On 7/26/13, John Curran <jcurran@arin.net> wrote:
ARIN will run the Whois database however you folks collectively want it run. Write up the change you seek (should be fairly easy), show rough consensus in the community for the change (slightly more difficult task), and then,
I personally think there is too little evidence at this point of widespread abuse to merit restricting access to WHOIS. Assuming you don't consider sending DMCA-like request letters to technical or abuse contacts an abuse of WHOIS. I can see how such things might be construed as spam in high volume, for large networks that provide only IP connectivity services that aren't subject to DMCA letter provisions and don't have a policy of turning off IP transit/telco services for Trademark/Copyvio without a court order. My very strong recommendation would be: * Conduct a study on the subject of WHOIS "marketing spam" type abuse. Am I correct in suggesting, that the ARIN staff would have authority to create temporary "dummy" IP address and ASN allocations of various sizes for short periods of time, using multiple e-mail To domains, and announcing them among the new allocations, and finding some ISP to bring up some of the prefixes, for the purpose of studying, if these contacts (that could have been learned only through WHOIS) receive e-mail? I would be interested in... * Is whether there is an AS allocated, IP address allocated, ORG allocated, or just POC handle created, or BGP announcement for a certain prefix correlated with the probability that a contact is spammed? * Who did the spam come from? * What IP addresses requested WHOIS on "dummy allocations" or "dummy org" records that shouldn't have shown up on the internet, e.g. so "legitimate" WHOIS queries should be minimal? --- If someone studies that and finds there is a correlation to spam based on WHOIS listing alone, then perhaps.... there must be a solution for this.... on occasion; allocate one or two new AS numbers and a /24 on a temporary basis (6 to 12 months) solely for "spammer detection" purposes, in other words "intentional erroneous allocations" that the RIR would publish as if a real allocation. If spam is received... research into what IP addresses performed WHOIS requests for those, and publish for the world to see, every email message received, plus any followups into search-for-the-guilty to clear up the pattern of network contact abuse. In other words: for starters, assume the number of "bad actors" is small, and let the community pressure them and their peers to retaliate, before diminishing the average usefulness of WHOIS to everyone, (which restricting access to a small number of users does).
My guess is someone is using your mass whois database, looking at the most recently issued/created AS numbers, and cold calling. -------------------------------------------- I'd be interested in knowing who it is, so I can be sure to never buy from them.
scott -- -JH