the agreed rules consistently, not ignoring breaches simply because the registry’s role is “administrative.” Without enforcement, the policies become meaningless, and trust in the system erodes far more than any action taken within the established framework.

The registry’s authority doesn’t come from “preference” or “pressure” - it comes from the policies and contracts that all parties have agreed to. Staying “within mandate” means enforcing those policies, not refusing to act whenever a dispute arises.

Regards

Michele

-- Mr Michele Neylon Blacknight Solutions Hosting, Colocation & Domains https://www.blacknight.com/ https://blacknight.blog/ Intl. +353 (0) 59  9183072 Direct Dial: +353 (0)59 9183090 Personal blog: https://michele.blog/ Some thoughts: https://ceo.hosting/ ------------------------------- Blacknight Internet Solutions Ltd, Unit 12A,Barrowside Business Park,Sleaty Road,Graiguecullen,Carlow,R93 X265,Ireland  Company No.: 370845   I have sent this email at a time that is convenient for me. I do not expect you to respond to it outside of your usual working hours.

  From: Lu Heng <h.lu@anytimechinese.com> Date: Thursday, 11 December 2025 12:35 To: Michele Neylon - Blacknight <michele@blacknight.com> Cc: Peering <peering@all-for-one.com>, Sergey Myasoedov via members-discuss <members-discuss@ripe.net> Subject: Re: [members-discuss] Re: Systematic RIPE DB abuse [EXTERNAL EMAIL] Please use caution when opening attachments from unrecognised sources. Hi Michele, A registry cannot remove someone from the Internet simply because a small group of individuals believes they should not appear in the address book. Authority of that kind does not arise from community discussions or internal interpretations; it exists only within sovereign legal systems. What began decades ago as a voluntary address book maintained by a small circle of technical collaborators has evolved into the documentation layer of the global Internet. In such a context, the old notion of “we can choose not to play with you because we don't like you” no longer applies. Universal, nondiscriminatory access principles govern essential infrastructure. For that reason, the registry’s role is strictly administrative: to maintain accurate records and apply clearly defined procedures solely for that purpose. It is not empowered to impose penalties, revoke resources, or exclude parties except where actions are explicitly grounded in law. Operational policies support coordination, but they are not legal authority—and they cannot justify shutting a network down because a handful of participants in a working group believe an organisation should not have an address. When a registry moves beyond its administrative mandate and begins treating essential Internet resources as leverage based on internal sentiment or discretionary judgment, it introduces instability rather than accountability. Enforcement, when appropriate, belongs to courts, regulators, and governments. The registry must remain neutral, predictable, and tightly bound to its documented processes, without expanding its powers based on preference, pressure, or interpretation. That is the central point: administrative bodies must stay within their mandate, and critical infrastructure must never depend on the opinions of a few individuals, however well-intentioned they may be.

On Thu, 11 Dec 2025 at 14:00, Michele Neylon - Blacknight <michele@blacknight.com> wrote:

...

Lu,

If I take your position at face value, it implies that anyone, no matter how often they ignore the rules or breach the obligations they agreed to, should still have uninterrupted access to registry services simply because the registry is administrative.

That is not realistic.

RIPE NCC, like every RIR, operates under policies and contractual terms the community itself created. These rules govern how resources are requested, registered, maintained and transferred. They exist for a reason and they only work if they can be enforced.

If a registry cannot act when members repeatedly disregard those obligations, then the policies become optional. A system where rules are optional is not neutral or stable. It is unworkable.

Neutrality does not mean the registry has no authority. It means the registry applies the established framework consistently and without bias.

That is not punishment. It is basic operational responsibility.

The idea that a registry must continue providing services even when a member openly refuses to follow the agreed rules would undermine trust far more than any action taken within the policy and contractual framework.

