ISPs Behaving Badly: GIGLINX slime was Re: ARIN WHOIS for leads
Ressurecting this thread: GIGLINX is still at it. They contacted me on an email that was only ever used for registering an ASN with ARIN. On Wed, Jul 31, 2013 at 9:14 PM, John Curran jcur...@arin.net wrote: On Jul 31, 2013, at 1:17 PM, Barry Shein b...@world.std.com wrote: The usual method is to insert ringers which would be info which points back at non-existant people with valid-looking contact information. If for example they called a phone number, or several, owned by ARIN (or a service they employed) asking for James T Kirk or Diana Prince then that would be a problem and should be logged. There are some interesting non-obvious elements in the database for such purposes and we do take action when they are triggered. FYI, /John John Curran President and CEO ARIN
Re: ARIN WHOIS for leads
On 7/26/13 8:32 AM, Joel M Snyder wrote: I also don't see the problem of cold calling when it's obviously for a service or product that I am interested in, just as I don't see the problem of cold snail-mailing for the same services. I'm in business, and I expect other businesses to try and market to me. I have a low tolerance for telemarketers, especially those who scrape technical lists or databases. One test I have is to immediately ask, Is this a sales call? Anything other than a forthright Yes gets nowhere. Weasel words don't count. If the first thing they tell me is a lie, I don't want to do business with them. If they're honest I might give them a minute or two to pitch their wares. It's surprising how people go out of their way to deny that it's a sales call, and then start trying to sell something. -- Jay Hennigan - CCIE #7880 - Network Engineering - j...@impulse.net Impulse Internet Service - http://www.impulse.net/ Your local telephone and internet company - 805 884-6323 - WB6RDV
Re: ARIN WHOIS for leads
On July 31, 2013 at 08:00 j...@west.net (Jay Hennigan) wrote: It's surprising how people go out of their way to deny that it's a sales call, and then start trying to sell something. [NOTE: The anecdote is followed by some practical advice] ANECDOTE I had a guy call and tell the person who answered he was my brother and there was a family emergency. I don't have a brother. I said put him through. He began a sales pitch. That was quite a few years ago, he probably still talks about what jerk I am and if so I am proud of it! /ANECDOTE ADVICE THAT SAID, beyond personal tastes, in this context there's really only one substantive complaint: Telemarketing info is PAID FOR, particularly in a ready to use list form. If they're scraping WHOIS etc for free that's a problem. Lists can be protected by intellectual property law against such abuse. The usual method is to insert ringers which would be info which points back at non-existant people with valid-looking contact information. If for example they called a phone number, or several, owned by ARIN (or a service they employed) asking for James T Kirk or Diana Prince then that would be a problem and should be logged. One obvious response is to just bill them a reasonable telemarketing list rental fee for the entire database and go from there. Believe it or not this is well-trod ground, people steal or abuse (e.g., resell w/o permission) telemarketing and mailing list info all the time. /ADVICE -- -Barry Shein The World | b...@theworld.com | http://www.TheWorld.com Purveyors to the Trade | Voice: 800-THE-WRLD| Dial-Up: US, PR, Canada Software Tool Die| Public Access Internet | SINCE 1989 *oo*
Re: ARIN WHOIS for leads
On Jul 31, 2013, at 1:17 PM, Barry Shein b...@world.std.com wrote: The usual method is to insert ringers which would be info which points back at non-existant people with valid-looking contact information. If for example they called a phone number, or several, owned by ARIN (or a service they employed) asking for James T Kirk or Diana Prince then that would be a problem and should be logged. There are some interesting non-obvious elements in the database for such purposes and we do take action when they are triggered. FYI, /John John Curran President and CEO ARIN
RE: ARIN WHOIS for leads
Hi, John Curran wrote: On Jul 26, 2013, at 4:34 PM, Jimmy Hess mysi...@gmail.com wrote: If someone studies that and finds there is a correlation to spam based on WHOIS listing alone, then perhaps No study has been conducted, but we do receive a small number of complaints each year about email contact information being solicited in cases were the email address is exclusively used on IP address blocks and nowhere else. (Often, the culprits are network equipment vendors or technical recruiters) SSAC conducted a study on the subject of gTLD whois and spam: http://www.icann.org/en/groups/ssac/documents/sac-023-en.htm As the gTLD and ARIN systems are different the outcomes could also be different but it might be useful as a comparison, if nothing else. Regards, Leo smime.p7s Description: S/MIME cryptographic signature
RE: ARIN WHOIS for leads
For the folks who aren't aware, there is working being done on a proposal for a complete do-over of WHOIS: http://www.circleid.com/posts/20130703_rebooting_whois/ I don't believe this work address the regional registry information, which is what initiated the discussion, but this conversation has crossed over into the domain names, too. Frank -Original Message- From: Ryan Pavely [mailto:para...@nac.net] Sent: Saturday, July 27, 2013 12:35 AM To: nanog@nanog.org Subject: Re: ARIN WHOIS for leads Because your mail servers are broken. Because you put spamfilters on your abuse@ mailbox, IF you even have an abuse@, which a lot of you don't. Because we tried calling, and your tier1 are clueless. Fix your mailservers. Train your staff. Staff your abuse desk. Then we'll talk. My mail servers are just fine. My abuse department is standing by to serve your requests. They are listed on all domains, ip allocations, and abuse.org, etc, etc.. If you suggest folks attempt to reach an abuse contact, fail, and them spam. Ok. No problem. But starting out with receiving an email that is CC'd to 3 departments, 2 direct people, and the same for all other org's involved is offensive, abusive, etc. And if you suggest for a second someone attempted to call, and gave up, and then spammed; yeah that never happened. A phone call? Really? Maybe one a decade, versus many spammed-spam complaints a day. Someone else wrote and I seem to have deleted it.. but basically 'I don't think these occurrences happen that often to warrant a change.' Well. If it's not happening that often, then lets fix it now before it does :) I actually think it's important to have contact information publicly available. Why? Who outside 'the business' needs that level of detailed contact information to IP mgmt folks? Does an end-user need that access? No. Does a web hoster need that access? No. They can go through their ISP or contact my OPS contact. Do you need that access? Do you have an AS, and IP blocks? If so then sure, why not. Now there is a big bug in locking down access to those registered members. Registered with whom? Arin? Ok so how do my brit friends whois my IP contact info? That complicates things, beyond suggesting an Arin policy. So I don't ever see this as changing, as I think I said, but it should change. Just like we shouldn't have echo/chargen anymore. They were cool 'back in the day'. Ryan Pavely Net Access Corporation http://www.nac.net/ On 7/26/2013 9:02 PM, Matt Hite wrote:
DNS Whois Requirements (was: Re: ARIN WHOIS for leads)
On Jul 27, 2013, at 12:59 PM, Frank Bulk frnk...@iname.com wrote: For the folks who aren't aware, there is working being done on a proposal for a complete do-over of WHOIS: http://www.circleid.com/posts/20130703_rebooting_whois/ I don't believe this work address the regional registry information, which is what initiated the discussion, but this conversation has crossed over into the domain names, too. Excellent pointer Frank... This effort at ICANN is specifically with respect to requirements for DNS Whois, but it is possible that some of these requirements are in common with those of the number resource Whois directory service, and the Internet address community may be encouraged at some point to give a similar level of consideration to the long-term number resource Whois requirements, including the DNS result as one of many inputs to that process. Note that the comment period on the DNS Whois recommendations remains open till 12 August 2013, and parties that have views on this matter should make them known to the DNS directory services expert working group which is drafting the recommendations. FYI (and Thanks)! /John John Curran President and CEO ARIN
Re: ARIN WHOIS for leads
On Fri, 26 Jul 2013 20:18:52 -0500, Jimmy Hess said: authenticated with an implied promise that only vetted individuals with a proven network engineering experience background can see the 'additional' information, I have to admit that this is the biggest can-o-worms suggestion I've seen all week. (Hint: our org chart says I work in our Network Storage and Backup group - the lurker in the next cubicle does our abuse@ handling but you've probably never heard of him. Have fun unsnarling that sort of issue for 20K ASN's. ;) pgpS8pHLHhWUQ.pgp Description: PGP signature
Re: ARIN WHOIS for leads
On 7/27/13, valdis.kletni...@vt.edu valdis.kletni...@vt.edu wrote: On Fri, 26 Jul 2013 20:18:52 -0500, Jimmy Hess said: I have to admit that this is the biggest can-o-worms suggestion I've seen all week. (Hint: our org chart says I work in our Network Storage and Backup group - the lurker in the next cubicle does our abuse@ handling but My implication was not that ORG charts or person's actual job should be looked at. By vetted; I meant the person was subject to a background check, and also proved that they have technical knowledge. That's about reducing noise by providing contacts that can only be accessed by people who proved they knew well enough what they were doing, to avoid submitting false outage reports;for example, so they wouldn't be the people complaining to the hosting provider's IP technical contact about some random customer web server spitting out 404 pages.. In other words --- they would have passed a knowledge proof, showing they deserve the right to bypass Level 1 call center drones. E.g. to gain enhanced access in a world with 'an additional level of whois access' Step 1... 1. Submit an application with a nominal fee, explain to the RIR your periodic use of WHOIS, and how you would benefit from seeing 'special contacts' data; also including signed NDA regarding 'enhanced' extra contact information. 2. Pay ongoing fees for criminal/spammer background checks, with results forwarded to the RIR. 3. Show up at a RIR meeting, and sign the guest list -- or otherwise, get other members of the community to vouch for your character and technical capability, or, as an alternative show technical credentials in the form of an earned professional level networking industry certification requiring a performance-based lab assessment with advanced network troubleshooting of Layer 1 through 4 on real equipment. Those were some examples. I didn't mean to imply Ask to see companies' org charts, try to untangle the mess for every AS, and examine job descriptions -- -JH
Re: ARIN WHOIS for leads
On Jul 25, 2013, at 6:20 PM, Scott Weeks sur...@mauigateway.com wrote: I'd be interested in knowing who it is, so I can be sure to never buy from them. This is the way to go. Spammers and telemarketers don't do what they do for fun or malice, they do so because it's profitable. If people would stop buying from them and boycott them instead, they would stop. Anyone who buys from a spammer or telemarketer is just as guilty of perpetuating the problem as those who are building spam botnets or abusing insecure PBXes.
