Sent this little e-mail to ARIN: I'm not sure that you guys can do anything about this, but it's worth looking into. I registered AS626XX a week ago, and since it's registration, I've been getting calls from "wholesale" carriers trying to get me to purchase IP transit from them. Someone is obviously using your database of contact information to generate sales leads. 512-377-6827 was one of the numbers trying to get more information about my network and how they could "help" me. My guess is someone is using your mass whois database, looking at the most recently issued/created AS numbers, and cold calling. Just thought I'd pass this along. --------- Due to the amount of calls I've received, I'm guessing its probably a good idea to remove my contact info from the registration and setup role's instead. Does this sorta thing happen frequently with new registrations or did I just draw the short straw? Best, Justin
Wouldn't that defeat the purpose of maintaining the whois? We registered a few domains and get the same thing, I think it's something that people are going to have to live with. :/ Sent from my Mobile Device. -------- Original message -------- From: Justin Vocke <justin.vocke@gmail.com> Date: 07/25/2013 4:04 PM (GMT-08:00) To: nanog@nanog.org Subject: ARIN WHOIS for leads Sent this little e-mail to ARIN: I'm not sure that you guys can do anything about this, but it's worth looking into. I registered AS626XX a week ago, and since it's registration, I've been getting calls from "wholesale" carriers trying to get me to purchase IP transit from them. Someone is obviously using your database of contact information to generate sales leads. 512-377-6827 was one of the numbers trying to get more information about my network and how they could "help" me. My guess is someone is using your mass whois database, looking at the most recently issued/created AS numbers, and cold calling. Just thought I'd pass this along. --------- Due to the amount of calls I've received, I'm guessing its probably a good idea to remove my contact info from the registration and setup role's instead. Does this sorta thing happen frequently with new registrations or did I just draw the short straw? Best, Justin
-----Original Message----- From: Warren Bailey [mailto:wbailey@satelliteintelligencegroup.com] Sent: Thursday, July 25, 2013 6:20 PM To: Justin Vocke; nanog@nanog.org Subject: RE: ARIN WHOIS for leads
Wouldn't that defeat the purpose of maintaining the whois?
Yep!
We registered a few domains and get the same thing, I think it's something that people are going to have to live with. :/
I agree. We just politely tell them we are not interested and move on about our day. Some cold callers we have taken up on offers. It just depends who calls and whether or not we are looking for new service. WHOIS Privacy is nice for the domains and we use for some of our domains but not all. We just hate when customers get those scam notices and call us or open tickets about it. Otis -------- Original message -------- From: Justin Vocke <justin.vocke@gmail.com> Date: 07/25/2013 4:04 PM (GMT-08:00) To: nanog@nanog.org Subject: ARIN WHOIS for leads Sent this little e-mail to ARIN: I'm not sure that you guys can do anything about this, but it's worth looking into. I registered AS626XX a week ago, and since it's registration, I've been getting calls from "wholesale" carriers trying to get me to purchase IP transit from them. Someone is obviously using your database of contact information to generate sales leads. 512-377-6827 was one of the numbers trying to get more information about my network and how they could "help" me. My guess is someone is using your mass whois database, looking at the most recently issued/created AS numbers, and cold calling. Just thought I'd pass this along. --------- Due to the amount of calls I've received, I'm guessing its probably a good idea to remove my contact info from the registration and setup role's instead. Does this sorta thing happen frequently with new registrations or did I just draw the short straw? Best, Justin
Welcome to nanog aka the cold call jungle Sent from my iPhone On 2013-07-25, at 6:31 PM, "Otis L. Surratt, Jr." <otis@ocosa.com> wrote:
-----Original Message----- From: Warren Bailey [mailto:wbailey@satelliteintelligencegroup.com] Sent: Thursday, July 25, 2013 6:20 PM To: Justin Vocke; nanog@nanog.org Subject: RE: ARIN WHOIS for leads
Wouldn't that defeat the purpose of maintaining the whois?
Yep!
We registered a few domains and get the same thing, I think it's something that people are going to have to live with. :/
I agree. We just politely tell them we are not interested and move on about our day. Some cold callers we have taken up on offers. It just depends who calls and whether or not we are looking for new service. WHOIS Privacy is nice for the domains and we use for some of our domains but not all. We just hate when customers get those scam notices and call us or open tickets about it.
Otis
-------- Original message -------- From: Justin Vocke <justin.vocke@gmail.com> Date: 07/25/2013 4:04 PM (GMT-08:00) To: nanog@nanog.org Subject: ARIN WHOIS for leads
Sent this little e-mail to ARIN:
I'm not sure that you guys can do anything about this, but it's worth looking into. I registered AS626XX a week ago, and since it's registration, I've been getting calls from "wholesale" carriers trying to get me to purchase IP transit from them. Someone is obviously using your database of contact information to generate sales leads.
512-377-6827 was one of the numbers trying to get more information about my network and how they could "help" me.
My guess is someone is using your mass whois database, looking at the most recently issued/created AS numbers, and cold calling.
Just thought I'd pass this along. ---------
Due to the amount of calls I've received, I'm guessing its probably a good idea to remove my contact info from the registration and setup role's instead.
Does this sorta thing happen frequently with new registrations or did I just draw the short straw?
Best, Justin
I've had a guy calling me for 6 months about my phone number being selected to win a prize. This isn't on the company line, this is on the bat phone. I have told him numerous times I understand how he is contacting me and that I will not be sending him any money but that hasn't stopped the problem. Best thing to do is list a Google voice number on your whois and make the voice mail a greeting about how to email you. It's horrible, but I just can't see how it will stop. Sent from my Mobile Device. -------- Original message -------- From: "Otis L. Surratt, Jr." <otis@ocosa.com> Date: 07/25/2013 4:29 PM (GMT-08:00) To: Warren Bailey <wbailey@satelliteintelligencegroup.com>,Justin Vocke <justin.vocke@gmail.com>,nanog@nanog.org Subject: RE: ARIN WHOIS for leads -----Original Message----- From: Warren Bailey [mailto:wbailey@satelliteintelligencegroup.com] Sent: Thursday, July 25, 2013 6:20 PM To: Justin Vocke; nanog@nanog.org Subject: RE: ARIN WHOIS for leads
Wouldn't that defeat the purpose of maintaining the whois?
Yep!
We registered a few domains and get the same thing, I think it's something that people are going to have to live with. :/
I agree. We just politely tell them we are not interested and move on about our day. Some cold callers we have taken up on offers. It just depends who calls and whether or not we are looking for new service. WHOIS Privacy is nice for the domains and we use for some of our domains but not all. We just hate when customers get those scam notices and call us or open tickets about it. Otis -------- Original message -------- From: Justin Vocke <justin.vocke@gmail.com> Date: 07/25/2013 4:04 PM (GMT-08:00) To: nanog@nanog.org Subject: ARIN WHOIS for leads Sent this little e-mail to ARIN: I'm not sure that you guys can do anything about this, but it's worth looking into. I registered AS626XX a week ago, and since it's registration, I've been getting calls from "wholesale" carriers trying to get me to purchase IP transit from them. Someone is obviously using your database of contact information to generate sales leads. 512-377-6827 was one of the numbers trying to get more information about my network and how they could "help" me. My guess is someone is using your mass whois database, looking at the most recently issued/created AS numbers, and cold calling. Just thought I'd pass this along. --------- Due to the amount of calls I've received, I'm guessing its probably a good idea to remove my contact info from the registration and setup role's instead. Does this sorta thing happen frequently with new registrations or did I just draw the short straw? Best, Justin
On Jul 25, 2013, at 19:29 , "Otis L. Surratt, Jr." <otis@ocosa.com> wrote:
From: Warren Bailey [mailto:wbailey@satelliteintelligencegroup.com]
Wouldn't that defeat the purpose of maintaining the whois?
Yep!
We registered a few domains and get the same thing, I think it's something that people are going to have to live with. :/
I agree. We just politely tell them we are not interested and move on about our day. Some cold callers we have taken up on offers. It just depends who calls and whether or not we are looking for new service. WHOIS Privacy is nice for the domains and we use for some of our domains but not all. We just hate when customers get those scam notices and call us or open tickets about it.
