anybody else been spammed by "no-ip.com" yet?

Fri May 3 21:34:23 UTC 2002

> -----Original Message-----
> From: owner-nanog at merit.edu [mailto:owner-nanog at merit.edu] On 
> Behalf Of Paul Vixie
> Sent: May 3, 2002 5:18 PM
> To: nanog at nanog.org
> Subject: Re: anybody else been spammed by "no-ip.com" yet? 
> 
> 
> 
> > I hate to sound like the big idiot here, but what exactly 
> in the email 
> > you received indicates no-ip.com spammed? It looks to me 
> like you just 
> > have some secret "admirer" who thought you wanted a 
> no-ip.com account, 
> > and no-ip.com emailed you to confirm that you do want the account.
> 
> spam is like pollution in that (a) whenever you're not sure 
> if you're doing it, you probably are, and (b) if everybody 
> did whatever it is, life would be universally worse for, 
> well, everybody.

You have a broader definition of spam than me, I guess. And yet, believe
me, I do hate spammers... 

> > Random disclaimer: Yes, we're a competitor of 
> no-ip.com's... And yes, 
> > we used to send similar emails to people signing up for an account, 
> > although nowadays instead of sending them an initial 
> password we send 
> > a confirm URL instead.
> 
> that's the right approach.  no-ip's problem was they presumed 
> my permission.

Well, they might have stolen that approach from us, though, in a way (at
least, it seems vaguely familiar to me)... 

The way we used to do it was this: you go to our site, read the AUP
(which has a strict no-spamming clause, but every day a few idiots
forget to read that section and find out it exists the hard way ;-)),
fill out a form with your choice of username and your email address (the
form also warns _in advance_ that we do require people to be on an
announcements mailing list, but these days we send about one email every
four months). Then our system would send you an email that says
basically "You (or someone else) requested an account at our site. If it
was you, log in within the next 48 hours with this initial password to
confirm your account. If it wasn't you, then we apologize for the
inconvenience, and the unconfirmed account, along with any reference to
your email address in our database, will be automatically deleted in 48
hours"

Isn't that the same as what no-ip.com is doing, except that they don't
have the "if you don't reply in 48 hours, we'll forget you ever
existed"? Is that the part you find to be missing in no-ip's modus
operandi?

FYI, our new approach is that you fill out choice of username, choice of
password, and email address. We send a thing to you with a confirmation
URL; if you go to that URL within 48 hours or so, great, the account
keeps existing. If not, then byebye account, and we expunge any trace of
you from the database.

Vivien
-- 
Vivien M.
vivienm at dyndns.org
Assistant System Administrator
Dynamic DNS Network Services
http://www.dyndns.org/ 