Re: ARIN WHOIS for leads
What about the 2am phone calls from the guy, who did a nslookup on a website, and then whois on the ip, who is calling to say his porn site is partially not working and he's pissed. imho. The days of having public records like whois/rwhois available has passed. The data use to be protected with a simple clue test. Only the clue minded folks knew about the data, and were pretty responsible with it. Now anyone can look it up. We use to use that data to be able to directly communicate with another provider for a serious problem. It was great knowing exactly how to get a hold of someone, and not have to forage your way through tech support... noc.. etc.. Even the anti-spam army out there seem to ignore 'This is the abuse contact', and end up spamming all whois org contacts. What's the point in that? Why can't we implement a method where you have to be a registered, and paying, user/member with an AS number to be able to get IP whois 'contact' info? Sure list my name and company. But keep my email and phone number private. In fact show me a web log of all registered users that looked me up. I doubt that will ever happen. So it's time for me to update my arin contact as this past weekend I got exactly that 2am porn call and it was quite disturbing which website was being referenced. In all my years I knew there was some crazy stuff out there, but this took the cake. Ryan Pavely Net Access Corporation http://www.nac.net/ On 7/25/2013 7:02 PM, Justin Vocke wrote: Sent this little e-mail to ARIN: I'm not sure that you guys can do anything about this, but it's worth looking into. I registered AS626XX a week ago, and since it's registration, I've been getting calls from wholesale carriers trying to get me to purchase IP transit from them. Someone is obviously using your database of contact information to generate sales leads. 512-377-6827 was one of the numbers trying to get more information about my network and how they could help me. My guess is someone is using your mass whois database, looking at the most recently issued/created AS numbers, and cold calling. Just thought I'd pass this along. - Due to the amount of calls I've received, I'm guessing its probably a good idea to remove my contact info from the registration and setup role's instead. Does this sorta thing happen frequently with new registrations or did I just draw the short straw? Best, Justin
RE: ARIN WHOIS for leads
-Original Message- From: Ryan Pavely [mailto:para...@nac.net] Sent: Friday, July 26, 2013 8:33 AM To: nanog@nanog.org Subject: Re: ARIN WHOIS for leads Even the anti-spam army out there seem to ignore 'This is the abuse contact', and end up spamming all whois org contacts. What's the point in that? I agree. Most of them end up blasting all contacts which is completely stupid!!! That's why you see on the comment sections with many providers something along the lines of Please use Abuse Handle or please send requests for DMCA to this handle Why can't we implement a method where you have to be a registered, and paying, user/member with an AS number to be able to get IP whois 'contact' info? Sure list my name and company. But keep my email and phone number private. In fact show me a web log of all registered users that looked me up. This could be doable. But some minor details worked out or requirements. I doubt that will ever happen. Have a little faith. ;-) If many providers wanted the feature, I'm sure ARIN would not have a problem implementing it. --Otis
Re: ARIN WHOIS for leads
On Jul 25, 2013, at 19:29 , Otis L. Surratt, Jr. o...@ocosa.com wrote: From: Warren Bailey [mailto:wbai...@satelliteintelligencegroup.com] Wouldn't that defeat the purpose of maintaining the whois? Yep! We registered a few domains and get the same thing, I think it's something that people are going to have to live with. :/ I agree. We just politely tell them we are not interested and move on about our day. Some cold callers we have taken up on offers. It just depends who calls and whether or not we are looking for new service. WHOIS Privacy is nice for the domains and we use for some of our domains but not all. We just hate when customers get those scam notices and call us or open tickets about it. The fact you take some cold callers up on offers means they will continue to call. Please do not reward people who scrape whois or the NANOG-l archive. If it is not profitable to call people, they will stop. Put another way: You are making life worse for all of us. -- TTFN, patrick
Re: ARIN WHOIS for leads
On Fri, 26 Jul 2013 09:42:11 -0500, Otis L. Surratt, Jr. said: Even the anti-spam army out there seem to ignore 'This is the abuse contact', and end up spamming all whois org contacts. What's the point in that? I agree. Most of them end up blasting all contacts which is completely stupid!!! That's why you see on the comment sections with many providers something along the lines of Please use Abuse Handle or please send requests for DMCA to this handle Well, if the community actually did it's job so mail to abuse@ and postmaster@ and similar role addresses actually got delivered instead of bouncing, and then actually did some good rather than being unread/ignored, maybe we wouldn't have to rely on a DNS jockey listed in a SOA record being pissed off enough at being cc'ed on an abuse mail to get a co-worker's butt in gear. Just sayin'. pgpLBKsWVp5mm.pgp Description: PGP signature
Re: ARIN WHOIS for leads
On Jul 26, 2013, at 09:32 , Ryan Pavely para...@nac.net wrote: What about the 2am phone calls from the guy, who did a nslookup on a website, and then whois on the ip, who is calling to say his porn site is partially not working and he's pissed. imho. The days of having public records like whois/rwhois available has passed. The data use to be protected with a simple clue test. Only the clue minded folks knew about the data, and were pretty responsible with it. Now anyone can look it up. We use to use that data to be able to directly communicate with another provider for a serious problem. It was great knowing exactly how to get a hold of someone, and not have to forage your way through tech support... noc.. etc.. Even the anti-spam army out there seem to ignore 'This is the abuse contact', and end up spamming all whois org contacts. What's the point in that? Why can't we implement a method where you have to be a registered, and paying, user/member with an AS number to be able to get IP whois 'contact' info? Sure list my name and company. But keep my email and phone number private. In fact show me a web log of all registered users that looked me up. I doubt that will ever happen. So it's time for me to update my arin contact as this past weekend I got exactly that 2am porn call and it was quite disturbing which website was being referenced. In all my years I knew there was some crazy stuff out there, but this took the cake. You can change anything you want. ARIN ICANN are both member organizations. Propose a change, get the votes, and POOF!, things are changed. Even better, only the clued (and paid) get to vote. So it is exactly what you wanted. -- TTFN, patrick On 7/25/2013 7:02 PM, Justin Vocke wrote: Sent this little e-mail to ARIN: I'm not sure that you guys can do anything about this, but it's worth looking into. I registered AS626XX a week ago, and since it's registration, I've been getting calls from wholesale carriers trying to get me to purchase IP transit from them. Someone is obviously using your database of contact information to generate sales leads. 512-377-6827 was one of the numbers trying to get more information about my network and how they could help me. My guess is someone is using your mass whois database, looking at the most recently issued/created AS numbers, and cold calling. Just thought I'd pass this along. - Due to the amount of calls I've received, I'm guessing its probably a good idea to remove my contact info from the registration and setup role's instead. Does this sorta thing happen frequently with new registrations or did I just draw the short straw? Best, Justin
Re: ARIN WHOIS for leads
On Jul 26, 2013, at 7:58 AM, Patrick W. Gilmore patr...@ianai.net wrote: You can change anything you want. ARIN ICANN are both member organizations. Propose a change, get the votes, and POOF!, things are changed. Err. ICANN isn't a membership organization. It is possible to change things at ICANN, but the mechanisms are ... different and much slower (since it involves getting consensus in a multi-stakeholder environment). Regards, -drc
Re: ARIN WHOIS for leads
On Jul 26, 2013, at 7:58 AM, Patrick W. Gilmore patr...@ianai.net wrote: On Jul 26, 2013, at 09:32 , Ryan Pavely para...@nac.net wrote: I doubt that will ever happen. So it's time for me to update my arin contact as this past weekend I got exactly that 2am porn call and it was quite disturbing which website was being referenced. In all my years I knew there was some crazy stuff out there, but this took the cake. You can change anything you want. ARIN ICANN are both member organizations. Propose a change, get the votes, and POOF!, things are changed. Even better, only the clued (and paid) get to vote. So it is exactly what you wanted. Oh Patrick, you know that's not true.. I've been paying ARIN for 13 years and for many of those ARIN wouldn't even let me modify my ASN. I don't get a vote, but I pay. :) -- TTFN, patrick
Re: ARIN WHOIS for leads
