ACSP Suggestion 2023.9: Require ARIN Online account to view Points of Contact in Whois
Author: Sam Dibrell
Submitted On: 06 July 2023
Protect POC contacts from harvesting and abuse by malicious third parties
Protecting ARIN POC email addresses from harvesting by malicious third parties can be accomplished by requiring an ARIN user account to view the POC email address. Logging of POC email address views can then provide insight as to which user accounts are harvesting large amounts of contact information. Making logs available to POCs of registered users which viewed POC contact information, when cross referenced to malicious email campaigns to POC email addresses, can assist in identifying malicious users.
Requiring an ARIN account adds an initial layer of protection, as it moves the bar closer to only authorized individuals with legitimate reasons accessing POC email addresses. However, if this step alone doesn’t effectively deter harvesting practices, providing access logs to POC contact information can serve as an additional deterrent. These logs would allow POCs to monitor and track which user account accessed POC contact information, creating accountability and discouraging improper use. By combining these measures, ARIN strengthens the security of POC email addresses and increases the transparency and traceability of interactions, thereby reducing the risk of harvesting by malicious entities and enhancing overall privacy and protection for the ARIN community.
Value to Community: Protecting point of contact (POC) email addresses from being harvested and exploited by spammers and scammers is of immense value to the ARIN community. By implementing protective measures, ARIN reduces the bandwidth and resource loss caused by spam and scams. Email harvesting techniques employed by malicious actors lead to an influx of unsolicited emails, spam, phishing attempts, and fraudulent activities. This not only consumes valuable network bandwidth but also wastes resources, including time and effort, in dealing with and mitigating these threats. By safeguarding POC email addresses, ARIN ensures that its members can allocate their resources efficiently, focus on legitimate activities, and maintain a secure and productive Internet environment.
Timeframe: Not specified
Status: Closed Updated: 19 July 2023
19 July 2023
Thank you for your suggestion, numbered 2023.09 on confirmed receipt, asking that ARIN require an ARIN Online account to view Point of Contact data in Whois to eliminate harvesting by malicious third-parties. While we understand that the data in the ARIN Whois system can be a target for bad actors, it also has legitimate use by network operators, law enforcement, anti-abuse, and cybersecurity operators in enabling timely Internet operations globally – and consequentially, is relied upon by many parties unlikely to have ARIN Online accounts and who access ARIN Whois data through a wide variety of methods.
Thank you for participating in the ARIN Consultation and Suggestion process.
American Registry for Internet Numbers (ARIN)