[arin-ppml] Access to list of Number Resources with no valid POCs

Ted Mittelstaedt tedm at ipinc.net
Wed Aug 20 16:21:06 EDT 2014


I looked at the last one of these I got (that I saved) and it was
indeed text - but I could have sworn I got something from ARIN
recently with HTML mail that had an embedded URL.  It might not
have been a POC validation but something else.  And of course I
can't find the dang email right now.

Note that it's possible to define Courier font on an HTML
email and make it look like text - I've seen that trick done
by a spammer before.  So even if ARIN is sending out text
with URLs in it, they should try to limit the types of emails
that contain links.  Most especially never send out any emails
that link to a Login page on the ARIN website.  That's the
trick phishers use to collect userID's and passwords for banks,
ya know.

The POC email addresses, being public, are harvest-able.  It would
not take much for a spammer to duplicate a POC validation email
in Courier font as an HTML mail and send it out to all the POCs in the 
whois database with a hidden link in it.  Whether
it would be that successful in catching anyone with their pants
down is another story - those email addresses would be going to
the most suspicious people on the Internet.

I still think a simple Reply is the safest.

Ted

On 8/20/2014 12:20 PM, David Farmer wrote:
> On 8/20/14, 13:08 , John Curran wrote:
>> On Aug 20, 2014, at 12:24 PM, Ted Mittelstaedt <tedm at ipinc.net> wrote:
>>>
>>> Hi John,
>>>
>>> Embedded URLs are not really the problem - the problem is
>>> MIME-encoded email and HTML-encoded email that have the embedded
>>> URLs.
> ...
>> Ted -
>>
>> Point taken (and I am a huge fan of plain text email :-)... I will
>> look into any downsides to this approach and report back to the list.
>
> I went back and looked at the latest validation email I got Aug 1 for my
> POC, quite timely for this discussion. As far as I can tell it is not a
> HTML email, but plain text email with a plain text URL, quoted below is
> the relevant portion depersonalized.
>
>> The following is your current POC Whois registration record. To
>> validate, please take one of the actions listed below. If no action is
>> taken within 60 days, your POC record will be marked invalid in ARIN's
>> Whois.
>>
>> Your POC information in Whois is:
> XXXXX
>> 1) If the information above is correct, please confirm by visiting:
>>
>> https://www.arin.net/public/pocValidation.xhtml?validationCode=XXXXXXXXXXX
>>
>>
>> Alternatively, you may confirm by replying to this email.
>>
>> 2) If the information is incorrect:
>>
>> a) Log into your ARIN Online account (you can create an account by
>> going to www.arin.net and selecting 'new user' on the left)
> ...
>
> I'll note that when I first look at it the reply to email option, was
> hiding under the URL and didn't fully catch my attention. Might I
> suggest a minor rewrite, enumerating the options for confirming and
> adding "log into ARIN Online" as the first option, something more like
> the following;
>
> ----
>
> 1) If the information above is correct, please confirm using one of the
> following methods:
>
> a) Log into your ARIN Online account and follow instructions there to
> confirm;
>
> b) Or, visit the following URL
>
> https://www.arin.net/public/pocValidation.xhtml?validationCode=XXXXXXXXXXX
>
> c) Or, reply to this email.
>
> ----
>
> This would encourage the safest behavior, action that is completely
> independent of the prompting email "log into ARIN Online". However,
> still allowing less preferred, but probably more convenient, behavior of
> clicking on a link or replying to the email.
>
> Thanks.
>



More information about the ARIN-PPML mailing list