The fact you take some cold callers "up on offers" means they will continue to call. Please do not reward people who scrape whois or the NANOG-l archive. If it is not profitable to call people, they will stop. Put another way: You are making life worse for all of us. -- TTFN, patrick
-----Original Message----- From: Patrick W. Gilmore [mailto:patrick@ianai.net] Sent: Friday, July 26, 2013 9:47 AM To: NANOG list Subject: Re: ARIN WHOIS for leads On Jul 25, 2013, at 19:29 , "Otis L. Surratt, Jr." <otis@ocosa.com> wrote:
From: Warren Bailey [mailto:wbailey@satelliteintelligencegroup.com]
Wouldn't that defeat the purpose of maintaining the whois?
Yep!
We registered a few domains and get the same thing, I think it's something that people are going to have to live with. :/
I agree. We just politely tell them we are not interested and move on about our day. Some cold callers we have taken up on offers. It just depends who calls and whether or not we are looking for new service. WHOIS Privacy is nice for the domains and we use for some of our domains but not all. We just hate when customers get those scam notices and call us or open tickets about it.
The fact you take some cold callers "up on offers" means they will continue to call.
Please do not reward people who scrape whois or the NANOG-l archive. If it is not profitable to call people, they will stop.
Put another way: You are making life worse for all of us.
-- TTFN, patrick
I'm not sure how they receive their data or if they mined from other sources. But one can draw some conclusions that they get information from some list/database and if you are a new provider or a new recipient of number resources then yes; that's probably how ARIN WHOIS database. But why don't we take off our hat for one moment that would call this spam and simply look at it for what it is. I'm sure others would agree. Sales teams typically would compile a list of names and phone numbers in a local community and cold call to see if there is any interest. Waiting on folks to call you could be weeks, months and years thus adversely affecting your business. I'm sure every company has done some cold calling before. If you have not then you must have a customer base of that is making you the profit you desire and/or you are already a billionaire. Thus you the resources for advertisements on local/regional/national TV. (Not the only form of advertising BTW) I can name several tier 1 and 2 providers who have reached out to us for IP transit based on cold calling/ARIN WHOIS. We've been an ARIN paying member since 2005 and have not had any contact with any sales folks until last 4 to 5 years maybe. IMHO, you guys should get off this spam kick and simply tell folks you are not interested and move on about your day. Life is way too short. I'm not sure how cold calling is spamming? The folks that received the porn calls.... my response is SMH and I am very disgusted. But I definitely can understand your feelings for cold calling. Again, life is too short to get all worked up about it. Like I said before simply tell them not interested and don't call again. We do and we very seldom find a stubborn sales person that continue with repeated calls. For the ones we do we have our phone system immediately hang up their call based on number. If they someone how gain my or others mobile numbers we simply add as contact and send to voicemail. After a while they'll get the message. One I threaten him and he never called again. I wouldn't recommend but it worked! LOL Everyone's point is we shouldn't have to deal with or provide those types of workarounds for unprofessional sales folks that don't understand the word "NO". And I whole heartily agree. What happen to the days when you could simply tell someone not interested, don't call again and you wouldn't hear from them ever again????? Or the days when everything wasn't treated as spam???? --Otis
On Fri, 26 Jul 2013 10:59:37 -0500, "Otis L. Surratt, Jr." said:
What happen to the days when you could simply tell someone not interested, don't call again and you wouldn't hear from them ever again?????
It's not just networking - recently I received a cold call from a local company trying to sell me home improvements. I had the joy of reminding them that I explained to them that I rent and thus will not be even a remotely plausible customer, the *last* time they called me. You'd think with better analytics, this sort of thing would happen less, not more.
On 7/26/13 11:59 AM, "Otis L. Surratt, Jr." <otis@ocosa.com> wrote:
What happen to the days when you could simply tell someone not interested, don't call again and you wouldn't hear from them ever again????? Or the days when everything wasn't treated as spam????
When the former days disappeared, the latter days did also. In that exact order. If marketing wants to talk about "nurturing" leads, then I don't want to be a lead. Period. My attitude changed the day I got my SIXTH call from the same sales guy who I'd told "I might have the budget and need next year to get $product, and if so I'll definitely call you. The problem is that in this day and age of autodialers and call centers, most of the incoming unsolicited communications anyone gets are of a nature that they cost the person initiating the conversation orders of magnitude less to send than it costs you to answer. In the snail mail days, that balance was a lot closer to even, and so you weren't getting constant bombardments of semi- or un-targeted marketing solely because you had a publicly visible contact path. -- Josh Sholes
My opinion: it's the rebuttal. Sales has come lightyears in the last 20 years, advertising is a direct reflection of that. If you visit a travel website, suddenly every website you visit for the next 2 weeks is how to buy what you didn't the first time. Case in point.. And I'm going to name drop, but do not consider this a shame. I have been looking at various filtering technologies, and was looking at Barracudas site. I went on with my day, but noticed that filtering vendors start showing up on random websites. Fast forward 24 hours later.. Any website I visit with any "major" advertising (Slashdot was where it was first VERY apparent) was socked with barracuda ads. We see talking at least 3 of 5 major ad spaces were now ONLY barracuda. It's called retargeting and they are using cookies to do it. The problem is, nearly everyone is doing this as the pay per click is substantially larger (something like 4x of regular). People want to make money, and this is a fantastic source of it. It annoys people, but I'm not so sure I'd call it spam. I almost think it's suggestive but just transparent enough so you don't feel like big business knows as much as they do. And I don't know how the rest of you have it, but if I get 10 bucks in the mail.. I'm spending it. Sent from my Mobile Device. -------- Original message -------- From: "Otis L. Surratt, Jr." <otis@ocosa.com> Date: 07/26/2013 9:01 AM (GMT-08:00) To: "Patrick W. Gilmore" <patrick@ianai.net>,NANOG list <nanog@nanog.org> Subject: RE: ARIN WHOIS for leads -----Original Message----- From: Patrick W. Gilmore [mailto:patrick@ianai.net] Sent: Friday, July 26, 2013 9:47 AM To: NANOG list Subject: Re: ARIN WHOIS for leads On Jul 25, 2013, at 19:29 , "Otis L. Surratt, Jr." <otis@ocosa.com> wrote:
From: Warren Bailey [mailto:wbailey@satelliteintelligencegroup.com]
Wouldn't that defeat the purpose of maintaining the whois?
Yep!
We registered a few domains and get the same thing, I think it's something that people are going to have to live with. :/
I agree. We just politely tell them we are not interested and move on about our day. Some cold callers we have taken up on offers. It just depends who calls and whether or not we are looking for new service. WHOIS Privacy is nice for the domains and we use for some of our domains but not all. We just hate when customers get those scam notices and call us or open tickets about it.
The fact you take some cold callers "up on offers" means they will continue to call.
Please do not reward people who scrape whois or the NANOG-l archive. If it is not profitable to call people, they will stop.
Put another way: You are making life worse for all of us.
-- TTFN, patrick
I'm not sure how they receive their data or if they mined from other sources. But one can draw some conclusions that they get information from some list/database and if you are a new provider or a new recipient of number resources then yes; that's probably how ARIN WHOIS database. But why don't we take off our hat for one moment that would call this spam and simply look at it for what it is. I'm sure others would agree. Sales teams typically would compile a list of names and phone numbers in a local community and cold call to see if there is any interest. Waiting on folks to call you could be weeks, months and years thus adversely affecting your business. I'm sure every company has done some cold calling before. If you have not then you must have a customer base of that is making you the profit you desire and/or you are already a billionaire. Thus you the resources for advertisements on local/regional/national TV. (Not the only form of advertising BTW) I can name several tier 1 and 2 providers who have reached out to us for IP transit based on cold calling/ARIN WHOIS. We've been an ARIN paying member since 2005 and have not had any contact with any sales folks until last 4 to 5 years maybe. IMHO, you guys should get off this spam kick and simply tell folks you are not interested and move on about your day. Life is way too short. I'm not sure how cold calling is spamming? The folks that received the porn calls.... my response is SMH and I am very disgusted. But I definitely can understand your feelings for cold calling. Again, life is too short to get all worked up about it. Like I said before simply tell them not interested and don't call again. We do and we very seldom find a stubborn sales person that continue with repeated calls. For the ones we do we have our phone system immediately hang up their call based on number. If they someone how gain my or others mobile numbers we simply add as contact and send to voicemail. After a while they'll get the message. One I threaten him and he never called again. I wouldn't recommend but it worked! LOL Everyone's point is we shouldn't have to deal with or provide those types of workarounds for unprofessional sales folks that don't understand the word "NO". And I whole heartily agree. What happen to the days when you could simply tell someone not interested, don't call again and you wouldn't hear from them ever again????? Or the days when everything wasn't treated as spam???? --Otis
Case in point.. And I'm going to name drop, but do not consider this a shame. I have been looking at various filtering technologies, and was looking at Barracudas site. I went on with my day, but noticed that filtering vendors start showing up on random websites. Fast forward 24 hours later..