What about the 2am phone calls from the guy, who did a nslookup on a website, and then whois on the ip, who is calling to say his porn site is partially not working and he's pissed. No amount of changing contacts is going to solve this type of problem. We routinely get support calls, sometimes even in the emergency support line, from people who are pissed off at an ISP 2,000 miles away called Opus something-or-another-but-not-Opus-One. Apparently their dialup service is not so hot anymore and when it doesn't work, the one-step-down-from-AOL customer base they attract types opus into their browser and then calls whatever phone number comes to the top of whatever search engine their browser vendor chose for them. Changing the nature of WHOIS isn't going to keep the stupid from doing stupid things. However, it might make life harder for the not-stupid trying to solve real problems. Honestly, this seems to me like a non-problem. I liken it to the hypersensitivity of some people to spam, where if they get 1 message through their filters it's somehow a major crisis. Maybe our ACD, which requires the clue-challenged to be able to spell the first or last name of the person their calling, or perhaps read the extension number from a directory listing, screens the worst of the worst out from us... I also don't see the problem of cold calling when it's obviously for a service or product that I am interested in, just as I don't see the problem of cold snail-mailing for the same services. I'm in business, and I expect other businesses to try and market to me. I don't want to hear from window, insurance, and other crap sellers, but if a Cisco reseller or bandwidth seller wants to make contact and say how can I help you? that doesn't seem out of line to me. Only in the world of email do we (justifiably) get all weirded out by the prospect of unsolicited sales pitches. It seems to me that if you don't want people to call you, don't give out your phone number (or give out a phone number that makes it hard for anyone but a real person who really wants to talk to you to get to you). How did our little capitalist industry suddenly become a you must have permission to contact me by any means no matter what industry? jms -- Joel M Snyder, 1404 East Lind Road, Tucson, AZ, 85719 Senior Partner, Opus One Phone: +1 520 324 0494 j...@opus1.comhttp://www.opus1.com/jms
Re: ARIN WHOIS for leads
On Jul 26, 2013, at 11:05 , David Conrad d...@virtualized.org wrote: On Jul 26, 2013, at 7:58 AM, Patrick W. Gilmore patr...@ianai.net wrote: You can change anything you want. ARIN ICANN are both member organizations. Propose a change, get the votes, and POOF!, things are changed. Err. ICANN isn't a membership organization. It is possible to change things at ICANN, but the mechanisms are ... different and much slower (since it involves getting consensus in a multi-stakeholder environment). Sure it is, the membership is just very .. uh .. selective. :) Stakeholder is just a fancy way of saying member. They vote, things change. Like I said, this is _exactly_ what Ryan wanted. Only the anointed get to decide things. Works out well, doesn't it? -- TTFN, patrick
RE: ARIN WHOIS for leads
-Original Message- From: Patrick W. Gilmore [mailto:patr...@ianai.net] Sent: Friday, July 26, 2013 9:47 AM To: NANOG list Subject: Re: ARIN WHOIS for leads On Jul 25, 2013, at 19:29 , Otis L. Surratt, Jr. o...@ocosa.com wrote: From: Warren Bailey [mailto:wbai...@satelliteintelligencegroup.com] Wouldn't that defeat the purpose of maintaining the whois? Yep! We registered a few domains and get the same thing, I think it's something that people are going to have to live with. :/ I agree. We just politely tell them we are not interested and move on about our day. Some cold callers we have taken up on offers. It just depends who calls and whether or not we are looking for new service. WHOIS Privacy is nice for the domains and we use for some of our domains but not all. We just hate when customers get those scam notices and call us or open tickets about it. The fact you take some cold callers up on offers means they will continue to call. Please do not reward people who scrape whois or the NANOG-l archive. If it is not profitable to call people, they will stop. Put another way: You are making life worse for all of us. -- TTFN, patrick I'm not sure how they receive their data or if they mined from other sources. But one can draw some conclusions that they get information from some list/database and if you are a new provider or a new recipient of number resources then yes; that's probably how ARIN WHOIS database. But why don't we take off our hat for one moment that would call this spam and simply look at it for what it is. I'm sure others would agree. Sales teams typically would compile a list of names and phone numbers in a local community and cold call to see if there is any interest. Waiting on folks to call you could be weeks, months and years thus adversely affecting your business. I'm sure every company has done some cold calling before. If you have not then you must have a customer base of that is making you the profit you desire and/or you are already a billionaire. Thus you the resources for advertisements on local/regional/national TV. (Not the only form of advertising BTW) I can name several tier 1 and 2 providers who have reached out to us for IP transit based on cold calling/ARIN WHOIS. We've been an ARIN paying member since 2005 and have not had any contact with any sales folks until last 4 to 5 years maybe. IMHO, you guys should get off this spam kick and simply tell folks you are not interested and move on about your day. Life is way too short. I'm not sure how cold calling is spamming? The folks that received the porn calls my response is SMH and I am very disgusted. But I definitely can understand your feelings for cold calling. Again, life is too short to get all worked up about it. Like I said before simply tell them not interested and don't call again. We do and we very seldom find a stubborn sales person that continue with repeated calls. For the ones we do we have our phone system immediately hang up their call based on number. If they someone how gain my or others mobile numbers we simply add as contact and send to voicemail. After a while they'll get the message. One I threaten him and he never called again. I wouldn't recommend but it worked! LOL Everyone's point is we shouldn't have to deal with or provide those types of workarounds for unprofessional sales folks that don't understand the word NO. And I whole heartily agree. What happen to the days when you could simply tell someone not interested, don't call again and you wouldn't hear from them ever again? Or the days when everything wasn't treated as spam --Otis
Re: ARIN WHOIS for leads
On Fri, 26 Jul 2013 10:59:37 -0500, Otis L. Surratt, Jr. said: What happen to the days when you could simply tell someone not interested, don't call again and you wouldn't hear from them ever again? It's not just networking - recently I received a cold call from a local company trying to sell me home improvements. I had the joy of reminding them that I explained to them that I rent and thus will not be even a remotely plausible customer, the *last* time they called me. You'd think with better analytics, this sort of thing would happen less, not more. pgpD9f4RoeUEA.pgp Description: PGP signature
Re: ARIN WHOIS for leads
On 7/26/13 8:40 AM, Patrick W. Gilmore wrote: On Jul 26, 2013, at 11:05 , David Conrad d...@virtualized.org wrote: On Jul 26, 2013, at 7:58 AM, Patrick W. Gilmore patr...@ianai.net wrote: You can change anything you want. ARIN ICANN are both member organizations. Propose a change, get the votes, and POOF!, things are changed. Err. ICANN isn't a membership organization. It is possible to change things at ICANN, but the mechanisms are ... different and much slower (since it involves getting consensus in a multi-stakeholder environment). Sure it is, the membership is just very .. uh .. selective. :) Stakeholder is just a fancy way of saying member. They vote, things change. Like I said, this is _exactly_ what Ryan wanted. Only the anointed get to decide things. Works out well, doesn't it? Actually the member / non-member distinction is important in California corporations law. Also important is the distinction between agency of government and anything else, there's about two reams of double-sided 11pt text on the subject, and that's just between Michael Froomkin and Joe Simms. Cheers, Eric
Re: ARIN WHOIS for leads
On Thu, Jul 25, 2013 at 4:02 PM, Justin Vocke justin.vo...@gmail.comwrote: 512-377-6827 was one of the numbers trying to get more information about my network and how they could help me. Which appears to be http://www.siptrunksproviders.com/ Which in turns appears to be the same company as http://giglinx.com/ Scott
RE: ARIN WHOIS for leads
My opinion: it's the rebuttal. Sales has come lightyears in the last 20 years, advertising is a direct reflection of that. If you visit a travel website, suddenly every website you visit for the next 2 weeks is how to buy what you didn't the first time. Case in point.. And I'm going to name drop, but do not consider this a shame. I have been looking at various filtering technologies, and was looking at Barracudas site. I went on with my day, but noticed that filtering vendors start showing up on random websites. Fast forward 24 hours later.. Any website I visit with any major advertising (Slashdot was where it was first VERY apparent) was socked with barracuda ads. We see talking at least 3 of 5 major ad spaces were now ONLY barracuda. It's called retargeting and they are using cookies to do it. The problem is, nearly everyone is doing this as the pay per click is substantially larger (something like 4x of regular). People want to make money, and this is a fantastic source of it. It annoys people, but I'm not so sure I'd call it spam. I almost think it's suggestive but just transparent enough so you don't feel like big business knows as much as they do. And I don't know how the rest of you have it, but if I get 10 bucks in the mail.. I'm spending it. Sent from my Mobile Device. Original message From: Otis L. Surratt, Jr. o...@ocosa.com Date: 07/26/2013 9:01 AM (GMT-08:00) To: Patrick W. Gilmore patr...@ianai.net,NANOG list nanog@nanog.org Subject: RE: ARIN WHOIS for leads -Original Message- From: Patrick W. Gilmore [mailto:patr...@ianai.net] Sent: Friday, July 26, 2013 9:47 AM To: NANOG list Subject: Re: ARIN WHOIS for leads On Jul 25, 2013, at 19:29 , Otis L. Surratt, Jr. o...@ocosa.com wrote: From: Warren Bailey [mailto:wbai...