Hi Mark,
thank you for your time asking these questions.
Regarding the following:
" - Refer to the nic-handle of a person or role object that contains
contact information for the appropriate dedicated abuse handling
department"
I am the tech-c for my organisation but the email address registered against
my nic-handle relates to me personally, not to any relevant abuse role
account holder.
The status at the moment is, that APNIC suggestst the usage of admin-c
or tech-c for abuse reporting. That way everybody would use your
personal address to report to. As you already mentioned that is not the
good way.
Therefor the idea is to add an abuse-c. And populate it with existing
tech-c information. Which makes no difference to the status now. But it
gives the opportunity to create an role account and populate the abuse-c
with that. So in the very beginning there is no change, the change
happens just if you want it.
The result is more flexibility.
From my (rather ignorant) point of view, then, the default action (to create
an abuse-c and replicate the tech-c for any existing records) may cause:
- Mail directed to an inappropriate POC.
--- Obviously organisations need to get on-the-ball and create relevant
role-objects or somesuch, must admit my limited interaction with the APNIC
systems in this space means i don't have a full understanding of this; can
the abuse-c point to a set of contact details that don't, in the end, drop
to a nic-handle (i.e. an individual) ? So a role object can include a
'group' contact detail?
As I understand the proposal and as I would like to have it implemented
there must be the possibility to add an role object. That is what I
would suggest every netrange owner to add an abuse role account and not
a personal handle.
- Existing, invalid details replicated into abuse-c and not helping the
situation at all.
--- This begs the questions...
Full Ack. And this begs questions at every RIR in the world. And as I
know there are huge discussions about the data accuracy at RIPE at the
moment.
- What are the obligations of folks to maintain their apnic data as
accurate?
- Will there be any validation of these addresses before the data is
replicated to abuse-c?
That would be good.
- Could we present a nice piece of automation that could be sent to tech-c
folks asking them to quickly supply (via web form or similar)
updated/revised abuse-c data and populate it that way instead (perhaps with
a 'if nothing heard, we'll use tech-c' escape clause)
- Has APNIC considered emailing existing tech-c's as regards this policy,
thus directly notifying the role holders of the upcoming change (rather than
relying on those who actively participate in APNIC matters) and
simultaneously identifying any addresses which 'dont' work' ?
I think an email reminder that tell netrange owners every 3 month to
check if everything is still accurate and klick a link to aknowledge
would be a perfect thing. Sometimes I hear people say, we don't think
about updating our whois information, because we just forget about it.
It's not even intentional.
One of my pet peeves is whois data that contains invalid details. Just
yesterday I found yet-another-ISP with details listed by APNIC specifically
for 'abuse' purposes, where the mailbox concerned didn't actually exist. I
was forced to revert to a scattergun on some 'likely guesses'.
In summary I guess my issues are:
- Validating that tech-c's are infact aware that their email addresses are
being recycled for abuse-c
- Validating that these tech-c/abuse-c's are actually operable and manned.
- I agree that the tech-c is the obvious starting point but a nice-and-easy
way for org's to submit standalone abuse-c without drama would likely get a
lot more useful buy-in on th is otherwise excellent and much-needed idea.
Lot's of good ideas. And I think there is potential for another policy
proposal.
Thanks,
Tobias
--
| Tobias Knecht | CEO | abusix UG (haftungsbeschraenkt)
| tk@abusix.org | http://abusix.org
| Postfach 210127 | 76151 Karlsruhe | Germany
| ---
| Register of Companies(Handelsregister): HRB 707959
| District of Court(Amtsgericht) Mannheim/Germany
| Registered Office: Karlsruhe/Germany
| CEO: Tobias Knecht