You know what I am waiting for? The LED billboards on the side of the road displaying targeted advertisements, based on your proximity to them, because your android phone is telling the sign where you are. Who thinks I am crazy?
You are not crazy. Sent from my Mobile Device. -------- Original message -------- From: Alex Rubenstein <alex@corp.nac.net> Date: 07/26/2013 9:53 AM (GMT-08:00) To: Warren Bailey <wbailey@satelliteintelligencegroup.com>,"Otis L. Surratt, Jr." <otis@ocosa.com>,"Patrick W. Gilmore" <patrick@ianai.net>,NANOG list <nanog@nanog.org> Subject: RE: ARIN WHOIS for leads
Case in point.. And I'm going to name drop, but do not consider this a shame. I have been looking at various filtering technologies, and was looking at Barracudas site. I went on with my day, but noticed that filtering vendors start showing up on random websites. Fast forward 24 hours later..
You know what I am waiting for? The LED billboards on the side of the road displaying targeted advertisements, based on your proximity to them, because your android phone is telling the sign where you are. Who thinks I am crazy?
On 7/26/13 9:54 AM, Alex Rubenstein wrote:
Case in point.. And I'm going to name drop, but do not consider this a shame. I have been looking at various filtering technologies, and was looking at Barracudas site. I went on with my day, but noticed that filtering vendors start showing up on random websites. Fast forward 24 hours later.. You know what I am waiting for?
The LED billboards on the side of the road displaying targeted advertisements, based on your proximity to them, because your android phone is telling the sign where you are.
Who thinks I am crazy?
Now, if it broadcast the grocery list and all I had to do is blink twice to approve it so that all I had to do is drive through... that i might be able to live with. Mike
Blink twice? Is this 1996? I expect it to read my face like animals do. I simply do not care if it results in me riding in the Virgin spaceship. ;) Sent from my Mobile Device. -------- Original message -------- From: Michael Thomas <mike@mtcc.com> Date: 07/26/2013 10:10 AM (GMT-08:00) To: nanog@nanog.org Subject: Re: ARIN WHOIS for leads On 7/26/13 9:54 AM, Alex Rubenstein wrote:
Case in point.. And I'm going to name drop, but do not consider this a shame. I have been looking at various filtering technologies, and was looking at Barracudas site. I went on with my day, but noticed that filtering vendors start showing up on random websites. Fast forward 24 hours later.. You know what I am waiting for?
The LED billboards on the side of the road displaying targeted advertisements, based on your proximity to them, because your android phone is telling the sign where you are.
Who thinks I am crazy?
Now, if it broadcast the grocery list and all I had to do is blink twice to approve it so that all I had to do is drive through... that i might be able to live with. Mike
On Fri, 26 Jul 2013 12:54:21 -0400, Alex Rubenstein said:
The LED billboards on the side of the road displaying targeted advertisements, based on your proximity to them, because your android phone is telling the sign where you are.
There's 6 other drivers within range. What set of targeted ads do you put up?
On July 26, 2013 at 13:06 Valdis.Kletnieks@vt.edu (Valdis.Kletnieks@vt.edu) wrote:
On Fri, 26 Jul 2013 12:54:21 -0400, Alex Rubenstein said:
The LED billboards on the side of the road displaying targeted advertisements, based on your proximity to them, because your android phone is telling the sign where you are.
There's 6 other drivers within range. What set of targeted ads do you put up?
Obviously what's needed are better heads-up displays which make personalized billboards only appear to be on the side of the road. Oh heck, with self-driving vehicles who needs billboards? They'll just blast ads onto your game or fb screen as the car zips itself along the road. Maybe that's the real motivation of autonomous vehicles, to free your eyeballs up for ads. -- -Barry Shein The World | bzs@TheWorld.com | http://www.TheWorld.com Purveyors to the Trade | Voice: 800-THE-WRLD | Dial-Up: US, PR, Canada Software Tool & Die | Public Access Internet | SINCE 1989 *oo*
On Jul 26, 2013, at 12:54 , Alex Rubenstein <alex@corp.nac.net> wrote:
Case in point.. And I'm going to name drop, but do not consider this a shame. I have been looking at various filtering technologies, and was looking at Barracudas site. I went on with my day, but noticed that filtering vendors start showing up on random websites. Fast forward 24 hours later..
You know what I am waiting for?
The LED billboards on the side of the road displaying targeted advertisements, based on your proximity to them, because your android phone is telling the sign where you are.
Who thinks I am crazy?
I do. Only 'cause you singled out Android, as if Apple, Blackberry, etc. wouldn't do this too. -- TTFN, patrick
What happen to the days when you could simply tell someone not interested, don't call again and you wouldn't hear from them ever again?????
I don't know, but that is part of the reason why you can't ignore these people or buy from them. Ever heard of the "one bite at the apple" idea? Marketers think they should each be able to ask you just once to buy something from them. Ignoring the fact they ask more than once, in the US alone, there are 23 million small businesses <http://www.sba.gov/content/small-business-trends>. How many calls / emails do you want to get if even 10% of them decide they get _one_ chance to ask you to buy something? The reason this is not a problem for snail mail is there has to be a serious return to cover the cost of printing, postage, etc. What's the cost of sending 23 million emails? Two cents?
Or the days when everything wasn't treated as spam????
Everything is not. I admit that "the other side" frequently goes in-frickin'-sane and calls even non-scraped, individually addressed mail to a single person "spam". We shouldn't listen to them any more than we should listen to the marketer calling back the four time in a week to sell my father life insurance - after he had passed away. Suggestion: Put tagged addresses and, if possible, phone numbers in your ARIN whois and other public records. When someone emails that address or calls that number, make sure you put them on a "never buy from" list, and they know it. Write them a physical (form) letter, explaining why, and make it public (web page, blog, whatever. If even a small percentage of people did this, many companies would change their practices. _Especially_ Internet companies. -- TTFN, patrick On Jul 26, 2013, at 11:59 , "Otis L. Surratt, Jr." <otis@ocosa.com> wrote:
-----Original Message----- From: Patrick W. Gilmore [mailto:patrick@ianai.net] Sent: Friday, July 26, 2013 9:47 AM To: NANOG list Subject: Re: ARIN WHOIS for leads
On Jul 25, 2013, at 19:29 , "Otis L. Surratt, Jr." <otis@ocosa.com> wrote:
From: Warren Bailey [mailto:wbailey@satelliteintelligencegroup.com]
Wouldn't that defeat the purpose of maintaining the whois?
Yep!
We registered a few domains and get the same thing, I think it's something that people are going to have to live with. :/
I agree. We just politely tell them we are not interested and move on about our day. Some cold callers we have taken up on offers. It just depends who calls and whether or not we are looking for new service. WHOIS Privacy is nice for the domains and we use for some of our domains but not all. We just hate when customers get those scam notices and call us or open tickets about it.
The fact you take some cold callers "up on offers" means they will continue to call.
Please do not reward people who scrape whois or the NANOG-l archive. If it is not profitable to call people, they will stop.
Put another way: You are making life worse for all of us.
-- TTFN, patrick
I'm not sure how they receive their data or if they mined from other sources. But one can draw some conclusions that they get information from some list/database and if you are a new provider or a new recipient of number resources then yes; that's probably how ARIN WHOIS database.
But why don't we take off our hat for one moment that would call this spam and simply look at it for what it is. I'm sure others would agree. Sales teams typically would compile a list of names and phone numbers in a local community and cold call to see if there is any interest. Waiting on folks to call you could be weeks, months and years thus adversely affecting your business. I'm sure every company has done some cold calling before. If you have not then you must have a customer base of that is making you the profit you desire and/or you are already a billionaire. Thus you the resources for advertisements on local/regional/national TV. (Not the only form of advertising BTW)
I can name several tier 1 and 2 providers who have reached out to us for IP transit based on cold calling/ARIN WHOIS. We've been an ARIN paying member since 2005 and have not had any contact with any sales folks until last 4 to 5 years maybe.