Regards, Michele

-- Mr Michele Neylon Blacknight Solutions Hosting, Colocation & Domains https://www.blacknight.com/ https://blacknight.blog/ Intl. +353 (0) 59  9183072 Direct Dial: +353 (0)59 9183090 Personal blog: https://michele.blog/ Some thoughts: https://ceo.hosting/ ------------------------------- Blacknight Internet Solutions Ltd, Unit 12A,Barrowside Business Park,Sleaty Road,Graiguecullen,Carlow,R93 X265,Ireland  Company No.: 370845   I have sent this email at a time that is convenient for me. I do not expect you to respond to it outside of your usual working hours. From: Lu Heng <h.lu@anytimechinese.com> Date: Thursday, 11 December 2025 at 10:48 To: Peering <peering@all-for-one.com> Cc: Michele Neylon - Blacknight <michele@blacknight.com>, Sergey Myasoedov via members-discuss <members-discuss@ripe.net> Subject: Re: [members-discuss] Re: Systematic RIPE DB abuse

[EXTERNAL EMAIL] Please use caution when opening attachments from unrecognised sources. You are mixing two fundamentally different things:

1. Community-platform rules (like mailing lists) 2. Number-resource administration (the registry function)

A registry absolutely may moderate its mailing list or remove someone from a community forum. That is not the issue. That is not resource governance. That is not number administration.

The problem arises when you conflate the mailing list with the registry function and assume the same “ban power” applies to number resources. It does not.

A registry’s authority over number resources is administrative, not discretionary:

• It has no sovereign power. • It cannot impose penalties outside the law. • It cannot “ban” someone from holding number resources because it dislikes their actions. • It cannot create new enforcement powers through internal rules.

Mailing-list rules are internal community guidelines. Number-resource allocation is part of global critical infrastructure.

These are not equivalent domains.

The fact that a registry can enforce behavior on a mailing list does not grant it the authority to punish a member by altering or revoking their number resources. The two functions exist on different legal, operational, and governance layers.

If you do not separate these layers, you end up with exactly the instability we see today: registries treating essential resource administration as if it were a social-media moderation problem.

A registry is allowed to moderate conversations. A registry is not allowed to weaponize the address book.

That is the distinction you must not blur.

On Thu, 11 Dec 2025 at 12:33, Peering <peering@all-for-one.com> wrote:

...

This is not about punishing or violating laws but violating the rules of usage of the registry. While doing so, it should be normal to get banned from that registry and the usage of the abused resources like the Mailing list. So far fully fits in your position, as the rules of usage are given by the registry it’s also the only given authority that can enforce them.   Von: Lu Heng <h.lu@anytimechinese.com> Gesendet: Mittwoch, 10. Dezember 2025 21:49 An: Michele Neylon - Blacknight <michele@blacknight.com> Cc: Sergey Myasoedov via members-discuss <members-discuss@ripe.net> Betreff: [members-discuss] Re: Systematic RIPE DB abuse   Michele,   Let me clarify, because this is not a question of “no rules.”   My position is straightforward:   A registry is a registry. Its mandate is to maintain accurate records—nothing more. You do not use an address book as an instrument of punishment.   When a registry begins using essential administrative functions to reward or punish individuals, the system becomes unpredictable and open to abuse. This is, in fact, a major reason the RIR environment has struggled with instability and governance issues: registries have, at times, stepped outside their neutral role and attempted to use resource administration as leverage.   Rules absolutely must exist, and compliance is essential. But those rules are defined and enforced by sovereign law—courts, regulators, and proper authorities—not by a voluntary address book. A registry cannot impose its own rules above nations, nor can it act as police, prosecutor, and judge.   Punishment, when warranted, must come through established legal channels. A registry that assumes enforcement powers beyond its mandate ultimately undermines its own legitimacy and the trust of the global community.   That is the core of my position.   Regards, Lu         On Wed, Dec 10, 2025 at 16:19 Michele Neylon - Blacknight <michele@blacknight.com> wrote:

...

