Reply to Sean Donelan (was: Yet more hijacked space? -

I think that it is time to tighten up on these requirements even


The published whois directory should only contain the up-to-date


information of people responsible for enforcing network AUPs and


out network abuse. If an organization is allocated or assigned IP space

from their upstream then their info should not be published in the


directory unless they agree to be directly responsible for AUPs and



This would make every provider like
Level3 and Cogent...hosters of spammers camouflaged by a lack of
publicly available reassignment data. At least with the current system,
most providers publish reassignment data, so when you get spammed by
discountdeals or ultimate savings, or the like, you can usually look up
their address space and block them.

If Level3 and Cogent are in a common carrier position in relation to their
customers then it is likely that they will delegate the responsibility for
AUPs and abuse issues to the customer. In that case they will provide
current and functional contact info to the whois directory much like
today. One difference is that someone (hopefully the publisher of the
whois directory) will take responsibility for regularly confirming that
contact info. If the info gets out of date then they would pester Level3
or Cogent for an update and if Level3 or Cogent don't supply updated
contact info then the whois directory would revert to showing Level3 or
Cogent as responsible for the block.

Now, back to your idea of blocking address space. Is there anything in the
above suggestion that makes it impossible for you to block incoming email
from abusive address space?

Too many providers just don't care
about spam as long as the spammers pay.

If my suggestion were adopted then the spammer's provider would either
enforce their own AUPs or they themselves would pay the price.

In one fell swoop, this will enable people to block just about every
possible source of spam.

I assume you mean it would make blocking bogons and unused blocks easier,

but I think the net result would be to make it much harder to block most
sources of spam.

No, I mean that all IP address would be clearly delineated into two types.
Prime addresses would have correct and functional contact info while dirty
addresses would not. If you were advising a business on their Internet
connectivity would you advise them to sign up with a provider using prime
addresses or dirty addresses?

It also means that there would be two strategies for dealing with SPAM,
DDOS, etc. If it comes in from a dirty address, then just block or filter
the traffic. If it comes from a prime address, then you contact the
provider and work out the problem. There isn't any more huge grey area of
providers who might be good people if only you could find some way to
contact them. Any provider who doesn't keep their contact information up
to date ends up in the same ditch as the dead dogs, offal and sewage.

So you want to fix this by making it even harder to find out who's using
an IP block?

No, I want to shift the responsibility onto the IP block users. It should
be their responsibility to show that they are a good network citizen or
else they won't get connectivity.

By the way, I think that something like this can be done entirely outside
of the existing RIR and whois structures. This is all about a web of trust
and it is possible to set up a private SMTP exchange system that requires
its members to only accept incoming SMTP (on a port other than 25) from
organizations who enforce a no-spam AUP. Then you can sign up for Internet
email service from one of the members and onlly see SPAM once in a blue

--Michael Dillon

P.S. about the crack pipe, I was under the impression that crack smoking
reduced your ability for creative thought. In that case it's more likely
that those who oppose my ideas are the ones smoking crack...