[anti-abuse-wg] Reporting Fraud

In message <A.1P16gH-0009if-Lx at smtp-ext-layer.spamhaus.org>, 
Richard Cox <richard.cox at btuser.net> wrote:

>However since you are reading this thread, and given your extensive
>knowledge of BGP and routing, would you like to comment on the point
>that gave rise to it, namely the fraudulent misuse of RIPE resources?
>
>That description of that incident may sound as if it was a one-off.
>It's not.  In fact it is part of a pattern that we see almost on a
>daily basis.  Always involving RIPE ASNs and IP ranges.  Never ARIN.
>Never APNIC.  And not even AFRINIC or LACNIC.

Although I do believe that Richard Cox and I most probably share the same
views on many many things, I do feel obliged to differ with him as regards
to this last comment.

In my own experience, there do exist quite a substantial number of ARIN
whois records which, as we speak, contain either outright fradulent, or
semi-fradulent information, including entity names, snail-mail addresses,
phone numbers, and contact e-mail addresses.

Although I do agree with Richard that this sort of thing is virtually
unknown within APNIC, AFRINIC and LACNIC, ARIN whois records show even
substantially more of this type of problem, in my experience, than do
the RIPE whois records.  (And note here that I'm not even counting cases
in the ARIN space where clever companies, such as Tactara, have created
legions of perfectly legal paper subsidiaries as a calculated way of
thwarting accurate identification of the IP blocks that they themselves
actually control.)

Still, this is not to say that RIPE should in any way rest on its laurels,
just because its whois records are, on average, somewhat less fradulent
than those of one of its sister RiRs, and I would not counsel complacency.
I don't think that there is any non-zero level of fraud that should be
considered acceptable, in _any_ RiR.


Regards,
rfg