Lu    Sorry but I cannot agree with your position on this.    By your logic RIPE NCC would have zero right to take action against a member who was in breach of the policies, rules etc.,    Trust in the system is only possible when the system is stable and predictable, which you seem to agree with, however if there are no rules then any system will be abused by somebody at some point.    Regards   Michele   -- Mr Michele Neylon Blacknight Solutions Hosting, Colocation & Domains https://www.blacknight.com/ https://blacknight.blog/ Intl. +353 (0) 59  9183072 Personal blog: https://michele.blog/ Some thoughts: https://ceo.hosting/ ------------------------------- Blacknight Internet Solutions Ltd, Unit 12A,Barrowside Business Park,Sleaty Road,Graiguecullen,Carlow,R93 X265,Ireland  Company No.: 370845   I have sent this email at a time that is convenient for me. I do not expect you to respond to it outside of your usual working hours. From: Lu Heng <h.lu@anytimechinese.com> Date: Wednesday, 10 December 2025 at 13:15 To: Brett Sheffield <ripe@gladserv.com> Cc: Sergey Myasoedov via members-discuss <members-discuss@ripe.net> Subject: [members-discuss] Re: Systematic RIPE DB abuse [EXTERNAL EMAIL] Please use caution when opening attachments from unrecognised sources. Hi   I agree entirely NCC should not do anything. A registry’s role is administrative, not enforcement. Asking a bookkeeping-type institution to police behavior is simply outside its mandate and purpose.   There are countless legitimate ways to address concerns or resolve disputes. But withholding a fundamental registry service—such as assigning an address—because someone “did or did not do X” is irrational and unprecedented. It is the equivalent of a government refusing to give a home an address instead of contacting law enforcement or using proper legal channels. No responsible system operates that way, and no credible governance framework treats essential registry functions as a tool for punishment or leverage.   A registry should remain neutral, predictable, and strictly procedural. Using it as an enforcement mechanism undermines trust in the entire system.     -- Kind regards. Lu     On Wed, Dec 10, 2025 at 14:38 Brett Sheffield <ripe@gladserv.com> wrote: > On 2025-12-08 12:57, Sergey Myasoedov via members-discuss > wrote: > > Dear RIPE NCC members, > > > > I’d like to raise the topic of introducing and applying > administrative anti-spam measures against RIPE NCC > members who deliberately violate Article 4 of the RIPE > Database Terms and Conditions. > > > > RIPE NCC requires members to publish up-to-date contact > email addresses in the RIPE DB. However, these publicly > listed addresses are actively harvested and used for spam > by IPv4 brokers and address traders, while RIPE NCC does > not take any measures to protect members from this type > of abuse. > > > > This issue has been around since the IPv4 market > appeared, and although it’s well known, at some point the > RIPE NCC staff chose not to act against members who don’t > follow the RIPE Database T&C. > > > > My proposal is to freeze transfer operations for > members who are repeatedly abusing the RIPE Database. > > > > I’d be glad to hear your thoughts and discuss this > further. > > Compared to other sources, our RIPE contact address gets > a tiny amount of spam, > and all of it from IPv4 brokers. > > I've now received more emails in this single thread in > the past 24 hours than I > have spam to our RIPE contact address in the past 5 > years. No action from RIPE > is required here. > > Tighten your spam controls if this is a problem for you, > and lets move on. > > Cheers, > > > Brett > -- > Brett Sheffield (he/him) > Gladserv > To unsubscribe or manage your subscription, log in to the > LIR Portal with your > RIPE NCC Access account and go to the LIR Account page: > https://my.ripe.net/#/account-details. > > Scroll down to Membership Mailing Lists to update your > 'members-discuss' subscription. > > Having issues unsubscribing? More information about > managing your subscription > can be found > at: https://www.ripe.net/s/members-discuss-subscription-options/

-- -- Kind regards. Lu

-- -- Kind regards. Lu

--  -- Kind regards. Lu

To unsubscribe or manage your subscription, log in to the LIR Portal with your RIPE NCC Access account and go to the LIR Account page: https://my.ripe.net/#/account-details.

Scroll down to Membership Mailing Lists to update your 'members- discuss' subscription.

Having issues unsubscribing? More information about managing your subscription can be found at: https://www.ripe.net/s/members-discuss- subscription-options/

To unsubscribe or manage your subscription, log in to the LIR Portal with your RIPE NCC Access account and go to the LIR Account page: https://my.ripe.net/#/account-details.

Scroll down to Membership Mailing Lists to update your 'members- discuss' subscription.

Having issues unsubscribing? More information about managing your subscription can be found at: https://www.ripe.net/s/members-discuss-subscription-options/

Don’t feed the troll. Mich --

On 10 Dec 2025, at 15:19, Michele Neylon - Blacknight via members-discuss <members-discuss@ripe.net> wrote:

Lu

Sorry but I cannot agree with your position on this.

By your logic RIPE NCC would have zero right to take action against a member who was in breach of the policies, rules etc.,

Trust in the system is only possible when the system is stable and predictable, which you seem to agree with, however if there are no rules then any system will be abused by somebody at some point.

Regards

Michele