Martin,
i was one of the original people involved in creating this policy and
the requirement to sign a bulk whois was a compromise between the people
like me who wanted full disclosure with no strings attached and the
people who didn't want the information disclosed at all.
I don't think it's going to be changed. Furthermore I will point out
that you can use a role account email address for the important POCs,
so your employee turnover would not be an issue. Please accept that
the community has judged that having valid data in the database is
more important than your inconvenience of keeping the database current.
John, don't think your off the hook.
There is one issue that Martin didn't mention that might be the cause
of the POC validation issues. To put it as simply as I can, the
emails that ARIN sends out for POC validation look exactly like phishing
emails.
I got one of those mails and I could hardly believe that one of the top
Internet companies would actually send out an email that EMBEDDED A URL
LINK in the mail message.
I opened the message in a text editor to make sure the link was actually
going to where it was supposed to go before clicking it.
Your people should know better. How many spams a day do you get
purporting to be from UPS/FedEX/BankofAmerica/IRS/etc. etc. etc. with
embedded links in them and an enticing email message to try to get the
people to click on the link (which of course immediately redirects them
to a broken-into server) A lot, huh? So what on earth makes you think
that your validation emails won't be regarded as phishes by the clueful
people who get them - network admins?
The only spamproof way of getting a proper email validation is to
ask the recipient to REPLY then you parse the replies that come back
in.
Nobody who wrote this policy had thought that ARIN would ever resort
to a tactic that is used by spammers and phishers and identity thieves
thousands of times a day - which is to embed a clickable URL in the
validation email message.
It does not surprise me that some are complaining they missed the
validation email.
Ted
On 8/18/2014 4:25 PM, John Curran wrote:
On Aug 18, 2014, at 7:04 PM, Martin Hannigan<[email protected]> wrote:
John,
The policy proposal in the archive initially stated that it should be
brought to the attention of the community and didn't imply roadblocks.
I forget how the whois requirement was inserted and I don't really
care since the issue is policy, ...
Martin -
ARIN staff implement the policy, and the requirement is quite
clear in the present policy language. I believe that there was
some concern about mining of the address blocks if it were to be
public, but again, that is a tradeoff that the community should
consider and determine policy accordingly.
Changing the policy language to drop the bulk whois requirement
would be a relatively easy change, if there is community support;
please let me know if you need any assistance in developing an
appropriate policy proposal.
Thanks!
/John
John Curran
President and CEO
ARIN
_______________________________________________
PPML
You are receiving this message because you are subscribed to
the ARIN Public Policy Mailing List ([email protected]).
Unsubscribe or manage your mailing list subscription at:
http://lists.arin.net/mailman/listinfo/arin-ppml
Please contact [email protected] if you experience any issues.
---
This email is free from viruses and malware because avast! Antivirus protection
is active.
http://www.avast.com
_______________________________________________
PPML
You are receiving this message because you are subscribed to
the ARIN Public Policy Mailing List ([email protected]).
Unsubscribe or manage your mailing list subscription at:
http://lists.arin.net/mailman/listinfo/arin-ppml
Please contact [email protected] if you experience any issues.
