ACSP Suggestion 2007.8: Run Abuse Clearinghouse

Author: Michael Dillon

Submitted On: 21 March 2007

Suggestion

Replace the bogon list with the official ARIN list of address ranges in good standing 2. Run an ARIN clearing house for network abuse incidents. This would be an automated system rather like a blacklist that would accept issues from members regarding an address range, and report statistics to the public. For instance, AOL might send in an issue like "Address block a through B sent me 16,782 SPAM emails today" and I might subscribe to "a list of address blocks which have sent greater than 10,000 SPAM messages in the previous 7 days but don't count reports from AOL and GoogleMail".

This means designing a schema for a database that allows for an address block to have many different attributes, not just allocated or unallocated. It means an authenticated method for address owners to submit updates. And it means a query system where people can construct a query for which attribute combinations are of interest. I suggest that REST be used as a submission method to support both automated systems as well as manual logins to an HTTPS server.

Yes, it is a darn big idea, but why not run with it for a bit, brainstorm, develop requirements. Even if you decide not to do this whole thing, I think some parts will be useful.

Timeframe: one-year

Suggestion Information

Status: Completed

Updated: 19 April 2007

Suggestion Tracking

ARIN Comment

19 April 2007

We would like to point out that the official ARIN list of address ranges is available from a link on the ARIN website. The direct url is:
ftp://ftp.arin.net/pub/stats/arin/delegated-arin-latest

With regards to ARIN running a clearing house for network abuse incidents, such an activity is outside the scope of ARIN's mission and supporting services as it is a matter that is operational in nature.

Suggestion 2007.8 is now closed.