IMHO, you guys should get off this spam kick and simply tell folks you are not interested and move on about your day. Life is way too short. I'm not sure how cold calling is spamming?
The folks that received the porn calls.... my response is SMH and I am very disgusted. But I definitely can understand your feelings for cold calling. Again, life is too short to get all worked up about it. Like I said before simply tell them not interested and don't call again. We do and we very seldom find a stubborn sales person that continue with repeated calls. For the ones we do we have our phone system immediately hang up their call based on number. If they someone how gain my or others mobile numbers we simply add as contact and send to voicemail. After a while they'll get the message. One I threaten him and he never called again. I wouldn't recommend but it worked! LOL
Everyone's point is we shouldn't have to deal with or provide those types of workarounds for unprofessional sales folks that don't understand the word "NO". And I whole heartily agree.
What happen to the days when you could simply tell someone not interested, don't call again and you wouldn't hear from them ever again????? Or the days when everything wasn't treated as spam????
--Otis
On Jul 26, 2013, at 10:04 AM, Patrick W. Gilmore <patrick@ianai.net> wrote:
Suggestion: Put tagged addresses and, if possible, phone numbers in your ARIN whois and other public records. When someone emails that address or calls that number, make sure you put them on a "never buy from" list, and they know it. Write them a physical (form) letter, explaining why, and make it public (web page, blog, whatever. If even a small percentage of people did this, many companies would change their practices. _Especially_ Internet companies.
And please ARIN me on your letter... We do send fairly nasty letters on occasion citing the Whois terms and conditions, this is done when it is clear from complaints that parties are mining Whois or the mailing list for spamming, but we need to know it is going on. (We also do have artifacts in the database which sometimes lets us occasionally catch this on own, but most reliable are reports from folks who know the email and/or phone abused only occurs on their Whois entry.) Thanks! /John John Curran President and CEO ARIN
What about the 2am phone calls from the guy, who did a nslookup on a website, and then whois on the ip, who is calling to say his porn site is partially not working and he's pissed. imho. The days of having public records like whois/rwhois available has passed. The data use to be protected with a simple clue test. Only the clue minded folks knew about the data, and were pretty responsible with it. Now anyone can look it up. We use to use that data to be able to directly communicate with another provider for a serious problem. It was great knowing exactly how to get a hold of someone, and not have to forage your way through tech support... noc.. etc.. Even the anti-spam army out there seem to ignore 'This is the abuse contact', and end up spamming all whois org contacts. What's the point in that? Why can't we implement a method where you have to be a registered, and paying, user/member with an AS number to be able to get IP whois 'contact' info? Sure list my name and company. But keep my email and phone number private. In fact show me a web log of all registered users that looked me up. I doubt that will ever happen. So it's time for me to update my arin contact as this past weekend I got exactly that 2am porn call and it was quite disturbing which website was being referenced. In all my years I knew there was some crazy stuff out there, but this took the cake. Ryan Pavely Net Access Corporation http://www.nac.net/ On 7/25/2013 7:02 PM, Justin Vocke wrote:
Sent this little e-mail to ARIN:
I'm not sure that you guys can do anything about this, but it's worth looking into. I registered AS626XX a week ago, and since it's registration, I've been getting calls from "wholesale" carriers trying to get me to purchase IP transit from them. Someone is obviously using your database of contact information to generate sales leads.
512-377-6827 was one of the numbers trying to get more information about my network and how they could "help" me.
My guess is someone is using your mass whois database, looking at the most recently issued/created AS numbers, and cold calling.
Just thought I'd pass this along. ---------
Due to the amount of calls I've received, I'm guessing its probably a good idea to remove my contact info from the registration and setup role's instead.
Does this sorta thing happen frequently with new registrations or did I just draw the short straw?
Best, Justin
-----Original Message----- From: Ryan Pavely [mailto:paradox@nac.net] Sent: Friday, July 26, 2013 8:33 AM To: nanog@nanog.org Subject: Re: ARIN WHOIS for leads
Even the anti-spam army out there seem to ignore 'This is the abuse contact', and end up spamming all whois org contacts. What's the point in that?
Why can't we implement a method where you have to be a registered, and
I agree. Most of them end up blasting all contacts which is completely stupid!!! That's why you see on the comment sections with many providers something along the lines of "Please use Abuse Handle or please send requests for DMCA to this handle" paying, user/member with an AS number to be able to get IP whois 'contact' info? Sure list my name and company. But keep my email and phone number private. In fact show me >a web log of all registered users that looked me up. This could be doable. But some minor details worked out or requirements.
I doubt that will ever happen.
Have a little faith. ;-) If many providers wanted the feature, I'm sure ARIN would not have a problem implementing it. --Otis
On Fri, 26 Jul 2013 09:42:11 -0500, "Otis L. Surratt, Jr." said:
Even the anti-spam army out there seem to ignore 'This is the abuse contact', and end up spamming all whois org contacts. What's the point in that?
I agree. Most of them end up blasting all contacts which is completely stupid!!! That's why you see on the comment sections with many providers something along the lines of "Please use Abuse Handle or please send requests for DMCA to this handle"
Well, if the community actually did it's job so mail to abuse@ and postmaster@ and similar role addresses actually got delivered instead of bouncing, and then actually did some good rather than being unread/ignored, maybe we wouldn't have to rely on a DNS jockey listed in a SOA record being pissed off enough at being cc'ed on an abuse mail to get a co-worker's butt in gear. Just sayin'.
On Fri, 26 Jul 2013, Otis L. Surratt, Jr. wrote:
-----Original Message----- From: Ryan Pavely [mailto:paradox@nac.net] Sent: Friday, July 26, 2013 8:33 AM To: nanog@nanog.org Subject: Re: ARIN WHOIS for leads
Even the anti-spam army out there seem to ignore 'This is the abuse contact', and end up spamming all whois org contacts. What's the point in that?
I agree. Most of them end up blasting all contacts which is completely stupid!!! That's why you see on the comment sections with many providers something along the lines of "Please use Abuse Handle or please send requests for DMCA to this handle"
Because your mail servers are broken. Because you put spamfilters on your abuse@ mailbox, IF you even have an abuse@, which a lot of you don't. Because we tried calling, and your tier1 are clueless. Fix your mailservers. Train your staff. Staff your abuse desk. Then we'll talk. If your network didn't spew sewage into peoples mailboxes, and if you actually took action on abusive customers, this wouldn't be a problem. Some providers have responsive abuse desks. For the rest, well thats what RBL are for I guess. -Dan
On Fri, Jul 26, 2013 at 10:42:18AM -0700, goemon@anime.net wrote:
Because your mail servers are broken. Because you put spamfilters on your abuse@ mailbox, IF you even have an abuse@, which a lot of you don't. Because we tried calling, and your tier1 are clueless.
Fix your mailservers. Train your staff. Staff your abuse desk. Then we'll talk.
Precisely. This and the rest, which I've elided. If clueful email to "abuse@yourdomain" is not dealt with in an effective and timely manner [1] -- then you have only yourself to blame. Never build what you can't control. ---rsk [1] The only tools really needed are root passwords and wirecutters.
-----Original Message----- From: Rich Kulawiec [mailto:rsk@gsp.org] Sent: Friday, July 26, 2013 2:23 PM To: nanog@nanog.org Subject: Re: ARIN WHOIS for leads On Fri, Jul 26, 2013 at 10:42:18AM -0700, goemon@anime.net wrote:
Because your mail servers are broken. Because you put spamfilters on your abuse@ mailbox, IF you even have an abuse@, which a lot of you don't. Because we tried calling, and your tier1 are clueless.
Fix your mailservers. Train your staff. Staff your abuse desk. Then we'll talk.
Precisely. This and the rest, which I've elided. If clueful email to "abuse@yourdomain" is not dealt with in an effective and timely manner [1] -- then you have only yourself to blame.
To be quite honest; even if you had clueful and trained staff, folks would still blast all of your role accounts....just because history shows many providers don't answer abuse inquiries so they assume every provider is the same. For example, we reported some issues to a tier 1 couple weeks ago. Their automated abuse ticket response was basically if you want your issue handled include x,y,z and we did from the start so we were good. They issue stopped and we were happy. But what happened if we didn't include the following and didn't plan too? Well, the issue probably wouldn't have been resolved. Case and point, many abuse desks have directions that must be followed in order for a complaint to be processed efficiently and correctly.
