Dean Robb pceasy at norfolk.infi.net
Fri May 15 00:50:03 UTC 1998

At 17:14 5/14/98 -0500, Jeremy Porter wrote:
>I think it would be a reasonable proposal for ARIN to modify
>its SWIP process to do a dnslookup for the email domain to very
>it as valid.  Possibly even a SMTP VRFY or EXPN command.
>However there are some companies that feel that their customer
>data is confidential, and refuse to reveal it.  (Also if they
>use rwhois fixing swip won't solve the problem completely.)

How about a simple script checking the template for little things like
numbers in the the phone number fields, or TLDs attached to email addresses?  

As for the confidentiality matter:  there's a problem...a little thing
called the RFCs.  Specifically, RFCs 1032, 1033, 920, 1173, 1174 (and
several others) require contact information that is "complete, correct and
current".  The information provided in a registry information is no more
than what the Supreme Court has ruled is public data and as such not
entitled to special protections.
Furthermore, I direct your attention to RFC 1355 which deals specifically
with database accuracy and privacy issues, notably: 

" 4. NIC Database Accuracy

   The value of any NIC database is dependent on the accuracy and
   timeliness of its contents.  Any database not being maintained well
   can create major difficulties for those using it and for those people
   and organizations listed.

   For each publically accessible database that a NIC operates, the NIC
   should have a clear statement that describes the process that the NIC
   uses to maintain accuracy in the database.  This statement could be
   combined with the privacy statement described above for sake of
   administrative convenience."

In short, by permissively allowing "some ISPs" to avoid providing valid
contact data you are not only defeating the purpose of the WhoIs database
(may as well toss it!), but you are allowing these ISPs to flout the RFCs
that govern the Internet's operation.  The Internet is a cooperative
endeavor, if certain entities choose not to cooperate then why should the
rest of the Internet allow them connectivity?  If one can pick and choose
which RFCs (including STDs) to follow then where will the line be drawn?
If you're not going to keep the data in the database valid, why have a
database in the first place?

Spam(tm) is pressed meat.  Spammers should be too.

Dean Robb
On-site computer services
(757) 495-EASY [3279]

More information about the NANOG mailing list