[anti-abuse-wg] centralized abuse whois

Leo Vegoda wrote:
> Hi Frank,

Hi,

>> The problem is how to estimate a demand for people, that are no "pros"
>> and have no idea, that they would probably like this central service.
>
> I wonder whether asking end users to report abuse is the right way to go.
> Would it not be more effective for the user to inform their service
> provider that a message or event is abuse and rely on the service provider
> to do the right thing. After all, most people ask a mechanic to service
> their car rather than learn how to do that.

Quite right, our users simply want that no spam arrives at all.
Reporting reduces spam a lot, simply because it makes the originator
aware of a problem (he might fix or not).

Even our normal customers and end users are aware of this, but
they have no tools to do it right and easy.
SpamCop is pretty often used by our end users, simply because
they paste the email or forward the spam to SpamCop and they
do the rest and its simple do use.

Other ISPs would probably like to have such a reporting service
for their customers, but struggle because of the quite
complicated structure how abuse contacts are stored all
over the world (if you remember, the "automatic mapping"
was the start of this discussion this morning).


abusix is a good example, they dont do some "magic".
They are gluing the whois services together and it works
brilliant, I think its the most up-to-date abuse address
source currently available.
But: why should everybody depend on a service someone
implemented to cover the inability of the ones that
ARE responsible for the resources ?
Hm ?
Why do big organizations do not think like companies
and simply present the best solution themself ?


So, a unique interface to "find" the abuse contacts email address,
world-wide, would be a good start for ISPs and blacklist to
start a reporting service as well as for sighly-advanced
end-users ... even think of admins in local (business) networks
responsible for the spam their co-workers receive ...

And again: this whois or webinterface isnt something new
nor is it something you need to ask the compunity for.
The data is public, simply wrap it up under a unique place.

You dont have to force the RIRs to implement their bit,
IANA could ask them for an unrestricted whois channel
and implement the parsing themself ...

> I believe that one of the requirements is that the protocols is simple and
> lightweight.

Sure, but it would be something new again, and would take ages ...
Whats wrong with something you can build today ?
Using whois ? Anything wrong with whois ?
Or a web-interface ?

>> The more easy way would probably be:
>> - IANA tells the RIRs to implement a whois like the "whois -b" from RIPE
>>     only reachable from IANAs servers (lets say until August ;o)
>> - IANA creates the new whois under abuse.iana.org, and referres the
>>     queries and standarizes the output
>
> In this bottom-up world the policies and requirements are given to ICANN
> as the IANA functions operator. ICANN doesn't command the RIRs to perform
> specific tasks.

Sure not, but sometime policies are just "in-the-way".
All RIRs do meet regulary, so get their admins at a little table in a 
bar and simply do it ...
A centralized whois isnt something "new".
Its just a unique way to present information that is already available,
but difficult to find.

> If you want to place a requirement on ICANN and the RIRs
> along the lines above, you could go down the Global Policy route and ask
> the ASO AC to start a global policy process. Details here:
> http://archive.icann.org/en/aso/aso-mou-attachmentA-29oct04.htm

I knew this answer would come, thats why I sayd in my first mail today,
that IANA would not implement a service for the public ...
Specially because I asked IANA about 2 year ago for it and
guess what the answer was ...

> Regards,
>
> Leo Vegoda
>

Kind regards, Frank
P.S.: So, forget my query. Im happy that I know how to find abuse 
contacts and can do the reporting automatically, why did I even
think of asking IANA ?
We have automatic reporting for our customers and that gives me some
kind of advantage over my competitors.
Sorry, Im so stupid ...