On Jul 26, 2013, at 7:42 AM, "Otis L. Surratt, Jr." <otis@ocosa.com> wrote:
Why can't we implement a method where you have to be a registered, and paying, user/member with an AS number to be able to get IP whois 'contact' info? Sure list my name and company. But keep my email and phone number private. In fact show me >a web log of all registered users that looked me up.
This could be doable. But some minor details worked out or requirements.
I doubt that will ever happen.
Have a little faith. ;-) If many providers wanted the feature, I'm sure ARIN would not have a problem implementing it.
ARIN will run the Whois database however you folks collectively want it run. Write up the change you seek (should be fairly easy), show rough consensus in the community for the change (slightly more difficult task), and then, (quoting patrick) "POOF!, things are changed." We know the process works; for example, it followed recently and resulted in the addition of the abuse point-of-contact. Steven notes that _voting_ requires membership, and only ISPs are members by default (not end-users/legacy holders)... This is definitely true, but you actually don't need to be a member to suggest changes to the number resource address policy or to make suggestions regarding ARIN operations. (If you do feel the urgent need to vote for AC and Board members, support ARIN's Internet Governance mission and help offset costs of ARIN's meetings, feel free to add paid "ARIN Membership" for the $500/year. Details are available here: <https://www.arin.net/about_us/membership/> Many end-users with IP addresses just want the registry to work, and not embedding these costs in the annual end-user fees are they are only be $100/year/resource.) Thanks! /John John Curran President and CEO ARIN
On 7/26/13, John Curran <jcurran@arin.net> wrote:
ARIN will run the Whois database however you folks collectively want it run. Write up the change you seek (should be fairly easy), show rough consensus in the community for the change (slightly more difficult task), and then,
I personally think there is too little evidence at this point of widespread abuse to merit restricting access to WHOIS. Assuming you don't consider sending DMCA-like request letters to technical or abuse contacts an abuse of WHOIS. I can see how such things might be construed as spam in high volume, for large networks that provide only IP connectivity services that aren't subject to DMCA letter provisions and don't have a policy of turning off IP transit/telco services for Trademark/Copyvio without a court order. My very strong recommendation would be: * Conduct a study on the subject of WHOIS "marketing spam" type abuse. Am I correct in suggesting, that the ARIN staff would have authority to create temporary "dummy" IP address and ASN allocations of various sizes for short periods of time, using multiple e-mail To domains, and announcing them among the new allocations, and finding some ISP to bring up some of the prefixes, for the purpose of studying, if these contacts (that could have been learned only through WHOIS) receive e-mail? I would be interested in... * Is whether there is an AS allocated, IP address allocated, ORG allocated, or just POC handle created, or BGP announcement for a certain prefix correlated with the probability that a contact is spammed? * Who did the spam come from? * What IP addresses requested WHOIS on "dummy allocations" or "dummy org" records that shouldn't have shown up on the internet, e.g. so "legitimate" WHOIS queries should be minimal? --- If someone studies that and finds there is a correlation to spam based on WHOIS listing alone, then perhaps.... there must be a solution for this.... on occasion; allocate one or two new AS numbers and a /24 on a temporary basis (6 to 12 months) solely for "spammer detection" purposes, in other words "intentional erroneous allocations" that the RIR would publish as if a real allocation. If spam is received... research into what IP addresses performed WHOIS requests for those, and publish for the world to see, every email message received, plus any followups into search-for-the-guilty to clear up the pattern of network contact abuse. In other words: for starters, assume the number of "bad actors" is small, and let the community pressure them and their peers to retaliate, before diminishing the average usefulness of WHOIS to everyone, (which restricting access to a small number of users does).
My guess is someone is using your mass whois database, looking at the most recently issued/created AS numbers, and cold calling. -------------------------------------------- I'd be interested in knowing who it is, so I can be sure to never buy from them.
scott -- -JH
On Jul 26, 2013, at 4:34 PM, Jimmy Hess <mysidia@gmail.com> wrote:
If someone studies that and finds there is a correlation to spam based on WHOIS listing alone, then perhaps....
No study has been conducted, but we do receive a small number of complaints each year about email contact information being solicited in cases were the email address is exclusively used on IP address blocks and nowhere else. (Often, the culprits are network equipment vendors or technical recruiters) When we receive such, we send a nasty letter indicating violation of the Whois terms of use. Most companies seem to pay attention to this, but then again, it's generally been a misguided individual at an otherwise legitimate enterprise causing the problem, as opposed to typical bulk email harvesting operation.
In other words: for starters, assume the number of "bad actors" is small, and let the community pressure them and their peers to retaliate, before diminishing the average usefulness of WHOIS to everyone, (which restricting access to a small number of users does).
I believe we can arrange to publicly post our notices of violation; let me look into this option. Thanks! /John John Curran President and CEO ARIN
On Jul 26, 2013, at 4:34 PM, Jimmy Hess <mysidia@gmail.com> wrote:
If someone studies that and finds there is a correlation to spam
Hi, John Curran wrote: based
on WHOIS listing alone, then perhaps....
No study has been conducted, but we do receive a small number of complaints each year about email contact information being solicited in cases were the email address is exclusively used on IP address blocks and nowhere else. (Often, the culprits are network equipment vendors or technical recruiters)
SSAC conducted a study on the subject of gTLD whois and spam: http://www.icann.org/en/groups/ssac/documents/sac-023-en.htm As the gTLD and ARIN systems are different the outcomes could also be different but it might be useful as a comparison, if nothing else. Regards, Leo
On Jul 26, 2013, at 09:32 , Ryan Pavely <paradox@nac.net> wrote:
What about the 2am phone calls from the guy, who did a nslookup on a website, and then whois on the ip, who is calling to say his porn site is partially not working and he's pissed.
imho. The days of having public records like whois/rwhois available has passed. The data use to be protected with a simple clue test. Only the clue minded folks knew about the data, and were pretty responsible with it. Now anyone can look it up. We use to use that data to be able to directly communicate with another provider for a serious problem. It was great knowing exactly how to get a hold of someone, and not have to forage your way through tech support... noc.. etc..
Even the anti-spam army out there seem to ignore 'This is the abuse contact', and end up spamming all whois org contacts. What's the point in that?
Why can't we implement a method where you have to be a registered, and paying, user/member with an AS number to be able to get IP whois 'contact' info? Sure list my name and company. But keep my email and phone number private. In fact show me a web log of all registered users that looked me up.
I doubt that will ever happen. So it's time for me to update my arin contact as this past weekend I got exactly that 2am porn call and it was quite disturbing which website was being referenced. In all my years I knew there was some crazy stuff out there, but this took the cake.
You can change anything you want. ARIN & ICANN are both member organizations. Propose a change, get the votes, and POOF!, things are changed. Even better, only the "clued" (and paid) get to vote. So it is exactly what you wanted. -- TTFN, patrick
On 7/25/2013 7:02 PM, Justin Vocke wrote:
Sent this little e-mail to ARIN:
I'm not sure that you guys can do anything about this, but it's worth looking into. I registered AS626XX a week ago, and since it's registration, I've been getting calls from "wholesale" carriers trying to get me to purchase IP transit from them. Someone is obviously using your database of contact information to generate sales leads.
512-377-6827 was one of the numbers trying to get more information about my network and how they could "help" me.
My guess is someone is using your mass whois database, looking at the most recently issued/created AS numbers, and cold calling.
Just thought I'd pass this along. ---------
Due to the amount of calls I've received, I'm guessing its probably a good idea to remove my contact info from the registration and setup role's instead.
Does this sorta thing happen frequently with new registrations or did I just draw the short straw?
Best, Justin
On Jul 26, 2013, at 7:58 AM, "Patrick W. Gilmore" <patrick@ianai.net> wrote:
You can change anything you want. ARIN & ICANN are both member organizations. Propose a change, get the votes, and POOF!, things are changed.
Err. ICANN isn't a membership organization. It is possible to change things at ICANN, but the mechanisms are ... different and much slower (since it involves getting consensus in a multi-stakeholder environment). Regards, -drc
On Jul 26, 2013, at 11:05 , David Conrad <drc@virtualized.org> wrote:
On Jul 26, 2013, at 7:58 AM, "Patrick W. Gilmore" <patrick@ianai.net> wrote:
You can change anything you want. ARIN & ICANN are both member organizations. Propose a change, get the votes, and POOF!, things are changed.