@satelliteintelligencegroup.com] Wouldn't that defeat the purpose of maintaining the whois? Yep! We registered a few domains and get the same thing, I think it's something that people are going to have to live with. :/ I agree. We just politely tell them we are not interested and move on about our day. Some cold callers we have taken up on offers. It just depends who calls and whether or not we are looking for new service. WHOIS Privacy is nice for the domains and we use for some of our domains but not all. We just hate when customers get those scam notices and call us or open tickets about it. The fact you take some cold callers up on offers means they will continue to call. Please do not reward people who scrape whois or the NANOG-l archive. If it is not profitable to call people, they will stop. Put another way: You are making life worse for all of us. -- TTFN, patrick I'm not sure how they receive their data or if they mined from other sources. But one can draw some conclusions that they get information from some list/database and if you are a new provider or a new recipient of number resources then yes; that's probably how ARIN WHOIS database. But why don't we take off our hat for one moment that would call this spam and simply look at it for what it is. I'm sure others would agree. Sales teams typically would compile a list of names and phone numbers in a local community and cold call to see if there is any interest. Waiting on folks to call you could be weeks, months and years thus adversely affecting your business. I'm sure every company has done some cold calling before. If you have not then you must have a customer base of that is making you the profit you desire and/or you are already a billionaire. Thus you the resources for advertisements on local/regional/national TV. (Not the only form of advertising BTW) I can name several tier 1 and 2 providers who have reached out to us for IP transit based on cold calling/ARIN WHOIS. We've been an ARIN paying member since 2005 and have not had any contact with any sales folks until last 4 to 5 years maybe. IMHO, you guys should get off this spam kick and simply tell folks you are not interested and move on about your day. Life is way too short. I'm not sure how cold calling is spamming? The folks that received the porn calls my response is SMH and I am very disgusted. But I definitely can understand your feelings for cold calling. Again, life is too short to get all worked up about it. Like I said before simply tell them not interested and don't call again. We do and we very seldom find a stubborn sales person that continue with repeated calls. For the ones we do we have our phone system immediately hang up their call based on number. If they someone how gain my or others mobile numbers we simply add as contact and send to voicemail. After a while they'll get the message. One I threaten him and he never called again. I wouldn't recommend but it worked! LOL Everyone's point is we shouldn't have to deal with or provide those types of workarounds for unprofessional sales folks that don't understand the word NO. And I whole heartily agree. What happen
Re: ARIN WHOIS for leads
On 7/26/13 11:59 AM, Otis L. Surratt, Jr. o...@ocosa.com wrote: What happen to the days when you could simply tell someone not interested, don't call again and you wouldn't hear from them ever again? Or the days when everything wasn't treated as spam When the former days disappeared, the latter days did also. In that exact order. If marketing wants to talk about nurturing leads, then I don't want to be a lead. Period. My attitude changed the day I got my SIXTH call from the same sales guy who I'd told I might have the budget and need next year to get $product, and if so I'll definitely call you. The problem is that in this day and age of autodialers and call centers, most of the incoming unsolicited communications anyone gets are of a nature that they cost the person initiating the conversation orders of magnitude less to send than it costs you to answer. In the snail mail days, that balance was a lot closer to even, and so you weren't getting constant bombardments of semi- or un-targeted marketing solely because you had a publicly visible contact path. -- Josh Sholes
RE: ARIN WHOIS for leads
Case in point.. And I'm going to name drop, but do not consider this a shame. I have been looking at various filtering technologies, and was looking at Barracudas site. I went on with my day, but noticed that filtering vendors start showing up on random websites. Fast forward 24 hours later.. You know what I am waiting for? The LED billboards on the side of the road displaying targeted advertisements, based on your proximity to them, because your android phone is telling the sign where you are. Who thinks I am crazy?
RE: ARIN WHOIS for leads
You are not crazy. Sent from my Mobile Device. Original message From: Alex Rubenstein a...@corp.nac.net Date: 07/26/2013 9:53 AM (GMT-08:00) To: Warren Bailey wbai...@satelliteintelligencegroup.com,Otis L. Surratt, Jr. o...@ocosa.com,Patrick W. Gilmore patr...@ianai.net,NANOG list nanog@nanog.org Subject: RE: ARIN WHOIS for leads Case in point.. And I'm going to name drop, but do not consider this a shame. I have been looking at various filtering technologies, and was looking at Barracudas site. I went on with my day, but noticed that filtering vendors start showing up on random websites. Fast forward 24 hours later.. You know what I am waiting for? The LED billboards on the side of the road displaying targeted advertisements, based on your proximity to them, because your android phone is telling the sign where you are. Who thinks I am crazy?
Re: ARIN WHOIS for leads
What happen to the days when you could simply tell someone not interested, don't call again and you wouldn't hear from them ever again? I don't know, but that is part of the reason why you can't ignore these people or buy from them. Ever heard of the one bite at the apple idea? Marketers think they should each be able to ask you just once to buy something from them. Ignoring the fact they ask more than once, in the US alone, there are 23 million small businesses http://www.sba.gov/content/small-business-trends. How many calls / emails do you want to get if even 10% of them decide they get _one_ chance to ask you to buy something? The reason this is not a problem for snail mail is there has to be a serious return to cover the cost of printing, postage, etc. What's the cost of sending 23 million emails? Two cents? Or the days when everything wasn't treated as spam Everything is not. I admit that the other side frequently goes in-frickin'-sane and calls even non-scraped, individually addressed mail to a single person spam. We shouldn't listen to them any more than we should listen to the marketer calling back the four time in a week to sell my father life insurance - after he had passed away. Suggestion: Put tagged addresses and, if possible, phone numbers in your ARIN whois and other public records. When someone emails that address or calls that number, make sure you put them on a never buy from list, and they know it. Write them a physical (form) letter, explaining why, and make it public (web page, blog, whatever. If even a small percentage of people did this, many companies would change their practices. _Especially_ Internet companies. -- TTFN, patrick On Jul 26, 2013, at 11:59 , Otis L. Surratt, Jr. o...@ocosa.com wrote: -Original Message- From: Patrick W. Gilmore [mailto:patr...@ianai.net] Sent: Friday, July 26, 2013 9:47 AM To: NANOG list Subject: Re: ARIN WHOIS for leads On Jul 25, 2013, at 19:29 , Otis L. Surratt, Jr. o...@ocosa.com wrote: From: Warren Bailey [mailto:wbai...@satelliteintelligencegroup.com] Wouldn't that defeat the purpose of maintaining the whois? Yep! We registered a few domains and get the same thing, I think it's something that people are going to have to live with. :/ I agree. We just politely tell them we are not interested and move on about our day. Some cold callers we have taken up on offers. It just depends who calls and whether or not we are looking for new service. WHOIS Privacy is nice for the domains and we use for some of our domains but not all. We just hate when customers get those scam notices and call us or open tickets about it. The fact you take some cold callers up on offers means they will continue to call. Please do not reward people who scrape whois or the NANOG-l archive. If it is not profitable to call people, they will stop. Put another way: You are making life worse for all of us. -- TTFN, patrick I'm not sure how they receive their data or if they mined from other sources. But one can draw some conclusions that they get information from some list/database and if you are a new provider or a new recipient of number resources then yes; that's probably how ARIN WHOIS database. But why don't we take off our hat for one moment that would call this spam and simply look at it for what it is. I'm sure others would agree. Sales teams typically would compile a list of names and phone numbers in a local community and cold call to see if there is any interest. Waiting on folks to call you could be weeks, months and years thus adversely affecting your business. I'm sure every company has done some cold calling before. If you have not then you must have a customer base of that is making you the profit you desire and/or you are already a billionaire. Thus you the resources for advertisements on local/regional/national TV. (Not the only form of advertising BTW) I can name several tier 1 and 2 providers who have reached out to us for IP transit based on cold calling/ARIN WHOIS. We've been an ARIN paying member since 2005 and have not had any contact with any sales folks until last 4 to 5 years maybe. IMHO, you guys should get off this spam kick and simply tell folks you are not interested and move on about your day. Life is way too short. I'm not sure how cold calling is spamming? The folks that received the porn calls my response is SMH and I am very disgusted. But I definitely can understand your feelings for cold calling. Again, life is too short to get all worked up about it. Like I said before simply tell them not interested and don't call again. We do and we very seldom find a stubborn sales person that continue with repeated calls. For the ones we do we have our phone system immediately hang up their call based on number. If they someone how gain my or others mobile numbers we simply add as contact and send to voicemail
