[anti-abuse-wg] Use of RIPE region space by out-of-region users, was RIPE policy

In message <6ECF18BD-3F5B-4E9C-917A-087ED01AF626 at blacknight.ie>, 
"Michele Neylon :: Blacknight" <michele at blacknight.ie> wrote:

>On 9 Mar 2011, at 13:26, Ronald F. Guilmette wrote:
>> Was there some particular reasons why Nigerian fraudsters would have been
>> allowed to send e-mail through your servers in Jan of '010?  Did you have
>> a security melt down?
>
>ROFL
>
>We are a hosting company.

Are you under the impression that this fact gives you some sort of special 
dispensation to send me spam?

If so, allow me to suggest, politely, that you reevaluate your assumptions.

>Our clients can and do do silly things from time to time

The way you say that, so nochalantly, it sounds to me like you have been aware
of this fact of human nature for quite some time now. Assuming so, what, if
anything, has your company done to compensate for it?

(Some other hosting companies who care about their reputations and about
not polluting the Internet have arranged for all outbound port 25 connects
from end-luser frequently-compromosed machines to be either blocked or else
transparently redirected to a machine, or set of machines, where outbound
filtering takes place... you know... in order to fully suppress the inevitable
and easily forseeable Nigerian 419 spam outflow from the inevitable and easily
forseeable compromised end-luser machine.)

>If / when we get reports to our abuse desk about such behaviour we take act
>ion

Right.

I think that's pretty much what the guys in charge of Chernobyl said too...
"Just let us know if there's a problem with these tests and we'll clean up
the mess afterwards."

Call me old-fashioned, but I've always believed that, all things considered,
it's better not to screw up in the first place than it is to apologize after-
wards.

In other words, the time to stop spam is quite certainly NOT after it has
already entered my inbox.  (It never ceases to amaze me how many providers
seem to think that they have earned some sort of accolades or appreciation
for their selfless act of shutting the barn door after the horses have
already bolted.)

>And blocking our domain name isn't exactly the sanest way of blocking junk
>from our network ..

Actually, it has worked with 100% effectivness.

What's insane is for people to accept the ludicrous notion that they should
spend their own time wading through reams of spam e-mail every day, just
because thousands of companies like your's don't much feel like investing
in proper spam outflow control.  (In my case I recognized a long time ago
that life is just too short.)

>>Do you have ``customers'' to whom you simply sell IP addresses, and nothing
>> else?
>
>
>We don't sell IP addresses
>
>We sell services which include IP allocations and LIR services
>
>*cough*
>
>We generally would hope that the clients would take bandwidth and other ser
>vices from us, but we also have clients who pay us just for blocks of IPs a
>nd the management of same

Facinating.  Really.

I really did construe from that other gentleman's remarks that this sort
of thing was entirely verboten, based on existing RIPE rules.

>>> but I don't see why where a company is based is relevant
>>
>> Hey!  I don't make the rules.  I'm just trying to understand what they are
>
>Well I think you need to take that up with RIPE's policy people.

Not necessary, as what you said (below) answers my question and also con-
forms to my existing understanding.

>> Maybe location _isn't_ actually relevant to anything, ever.  But it has
>> been my understanding that if a company from your side of the pond came
>> over and asked ARIN for a hunk of IPv4 space without so much as putting
>> a single server or router anywhere in North America, then you'd be politely
>> told to go fish.
>
>Well we would only be doing that if we had kit in the US .. I can't think o
>f any reason why we'd do it otherwise

OK, so you agree that with respect to IP address allocations, location _does_
nmatter in at least some contextx, e.g. when one is requesting an allocation
directly from an RiR, yes?

>Location of the company isn't relevant. Location of network equipment proba=
>bly is ..

OK.  Now we are getting somewhere.

Can you tell me what is the ``location of the network equipment'' with re-
spect to the RIPE-issued block 178.215.176.0/20?  Where does it seem to be?