Strengthening Security for Point of Contact Management

Strengthening Security for Point of Contact Management

By John Sweeting – Chief Experience Officer, ARIN

ARIN has suspended the ability to link to existing Points of Contact (POCs) via ARIN Online while we develop a more secure in-app verification process. This change improves POC management security and ensures critical Internet resources are protected by stronger authentication controls.

What This Means for You

Previously, ARIN Online users could link their accounts to existing POC records by completing an automated email verification process. This self-service functionality has been suspended while we develop enhanced security measures for online verification processes.

If you need to link your ARIN Online account to an existing POC, you now have two options:

Option 1: Contact ARIN Support

  • Submit an Ask ARIN ticket through your ARIN Online account.
  • Call our Registration Services Help Desk at +1.703.227.0660 during business hours (7:00 AM to 7:00 PM ET, Monday through Friday).

Option 2: Use Alternative Methods

  • Create a new POC in ARIN Online and have an authorized Admin or Tech POC associate it with the appropriate Organization Identifier (Org ID).
  • If no authorized POC is available, create a new POC and submit an Organization Recovery request through ARIN Online.
  • Use ARIN’s RESTful web service with API keys for automated POC management.

Why POC Management Matters

Points of Contact serve as the authorized representatives for Internet number resources in ARIN’s database. Maintaining accurate and secure POC records is critical for several reasons:

  • Resource Protection: Accurate POC records help prevent resource hijacking. Outdated or abandoned registration records have increasingly become targets for malicious actors who attempt to fraudulently take control of Internet resources. When POC information is current and properly secured, it becomes much more difficult for bad actors to impersonate legitimate organizations.
  • Operational Communications: The Internet community relies on POC information to communicate about network operations, security incidents, and abuse reports. Whether someone needs to report network abuse or coordinate during a security incident, having current contact information ensures these critical communications reach the right people quickly.
  • Law Enforcement Support: Up-to-date registration information assists law enforcement agencies in their investigations and helps keep the public safe. Current POC records ensure that legitimate requests for information can be processed efficiently when investigating criminal behavior online.
  • Regulatory Compliance: Maintaining accurate POC information is required under ARIN policy (specifically Number Resource Policy Manual Section 3.6) and the ARIN Registration Services Agreement. Organizations commit to keeping this information current as part of their agreement with ARIN.

Best Practices for POC Management

Regular Validation

ARIN sends annual validation emails to all Tech, Admin, NOC, and Abuse POCs. Respond to these requests promptly to maintain full access to ARIN Online functionality. Unvalidated POCs are marked as invalid after 60 days, which limits your account access.

Monitor Role-Based Email Accounts

If you use role-based POCs (such as admin@, noc@, or abuse@ addresses), ensure these email accounts are actively monitored and properly secured. Implement appropriate email security measures to prevent unauthorized access or email redirection.

Keep Information Current

Review and update your POC records regularly, especially when:

  • Staff members change roles or leave the organization
  • Email addresses change
  • Phone numbers or postal addresses are updated
  • Organizational responsibilities shift

Secure Email Infrastructure

Secure your email systems to prevent unauthorized access. This includes implementing proper authentication, monitoring for suspicious activity, and ensuring email routing cannot be easily compromised.

Implement RPKI

Deploy Resource Public Key Infrastructure (RPKI) and create Route Origin Authorizations (ROAs) for all IP addresses authorized for use by your organization. This adds an additional layer of protection for your critical infrastructure.

Moving Forward

ARIN remains committed to providing secure, efficient tools for managing your Internet number resources. While we work to implement enhanced security measures for POC linking, we encourage all organizations to:

  • Review and maintain their POC records.
  • Create ROAs for all IP addresses authorized for use by your organization.
  • Regularly review and validate their security procedures.
  • Contact ARIN if they suspect any unusual or unauthorized activity.

We appreciate your patience as we strengthen these important security measures. The integrity of the registration system depends on accurate, secure POC management, and these changes help ensure that Internet resources remain properly protected and managed by their legitimate holders.

Need Help? If you have questions about POC management or need assistance with any registration processes, please contact ARIN’s Registration Services Department by creating an Ask ARIN ticket from within your ARIN Online account or by calling our Help Desk at +1.703.227.0660, Monday through Friday, 7:00 AM to 7:00 PM ET.

Post written by:

A photo of John Sweeting
John Sweeting
Chief Experience Officer, ARIN

Recent blogs categorized under: Updates

GET THE LATEST!  

Sign up to receive the latest news about ARIN and the most pressing issues facing the Internet community.

SIGN ME UP →

Blog Categories

Updates •  Security •  Training •  Tips •  IPv6 •  Fellowship Program •  Caribbean •  ARIN Bits •  Elections •  Outreach •  RPKI •  Public Policy •  Guest Post •  Grant Program •  Data Accuracy •  Business Case for IPv6 •  Internet Governance •  IPv4 •  Customer Feedback •  IRR

 

Connect with us on LinkedIn!