DNS Whois Requirements

Rob McEwen rob at invaluement.com
Sat Jul 27 23:20:21 UTC 2013

On 7/27/2013 6:11 PM, John Curran wrote:
> Excellent pointer Frank...

I confess, I haven't followed this conversation very closely (which
meandered around much, given the random few messages I saw.. who has the
time to read them all?). So forgive me if I'm repeating some of the info
already covered. But I think you all would be very interested in some of
my experiences this past year!

To ARIN's credit, they revamped their requirements for data access just
this past year. They cut off all access, then made members resend in new
Bulk Whois agreements to keep their access turned on.

So ARIN is obviously doing some GOOD things to try to prevent their data
from being used by marketers!

I think our usage of that data might be one of the most credible
situations in existence. I manage an anti-spam blacklist which is used
by hundreds of organizations across the world, including multiple
Fortune 500 technology companies and  even a few notable ISPs. One of
our three blacklists preemptively blocks /24 blocks if/when we see a
pattern where a snowshoe spammer is burning through the IPs on that
block one at a time... we then blacklist that /24 block (well... sort
of...). But our ivmSIP/24 list is no ordinary /24 list. We OFTEN set up
boundaries if/when we detect either (a) any other IP(s) on that block
that we deem as legit, and/or (b) a situation where portions of the same
/24 block are delegated to DIFFERENT organizations. In those cases, we
only blacklist the subsection of the /24 block belonging to the
spammers, making ivmSIP/24 a much safer list for outright blocking or
high scoring... in comparison to what can be accomplished with other /24
anti-spam blacklists.

Having ARIN data is an invaluable tool that helps ivmSIP/24 do a better
job of only blacklisting the spammers, while leaving the innocent
bystandards untouched, in situations where the /24 block is shared by
spammers and non-spammers.

I know it is frustrating that marketers somehow continue to game the
system... but I hope that this never causes the legit uses of that data,
such as what we're doing... to be discontinued.

Rob McEwen
rob at invaluement.com
+1 (478) 475-9032

More information about the NANOG mailing list