Err. ICANN isn't a membership organization. It is possible to change things at ICANN, but the mechanisms are ... different and much slower (since it involves getting consensus in a multi-stakeholder environment).
Sure it is, the membership is just very .. uh .. selective. :) "Stakeholder" is just a fancy way of saying "member". They vote, things change. Like I said, this is _exactly_ what Ryan wanted. Only the "anointed" get to decide things. Works out well, doesn't it? -- TTFN, patrick
On 7/26/13 8:40 AM, Patrick W. Gilmore wrote:
On Jul 26, 2013, at 11:05 , David Conrad <drc@virtualized.org> wrote:
On Jul 26, 2013, at 7:58 AM, "Patrick W. Gilmore" <patrick@ianai.net> wrote:
You can change anything you want. ARIN & ICANN are both member organizations. Propose a change, get the votes, and POOF!, things are changed.
Err. ICANN isn't a membership organization. It is possible to change things at ICANN, but the mechanisms are ... different and much slower (since it involves getting consensus in a multi-stakeholder environment). Sure it is, the membership is just very .. uh .. selective. :)
"Stakeholder" is just a fancy way of saying "member". They vote, things change.
Like I said, this is _exactly_ what Ryan wanted. Only the "anointed" get to decide things. Works out well, doesn't it?
Actually the member / non-member distinction is important in California corporations law. Also important is the distinction between agency of government and anything else, there's about two reams of double-sided 11pt text on the subject, and that's just between Michael Froomkin and Joe Simms. Cheers, Eric
Patrick, On Jul 26, 2013, at 8:40 AM, Patrick W. Gilmore <patrick@ianai.net> wrote:
Err. ICANN isn't a membership organization. It is possible to change things at ICANN, but the mechanisms are ... different and much slower (since it involves getting consensus in a multi-stakeholder environment).
Sure it is, the membership is just very .. uh .. selective. :)
"Stakeholder" is just a fancy way of saying "member". They vote, things change.
You appear to be using a rather ... expansive definition of the word 'member'.
Like I said, this is _exactly_ what Ryan wanted. Only the "anointed" get to decide things. Works out well, doesn't it?
In the sense that the ones who actively participate, scream the loudest, lobby the most, etc., get to decide things, I suppose one could say it works out. However, since anyone can actively participate, scream, lobby, etc., I'm not sure how that can be described as "only the anointed get to decide things". Regards, -drc
NANOG : network operators are precisely those who directly assisted in creating the 'magic lamp' and the cork which held the marketing Jeanie inside. The same operators who took the cork out and rubbed the 'magic lamp'... The Jeanie is now out of the bottle and you all are complaining about it, all the while creating new magic, more lamps and more Jeanie's... Go figure. NANOG complaining about being harassed by the marketing technologies it has created...
________________________________ From: David Conrad <drc@virtualized.org> To: Patrick W. Gilmore <patrick@ianai.net> Cc: NANOG list <nanog@nanog.org> Sent: Friday, July 26, 2013 11:40 AM Subject: Re: ARIN WHOIS for leads
Patrick,
On Jul 26, 2013, at 8:40 AM, Patrick W. Gilmore <patrick@ianai.net> wrote:
Err. ICANN isn't a membership organization. It is possible to change things at ICANN, but the mechanisms are ... different and much slower (since it involves getting consensus in a multi-stakeholder environment).
Sure it is, the membership is just very .. uh .. selective. :)
"Stakeholder" is just a fancy way of saying "member". They vote, things change.
You appear to be using a rather ... expansive definition of the word 'member'.
Like I said, this is _exactly_ what Ryan wanted. Only the "anointed" get to decide things. Works out well, doesn't it?
In the sense that the ones who actively participate, scream the loudest, lobby the most, etc., get to decide things, I suppose one could say it works out. However, since anyone can actively participate, scream, lobby, etc., I'm not sure how that can be described as "only the anointed get to decide things".
Regards, -drc
On Fri, 26 Jul 2013, Larry Stites wrote:
NANOG : network operators are precisely those who directly assisted in creating the 'magic lamp' and the cork which held the marketing Jeanie inside. The same operators who took the cork out and rubbed the 'magic lamp'... The Jeanie is now out of the bottle and you all are complaining about it, all the while creating new magic, more lamps and more Jeanie's... Go figure. NANOG complaining about being harassed by the marketing technologies it has created...
We're also the people at the controls, and the people holding the wire cutters (physical and virtual), so we're not a good demographic to piss off. ---------------------------------------------------------------------- Jon Lewis, MCP :) | I route | therefore you are _________ http://www.lewis.org/~jlewis/pgp for PGP public key_________
Said the Network Engineer of The City of San Francisco.. Sent from my Mobile Device. -------- Original message -------- From: Jon Lewis <jlewis@lewis.org> Date: 07/26/2013 6:17 PM (GMT-08:00) To: Larry Stites <ncnet@sbcglobal.net> Cc: NANOG list <nanog@nanog.org> Subject: Re: ARIN WHOIS for leads On Fri, 26 Jul 2013, Larry Stites wrote:
NANOG : network operators are precisely those who directly assisted in creating the 'magic lamp' and the cork which held the marketing Jeanie inside. The same operators who took the cork out and rubbed the 'magic lamp'... The Jeanie is now out of the bottle and you all are complaining about it, all the while creating new magic, more lamps and more Jeanie's... Go figure. NANOG complaining about being harassed by the marketing technologies it has created...
We're also the people at the controls, and the people holding the wire cutters (physical and virtual), so we're not a good demographic to piss off. ---------------------------------------------------------------------- Jon Lewis, MCP :) | I route | therefore you are _________ http://www.lewis.org/~jlewis/pgp for PGP public key_________
On 7/26/13, Warren Bailey <wbailey@satelliteintelligencegroup.com> wrote:
Said the Network Engineer of The City of San Francisco..
Hey, noone said the operators at the controls don't have to give the keys up if their owners demand it -- the owners just can't drive. If you collectively piss off the guild of taxi drivers, in a world with no other cars; that doesn't mean they have a right to run you over on the street, but good luck hailing a cab while your face is on the collective list of "people not to stop for". Likewise... if you're in the network device or transit provider service; taking the risk of angering your very potential customer base by failing to keep the reigns on your marketing department / making sure they don't spam or risk conducting other faux pas that could eventually be brand-destroying faux pas is not a great idea :)
Sent from my Mobile Device. -- -JH
Lol yet we can't use the side cutters cause we all report to the corporate overlords Sent from my iPhone On 2013-07-26, at 8:18 PM, "Jon Lewis" <jlewis@lewis.org> wrote:
On Fri, 26 Jul 2013, Larry Stites wrote:
NANOG : network operators are precisely those who directly assisted in creating the 'magic lamp' and the cork which held the marketing Jeanie inside. The same operators who took the cork out and rubbed the 'magic lamp'... The Jeanie is now out of the bottle and you all are complaining about it, all the while creating new magic, more lamps and more Jeanie's... Go figure. NANOG complaining about being harassed by the marketing technologies it has created...
We're also the people at the controls, and the people holding the wire cutters (physical and virtual), so we're not a good demographic to piss off.
---------------------------------------------------------------------- Jon Lewis, MCP :) | I route | therefore you are _________ http://www.lewis.org/~jlewis/pgp for PGP public key_________
On Jul 26, 2013, at 7:58 AM, Patrick W. Gilmore <patrick@ianai.net> wrote:
On Jul 26, 2013, at 09:32 , Ryan Pavely <paradox@nac.net> wrote:
I doubt that will ever happen. So it's time for me to update my arin contact as this past weekend I got exactly that 2am porn call and it was quite disturbing which website was being referenced. In all my years I knew there was some crazy stuff out there, but this took the cake.
You can change anything you want. ARIN & ICANN are both member organizations. Propose a change, get the votes, and POOF!, things are changed.
Even better, only the "clued" (and paid) get to vote. So it is exactly what you wanted.
Oh Patrick, you know that's not true.. I've been paying ARIN for 13 years and for many of those ARIN wouldn't even let me modify my ASN. I don't get a vote, but I pay. :)
-- TTFN, patrick
On Thu, Jul 25, 2013 at 4:02 PM, Justin Vocke <justin.vocke@gmail.com>wrote:
512-377-6827 was one of the numbers trying to get more information about my network and how they could "help" me.
