I have found the scaling is better if you make it the abusing providers problem to contact you. Whenever a range gets blocked, the bounce message tells the mail originator to take their money and find a new hosting provider that does not support/tolerate spam. When legitimate originators have contacted their provider about that message, the sources that were inadvertently hosting the abuse are happy to find out more so they can resolve the problem, and they provide a working contact in the process, even if the registered one fails. The down side is that it requires the legitimate originator to pay attention to the bounce and decide they want to take action. The hope is that eventually more money will flow toward those hosting providers that are diligent about resolving issues. Tony
-----Original Message----- From: NANOG [mailto:nanog-bounces@nanog.org] On Behalf Of Suresh Ramasubramanian Sent: Monday, August 11, 2014 11:04 AM To: Mark Andrews Cc: goemon@anime.net; nanog@nanog.org Subject: Re: Dealing with abuse complaints to non-existent contacts
Good luck getting action from foreign LE through the mlat system
You might get a response, oh, in the next two years or so. IF you can find local LE willing to push the case forward.
Beyond that while RIRs are not the internet police they do owe it to the community to be more vigilant on dud contact addresses, and also do a lot^W bit more due diligence when allocating IP space, and when appointing LIRs. On 11-Aug-2014 6:37 am, "Mark Andrews" <marka@isc.org> wrote:
In message <CB3CA09E-B16F-4101-AEC2-AEE12C982400@delong.com>,
DeLong writes:
On Aug 10, 2014, at 1:28 PM, goemon@anime.net wrote:
On Mon, 11 Aug 2014, Paul S. wrote:
It would appear you've done your part in trying to reach out (and subsequently failed), so the next step to go is dropping all traffic
from
it.
Nothing wrong with trying to protect your own customer from people who cannot be bothered to do their own due diligence.
It would be nice if allocations would be revoked due to invalid/fake contact info.
-Dan
I kind of agree, but past efforts in this regard have not met with consensus from the ARIN community.
If you believe this to be the case, I suggest putting it into template format and submitting to policy@arin.net.
I'm happy to help if you would like. Subscribing to arin-ppml will allow you to participate in the community discussion of the policy
Owen proposal.
Owen
It really isn't the RIR's job to withdraw allocations due to bad behaviour as much as many of us would like it to be. Failure to maintain valid contact details however is within the purview of the RIRs.
If you are being attacked, report the attack to your LEA. Let the LEA's maintain intellegence on which networks are permitting attacks to be launched from their address space. They can work with LEA in the network's juristiction to get the attacks stops and offenders prosecuted. LEA's can in theory also get courts to issue orders to filter offending address blocks by all ISP's in their juristiction.
Mark -- Mark Andrews, ISC 1 Seymour St., Dundas Valley, NSW 2117, Australia PHONE: +61 2 9871 4742 INTERNET: marka@isc.org