Re: ARIN WHOIS for leads
On 7/26/13 9:54 AM, Alex Rubenstein wrote: Case in point.. And I'm going to name drop, but do not consider this a shame. I have been looking at various filtering technologies, and was looking at Barracudas site. I went on with my day, but noticed that filtering vendors start showing up on random websites. Fast forward 24 hours later.. You know what I am waiting for? The LED billboards on the side of the road displaying targeted advertisements, based on your proximity to them, because your android phone is telling the sign where you are. Who thinks I am crazy? Now, if it broadcast the grocery list and all I had to do is blink twice to approve it so that all I had to do is drive through... that i might be able to live with. Mike
Re: ARIN WHOIS for leads
On Jul 26, 2013, at 12:54 , Alex Rubenstein a...@corp.nac.net wrote: Case in point.. And I'm going to name drop, but do not consider this a shame. I have been looking at various filtering technologies, and was looking at Barracudas site. I went on with my day, but noticed that filtering vendors start showing up on random websites. Fast forward 24 hours later.. You know what I am waiting for? The LED billboards on the side of the road displaying targeted advertisements, based on your proximity to them, because your android phone is telling the sign where you are. Who thinks I am crazy? I do. Only 'cause you singled out Android, as if Apple, Blackberry, etc. wouldn't do this too. -- TTFN, patrick
Re: ARIN WHOIS for leads
On Fri, 26 Jul 2013 12:54:21 -0400, Alex Rubenstein said: The LED billboards on the side of the road displaying targeted advertisements, based on your proximity to them, because your android phone is telling the sign where you are. There's 6 other drivers within range. What set of targeted ads do you put up? pgpxKQiO0BxcV.pgp Description: PGP signature
Re: ARIN WHOIS for leads
Blink twice? Is this 1996? I expect it to read my face like animals do. I simply do not care if it results in me riding in the Virgin spaceship. ;) Sent from my Mobile Device. Original message From: Michael Thomas m...@mtcc.com Date: 07/26/2013 10:10 AM (GMT-08:00) To: nanog@nanog.org Subject: Re: ARIN WHOIS for leads On 7/26/13 9:54 AM, Alex Rubenstein wrote: Case in point.. And I'm going to name drop, but do not consider this a shame. I have been looking at various filtering technologies, and was looking at Barracudas site. I went on with my day, but noticed that filtering vendors start showing up on random websites. Fast forward 24 hours later.. You know what I am waiting for? The LED billboards on the side of the road displaying targeted advertisements, based on your proximity to them, because your android phone is telling the sign where you are. Who thinks I am crazy? Now, if it broadcast the grocery list and all I had to do is blink twice to approve it so that all I had to do is drive through... that i might be able to live with. Mike
RE: ARIN WHOIS for leads
On Fri, 26 Jul 2013, Otis L. Surratt, Jr. wrote: -Original Message- From: Ryan Pavely [mailto:para...@nac.net] Sent: Friday, July 26, 2013 8:33 AM To: nanog@nanog.org Subject: Re: ARIN WHOIS for leads Even the anti-spam army out there seem to ignore 'This is the abuse contact', and end up spamming all whois org contacts. What's the point in that? I agree. Most of them end up blasting all contacts which is completely stupid!!! That's why you see on the comment sections with many providers something along the lines of Please use Abuse Handle or please send requests for DMCA to this handle Because your mail servers are broken. Because you put spamfilters on your abuse@ mailbox, IF you even have an abuse@, which a lot of you don't. Because we tried calling, and your tier1 are clueless. Fix your mailservers. Train your staff. Staff your abuse desk. Then we'll talk. If your network didn't spew sewage into peoples mailboxes, and if you actually took action on abusive customers, this wouldn't be a problem. Some providers have responsive abuse desks. For the rest, well thats what RBL are for I guess. -Dan
Re: ARIN WHOIS for leads
On July 26, 2013 at 13:06 valdis.kletni...@vt.edu (valdis.kletni...@vt.edu) wrote: On Fri, 26 Jul 2013 12:54:21 -0400, Alex Rubenstein said: The LED billboards on the side of the road displaying targeted advertisements, based on your proximity to them, because your android phone is telling the sign where you are. There's 6 other drivers within range. What set of targeted ads do you put up? Obviously what's needed are better heads-up displays which make personalized billboards only appear to be on the side of the road. Oh heck, with self-driving vehicles who needs billboards? They'll just blast ads onto your game or fb screen as the car zips itself along the road. Maybe that's the real motivation of autonomous vehicles, to free your eyeballs up for ads. -- -Barry Shein The World | b...@theworld.com | http://www.TheWorld.com Purveyors to the Trade | Voice: 800-THE-WRLD| Dial-Up: US, PR, Canada Software Tool Die| Public Access Internet | SINCE 1989 *oo*
Re: ARIN WHOIS for leads
Patrick, On Jul 26, 2013, at 8:40 AM, Patrick W. Gilmore patr...@ianai.net wrote: Err. ICANN isn't a membership organization. It is possible to change things at ICANN, but the mechanisms are ... different and much slower (since it involves getting consensus in a multi-stakeholder environment). Sure it is, the membership is just very .. uh .. selective. :) Stakeholder is just a fancy way of saying member. They vote, things change. You appear to be using a rather ... expansive definition of the word 'member'. Like I said, this is _exactly_ what Ryan wanted. Only the anointed get to decide things. Works out well, doesn't it? In the sense that the ones who actively participate, scream the loudest, lobby the most, etc., get to decide things, I suppose one could say it works out. However, since anyone can actively participate, scream, lobby, etc., I'm not sure how that can be described as only the anointed get to decide things. Regards, -drc
Re: ARIN WHOIS for leads
NANOG : network operators are precisely those who directly assisted in creating the 'magic lamp' and the cork which held the marketing Jeanie inside. The same operators who took the cork out and rubbed the 'magic lamp'... The Jeanie is now out of the bottle and you all are complaining about it, all the while creating new magic, more lamps and more Jeanie's... Go figure. NANOG complaining about being harassed by the marketing technologies it has created... From: David Conrad d...@virtualized.org To: Patrick W. Gilmore patr...@ianai.net Cc: NANOG list nanog@nanog.org Sent: Friday, July 26, 2013 11:40 AM Subject: Re: ARIN WHOIS for leads Patrick, On Jul 26, 2013, at 8:40 AM, Patrick W. Gilmore patr...@ianai.net wrote: Err. ICANN isn't a membership organization. It is possible to change things at ICANN, but the mechanisms are ... different and much slower (since it involves getting consensus in a multi-stakeholder environment). Sure it is, the membership is just very .. uh .. selective. :) Stakeholder is just a fancy way of saying member. They vote, things change. You appear to be using a rather ... expansive definition of the word 'member'. Like I said, this is _exactly_ what Ryan wanted. Only the anointed get to decide things. Works out well, doesn't it? In the sense that the ones who actively participate, scream the loudest, lobby the most, etc., get to decide things, I suppose one could say it works out. However, since anyone can actively participate, scream, lobby, etc., I'm not sure how that can be described as only the anointed get to decide things. Regards, -drc
Re: ARIN WHOIS for leads
On Fri, Jul 26, 2013 at 10:42:18AM -0700, goe...@anime.net wrote: Because your mail servers are broken. Because you put spamfilters on your abuse@ mailbox, IF you even have an abuse@, which a lot of you don't. Because we tried calling, and your tier1 are clueless. Fix your mailservers. Train your staff. Staff your abuse desk. Then we'll talk. Precisely. This and the rest, which I've elided. If clueful email to abuse@yourdomain is not dealt with in an effective and timely manner [1] -- then you have only yourself to blame. Never build what you can't control. ---rsk [1] The only tools really needed are root passwords and wirecutters.
RE: ARIN WHOIS for leads
-Original Message- From: Rich Kulawiec [mailto:r...@gsp.org] Sent: Friday, July 26, 2013 2:23 PM To: nanog@nanog.org Subject: Re: ARIN WHOIS for leads On Fri, Jul 26, 2013 at 10:42:18AM -0700, goe...@anime.net wrote: Because your mail servers are broken. Because you put spamfilters on your abuse@ mailbox, IF you even have an abuse@, which a lot of you don't. Because we tried calling, and your tier1 are clueless. Fix your mailservers. Train your staff. Staff your abuse desk. Then we'll talk. Precisely. This and the rest, which I've elided. If clueful email to abuse@yourdomain is not dealt with in an effective and timely manner [1] -- then you have only yourself to blame. To be quite honest; even if you had clueful and trained staff, folks would still blast all of your role accountsjust because history shows many providers don't answer abuse inquiries so they assume every provider is the same. For example, we reported some issues to a tier 1 couple weeks ago. Their automated abuse ticket response was basically if you want your issue handled include x,y,z and we did from the start so we were good. They issue stopped and we were happy. But what happened if we didn't include the following and didn't plan too? Well, the issue probably wouldn't have been resolved. Case and point, many abuse desks have directions that must be followed in order for a complaint to be processed efficiently and correctly.