Which appears to be http://www.siptrunksproviders.com/ Which in turns appears to be the same company as http://giglinx.com/ Scott
I actually think it's important to have contact information publicly available. I realize this opens the door for abuse, but I've found that using a call screening service (Google Voice) at least provides a bit of shield. On Thu, Jul 25, 2013 at 4:02 PM, Justin Vocke <justin.vocke@gmail.com>wrote:
Sent this little e-mail to ARIN:
I'm not sure that you guys can do anything about this, but it's worth looking into. I registered AS626XX a week ago, and since it's registration, I've been getting calls from "wholesale" carriers trying to get me to purchase IP transit from them. Someone is obviously using your database of contact information to generate sales leads.
512-377-6827 was one of the numbers trying to get more information about my network and how they could "help" me.
My guess is someone is using your mass whois database, looking at the most recently issued/created AS numbers, and cold calling.
Just thought I'd pass this along. ---------
Due to the amount of calls I've received, I'm guessing its probably a good idea to remove my contact info from the registration and setup role's instead.
Does this sorta thing happen frequently with new registrations or did I just draw the short straw?
Best, Justin
On 7/26/13, Matt Hite <lists@beatmixed.com> wrote:
I actually think it's important to have contact information publicly available. I realize this opens the door for abuse, but I've found that using a call screening service (Google Voice) at least provides a bit of shield.
Hm.. a thought does occur, that /some/ operators might be inclined to offer more useful contact listings than they would otherwise do; if there were an option to list some additional details under an "enhanced" private WHOIS, as a side-by-side enhancement to the public version; that is a WHOIS that when the asker is authenticated with an implied promise that only vetted individuals with a proven network engineering experience background can see the 'additional' information, that allows them to review the query history for their record, and possibly post a "parameterized" contact URL whose use would be linked to the query. Some operators might be comfortable listing something other than their generic support phone#, or e-mail address that is so filtered, the critical message will probably not get to the right contact, for at least days or weeks. -- -JH
On Fri, 26 Jul 2013 20:18:52 -0500, Jimmy Hess said:
authenticated with an implied promise that only vetted individuals with a proven network engineering experience background can see the 'additional' information,
I have to admit that this is the biggest can-o-worms suggestion I've seen all week. (Hint: our org chart says I work in our Network Storage and Backup group - the lurker in the next cubicle does our abuse@ handling but you've probably never heard of him. Have fun unsnarling that sort of issue for 20K ASN's. ;)
On 7/27/13, Valdis.Kletnieks@vt.edu <Valdis.Kletnieks@vt.edu> wrote:
On Fri, 26 Jul 2013 20:18:52 -0500, Jimmy Hess said: I have to admit that this is the biggest can-o-worms suggestion > I've seen all week. (Hint: our org chart says I work in our Network Storage and Backup group - the lurker in the next cubicle does our abuse@ handling but
My implication was not that ORG charts or person's actual job should be looked at. By vetted; I meant the person was subject to a background check, and also proved that they have technical knowledge. That's about "reducing noise" by providing contacts that can only be accessed by people who proved they knew well enough what they were doing, to avoid submitting "false outage reports"; for example, so they wouldn't be the people complaining to the hosting provider's IP technical contact about some random customer web server spitting out 404 pages.. In other words --- they would have passed a knowledge proof, showing they deserve the right to bypass "Level 1 call center drones". E.g. to gain enhanced access in a world with 'an additional level of whois access' Step 1... 1. Submit an application with a nominal fee, explain to the RIR your periodic use of WHOIS, and how you would benefit from seeing 'special contacts' data; also including signed NDA regarding 'enhanced' extra contact information. 2. Pay ongoing fees for criminal/spammer background checks, with results forwarded to the RIR. 3. Show up at a RIR meeting, and sign the guest list -- or otherwise, get other members of the community to vouch for your character and technical capability, or, as an alternative show technical credentials in the form of an earned professional level networking industry certification requiring a performance-based lab assessment with advanced network troubleshooting of Layer 1 through 4 on real equipment. Those were some examples. I didn't mean to imply "Ask to see companies' org charts, try to untangle the mess for every AS, and examine job descriptions" -- -JH
On Jul 27, 2013, at 9:00 PM, Jimmy Hess <mysidia@gmail.com> wrote:
... In other words --- they would have passed a knowledge proof, showing they deserve the right to bypass "Level 1 call center drones".
E.g. to gain enhanced access in a world with 'an additional level of whois access' Step 1... 1. Submit an application with a nominal fee, explain to the RIR your periodic use of WHOIS, and how you would benefit from seeing 'special contacts' data; also including signed NDA regarding 'enhanced' extra contact information.
2. Pay ongoing fees for criminal/spammer background checks, with results forwarded to the RIR.
3. Show up at a RIR meeting, and sign the guest list -- or otherwise, get other members of the community to vouch for your character and technical capability, or, as an alternative show technical credentials in the form of an earned professional level networking industry certification requiring a performance-based lab assessment with advanced network troubleshooting of Layer 1 through 4 on real equipment.
Those were some examples.
Jimmy - If I understand you correctly, you are seeking establishment of a database of private operator contact data; this data would only made available to those who are "provably known" (using some process TBD), who furthermore agree to its terms of use, and potentially pay some nominal fee to offset its cost. Based on my (admittedly dated) knowledge of service provider operations, I can see how access to this "enhanced" data might be a useful service, although I'm not certain that it being based on "Whois" or the existing registry data is necessarily required for the service to be useful. Also, while ARIN's purpose and mission could be said to include such services, it's good to note that any organization whose purposes include "areas in which inter-provider cooperation can be mutually beneficial" would be also be a suitable home for such an activity... FYI, /John John Curran President and CEO ARIN p.s. If in the end you feel strongly that _ARIN_ should be offering such a service, please submit into the ARIN Consultation and Suggestion Process.. (which doesn't mean it will happen, only that we'll spec it out and then put it in front of the community for consideration.) <https://www.arin.net/participate/acsp/acsp.html>
On Sat, Jul 27, 2013 at 9:00 PM, Jimmy Hess <mysidia@gmail.com> wrote:
On 7/27/13, Valdis.Kletnieks@vt.edu <Valdis.Kletnieks@vt.edu> wrote:
On Fri, 26 Jul 2013 20:18:52 -0500, Jimmy Hess said: I have to admit that this is the biggest can-o-worms suggestion > I've seen all week. (Hint: our org chart says I work in our Network Storage and Backup group - the lurker in the next cubicle does our abuse@ handling but
My implication was not that ORG charts or person's actual job should be looked at. By vetted; I meant the person was subject to a background check, and also proved that they have technical knowledge.
That's about "reducing noise" by providing contacts that can only be accessed by people who proved they knew well enough what they were doing, to avoid submitting "false outage reports"; for example, so they wouldn't be the people complaining to the hosting provider's IP technical contact about some random customer web server spitting out 404 pages..
In other words --- they would have passed a knowledge proof, showing they deserve the right to bypass "Level 1 call center drones".
E.g. to gain enhanced access in a world with 'an additional level of whois access' Step 1... 1. Submit an application with a nominal fee, explain to the RIR your periodic use of WHOIS, and how you would benefit from seeing 'special contacts' data; also including signed NDA regarding 'enhanced' extra contact information.
2. Pay ongoing fees for criminal/spammer background checks, with results forwarded to the RIR.
3. Show up at a RIR meeting, and sign the guest list -- or otherwise, get other members of the community to vouch for your character and technical capability, or, as an alternative show technical credentials in the form of an earned professional level networking industry certification requiring a performance-based lab assessment with advanced network troubleshooting of Layer 1 through 4 on real equipment.
If you're going to *that* level of validation, just join INOC-DBA and be done with it: http://en.wikipedia.org/wiki/INOC-DBA Matt
Those were some examples.
I didn't mean to imply "Ask to see companies' org charts, try to untangle the mess for every AS, and examine job descriptions"
-- -JH
Because your mail servers are broken. Because you put spamfilters on your abuse@ mailbox, IF you even have an abuse@, which a lot of you don't. Because we tried calling, and your tier1 are clueless.
Fix your mailservers. Train your staff. Staff your abuse desk. Then we'll talk. My mail servers are just fine. My abuse department is standing by to serve your requests. They are listed on all domains, ip allocations, and abuse.org, etc, etc..
