12. Registration and validation of "abuse-c" and "abuse-mailbox"
*This policy has not yet been implemented; we are currently working on its implementation.
12.1. Description of “abuse-c” and “abuse-mailbox”
All resources that use LACNIC's registration systems must include a mandatory abuse-c contact attribute (abuse contact) in their corresponding WHOIS entries, with at least one valid, monitored, and actively managed abuse-mailbox that allows sending manual or automatic reports regarding abusive behavior, security issues, and the like.
Unrestricted access to the “abuse-mailbox” attribute must be available via whois, APIs and future technologies.
Considering the hierarchical nature of the objects, child objects of those directly distributed by LACNIC (for example, sub-assignments) are covered by the parent objects and their own “abuse-c” attribute is optional.
Following usual practices, other “e-mail” attributes may be included for other purposes.
12.2. About the "abuse-mailbox"
- Must require intervention by the recipient.
- Must not require the use of a form to report abuse.
- Must guarantee that abuse reports, logs, headers, examples, etc. relating to the case of abuse are received.
12.3. Purpose of “abuse-c”/ “abuse-mailbox” validation
The procedure, to be developed by LACNIC, must meet the following objectives:
- A simple process that guarantees its functionality and the fulfillment of its purpose.
- It should confirm that the person performing the validation:
- understands the procedure and the LACNIC policies in force;
- regularly monitors the “abuse-mailbox”;
- takes measures in connection thereto;
- responds to the abuse report.
- Include an “Initial” validation period of fifteen (15) days.
- If this validation fails, “escalate”, by any possible means, to the rest of the available contacts within an additional period of fifteen (15) days.
12.4. Validation of “abuse-c”/“abuse-mailbox”
LACNIC will periodically validate compliance with the policy, at least twice a year and whenever “abuse-c” attributes are created or modified.
Failure of an organization to comply with this section occurs if it has not been validated during the “initial” or the “additional” validation periods.
12.5. Escalation to LACNIC
Fraudulent behavior (for example, an “abuse-mailbox” that only replies to emails from LACNIC or to emails having a specific subject or body) or failure to comply with the remaining aspects of this policy (ignoring or improper attention to cases of abuse) may be reported to LACNIC for re-validation according to 12.4.