Re: ARIN WHOIS for leads
On Jul 26, 2013, at 10:04 AM, Patrick W. Gilmore patr...@ianai.net wrote: Suggestion: Put tagged addresses and, if possible, phone numbers in your ARIN whois and other public records. When someone emails that address or calls that number, make sure you put them on a never buy from list, and they know it. Write them a physical (form) letter, explaining why, and make it public (web page, blog, whatever. If even a small percentage of people did this, many companies would change their practices. _Especially_ Internet companies. And please ARIN me on your letter... We do send fairly nasty letters on occasion citing the Whois terms and conditions, this is done when it is clear from complaints that parties are mining Whois or the mailing list for spamming, but we need to know it is going on. (We also do have artifacts in the database which sometimes lets us occasionally catch this on own, but most reliable are reports from folks who know the email and/or phone abused only occurs on their Whois entry.) Thanks! /John John Curran President and CEO ARIN
RE: ARIN WHOIS for leads
--- wbai...@satelliteintelligencegroup.com wrote: From: Warren Bailey wbai...@satelliteintelligencegroup.com It's called retargeting and they are using cookies to do it. -- So, properly manage your cookies and this will stop: Flash cookies: https://en.wikipedia.org/wiki/Local_Shared_Object firefox: http://support.mozilla.org/en-US/kb/enable-and-disable-cookies-website-preferences?redirectlocale=en-USredirectslug=Enabling+and+disabling+cookies scott
Re: ARIN WHOIS for leads
On Jul 26, 2013, at 7:42 AM, Otis L. Surratt, Jr. o...@ocosa.com wrote: Why can't we implement a method where you have to be a registered, and paying, user/member with an AS number to be able to get IP whois 'contact' info? Sure list my name and company. But keep my email and phone number private. In fact show me a web log of all registered users that looked me up. This could be doable. But some minor details worked out or requirements. I doubt that will ever happen. Have a little faith. ;-) If many providers wanted the feature, I'm sure ARIN would not have a problem implementing it. ARIN will run the Whois database however you folks collectively want it run. Write up the change you seek (should be fairly easy), show rough consensus in the community for the change (slightly more difficult task), and then, (quoting patrick) POOF!, things are changed. We know the process works; for example, it followed recently and resulted in the addition of the abuse point-of-contact. Steven notes that _voting_ requires membership, and only ISPs are members by default (not end-users/legacy holders)... This is definitely true, but you actually don't need to be a member to suggest changes to the number resource address policy or to make suggestions regarding ARIN operations. (If you do feel the urgent need to vote for AC and Board members, support ARIN's Internet Governance mission and help offset costs of ARIN's meetings, feel free to add paid ARIN Membership for the $500/year. Details are available here: https://www.arin.net/about_us/membership/ Many end-users with IP addresses just want the registry to work, and not embedding these costs in the annual end-user fees are they are only be $100/year/resource.) Thanks! /John John Curran President and CEO ARIN
RE: ARIN WHOIS for leads
I'm just saying.. It happens more frequently which means it will be the next subject of legislation.. Spam (unsolicited) has been pretty well taken care of from my perspective.. I rarely see the madness I saw only 10 years ago. Someone pointed out earlier that we were bitching about the problem that we created, there is a lot of truth to that. It seems like every public communications infrastructure known to man has been a shouting/listening post to advertisers forever. Radio.. Then TV.. Then expanded tv.. Now the Internet and subsequently streaming tv. Someone else pointed out the car that drove itself and freed you to watch ads. Demolition Man (don't hate..) actually depicted the same thing.. Cruising down the road in a society who is scared of everything, eating taco bell and listening to old commercials. And you get fined for saying naughty words.. Isn't that kind of what's happening? Sent from my Mobile Device. Original message From: Scott Weeks sur...@mauigateway.com Date: 07/26/2013 2:38 PM (GMT-08:00) To: nanog@nanog.org Subject: RE: ARIN WHOIS for leads --- wbai...@satelliteintelligencegroup.com wrote: From: Warren Bailey wbai...@satelliteintelligencegroup.com It's called retargeting and they are using cookies to do it. -- So, properly manage your cookies and this will stop: Flash cookies: https://en.wikipedia.org/wiki/Local_Shared_Object firefox: http://support.mozilla.org/en-US/kb/enable-and-disable-cookies-website-preferences?redirectlocale=en-USredirectslug=Enabling+and+disabling+cookies scott
Re: ARIN WHOIS for leads
On 7/26/13, John Curran jcur...@arin.net wrote: ARIN will run the Whois database however you folks collectively want it run. Write up the change you seek (should be fairly easy), show rough consensus in the community for the change (slightly more difficult task), and then, I personally think there is too little evidence at this point of widespread abuse to merit restricting access to WHOIS.Assuming you don't consider sending DMCA-like request letters to technical or abuse contacts an abuse of WHOIS. I can see how such things might be construed as spam in high volume, for large networks that provide only IP connectivity services that aren't subject to DMCA letter provisionsand don't have a policy of turning off IP transit/telco services for Trademark/Copyvio without a court order. My very strong recommendation would be: * Conduct a study on the subject of WHOIS marketing spam type abuse. Am I correct in suggesting, that the ARIN staff would have authority to create temporary dummy IP address and ASN allocations of various sizes for short periods of time, using multiple e-mail To domains, and announcing them among the new allocations, and finding some ISP to bring up some of the prefixes, for the purpose of studying, if these contacts (that could have been learned only through WHOIS) receive e-mail? I would be interested in... * Is whether there is an AS allocated, IP address allocated, ORG allocated, or just POC handle created, or BGP announcement for a certain prefixcorrelated with the probability that a contact is spammed? * Who did the spam come from? * What IP addresses requested WHOIS on dummy allocations or dummy org records that shouldn't have shown up on the internet, e.g. so legitimate WHOIS queries should be minimal? --- If someone studies that and finds there is a correlation to spam based on WHOIS listing alone, then perhaps there must be a solution for this on occasion; allocate one or two new AS numbers and a /24 on a temporary basis (6 to 12 months) solely for spammer detection purposes, in other words intentional erroneous allocations that the RIR would publish as if a real allocation. If spam is received... research into what IP addresses performed WHOIS requests for those,and publish for the world to see, every email message received, plus any followups into search-for-the-guilty to clear up the pattern of network contact abuse. In other words: for starters, assume the number of bad actors is small, and let the community pressure them and their peers to retaliate, beforediminishing the average usefulness of WHOIS to everyone, (which restricting access to a small number of users does). My guess is someone is using your mass whois database, looking at the most recently issued/created AS numbers, and cold calling. I'd be interested in knowing who it is, so I can be sure to never buy from them. scott -- -JH
Re: ARIN WHOIS for leads
On Jul 26, 2013, at 4:34 PM, Jimmy Hess mysi...@gmail.com wrote: If someone studies that and finds there is a correlation to spam based on WHOIS listing alone, then perhaps No study has been conducted, but we do receive a small number of complaints each year about email contact information being solicited in cases were the email address is exclusively used on IP address blocks and nowhere else. (Often, the culprits are network equipment vendors or technical recruiters) When we receive such, we send a nasty letter indicating violation of the Whois terms of use. Most companies seem to pay attention to this, but then again, it's generally been a misguided individual at an otherwise legitimate enterprise causing the problem, as opposed to typical bulk email harvesting operation. In other words: for starters, assume the number of bad actors is small, and let the community pressure them and their peers to retaliate, beforediminishing the average usefulness of WHOIS to everyone, (which restricting access to a small number of users does). I believe we can arrange to publicly post our notices of violation; let me look into this option. Thanks! /John John Curran President and CEO ARIN
Re: ARIN WHOIS for leads
I actually think it's important to have contact information publicly available. I realize this opens the door for abuse, but I've found that using a call screening service (Google Voice) at least provides a bit of shield. On Thu, Jul 25, 2013 at 4:02 PM, Justin Vocke justin.vo...@gmail.comwrote: Sent this little e-mail to ARIN: I'm not sure that you guys can do anything about this, but it's worth looking into. I registered AS626XX a week ago, and since it's registration, I've been getting calls from wholesale carriers trying to get me to purchase IP transit from them. Someone is obviously using your database of contact information to generate sales leads. 512-377-6827 was one of the numbers trying to get more information about my network and how they could help me. My guess is someone is using your mass whois database, looking at the most recently issued/created AS numbers, and cold calling. Just thought I'd pass this along. - Due to the amount of calls I've received, I'm guessing its probably a good idea to remove my contact info from the registration and setup role's instead. Does this sorta thing happen frequently with new registrations or did I just draw the short straw? Best, Justin
Re: ARIN WHOIS for leads
