Cogent salespeople are the worst in the industry. If your contact information lands in their database, they'll never stop soliciting. At least once a year for the past 6 years Cogent calls my personal cell phone. This continues despite my repeated requests for them to stop calling and to remove me from their list.
For many of these sales orgs "remove me from your list" just means "flag my entry so that they'll endeavor to find the flimsiest excuse to call you again." DataDog's justification for "call me again after I told them to never call me again" was that an employee had made the mistake of giving them his information at a conference and was interested in using them for a personal project. So that justified them contacting me even after I told them to remove me from their list.
DataDog has the absolute pushiest sales folks I've ever dealt with.
I used to get daily calls from them and I'd tell them that we already had another monitoring solution and that they'll need to send me written material to present to my team if we were going to switch. They would always say sure, never do it and then call me again the next day.
I get spam near daily. I actually just got spam from a "new" cogent salesperson _as I was reading the ARIN pdf_. I've told them "don't contact me again" and it's a different person the next week.
It's absurd and I'm glad at least something is starting to be done.
The usual reaction in the US should be: sue them. You have the CAN-SPAM act and the Do Not Call Registry… why don't people make use of that to stop the companies from spamming them?
Maybe, but that only covers the court portion. The more problematic portion is gathering admissible evidence.
Also, it's not clear if small claims would have jurisdiction with companies that aren't in the same state.
Additionally, winning in small claims only gives you the right to chase after the award (the court is not going to collect on your behalf) -- so you still have to go to the time, hassle, and expense of trying to collect.
It is all about creating asymmetry into your favor i.e. make them waste their time.
Make them jump through a bazillion hoops. Their will bring their managers and directors involved. Make those waste their time as well. Have them write proposals. Get their bosses involved. Have their bosses waste their time. Eventually it would get to an SVP/EVP level of sales which will permanently fix the issue.
I was briefly listed as a contact for a network circa 2002, had the same issue.
They definitely keep you active, they probably successfully establish contact every 2-3 years, as I’m aggressive about not answering calls from numbers I don’t know.
FYSA Curran clarifies scope of the 6-month suspension a bit later[1]:
> ARIN has suspended service for all Cogent-registered IP address blocks. Customers with their own IP blocks that are simply being announced by Cogent are not affected.
Removing “We didn’t know better” as a plausible excuse is sometimes sufficient to stop abuse. Nothing prevents Cogent from circumventing, but if they do so, that will likely be interpreted as willful violation if they are taken to court by ARIN, who is prepared to do so.
How does this square with the recent court ruling that linkedin scraping is legal? After all, it's all public data, and I have no doubt that linkedin tried to IP block the scrapers.
Cogent's behavior is obnoxious but, really, if you have a direct allocation from ARIN you should probably have a mailbox / phone number set up to handle lots of spam -- you're gonna get way more than just Cogent.
i feel the outrage, however the whois is public data. enforcing some usage restriction is beyond silly. if you actually want to restrict it, require a login to make a query. make those logins cost money so that you have a valid contract.
This thing is enormous. This just looks...like the whole internet. Do they fully own those undersea lines too like Google does now with theirs? Or are they leased?
I sure hope they don’t turn out to be a front company for a foreign nation’s military lol like I am always on here saying.
Their map is a bit misleading - they only cover North America and Europe well, which is not really "the whole internet". Their coverage in Asia, Oceania, South America, the Middle East and Africa is poor or non-existent.
I think this is the wrong approach. The data is public.
The place to filter unwanted mail is at the SMTP/MTA level, in my view; not at the distribution of already-public data.
As pointed out by others, this will absolutely not prevent Cogent from spidering this public data. It will, however, negatively affect legitimate users of the data within Cogent’s IP space.
If you're already a cogent customer, you're unlikely to drop Cogent because they spam. There's costs and risks associated with onboarding new transits, and (one of) your current providers being spammy to other people isn't generally likely to drive a business decision.
If you're not a cogent customer, you're either not going to become one because of their tactics, or you are going to become one because of their tactics. I guess it's working towards the latter given how long it's been going on for.
> "I think this is the wrong approach. The data is public."
But why should the registration data be in the public domain?
I don't publish my name/address/phone number in a phone book (remember those?) for obvious reasons. My domain registration info shouldn't be any different.
'No privacy' shouldn't be the default setting, with the customer having to pay extra for 'private' registration.
The reason that the RIRs operate whois databases for IP address assignments is so that in the event of a network misconfiguration or error, responsible parties can be emailed or even called on the phone quickly to resolve problems.
This is how the system has worked for a long time, and the data has always been public. It doesn't get abused much, despite and including Cogent's recent spam to the emails that appear there.
Regardless of how you think it should work in the future, this is how it works today. The data is 100% public now. It has been published. The cat is out of the bag.
Blocking Cogent from accessing their WHOIS service will not un-publish the data, and will not prevent those same humans from retrieving the (again, entirely public) information from a different IP range.
> This is how the system has worked for a long time, and the data has always been public. It doesn't get abused much, despite and including Cogent's recent spam to the emails that appear there.
It gets abused plenty (I get tonnes of spam to an email address that is published nowhere and is used for nothing except the RIPE whois db), and Cogent's spam is anything but recent. Cogent has been doing this for over a decade.
I expect spammers to be spammy. I expect reputable companies to behave in a reputable way.
Cogent sales people do their best to ensure that nobody confuses Cogent for a reputable company.
> But why should the registration data be in the public domain?
Because IPs are a finite and non-sharable resource and if there is an issue with some IP address, there needs to be a point of contact that anyone on the network can access.
Since the network is public, that contact information is public.
This is not about domain registration data. This is IP/AS registration data, which is very different and not something anyone can just buy for $8.95/year.
Agreed. I prefer the approach of e.g. .se who have removed all sensitive data from whois and did so long before GDPR even. While it is a bit more work to reach out to domain holders now it is not like it was easy before since people rarely checked the email addresses which they used to register domains.
I wish registrars allowed you to set the details you want published in whois before they put them in (at least mine doesn't). Hours after buying a domain I started getting spam on a very private email, one which I only used for services I pay for. Sure enough I found my account email in the whois details, luckily I was able to quickly change it before more bots got hold of it.
I work on a registrar and I think the registries are much to blame here. Sure, the registrars should definitely improve their UIs to allow for better control over what is displayed in the whois information but since every registry have their own set of weird rules for domain contact details it is unnecessarily hard for us.
And I wish every registry was as sensible as .se and cared as much about the privacy of domain owners as .se does.
