Mandatory Provision of Abuse Contact Information in WHOIS

By Udeme Ukutt
Udeme Ukutt

An industry professional at Abusix is the backbone behind a proposal to improve and create better mitigation of abuse across different global internet networks. Basically, this introduces a mandatory "abuse contact" field for objects in global Whois databases. This provides a more efficient way for abuse reports to reach the correct network contact. Personally — as a Postmaster for a leading, white-label ISP, I applaud this with great happiness for multiple reasons. I also feel people who handle abuse desks, anti-abuse roles, etc. should closely follow this.

Let's take a look across the internet: we can review various RIRs (Regional Internet Registries) where a proposal has either already been approved, or in progress. Below,

AfriNIC (Africa Region): Proposal draft submitted April 7, 2010. Read more herehere.

ARIN (North America Region): An abuse-POC already exists for Organizational ID identifiers. Read more here.

LACNIC (Latin America and some Caribbean Islands): An "abuse-c:" exists for aut-num, inetnum and inet6num objects. Understand and note that there's no formal documentation on "abuse-c:" in inetnum and inet6num objects, but for documentation on the "abuse-c" in ASN records, see LACNIC Policy Manual (v1.3 - 07/11/2009). Read more here.

RIPE NCC (Europe, the Middle East, and Central Asia): Draft submitted November 8, 2010, which is open for discussion in the hands of RIPE's anti-abuse working group. Read more here.

APNIC (Asia/Pacific Region): "Prop-079" proposal implemented November 8, 2010. Read more here.

This brings me to the main reason for my post: APNIC just recently implemented their proposal about a fortnight ago. Above all, ensuring there's a dedicated abuse contact/department that specifically resolves abuse and security issues will go a long way to limit potential damage and enhance recovery.

MAAWG submitted comments in August 2010 supporting this proposal as well.

By Udeme Ukutt, Postmaster at Wish

Related topics: Cybersecurity, Internet Governance, Policy & Regulation, Regional Registries, Web, Whois

Comments