Because I haven't got unlimited WHOIS queries. (Although I and everyone else *should* have those. There are no valid reasons to rate-limit any form of WHOIS query.)
Yes there are. The current whois returns way more information on a query than you need for network operations. That's because the current whois was designed back in the 1970's so that ARPANET network managers could identify all the users of the network in order to help them make the business case for their budget requests to cover the cost of high-speed 56k frame relay links. There is no good reason to rate-limit a query that takes an IP address (or IP address range or CIDR block) and returns with a list of database record identifiers for the enclosing blocks. The record identifiers for organizations who directly received an allocation or assignment from ARIN would be their org-id. The other ones, SWIP records, would have some fixed database key like REASG20060000000022812536. If no REASsiGnment record exists, you now have the orgid to contact and have no need to do an additional query if they are a known organization. If the REASiGnment records do exist, you can look them up in your own database to see if they are a re-offender. And if you really need to, then you can do a RATE-LIMITED lookup of contact info. One type of query is justifiably rate limited to prevent DB scraping by spammers et al. The other type is not, however it does not currently exist because the RIR whois directory was not created for network operations support nor is it designed to do this job. You can hack together all kinds of mashups that sort of work if you squint the right way, but the bottom-line is that whois does not do the job that many network operators think it does or would like it to do.
Because This Is Not My Problem. If by chance someone benign has chosen to locate their operation in known-hostile, known-negligently-operated network space, then their failure to perform due diligence may have consequences for them.
It would be interesting if you, and other like-minded hard-nosed network admins would get together and write a requirements document for a whois type directory lookup that would actually support you in what you are trying to do while minimizing collateral damage. The only caveat is that it must be legal to implement in the USA, i.e. you will never get GPS coordinates and a photo of the registrant in such a system. In my opinion, the purpose and scope of such a directory is to provide contact info for people who are ready, willing and able to communicate regarding network operations and interconnect issues and who are able to act on that communication. All contact info should be verified with the contactee who must EXPLICITLY agree to have the info published. All contact info will be verified periodically (maybe every 4 months?) by out-of band means, i.e. the directory operator will keep track of individual email addresses and phone numbers for role account managers. If such a directory did exist, then it would be smaller than whois. You would get many more failures on a quick query which is a good thing. It means that the network operator did not make it a contractual requirement for their customer to maintain an up-to-date network contact. In that case, the network operator is not just morally responsible for abuse, they are contractually responsible. Or maybe you could come up with something better?
1. Gratuitously labeling carefully-considered measures as random is not a route to productive conversation.
Agreed. I think a lot of the problem stems from assumptions. People make a lot of assumptions on what whois does based on the net folklore that was handed down to them when they "joined" the Internet. Few people seem to question such folklore and few people notice that not everybody shares the same understanding. However, it is a lot easier for people to notice that your carefully-considered measures look like a lot like a crude weapon that causes lots of collateral damage. They feel that you could do better and attack you rather than attacking their own assumptions which are the real root of the problem. If you had better data to work with, then your carefully-considered measures would evolve to appear highly sophisticated wisdom, and would also cause little collateral damage. --Michael Dillon