
Suspension of Cogent Access to ARIN Whois - cnst
https://mailman.nanog.org/pipermail/nanog/2020-January/105156.html
======
EB66
Cogent salespeople are the worst in the industry. If your contact information
lands in their database, they'll never stop soliciting. At least once a year
for the past 6 years Cogent calls my personal cell phone. This continues
despite my repeated requests for them to stop calling and to remove me from
their list.

~~~
VectorLock
I had DataDog do this to me as well.

For many of these sales orgs "remove me from your list" just means "flag my
entry so that they'll endeavor to find the flimsiest excuse to call you
again." DataDog's justification for "call me again after I told them to never
call me again" was that an employee had made the mistake of giving them his
information at a conference and was interested in using them for a personal
project. So that justified them contacting me even after I told them to remove
me from their list.

~~~
xx_alpha_xx
+1 for this, almost as bad as ZeroTurnaround several years ago.

~~~
teknologist
And New Relic, while we're at it.

------
metaphor
FYSA Curran clarifies scope of the 6-month suspension a bit later[1]:

> _ARIN has suspended service for all Cogent-registered IP address blocks.
> Customers with their own IP blocks that are simply being announced by Cogent
> are not affected._

[1]
[https://mailman.nanog.org/pipermail/nanog/2020-January/10523...](https://mailman.nanog.org/pipermail/nanog/2020-January/105231.html)

------
flounder3
I appreciate the gesture, but what's to keep them from moving their scraper to
a third-party cloud provider, or sales folks using a VPN?

~~~
floatingatoll
Removing “We didn’t know better” as a plausible excuse is sometimes sufficient
to stop abuse. Nothing prevents Cogent from circumventing, but if they do so,
that will likely be interpreted as willful violation if they are taken to
court by ARIN, who is prepared to do so.

~~~
gruez
How does this square with the recent court ruling that linkedin scraping is
legal? After all, it's all public data, and I have no doubt that linkedin
tried to IP block the scrapers.

~~~
floatingatoll
Unknown, since no court has ruled one way or the other in the ARIN matter.

------
scalableUnicon
Registrars like Namecheap now offer free WHOIS guard and I see why it is
essential.

~~~
benjojo12
This is for ASN/IP whois, there is not sanctioned way of privacy/guard there,
other then having a generic NOC line/email

~~~
blaser-waffle
netadmin-general-box@mydomain.net.

then let the email filters do their thing.

Cogent's behavior is obnoxious but, really, if you have a direct allocation
from ARIN you should probably have a mailbox / phone number set up to handle
lots of spam -- you're gonna get way more than just Cogent.

------
t0ddbonzalez
If only some GDPR-type legislation existed which made it more difficult for
companies like Cogent to misuse contact info in this way.

~~~
techslave
your phrasing suggests sarcasm, however no such law exists.

------
techslave
i feel the outrage, however the whois is public data. enforcing some usage
restriction is beyond silly. if you actually want to restrict it, require a
login to make a query. make those logins cost money so that you have a valid
contract.

~~~
shadowgovt
Correct. Or have the whois state tie to a channel that can be filtered (such
as a voicemail service that transcribes incoming calls).

If you can afford to host an Internet service, you can afford transcribing
voicemail service in 2020.

------
JackRabbitSlim
Cool. Now I'll just go around signing up random ARIN addresses to Oracle, IBM
and Google sales mailing lists.

Cogent can die in a fire but this is stupid.

------
rshnotsecure
Has anyone seen the network map of Cogent’s?
[https://www.cogentco.com/en/network/network-
map](https://www.cogentco.com/en/network/network-map)

This thing is enormous. This just looks...like the whole internet. Do they
fully own those undersea lines too like Google does now with theirs? Or are
they leased?

I sure hope they don’t turn out to be a front company for a foreign nation’s
military lol like I am always on here saying.

~~~
samcrawford
Their map is a bit misleading - they only cover North America and Europe well,
which is not really "the whole internet". Their coverage in Asia, Oceania,
South America, the Middle East and Africa is poor or non-existent.

Level3 (now CenturyLink) have better coverage - [http://www.centurylink-
business.com/demos/network-maps.html](http://www.centurylink-
business.com/demos/network-maps.html) \- but even they have poor coverage in
some areas.

------
sneak
I think this is the wrong approach. The data is public.

The place to filter unwanted mail is at the SMTP/MTA level, in my view; not at
the distribution of already-public data.

As pointed out by others, this will absolutely not prevent Cogent from
spidering this public data. It will, however, negatively affect legitimate
users of the data within Cogent’s IP space.

This is the wrong place for a spam filter.

~~~
t0ddbonzalez
> "I think this is the wrong approach. The data is public."

But why should the registration data be in the public domain?

I don't publish my name/address/phone number in a phone book (remember those?)
for obvious reasons. My domain registration info shouldn't be any different.

'No privacy' shouldn't be the default setting, with the customer having to pay
extra for 'private' registration.

~~~
sneak
The reason that the RIRs operate whois databases for IP address assignments is
so that in the event of a network misconfiguration or error, responsible
parties can be emailed or even called on the phone quickly to resolve
problems.

This is how the system has worked for a long time, and the data has always
been public. It doesn't get abused much, despite and including Cogent's recent
spam to the emails that appear there.

Regardless of how you think it _should_ work in the future, this is how it
works today. The data is 100% public now. It has been published. The cat is
out of the bag.

Blocking Cogent from accessing their WHOIS service will not un-publish the
data, and will not prevent those same humans from retrieving the (again,
entirely public) information from a different IP range.

~~~
oarsinsync
> This is how the system has worked for a long time, and the data has always
> been public. It doesn't get abused much, despite and including Cogent's
> recent spam to the emails that appear there.

It gets abused plenty (I get tonnes of spam to an email address that is
published nowhere and is used for nothing except the RIPE whois db), and
Cogent's spam is anything but recent. Cogent has been doing this for over a
decade.

I expect spammers to be spammy. I expect reputable companies to behave in a
reputable way.

Cogent sales people do their best to ensure that nobody confuses Cogent for a
reputable company.

