...

I think that it is time to tighten up on these requirements even further. The published whois directory should only contain the up-to-date contact information of people responsible for enforcing network AUPs and rooting out network abuse. If an organization is allocated or assigned IP space

...

from their upstream then their info should not be published in the whois directory unless they agree to be directly responsible for AUPs and abuse mitigation.

This would make every provider like Level3 and Cogent...hosters of spammers camouflaged by a lack of publicly available reassignment data. At least with the current system, most providers publish reassignment data, so when you get spammed by discountdeals or ultimate savings, or the like, you can usually look up their address space and block them.

If Level3 and Cogent are in a common carrier position in relation to their customers then it is likely that they will delegate the responsibility for AUPs and abuse issues to the customer. In that case they will provide current and functional contact info to the whois directory much like today. One difference is that someone (hopefully the publisher of the whois directory) will take responsibility for regularly confirming that contact info. If the info gets out of date then they would pester Level3 or Cogent for an update and if Level3 or Cogent don't supply updated contact info then the whois directory would revert to showing Level3 or Cogent as responsible for the block. Now, back to your idea of blocking address space. Is there anything in the above suggestion that makes it impossible for you to block incoming email from abusive address space?

Too many providers just don't care about spam as long as the spammers pay.

If my suggestion were adopted then the spammer's provider would either enforce their own AUPs or they themselves would pay the price.

...

In one fell swoop, this will enable people to block just about every possible source of spam.

I assume you mean it would make blocking bogons and unused blocks easier,

but I think the net result would be to make it much harder to block most sources of spam.

No, I mean that all IP address would be clearly delineated into two types. Prime addresses would have correct and functional contact info while dirty addresses would not. If you were advising a business on their Internet connectivity would you advise them to sign up with a provider using prime addresses or dirty addresses? It also means that there would be two strategies for dealing with SPAM, DDOS, etc. If it comes in from a dirty address, then just block or filter the traffic. If it comes from a prime address, then you contact the provider and work out the problem. There isn't any more huge grey area of providers who might be good people if only you could find some way to contact them. Any provider who doesn't keep their contact information up to date ends up in the same ditch as the dead dogs, offal and sewage.

So you want to fix this by making it even harder to find out who's using an IP block?

No, I want to shift the responsibility onto the IP block users. It should be their responsibility to show that they are a good network citizen or else they won't get connectivity. By the way, I think that something like this can be done entirely outside of the existing RIR and whois structures. This is all about a web of trust and it is possible to set up a private SMTP exchange system that requires its members to only accept incoming SMTP (on a port other than 25) from organizations who enforce a no-spam AUP. Then you can sign up for Internet email service from one of the members and onlly see SPAM once in a blue moon. --Michael Dillon P.S. about the crack pipe, I was under the impression that crack smoking reduced your ability for creative thought. In that case it's more likely that those who oppose my ideas are the ones smoking crack...