; arin-ppml@arin.net
Subject: Re: [arin-ppml] API Key Security Issue
Hi Frank,
I'll start by defining "authorized users" as any web user who's linked to a
point of contact handle that's specified as an administrative or technical
contact on your Org ID.
The only way to prevent
Just wanted to add that given the circumstances ARIN felt it was necessary to
warn those using MAIL_FROM validation from publicly, published addresses. ARIN
is open to receiving suggestions through the ARIN ACSP process if people have
other approaches to suggest.
On 12/1/22, 2:37 PM,
Hi Frank,
I'll start by defining "authorized users" as any web user who's linked to a
point of contact handle that's specified as an administrative or technical
contact on your Org ID.
The only way to prevent processing of templates (1) and API calls (2) is to
make sure no authorized user has
Email security is a separate issue from transparency, and a separate
problem. For ANY email associated with any critical service, eg domain
registrars, arin, etc..
Simply lock down the email account.. 2FA comes to mind ;)
You probably are more at risk from scams, such as fake renewal
We received an email today about the risk of using an email address that is
publicly visible in WHOIS for our registered MAIL FROM authentication email
address.
Is there a way to turn off/turn on the following options:
1. email templates for changing records2.
2. API
3. ARIN web GUI
Regards,
