Carriers need to independently verify LOAs
Joe Greco
jgreco at ns.sol.net
Mon Apr 19 17:53:34 UTC 2021
On Mon, Apr 19, 2021 at 01:20:22PM -0400, Sean Donelan wrote:
> On Sat, 17 Apr 2021, Eric Kuhnke wrote:
> >Anecdotal: With the prior consent of the DID holders, I have successfully
> >ported peoples' numbers using nothing more than a JPG scan of a signature
> >that looks like an illegible 150 dpi black and white blob, pasted in an
> >image editor on top of a generic looking 'phone bill'.
>
> All carriers should independently verify any LOAs received for account
> changes.
>
> Documents received from third-parties, without independently verifying
> with the customer of record, using the carriers own records, are just junk
> papers.
>
> Almost no carriers verify LOAs by contacting the customer of record.
> Worse, they call the phone number on the letterhead provide by the scammer
> for "verification."
Presumably we're kinda talking about a problem parallel to the
Internet ASN/IP space LOA problem here.
It would be awesome if there were a nice easy way to identify the
responsible parties, so you could figure out WHOIS the appropriate
party to contact. If you've ever tried Googling a company with a
hundred thousand employees, calling their contact number on the Web,
and getting through to anybody who knows anything at all about IT,
well, you can spend a day at it and still have gotten nowhere.
It's too bad that this information is so frequently redacted for
privacy.
... JG
--
Joe Greco - sol.net Network Services - Milwaukee, WI - http://www.sol.net
"The strain of anti-intellectualism has been a constant thread winding its way
through our political and cultural life, nurtured by the false notion that
democracy means that 'my ignorance is just as good as your knowledge.'"-Asimov
More information about the NANOG
mailing list