If you suggest folks attempt to reach an abuse contact, fail, and them spam. Ok. No problem. But starting out with receiving an email that is CC'd to 3 departments, 2 direct people, and the same for all other org's involved is offensive, abusive, etc. And if you suggest for a second someone attempted to call, and gave up, and then spammed; yeah that never happened. A phone call? Really? Maybe one a decade, versus many spammed-spam complaints a day.
Someone else wrote and I seem to have deleted it.. but basically 'I don't think these occurrences happen that often to warrant a change.'
Well. If it's not happening that often, then lets fix it now before it does :)
I actually think it's important to have contact information publicly available.
Why? Who outside 'the business' needs that level of detailed contact information to IP mgmt folks? Does an end-user need that access? No. Does a web hoster need that access? No. They can go through their ISP or contact my OPS contact. Do you need that access? Do you have an AS, and IP blocks? If so then sure, why not. Now there is a big bug in locking down access to those registered members. Registered with whom? Arin? Ok so how do my brit friends whois my IP contact info? That complicates things, beyond suggesting an Arin policy. So I don't ever see this as changing, as I think I said, but it should change. Just like we shouldn't have echo/chargen anymore. They were cool 'back in the day'. Ryan Pavely Net Access Corporation http://www.nac.net/ On 7/26/2013 9:02 PM, Matt Hite wrote:
For the folks who aren't aware, there is working being done on a proposal for a complete do-over of WHOIS: http://www.circleid.com/posts/20130703_rebooting_whois/ I don't believe this work address the regional registry information, which is what initiated the discussion, but this conversation has crossed over into the domain names, too. Frank -----Original Message----- From: Ryan Pavely [mailto:paradox@nac.net] Sent: Saturday, July 27, 2013 12:35 AM To: nanog@nanog.org Subject: Re: ARIN WHOIS for leads
Because your mail servers are broken. Because you put spamfilters on your abuse@ mailbox, IF you even have an abuse@, which a lot of you don't. Because we tried calling, and your tier1 are clueless.
Fix your mailservers. Train your staff. Staff your abuse desk. Then we'll talk. My mail servers are just fine. My abuse department is standing by to serve your requests. They are listed on all domains, ip allocations, and abuse.org, etc, etc..
If you suggest folks attempt to reach an abuse contact, fail, and them spam. Ok. No problem. But starting out with receiving an email that is CC'd to 3 departments, 2 direct people, and the same for all other org's involved is offensive, abusive, etc. And if you suggest for a second someone attempted to call, and gave up, and then spammed; yeah that never happened. A phone call? Really? Maybe one a decade, versus many spammed-spam complaints a day.
Someone else wrote and I seem to have deleted it.. but basically 'I don't think these occurrences happen that often to warrant a change.'
Well. If it's not happening that often, then lets fix it now before it does :)
I actually think it's important to have contact information publicly available.
Why? Who outside 'the business' needs that level of detailed contact information to IP mgmt folks? Does an end-user need that access? No. Does a web hoster need that access? No. They can go through their ISP or contact my OPS contact. Do you need that access? Do you have an AS, and IP blocks? If so then sure, why not. Now there is a big bug in locking down access to those registered members. Registered with whom? Arin? Ok so how do my brit friends whois my IP contact info? That complicates things, beyond suggesting an Arin policy. So I don't ever see this as changing, as I think I said, but it should change. Just like we shouldn't have echo/chargen anymore. They were cool 'back in the day'. Ryan Pavely Net Access Corporation http://www.nac.net/ On 7/26/2013 9:02 PM, Matt Hite wrote:
On Jul 27, 2013, at 12:59 PM, Frank Bulk <frnkblk@iname.com> wrote:
For the folks who aren't aware, there is working being done on a proposal for a complete do-over of WHOIS: http://www.circleid.com/posts/20130703_rebooting_whois/ I don't believe this work address the regional registry information, which is what initiated the discussion, but this conversation has crossed over into the domain names, too.
Excellent pointer Frank... This effort at ICANN is specifically with respect to requirements for DNS Whois, but it is possible that some of these requirements are in common with those of the number resource Whois directory service, and the Internet address community may be encouraged at some point to give a similar level of consideration to the long-term number resource Whois requirements, including the DNS result as one of many inputs to that process. Note that the comment period on the DNS Whois recommendations remains open till 12 August 2013, and parties that have views on this matter should make them known to the DNS directory services expert working group which is drafting the recommendations. FYI (and Thanks)! /John John Curran President and CEO ARIN
On 7/27/2013 6:11 PM, John Curran wrote:
Excellent pointer Frank...
I confess, I haven't followed this conversation very closely (which meandered around much, given the random few messages I saw.. who has the time to read them all?). So forgive me if I'm repeating some of the info already covered. But I think you all would be very interested in some of my experiences this past year! To ARIN's credit, they revamped their requirements for data access just this past year. They cut off all access, then made members resend in new Bulk Whois agreements to keep their access turned on. So ARIN is obviously doing some GOOD things to try to prevent their data from being used by marketers! I think our usage of that data might be one of the most credible situations in existence. I manage an anti-spam blacklist which is used by hundreds of organizations across the world, including multiple Fortune 500 technology companies and even a few notable ISPs. One of our three blacklists preemptively blocks /24 blocks if/when we see a pattern where a snowshoe spammer is burning through the IPs on that block one at a time... we then blacklist that /24 block (well... sort of...). But our ivmSIP/24 list is no ordinary /24 list. We OFTEN set up boundaries if/when we detect either (a) any other IP(s) on that block that we deem as legit, and/or (b) a situation where portions of the same /24 block are delegated to DIFFERENT organizations. In those cases, we only blacklist the subsection of the /24 block belonging to the spammers, making ivmSIP/24 a much safer list for outright blocking or high scoring... in comparison to what can be accomplished with other /24 anti-spam blacklists. Having ARIN data is an invaluable tool that helps ivmSIP/24 do a better job of only blacklisting the spammers, while leaving the innocent bystandards untouched, in situations where the /24 block is shared by spammers and non-spammers. I know it is frustrating that marketers somehow continue to game the system... but I hope that this never causes the legit uses of that data, such as what we're doing... to be discontinued. -- Rob McEwen http://dnsbl.invaluement.com/ rob@invaluement.com +1 (478) 475-9032
On 7/27/2013 7:20 PM, Rob McEwen wrote:
They cut off all access
Correction... that didn't come across the right way. They didn't just cut everyone's access off. What I meant was that anyone who didn't re-signup by filling out a rather comprehensive form, with very pointed questions about their usage, were cut off. But PLENTY of warning was given. I actually got lazy and didn't get the form in on time... so my access was cut off for a period of time. But that was my own fault. (and showed that they were serious about this!) -- Rob McEwen http://dnsbl.invaluement.com/ rob@invaluement.com +1 (478) 475-9032
On Jul 27, 2013, at 12:59 PM, Frank Bulk <frnkblk@iname.com> wrote:
For the folks who aren't aware, there is working being done on a proposal for a complete do-over of WHOIS: http://www.circleid.com/posts/20130703_rebooting_whois/ I don't believe this work address the regional registry information, which is what initiated the discussion, but this conversation has crossed over into the domain names, too.
Excellent pointer Frank... This effort at ICANN is specifically with respect to requirements for DNS Whois, but it is possible that some of these requirements are in common with those of the number resource Whois directory service, and the Internet address community may be encouraged at some point to give a similar level of consideration to the long-term number resource Whois requirements, including the DNS result as one of many inputs to that process.
Er ... Um ... Well ... there is weirds, and you're free to browse the list archives which are in the usual location: https://www.ietf.org/mailman/listinfo/weirds Then there is the somewhat ... incompletely specified ... project that may, or may not be lead by Chris Gift, which may, or may not, lead to actual bits being replicated across the contracted domain registries. Eric
participants (26)
-
Alex Rubenstein -
Barry Shein -
David Conrad -
Eric Brunner-Williams -
Frank Bulk -
goemon@anime.net -
Jimmy Hess -
John Curran -
Jon Lewis -
Justin Vocke -
Larry Stites -
Leo Vegoda -
Mark Gauvin -
Matt Hite -
Matthew Petach -
Michael Thomas -
Otis L. Surratt, Jr. -
Patrick W. Gilmore -
Rich Kulawiec -
Rob McEwen -
Ryan Pavely -
Scott Howard -
Sholes, Joshua -
Steven Noble -
Valdis.Kletnieks@vt.edu -
Warren Bailey