from the sudden-outbreak-of-common-sense? dept.
There are still corners of the internet that function like the old days, and US regional internet registry ARIN has just proved it – much to the joy of network engineers.
[...] "ARIN has repeatedly informed Cogent that their use of the ARIN Whois for solicitation is contrary to the terms of use and that they must stop," ARIN's CEO John Curran posted to a mailing list this week.
"Despite ARIN's multiple written demands to Cogent to cease these prohibited activities, ARIN has continued to receive complaints... For this reason, ARIN has suspended Cogent Communications' use of ARIN's Whois database effective today and continuing for a period of six months."
[...] So what's being going on? Well, according to the longer letter [PDF] sent to Cogent's CEO Dave Schaeffer from ARIN's Curran, the regional Internet registry (RIR) has received "numerous complaints of Cogent personnel repeatedly using the database to solicit customers" – largely emails and phone calls offering internet engineers bandwidth and similar services.
No one likes sales reps calling, especially engineers who go out of their way to make sure they are not easily contactable.
And that, [it] seems, was Cogent's downfall because – being engineers – many of them have set up specific emails just for ARIN correspondence and others never gave out their phone numbers except to ARIN because, well, they had to. So when the sales reps came calling the engineers knew straight away where they had culled their information.
(Score: 2) by Runaway1956 on Friday January 10 2020, @08:31PM (4 children)
Engineers are sneaky bastards. No one should have the ability to learn where spammers get their information. Off with their heads! Off with the engineer's heads! The NERVE! Not even engineers can be permitted to stand in the way of profit!
(Score: 5, Informative) by choose another one on Friday January 10 2020, @11:51PM (3 children)
Aren't we just, and yet, weirdly, some of the tricks are so simple and blindingly obvious yet just about _no one_ you deal with actually gets it.
I've been giving people / sites unique email addresses for 20+ years now, the robots never complain but the humans regularly get real confused:
"your email address is XYZ@{domain}.com ?" - doesn't get it
"that is the email address you can contact me at"
"but XYZ is us?" - I use the company name usually, simplicity, still doesn't get it
"if you like you can use XYZ_spam@{domain}.com or XYZ_sold_my_email@{domain}.com"
"????" - still doesn't get it...
"so if I get spam on that address I know you sold my details"
"but sir, we'd never do that" - still doesn't get it, you would and you later did, and I keep the proof (several banks and very large software companies on that naughty list)
Those who get it are way less than 1 in 10 and probably closer to 1 in 100.
Maybe I'm just weird, it seems pretty obvious to me, but I've noticed that these days even some (claimed to be) mail hosting providers don't seem to know what a catchall email alias/account is.
(Score: 2) by zocalo on Saturday January 11 2020, @10:43AM (2 children)
While the last option is the most likely, this usually converts pretty quickly into the second because, well, they're incompetent and I've just triggered the start of a process that should lead to a notification to the applicable authorities of the breach within 72 hours (allowing for a little wiggle room to confirm the breach). Either way, they get a request to delete all my data and, if I'm having a bad day, I'll probably provide a "heads-up" to the relevant body on their behalf as well.
Two successful GDPR prosecutions and another pending at this point.
UNIX? They're not even circumcised! Savages!
(Score: 2) by choose another one on Saturday January 11 2020, @02:44PM (1 child)
Wow, it really, really, works then. I usually just dev/null the address and my business with the offender and treat that as a win, along with the fact of my "proper" email addresses staying spam free, maybe will try being a bit more pro-active in future!
(Score: 2) by zocalo on Saturday January 11 2020, @03:44PM
FWIW, I generally leave the email account active for awhile to see how well a company responds. Bugs do happen after all, so taking responsibility and handling it well are actually positives in my book. It's also useful to capture some of the inevitable phishing emails post-breach to get a better idea of just what information has been compromised in case the company concerned is being less than honest about this. I have, in instances where the breach was handled to my satisfaction, just changed my email address to something else once they've got everything sorted out, but mostly I send them a request to delete all my data, then once that's done delete the email address on my side so it gives a hard SMTP error, with any IPs that subsequently try to send emails to these deleted accounts also getting automatically added to my DNSBL. The scenario hasn't arisen yet, but I guess if the company continues to email me then that would be yet another GDPR breach (retention of data after a deletion request), so grounds for another complaint.
UNIX? They're not even circumcised! Savages!
(Score: 2, Interesting) by Anonymous Coward on Friday January 10 2020, @08:45PM
Personally experience this recently.. got a new resource allocation from ARIN and literally within a day or two of it being published in WHOIS had Cogent cold calling us for new service when we've never dealt with them in my org.
(Score: 2, Interesting) by maggotbrain on Friday January 10 2020, @08:56PM (1 child)
(Score: 0) by Anonymous Coward on Saturday January 11 2020, @03:18AM
Thanks for posting your findings - saved me some digging! Appreciate the life-hours saved!
(Score: 4, Interesting) by ikanreed on Friday January 10 2020, @09:35PM (6 children)
I'm increasaingly pissed at the percentage of sites that don't properly include technical contact information in their WHOIS database entries. Anonymous registrations aren't actually fucking legal, and many of the cheap anonymizer front corps do not provide sufficient information for remediation of problems, and I would prefer enforcement measures pick up.
P.S. If you want to know who actually runs the sites, the anonymizers are often fairly useless because every dumb fucker who runs myshittyspamdomain.fuckoff puts their shared analytics keys in their 3rd party tracker pileup.
(Score: 0) by Anonymous Coward on Friday January 10 2020, @10:02PM (2 children)
Sounds good to me. Although it would be better to move that stuff to the dark web.
(Score: 2) by ikanreed on Friday January 10 2020, @10:06PM (1 child)
No one is installing tor to read social media outrage clickbait articles.
(Score: 1, Informative) by Anonymous Coward on Friday January 10 2020, @11:32PM
Tens of thousands of people would, and many more as the surface web continues to deteriorate.
But you don't need to install anything to read an article: https://www.tor2web.org/ [tor2web.org]
(Score: 0) by Anonymous Coward on Friday January 10 2020, @10:35PM (2 children)
Quote law please?
(Score: 3, Informative) by DrkShadow on Saturday January 11 2020, @12:37AM (1 child)
Close enough: https://forms.icann.org/en/resources/compliance/complaints/whois/inaccuracy-form [icann.org]
Perfectly reflects grantparent's intent. It's not US law, it's ICANN law.
(Score: 5, Funny) by takyon on Saturday January 11 2020, @12:54AM
ICANN haz police? ;)
[SIG] 10/28/2017: Soylent Upgrade v14 [soylentnews.org]
(Score: 2) by Revek on Saturday January 11 2020, @12:20AM
The first guy I told him to get me a quote for a 4 gig circuit and he called back to say they didn't have any bandwidth in my area. I figured that was the end of that and next month some other guy called. I started to ignore them.
This page was generated by a Swarm of Roaming Elephants