On Fri, 26 Jul 2013, Larry Stites wrote: NANOG : network operators are precisely those who directly assisted in creating the 'magic lamp' and the cork which held the marketing Jeanie inside. The same operators who took the cork out and rubbed the 'magic lamp'... The Jeanie is now out of the bottle and you all are complaining about it, all the while creating new magic, more lamps and more Jeanie's... Go figure. NANOG complaining about being harassed by the marketing technologies it has created... We're also the people at the controls, and the people holding the wire cutters (physical and virtual), so we're not a good demographic to piss off. -- Jon Lewis, MCP :) | I route | therefore you are _ http://www.lewis.org/~jlewis/pgp for PGP public key_
Re: ARIN WHOIS for leads
Said the Network Engineer of The City of San Francisco.. Sent from my Mobile Device. Original message From: Jon Lewis jle...@lewis.org Date: 07/26/2013 6:17 PM (GMT-08:00) To: Larry Stites nc...@sbcglobal.net Cc: NANOG list nanog@nanog.org Subject: Re: ARIN WHOIS for leads On Fri, 26 Jul 2013, Larry Stites wrote: NANOG : network operators are precisely those who directly assisted in creating the 'magic lamp' and the cork which held the marketing Jeanie inside. The same operators who took the cork out and rubbed the 'magic lamp'... The Jeanie is now out of the bottle and you all are complaining about it, all the while creating new magic, more lamps and more Jeanie's... Go figure. NANOG complaining about being harassed by the marketing technologies it has created... We're also the people at the controls, and the people holding the wire cutters (physical and virtual), so we're not a good demographic to piss off. -- Jon Lewis, MCP :) | I route | therefore you are _ http://www.lewis.org/~jlewis/pgp for PGP public key_
Re: ARIN WHOIS for leads
On 7/26/13, Matt Hite li...@beatmixed.com wrote: I actually think it's important to have contact information publicly available. I realize this opens the door for abuse, but I've found that using a call screening service (Google Voice) at least provides a bit of shield. Hm.. a thought does occur, that /some/ operators might be inclined to offer more useful contact listings than they would otherwise do; if there were an option to list some additional details under an enhancedprivate WHOIS, as a side-by-side enhancement to the public version;that is a WHOIS that when the asker is authenticated with an implied promise that only vetted individuals with a proven network engineering experience background can see the 'additional' information, that allows them to review the query history for their record, and possibly post a parameterized contact URLwhose use would be linked to the query. Some operators might be comfortable listing something other than their generic support phone#, or e-mail addressthat is so filtered, the critical message will probably not get to the right contact, for at least days or weeks. -- -JH
Re: ARIN WHOIS for leads
Lol yet we can't use the side cutters cause we all report to the corporate overlords Sent from my iPhone On 2013-07-26, at 8:18 PM, Jon Lewis jle...@lewis.org wrote: On Fri, 26 Jul 2013, Larry Stites wrote: NANOG : network operators are precisely those who directly assisted in creating the 'magic lamp' and the cork which held the marketing Jeanie inside. The same operators who took the cork out and rubbed the 'magic lamp'... The Jeanie is now out of the bottle and you all are complaining about it, all the while creating new magic, more lamps and more Jeanie's... Go figure. NANOG complaining about being harassed by the marketing technologies it has created... We're also the people at the controls, and the people holding the wire cutters (physical and virtual), so we're not a good demographic to piss off. -- Jon Lewis, MCP :) | I route | therefore you are _ http://www.lewis.org/~jlewis/pgp for PGP public key_
Re: ARIN WHOIS for leads
On 7/26/13, Warren Bailey wbai...@satelliteintelligencegroup.com wrote: Said the Network Engineer of The City of San Francisco.. Hey, noone said the operators at the controls don't have to give the keys up if their owners demand it -- the owners just can't drive. If you collectively piss off the guild of taxi drivers, in a world with no other cars; that doesn't mean they have a right to run you over on the street, but good luck hailing a cab while your face is on the collective list of people not to stop for. Likewise... if you're in the network device or transit provider service;taking the risk of angering your very potential customer base by failing to keep the reigns on your marketing department / making sure they don't spam or risk conducting other faux pas that could eventually be brand-destroying faux pas is not a great idea :) Sent from my Mobile Device. -- -JH
Re: ARIN WHOIS for leads
Because your mail servers are broken. Because you put spamfilters on your abuse@ mailbox, IF you even have an abuse@, which a lot of you don't. Because we tried calling, and your tier1 are clueless. Fix your mailservers. Train your staff. Staff your abuse desk. Then we'll talk. My mail servers are just fine. My abuse department is standing by to serve your requests. They are listed on all domains, ip allocations, and abuse.org, etc, etc.. If you suggest folks attempt to reach an abuse contact, fail, and them spam. Ok. No problem. But starting out with receiving an email that is CC'd to 3 departments, 2 direct people, and the same for all other org's involved is offensive, abusive, etc. And if you suggest for a second someone attempted to call, and gave up, and then spammed; yeah that never happened. A phone call? Really? Maybe one a decade, versus many spammed-spam complaints a day. Someone else wrote and I seem to have deleted it.. but basically 'I don't think these occurrences happen that often to warrant a change.' Well. If it's not happening that often, then lets fix it now before it does :) I actually think it's important to have contact information publicly available. Why? Who outside 'the business' needs that level of detailed contact information to IP mgmt folks? Does an end-user need that access? No. Does a web hoster need that access? No. They can go through their ISP or contact my OPS contact. Do you need that access? Do you have an AS, and IP blocks? If so then sure, why not. Now there is a big bug in locking down access to those registered members. Registered with whom? Arin? Ok so how do my brit friends whois my IP contact info? That complicates things, beyond suggesting an Arin policy. So I don't ever see this as changing, as I think I said, but it should change. Just like we shouldn't have echo/chargen anymore. They were cool 'back in the day'. Ryan Pavely Net Access Corporation http://www.nac.net/ On 7/26/2013 9:02 PM, Matt Hite wrote:
RE: ARIN WHOIS for leads
Wouldn't that defeat the purpose of maintaining the whois? We registered a few domains and get the same thing, I think it's something that people are going to have to live with. :/ Sent from my Mobile Device. Original message From: Justin Vocke justin.vo...@gmail.com Date: 07/25/2013 4:04 PM (GMT-08:00) To: nanog@nanog.org Subject: ARIN WHOIS for leads Sent this little e-mail to ARIN: I'm not sure that you guys can do anything about this, but it's worth looking into. I registered AS626XX a week ago, and since it's registration, I've been getting calls from wholesale carriers trying to get me to purchase IP transit from them. Someone is obviously using your database of contact information to generate sales leads. 512-377-6827 was one of the numbers trying to get more information about my network and how they could help me. My guess is someone is using your mass whois database, looking at the most recently issued/created AS numbers, and cold calling. Just thought I'd pass this along. - Due to the amount of calls I've received, I'm guessing its probably a good idea to remove my contact info from the registration and setup role's instead. Does this sorta thing happen frequently with new registrations or did I just draw the short straw? Best, Justin
Re: ARIN WHOIS for leads
--- justin.vo...@gmail.com wrote: From: Justin Vocke justin.vo...@gmail.com My guess is someone is using your mass whois database, looking at the most recently issued/created AS numbers, and cold calling. I'd be interested in knowing who it is, so I can be sure to never buy from them. scott
RE: ARIN WHOIS for leads
--- wbai...@satelliteintelligencegroup.com wrote: From: Warren Bailey wbai...@satelliteintelligencegroup.com We registered a few domains and get the same thing, I think it's something that people are going to have to live with. :/ --- No, we don't have to live with it. Name-n-shame and let us vote with our dollars. As I've said in the past, the ONLY thing they'll understand is negative impact to their bottom line... scott
RE: ARIN WHOIS for leads
-Original Message- From: Warren Bailey [mailto:wbai...@satelliteintelligencegroup.com] Sent: Thursday, July 25, 2013 6:20 PM To: Justin Vocke; nanog@nanog.org Subject: RE: ARIN WHOIS for leads Wouldn't that defeat the purpose of maintaining the whois? Yep! We registered a few domains and get the same thing, I think it's something that people are going to have to live with. :/ I agree. We just politely tell them we are not interested and move on about our day. Some cold callers we have taken up on offers. It just depends who calls and whether or not we are looking for new service. WHOIS Privacy is nice for the domains and we use for some of our domains but not all. We just hate when customers get those scam notices and call us or open tickets about it. Otis Original message From: Justin Vocke justin.vo...@gmail.com Date: 07/25/2013 4:04 PM (GMT-08:00) To: nanog@nanog.org Subject: ARIN WHOIS for leads Sent this little e-mail to ARIN: I'm not sure that you guys can do anything about this, but it's worth looking into. I registered AS626XX a week ago, and since it's registration, I've been getting calls from wholesale carriers trying to get me to purchase IP transit from them. Someone is obviously using your database of contact information to generate sales leads. 512-377-6827 was one of the numbers trying to get more information about my network and how they could help me. My guess is someone is using your mass whois database, looking at the most recently issued/created AS numbers, and cold calling. Just thought I'd pass this along. - Due to the amount of calls I've received, I'm guessing its probably a good idea to remove my contact info from the registration and setup role's instead. Does this sorta thing happen frequently with new registrations or did I just draw the short straw? Best, Justin
