People trying to sell "ARIN Leads"

Jon_Sands · April 8, 2022, 4:46am

Does anyone else get email offers like the below? I get them at least once a week from various companies I’ve never heard of, I’m sure they pop up under different names constantly for obvious reasons. Crap like this I imagine is why a few of my POC emails listed on my ARIN assets get constant spam, I can’t imagine how many places there are like this scraping then selling ARIN data to marketing outlets. name and email in the below not scrubbed for anonymity because they need to cut this shit out

John_Curran1 · April 8, 2022, 10:02am

Jon -

You can forward such solicitations to compliance@arin.net - we’ll send them an appropriate nasty letter. Definitely send any solicitation of unique contact data on Whois records to us - we do pursue misuse aggressively.

(With regard to this particular spam, I’d note there is an entire ecosystem of these “lead/demand” companies, and they aren’t generally selling the ARIN Whois data but instead contact data that’s been extracted from conference registration/attendee lists. In this case I’d imagine you got targeted for receipt because your email has posted to the nanog mailing list recently.)

Thanks!
/John

John Curran
President and CEO
American Registry for Internet Numbers

Jon_Lewis1 · April 8, 2022, 10:42am

All the time. Note, their domain is hosted by Google and their email is hosted by Microsoft. Complaints to either provider tend to fall on deaf ears. If you reply asking for pricing, you'll likely be contacted from yet another domain.

Bandy_Rush1 · April 8, 2022, 4:38pm

Does anyone else get email offers like the below?

of course. i presume they signed the lrsa.

randy

Tom_Beecher · April 8, 2022, 4:45pm

I hear if they just moved to V6 and hosted email with Google, those emails would just never arrive.

Jima1 · April 8, 2022, 6:40pm

Of course, plausible deniability goes out the window when you receive sales emails on an address that ONLY exists in ARIN Whois.

But no one would put a "canary trap" email in ARIN Whois...right?

- Jima

Rob_Seastrom1 · April 8, 2022, 7:13pm

I know of nobody who would do any such thing.

-r

Sabri_Berisha · April 8, 2022, 8:20pm

Hi,

Of course, plausible deniability goes out the window when you receive sales
emails on an address that ONLY exists in ARIN Whois.

But no one would put a "canary trap" email in ARIN Whois...right?

You don't want to know how much spam I get on
"thisipspaceisnotforsale@cluecentral.net". Including, ironically, from IPv4
brokers.

Obviously, that email address is not being used for my Amazon account.

Thanks,

Sabri

John_Curran1 · April 8, 2022, 11:01pm

Sabri -

Please forward each solicitation (in full with headers) to us via <compliance@ arin.net>

(Unique emails that are only used in the Whois entry are the easiest violations to pursue by far - so reporting such activity can make a huge difference.)

Thanks!
/John

John Curran
President and CEO
American Registry for Internet Numbers

Rob_Seastrom1 · April 9, 2022, 12:10am

Wouldn’t hurt to associate that email (and perhaps some more honeypot addresses at other domains with some orgids and assign them some resources. Might as well cut out the middleman and have the violators rat themselves out…

-r

John_Curran1 · April 9, 2022, 1:07am

RS -

There are some “salted” entries at present, but the level of abuse experienced drops off fairly quickly after initial insertion.

/John

John Curran
President and CEO
American Registry for Internet Numbers