Hi John, It is a combination of factors.
The 1st one is already measured by those RIRs: The number of abuse contacts that have a mailbox that has been verified by the RIR automated process (which means an human verification acknowledging the policy itself - so a double check for your commitment to the service agreement, you can’t say “I didn’t knew that"), in just a couple of years (after policy implementation) exceeded 95%. We shall notice that the time for the verification depends on “automated” + “human” in case the automated is not working, but I recall that in the case of ARIN POC is done in the same way (also in RIPE NCC). That is confirmed, because when I report abuses, the number of non-existent (or bounces) to the abuse mailbox is much less than 0.5%. The other factor is that in the networks that I manage or have first hand info on the matter of abuse, have about 95% less abuse cases not resolved using the abuse-mailbox from those regions compared with the previous figures. I’ve to say that the impact wast not easily perceived until after 2-3 years the policies were implemented, which is understandable (in fact I recall in both cases, LACNIC and APNIC, the 1st complete round of automated verification took around 2-3 years). What is not acceptable is that: 1) Every ISP in ARIN or RIPE regions can enforce their own form for reporting abuse - because that means small ISPs can’t do it and the ones getting the money from their customers are the ones creating the trouble. 2) Some ISPs in those regions just ignore the abuse cases. They have a responsibility on what their customers are doing, and they must act. They usually have in the contract with the customer an AUP, so why they don’t enforce it? Because they just care about the money from their customer and their are big enough to not care about the rest of the ISPs in the world, specially the smaller ones? There is room to improve existing policies (or a possible new proposal in ARIN), and it can replace non-standard forms by a standard email based procedure by using XARF (RFC5965/TFC6550). There are sufficient open source tools that can relay and process the abuse reports using this format that it will be acceptable for anyone to use it. Both in ARIN and RIPE part of the job is done, the automated verification of the POC/abuse-c, what is lacking is enforcing that the reports can be done by email and are processed. The RIR doesn’t need to investigate the abuse case neither decide if it is an abuse or not, just to ensure that they are processed when received by email. Anyone that reports an abuse case and doesn’t get it resolved even after weeks, can escalate it to the RIR, as this is lack of compliance. As I said in a previous email, I noticed since a few weeks/months ago, an increase of non-resolved and persistent abuse cases (non-compliance with the policy) mainly from Brasil. I escalated them to LACNIC a few days ago, let’s see if they are resolved or they need to reclaim resources otherwise. I’d a few months ago a similar situation with China, escalated to APNIC and it seems it has been resolved (a big operator was bouncing the abuse emails, so their customers persisted in the abuse - not happening anymore at the time being). Note that I’m not asking in the policy for enforcing anything like “you must respond in hours, or days”, I think is enough to ensure that you will take care of it. If I can see after weeks/months that your customers still continue the abuse, then I escalate it to the RIR. I addition to that, of course, we use tools like fail2ban and similar ones for some kinds of abuse (port-scanning, intrusion attempts, etc.). They allow to automate a message to the abuse-mailbox to report the issue. I never configured fail2ban to use XARF (I just automatically email the logs that probe the abuse as part to the automated abuse report email), but I know it can be done. Regards, Jordi @jordipalet > El 29 ago 2025, a las 23:56, John Curran <[email protected]> escribió: > > >> On Aug 29, 2025, at 11:16 AM, jordi.palet--- via ARIN-PPML >> <[email protected]> wrote: >> ... >> In the case of APNIC and LACNIC, reached consensus, and I can say that for a >> few years, I’m having much less troubles with those 2 regions than the rest. > > Jordi - > > Could you describe in a little more about the success you see in the other > regions? For example, what do their policies call for and how is > enforcement handled? > > Thanks! > /John > > John Curran > President and CEO > American Registry for Internet Numbers > > ********************************************** IPv4 is over Are you ready for the new Internet ? http://www.theipv6company.com The IPv6 Company This electronic message contains information which may be privileged or confidential. The information is intended to be for the exclusive use of the individual(s) named above and further non-explicilty authorized disclosure, copying, distribution or use of the contents of this information, even if partially, including attached files, is strictly prohibited and will be considered a criminal offense. If you are not the intended recipient be aware that any disclosure, copying, distribution or use of the contents of this information, even if partially, including attached files, is strictly prohibited, will be considered a criminal offense, so you must reply to the original sender to inform about this communication and delete it.
_______________________________________________ ARIN-PPML You are receiving this message because you are subscribed to the ARIN Public Policy Mailing List ([email protected]). Unsubscribe or manage your mailing list subscription at: https://lists.arin.net/mailman/listinfo/arin-ppml Please contact [email protected] if you experience any issues.