RE: ARIN WHOIS for leads
I read your response and totally agree. I'm just saying that your dollars not being spent with someone will probably not result in the calls stopping. Advertising and marketing dominates this planet now, and people make big money by selling lists to organizations making a buck. Not saying these people didn't get it directly, but it should not be expected to stop unless there is a do not call registry (as I would think those guys would fall under a telemarketing agency). I could be wrong.. Sent from my Mobile Device. Original message From: Scott Weeks sur...@mauigateway.com Date: 07/25/2013 4:28 PM (GMT-08:00) To: nanog@nanog.org Subject: RE: ARIN WHOIS for leads --- wbai...@satelliteintelligencegroup.com wrote: From: Warren Bailey wbai...@satelliteintelligencegroup.com We registered a few domains and get the same thing, I think it's something that people are going to have to live with. :/ --- No, we don't have to live with it. Name-n-shame and let us vote with our dollars. As I've said in the past, the ONLY thing they'll understand is negative impact to their bottom line... scott
Re: ARIN WHOIS for leads
Welcome to nanog aka the cold call jungle Sent from my iPhone On 2013-07-25, at 6:31 PM, Otis L. Surratt, Jr. o...@ocosa.com wrote: -Original Message- From: Warren Bailey [mailto:wbai...@satelliteintelligencegroup.com] Sent: Thursday, July 25, 2013 6:20 PM To: Justin Vocke; nanog@nanog.org Subject: RE: ARIN WHOIS for leads Wouldn't that defeat the purpose of maintaining the whois? Yep! We registered a few domains and get the same thing, I think it's something that people are going to have to live with. :/ I agree. We just politely tell them we are not interested and move on about our day. Some cold callers we have taken up on offers. It just depends who calls and whether or not we are looking for new service. WHOIS Privacy is nice for the domains and we use for some of our domains but not all. We just hate when customers get those scam notices and call us or open tickets about it. Otis Original message From: Justin Vocke justin.vo...@gmail.com Date: 07/25/2013 4:04 PM (GMT-08:00) To: nanog@nanog.org Subject: ARIN WHOIS for leads Sent this little e-mail to ARIN: I'm not sure that you guys can do anything about this, but it's worth looking into. I registered AS626XX a week ago, and since it's registration, I've been getting calls from wholesale carriers trying to get me to purchase IP transit from them. Someone is obviously using your database of contact information to generate sales leads. 512-377-6827 was one of the numbers trying to get more information about my network and how they could help me. My guess is someone is using your mass whois database, looking at the most recently issued/created AS numbers, and cold calling. Just thought I'd pass this along. - Due to the amount of calls I've received, I'm guessing its probably a good idea to remove my contact info from the registration and setup role's instead. Does this sorta thing happen frequently with new registrations or did I just draw the short straw? Best, Justin
RE: ARIN WHOIS for leads
I've had a guy calling me for 6 months about my phone number being selected to win a prize. This isn't on the company line, this is on the bat phone. I have told him numerous times I understand how he is contacting me and that I will not be sending him any money but that hasn't stopped the problem. Best thing to do is list a Google voice number on your whois and make the voice mail a greeting about how to email you. It's horrible, but I just can't see how it will stop. Sent from my Mobile Device. Original message From: Otis L. Surratt, Jr. o...@ocosa.com Date: 07/25/2013 4:29 PM (GMT-08:00) To: Warren Bailey wbai...@satelliteintelligencegroup.com,Justin Vocke justin.vo...@gmail.com,nanog@nanog.org Subject: RE: ARIN WHOIS for leads -Original Message- From: Warren Bailey [mailto:wbai...@satelliteintelligencegroup.com] Sent: Thursday, July 25, 2013 6:20 PM To: Justin Vocke; nanog@nanog.org Subject: RE: ARIN WHOIS for leads Wouldn't that defeat the purpose of maintaining the whois? Yep! We registered a few domains and get the same thing, I think it's something that people are going to have to live with. :/ I agree. We just politely tell them we are not interested and move on about our day. Some cold callers we have taken up on offers. It just depends who calls and whether or not we are looking for new service. WHOIS Privacy is nice for the domains and we use for some of our domains but not all. We just hate when customers get those scam notices and call us or open tickets about it. Otis Original message From: Justin Vocke justin.vo...@gmail.com Date: 07/25/2013 4:04 PM (GMT-08:00) To: nanog@nanog.org Subject: ARIN WHOIS for leads Sent this little e-mail to ARIN: I'm not sure that you guys can do anything about this, but it's worth looking into. I registered AS626XX a week ago, and since it's registration, I've been getting calls from wholesale carriers trying to get me to purchase IP transit from them. Someone is obviously using your database of contact information to generate sales leads. 512-377-6827 was one of the numbers trying to get more information about my network and how they could help me. My guess is someone is using your mass whois database, looking at the most recently issued/created AS numbers, and cold calling. Just thought I'd pass this along. - Due to the amount of calls I've received, I'm guessing its probably a good idea to remove my contact info from the registration and setup role's instead. Does this sorta thing happen frequently with new registrations or did I just draw the short straw? Best, Justin
Re: ARIN WHOIS for leads
I'm pretty sure you have to sign a AUP or something to get access to the mass whois tool with ARIN, I'm just not sure of how they enforce what people are actually doing with the list. On Thu, Jul 25, 2013 at 6:30 PM, Warren Bailey wbai...@satelliteintelligencegroup.com wrote: I read your response and totally agree. I'm just saying that your dollars not being spent with someone will probably not result in the calls stopping. Advertising and marketing dominates this planet now, and people make big money by selling lists to organizations making a buck. Not saying these people didn't get it directly, but it should not be expected to stop unless there is a do not call registry (as I would think those guys would fall under a telemarketing agency). I could be wrong.. Sent from my Mobile Device. Original message From: Scott Weeks sur...@mauigateway.com Date: 07/25/2013 4:28 PM (GMT-08:00) To: nanog@nanog.org Subject: RE: ARIN WHOIS for leads --- wbai...@satelliteintelligencegroup.com wrote: From: Warren Bailey wbai...@satelliteintelligencegroup.com We registered a few domains and get the same thing, I think it's something that people are going to have to live with. :/ --- No, we don't have to live with it. Name-n-shame and let us vote with our dollars. As I've said in the past, the ONLY thing they'll understand is negative impact to their bottom line... scott
Re: ARIN WHOIS for leads
I won't pretend to know how it's getting out there. Google your email address in about 10 minutes and see this conversation in 10 different lists. As Mark mentioned, this list has a lot of valuable eyes looking at it - so it's often a insert snake oil o' the month sales guy's wet dream. On the upside, solarwinds sent me a random 10 dollar amazon gift card a few weeks back so not all is lost.. ;) Sent from my Mobile Device. Original message From: Justin Vocke justin.vo...@gmail.com Date: 07/25/2013 4:37 PM (GMT-08:00) To: Warren Bailey wbai...@satelliteintelligencegroup.com Cc: sur...@mauigateway.com,nanog@nanog.org Subject: Re: ARIN WHOIS for leads I'm pretty sure you have to sign a AUP or something to get access to the mass whois tool with ARIN, I'm just not sure of how they enforce what people are actually doing with the list. On Thu, Jul 25, 2013 at 6:30 PM, Warren Bailey wbai...@satelliteintelligencegroup.commailto:wbai...@satelliteintelligencegroup.com wrote: I read your response and totally agree. I'm just saying that your dollars not being spent with someone will probably not result in the calls stopping. Advertising and marketing dominates this planet now, and people make big money by selling lists to organizations making a buck. Not saying these people didn't get it directly, but it should not be expected to stop unless there is a do not call registry (as I would think those guys would fall under a telemarketing agency). I could be wrong.. Sent from my Mobile Device. Original message From: Scott Weeks sur...@mauigateway.commailto:sur...@mauigateway.com Date: 07/25/2013 4:28 PM (GMT-08:00) To: nanog@nanog.orgmailto:nanog@nanog.org Subject: RE: ARIN WHOIS for leads --- wbai...@satelliteintelligencegroup.commailto:wbai...@satelliteintelligencegroup.com wrote: From: Warren Bailey wbai...@satelliteintelligencegroup.commailto:wbai...@satelliteintelligencegroup.com We registered a few domains and get the same thing, I think it's something that people are going to have to live with. :/ --- No, we don't have to live with it. Name-n-shame and let us vote with our dollars. As I've said in the past, the ONLY thing they'll understand is negative impact to their bottom line... scott
Re: ARIN WHOIS for leads
--- wbai...@satelliteintelligencegroup.com wrote: From: Warren Bailey wbai...@satelliteintelligencegroup.com ...this list has a lot of valuable eyes looking at it - so it's often a insert snake oil o' the month sales guy's wet dream. ... - And when they see their names on this list as spammers they freak out. Trust me. It has happened in the past where I named-n-shamed and got immediate response from the sales droid's manager apologizing and letting me know it won't happen again. And it didn't. Don't let a $10 bribe skew the ugliness of spammers. scott
