Jump to content

RIPE changing WHOIS output


Recommended Posts

Proposal to change the RIPE Whois Database schema for abuse contact information

Proposed changes for object ordering

Changes for Abuse - full proposal


The purpose of this proposal is to change the RIPE Whois Database schema to make abuse contact information more visible, available and useful to users.

The main changes we propose are:

  • To hide attributes that contain e-mail addresses in the default output of queries. We will provide an option to disable this feature.
  • To add a new "abuse-mailbox:" attribute to person, role, irt, mntner and organisation objects.
  • To provide an option to display only key attributes and abuse contacts.
  • To change the irt object template so that the "signature:" and "encryption:" attributes are no longer mandatory.
  • To change the behaviour of the '-c' switch in whois queries.
  • We will announce the changes on our website. We will also contact any third-party software developers who rely on the RIPE Database for abuse contact information

Link to comment
Share on other sites

  • 7 months later...

That's good news!  Now if Brazil and LACNIC would follow suit!


I just had an interesting conversation with a German ISP about why they refuse Spamcop reports.

As it turns out, they're upstream to the spam source, but the Spamcop WHOIS parser appears not to deal with the new RIPE "abuse-mailbox:" record. As a result, they get their downstream's complaints. They don't feel like developing a parser for Spamcop reports to auto-forward reports, but they do want to be informed when their downstream ignores complaints. I can sort of sympathize with that sentiment.

I tried hunting this topic down in the forums, but found no resolution. Is Spamcop supposed to honor the "abuse-mailbox:" record? In my innocence, I would expect the RIPE database to trump the convoluted logic that currently seems to determine the reporting address for

http://mailsc.spamcop.net/sc?action=rcache;ip= currently points to info[at]internet-total.net, which is an improvement over defaulting to their upstream, but the "abuse-mailbox:" record for PP1350-RIPE appears to be totally ignored (even though RIPE's WHOIS server spits it out as part of the reply for, in other words: it doesn't take any work to come by, and Spamcop does appear to have fresh WHOIS data for this IP).

Just curious... I do not mind piling a bit of pressure on an upstream when their downstream hides behind them, but I don't want to complain to an upstream when the options with the registered owner of the netspace haven't been exhausted yet. Or abused for that matter -- if the problem turns out to be that lambdanet.net allowed their customers to move around their netspace to avoid blocking, the picture would look different (but the way it appears to me now is that lambdanet.net wants to do the right thing but somehow tickled someone the wrong way).

The "abuse-mailbox:" WHOIS record looks like a good idea, but it only helps if it is being used...

Link to comment
Share on other sites

Actually, this bit of a news item was great news .. then ... However, then they turned around and started providing WHOIS results with all contact data "filtered" (please use the -B flag) .... yet even that doesn't always return the 'actual' data .. not all records appear to have been 'forced' to be updated to include an "abuse" contact .... then one has to factor in the "number of lookups a day" situation, the caches that may or may not actually keep up to snuff with good data ... on and on .... there's a lot more to this than a "simple" SpamCop.net Parsing & Reporting tool 'failure' .....

Link to comment
Share on other sites


This topic is now archived and is closed to further replies.

  • Create New...