On 11/10/2014 7:56 AM, Michael Peddemors wrote:
On 14-11-10 07:34 AM, Kevin Kargel wrote:
I have to agree with Ted. ARIN is not in the 'acceptable use
enforcement' business and that is a line that should not be crossed.
There are many other agencies and venues more appropriate for the task
of spam regulation. ARIN is not a first amendment police, and they are
not responsible for misuse of member networks. ARIN's sole job is
registration of IP number resources.
I am 100% in favor of limiting and restricting spam and other
malicious internet abuses, but ARIN is not the appropriate agency to
assign the onus of policing these bad actors. I applaud all the
efforts to fight spam and encourage everyone to become much more
active and involved in combatting it, but please do it from a proper
agency.
Kevin
However, ARIN does have the mandate regarding proper SWIP for delegated
IP Addresses, and enforcement in that area might be the first step.
Many of those 'spammers' use forged or false information, and while ARIN
is not the right place to judge the usage of IP(s), it does have the
mandate to determine whether an organization is entitled to new resources.
This is a 'first step' which I believe ARIN needs more support in
addressing, and stronger mandates in this area.
This would help prevent abuse. Usage of a public resource such as an IP
Address, should have clearly presented, accurate information as to the
party using and responsible for such activity.
Some providers are very forward in this regard, requiring identification
of users/organizations who wish to use their IP resources, and using
'rwhois' servers and/or SWIP to clearly report this, while others simply
ignore ARIN guidelines, can't be bothered, or turn a blind eye.
It would be helpful to deal with the later in a more effective way, than
simply 'taking a report' of this occurring.
There are many 'can-spam' laws etc, that can address spammers, however
if the information of the operators is false, inaccurate, or missing,
that brings extra challenges.
I believe if the information was more accurate, it would also curb some
of that activity, freeing up IP addresses for better use.
There are many other criminals than spammers on the Internet that make
use of forged or fake information that is given to their upstream networks.
I do not support penalizing the upstream address holders for this, however.
BUT, what I DO think should be happening is when evidence of a bogus
SWIP entry is presented to the RIR, the RIR should be able to give the
upstream holder a week to investigate, and if the upstream holder is
unwilling to "back" the bogus SWIP, then the upstream holder should
remove the entry - or ARIN should.
I do NOT regard this as penalizing the address holder.
Fundamentally, when an address holder obtains addressing they are
responsible for it's use.
If an address holder wants to become the world's spam and criminal
hoster, that is perfectly fine with me. I'll block all their IP
addressing in my own gear.
But they should not be permitted to use the SWIP system to obfuscate
what they are doing.
If they want to host spammers, then either the spammers identify who
they are - so they can be easily found and prosecuted - or they assume
responsibility for the spamming - so they themselves can be prosecuted.
If doing that results in removal of SWIP records and their inability
to meet utilization requirements to obtain more addressing then that
is just their tough luck.
Unfortunately, most of this discussion is purely academic for ARIN as
most spamming originates either overseas (where ARIN is not the
responsible RIR) or it originates from hijacked machines on legitimate
networks in North America which will shut them down if informed.
Ted
_______________________________________________
PPML
You are receiving this message because you are subscribed to
the ARIN Public Policy Mailing List (ARIN-PPML@arin.net).
Unsubscribe or manage your mailing list subscription at:
http://lists.arin.net/mailman/listinfo/arin-ppml
Please contact i...@arin.net if you experience any issues.
