Stories
Slash Boxes
Comments

SoylentNews is people

posted by martyb on Friday January 10 2020, @08:08PM   Printer-friendly
from the sudden-outbreak-of-common-sense? dept.

Cogent cut off from ARIN Whois after scraping net engineers' contact details and sliding them to sales staff:

There are still corners of the internet that function like the old days, and US regional internet registry ARIN has just proved it – much to the joy of network engineers.

[...] "ARIN has repeatedly informed Cogent that their use of the ARIN Whois for solicitation is contrary to the terms of use and that they must stop," ARIN's CEO John Curran posted to a mailing list this week.

"Despite ARIN's multiple written demands to Cogent to cease these prohibited activities, ARIN has continued to receive complaints... For this reason, ARIN has suspended Cogent Communications' use of ARIN's Whois database effective today and continuing for a period of six months."

[...] So what's being going on? Well, according to the longer letter [PDF] sent to Cogent's CEO Dave Schaeffer from ARIN's Curran, the regional Internet registry (RIR) has received "numerous complaints of Cogent personnel repeatedly using the database to solicit customers" – largely emails and phone calls offering internet engineers bandwidth and similar services.

No one likes sales reps calling, especially engineers who go out of their way to make sure they are not easily contactable.

And that, [it] seems, was Cogent's downfall because – being engineers – many of them have set up specific emails just for ARIN correspondence and others never gave out their phone numbers except to ARIN because, well, they had to. So when the sales reps came calling the engineers knew straight away where they had culled their information.


Original Submission

 
This discussion has been archived. No new comments can be posted.
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
  • (Score: 2) by Runaway1956 on Friday January 10 2020, @08:31PM (4 children)

    by Runaway1956 (2926) Subscriber Badge on Friday January 10 2020, @08:31PM (#942024) Journal

    Engineers are sneaky bastards. No one should have the ability to learn where spammers get their information. Off with their heads! Off with the engineer's heads! The NERVE! Not even engineers can be permitted to stand in the way of profit!

    Starting Score:    1  point
    Karma-Bonus Modifier   +1  

    Total Score:   2  
  • (Score: 5, Informative) by choose another one on Friday January 10 2020, @11:51PM (3 children)

    by choose another one (515) Subscriber Badge on Friday January 10 2020, @11:51PM (#942084)

    Engineers are sneaky bastards. No one should have the ability to learn where spammers get their information.

    Aren't we just, and yet, weirdly, some of the tricks are so simple and blindingly obvious yet just about _no one_ you deal with actually gets it.

    I've been giving people / sites unique email addresses for 20+ years now, the robots never complain but the humans regularly get real confused:

    "your email address is XYZ@{domain}.com ?" - doesn't get it
    "that is the email address you can contact me at"
    "but XYZ is us?" - I use the company name usually, simplicity, still doesn't get it
    "if you like you can use XYZ_spam@{domain}.com or XYZ_sold_my_email@{domain}.com"
    "????" - still doesn't get it...
    "so if I get spam on that address I know you sold my details"
    "but sir, we'd never do that" - still doesn't get it, you would and you later did, and I keep the proof (several banks and very large software companies on that naughty list)

    Those who get it are way less than 1 in 10 and probably closer to 1 in 100.

    Maybe I'm just weird, it seems pretty obvious to me, but I've noticed that these days even some (claimed to be) mail hosting providers don't seem to know what a catchall email alias/account is.

    • (Score: 2) by zocalo on Saturday January 11 2020, @10:43AM (2 children)

      by zocalo (302) on Saturday January 11 2020, @10:43AM (#942197)
      I do exactly this as well. This has brought to light an interesting quirk of the GDPR when I get compromised, because if *they* are compromised and my PII (email address) is compromised, then they are required to tell me this. Basically, when the spam starts and the notification of a breach has failed to materialise, they're in a bit of a pickle - because there are really only three options here:
      1. They have breached the GDPR and sold my address to a third party without my authorisation
      2. They have breached the GDPR by failing to follow the correct notification procedures
      3. They are incompetent, have failed to notice a breach, and should not be trusted with my PII under any circumstances

      While the last option is the most likely, this usually converts pretty quickly into the second because, well, they're incompetent and I've just triggered the start of a process that should lead to a notification to the applicable authorities of the breach within 72 hours (allowing for a little wiggle room to confirm the breach). Either way, they get a request to delete all my data and, if I'm having a bad day, I'll probably provide a "heads-up" to the relevant body on their behalf as well.

      Two successful GDPR prosecutions and another pending at this point.

      --
      UNIX? They're not even circumcised! Savages!
      • (Score: 2) by choose another one on Saturday January 11 2020, @02:44PM (1 child)

        by choose another one (515) Subscriber Badge on Saturday January 11 2020, @02:44PM (#942224)

        Two successful GDPR prosecutions and another pending at this point.

        Wow, it really, really, works then. I usually just dev/null the address and my business with the offender and treat that as a win, along with the fact of my "proper" email addresses staying spam free, maybe will try being a bit more pro-active in future!

        • (Score: 2) by zocalo on Saturday January 11 2020, @03:44PM

          by zocalo (302) on Saturday January 11 2020, @03:44PM (#942237)
          Apparently so. :) I'm not going to take personal credit for either of the two successful prosecutions though; one was a major breach and the fine appears to have been a result of a properly followed disclosure to the UK's ICO, the other was dumb enough to think they could fly below the radar, but it was pretty obviously a major breach with very specific phishing info to a very specific email address, so I suspect my GDPR complaint was just one of many.

          FWIW, I generally leave the email account active for awhile to see how well a company responds. Bugs do happen after all, so taking responsibility and handling it well are actually positives in my book. It's also useful to capture some of the inevitable phishing emails post-breach to get a better idea of just what information has been compromised in case the company concerned is being less than honest about this. I have, in instances where the breach was handled to my satisfaction, just changed my email address to something else once they've got everything sorted out, but mostly I send them a request to delete all my data, then once that's done delete the email address on my side so it gives a hard SMTP error, with any IPs that subsequently try to send emails to these deleted accounts also getting automatically added to my DNSBL. The scenario hasn't arisen yet, but I guess if the company continues to email me then that would be yet another GDPR breach (retention of data after a deletion request), so grounds for another complaint.
          --
          UNIX? They're not even circumcised! Savages!