There are still corners of the internet that function like the old days, and US regional internet registry ARIN has just proved it – much to the joy of network engineers.
[...] "ARIN has repeatedly informed Cogent that their use of the ARIN Whois for solicitation is contrary to the terms of use and that they must stop," ARIN's CEO John Curran posted to a mailing list this week.
"Despite ARIN's multiple written demands to Cogent to cease these prohibited activities, ARIN has continued to receive complaints... For this reason, ARIN has suspended Cogent Communications' use of ARIN's Whois database effective today and continuing for a period of six months."
[...] So what's being going on? Well, according to the longer letter [PDF] sent to Cogent's CEO Dave Schaeffer from ARIN's Curran, the regional Internet registry (RIR) has received "numerous complaints of Cogent personnel repeatedly using the database to solicit customers" – largely emails and phone calls offering internet engineers bandwidth and similar services.
No one likes sales reps calling, especially engineers who go out of their way to make sure they are not easily contactable.
And that, [it] seems, was Cogent's downfall because – being engineers – many of them have set up specific emails just for ARIN correspondence and others never gave out their phone numbers except to ARIN because, well, they had to. So when the sales reps came calling the engineers knew straight away where they had culled their information.
(Score: 2) by Runaway1956 on Friday January 10 2020, @08:31PM (4 children)
Engineers are sneaky bastards. No one should have the ability to learn where spammers get their information. Off with their heads! Off with the engineer's heads! The NERVE! Not even engineers can be permitted to stand in the way of profit!
(Score: 5, Informative) by choose another one on Friday January 10 2020, @11:51PM (3 children)
Aren't we just, and yet, weirdly, some of the tricks are so simple and blindingly obvious yet just about _no one_ you deal with actually gets it.
I've been giving people / sites unique email addresses for 20+ years now, the robots never complain but the humans regularly get real confused:
"your email address is XYZ@{domain}.com ?" - doesn't get it
"that is the email address you can contact me at"
"but XYZ is us?" - I use the company name usually, simplicity, still doesn't get it
"if you like you can use XYZ_spam@{domain}.com or XYZ_sold_my_email@{domain}.com"
"????" - still doesn't get it...
"so if I get spam on that address I know you sold my details"
"but sir, we'd never do that" - still doesn't get it, you would and you later did, and I keep the proof (several banks and very large software companies on that naughty list)
Those who get it are way less than 1 in 10 and probably closer to 1 in 100.
Maybe I'm just weird, it seems pretty obvious to me, but I've noticed that these days even some (claimed to be) mail hosting providers don't seem to know what a catchall email alias/account is.
(Score: 2) by zocalo on Saturday January 11 2020, @10:43AM (2 children)
While the last option is the most likely, this usually converts pretty quickly into the second because, well, they're incompetent and I've just triggered the start of a process that should lead to a notification to the applicable authorities of the breach within 72 hours (allowing for a little wiggle room to confirm the breach). Either way, they get a request to delete all my data and, if I'm having a bad day, I'll probably provide a "heads-up" to the relevant body on their behalf as well.
Two successful GDPR prosecutions and another pending at this point.
UNIX? They're not even circumcised! Savages!
(Score: 2) by choose another one on Saturday January 11 2020, @02:44PM (1 child)
Wow, it really, really, works then. I usually just dev/null the address and my business with the offender and treat that as a win, along with the fact of my "proper" email addresses staying spam free, maybe will try being a bit more pro-active in future!
(Score: 2) by zocalo on Saturday January 11 2020, @03:44PM
FWIW, I generally leave the email account active for awhile to see how well a company responds. Bugs do happen after all, so taking responsibility and handling it well are actually positives in my book. It's also useful to capture some of the inevitable phishing emails post-breach to get a better idea of just what information has been compromised in case the company concerned is being less than honest about this. I have, in instances where the breach was handled to my satisfaction, just changed my email address to something else once they've got everything sorted out, but mostly I send them a request to delete all my data, then once that's done delete the email address on my side so it gives a hard SMTP error, with any IPs that subsequently try to send emails to these deleted accounts also getting automatically added to my DNSBL. The scenario hasn't arisen yet, but I guess if the company continues to email me then that would be yet another GDPR breach (retention of data after a deletion request), so grounds for another complaint.
UNIX? They're not even circumcised! Savages!