[arin-ppml] How bad is it really?

[Matthew Kaufman]

Steve Bertrand wrote:
>
> After reading the policy, it would seem apparent to me that the
> responsibility of any message sent by ARIN to a responsible POC would be
> up to the address holder of the POC... is that correct?
>
> ie. if spam filters catch a message destined to them that originate from
> ARIN, then they, or their email admins should be aware to allow all
> email from ARIN to traverse the filters and make it to the destination.
>   
Unfortunately, the world of email today makes it much more likely that a 
personal one-to-one communication will be delivered than will a bulk 
(and yes, this is a "bulk email" by any definition) delivery of messages 
with multiple "click to act now" URLs in it.

In my case the message wasn't immediately discarded, but was moved from 
the "personal messages, read now" box to the "suspect messages, review" 
box due to the "?validationCode=9dba..." in the first URL. That simply 
isn't the sort of thing that a "real person" would send to an ARIN POC 
in order to get help.

And if they didn't get a reply, they could try my phone number and get a 
prompt reply that way as well... but the POC validation process didn't 
call me on the phone, either.
> I appreciate this effort, and feel that it is the responsibility of the
> recipient to accept the message properly from ARIN, as this has been
> decided and documented in our policy.
>   
And how many of the POCs are participants in the policy-development 
process, do you suppose?

Personally I think it is a great first step, but it might have been a 
lot better to have a plain text message with absolutely no URLs and no 
advertising terms in it go out first that said "from now on, ARIN will 
reach you this way, please whitelist the source of this message".

Matthew Kaufman