[AusNOG] ACMA License renewals and Spam Complaints system - massive issue to be aware of.

Damien Gardner Jnr rendrag at rendrag.net
Mon Apr 4 14:33:10 AEST 2022


Yeah, I was blown away. Once I got off the phone, I just sat there for a
couple of minutes contemplating the havoc that could be caused.. :(   I
guess the main saving grace is that the ACMA doesn't have any portals that
you can login to (that I've seen over the years at least..), so being able
to arbitrarily change someone's email address is at worst going to stop
them renewing a license?

The fellow I spoke to said he wasn't 100% sure how the spam reporting
system worked, as he couldn't see spam complaints in the CRM, but he could
see the date the email address was updated, and that lined up with when I
made the spam complaint.  When I made the complaint, the only details they
needed was name, email address the spam was received on, and a contact
number if I wanted to provide it.

--DG

On Mon, 4 Apr 2022 at 14:04, Troy <troy at troykelly.com> wrote:

> This is terrifying...
>
> Did they tell you what they were matching on? Just your name?
>
> I can't see how they are doing any CRM matching to update - there's a lot
> of people with the same name.
>
>
> *Regards, Troy*
> Brevity is the elixir of life.
> Father Hector McGrath, Pixie 2020
>
>
>
>
> -------- Original Message --------
> On 4 Apr 2022, 1:47 pm, Damien Gardner Jnr < rendrag at rendrag.net> wrote:
>
>
> Thought this one was a large enough issue that I should post to the list.
>
> A coworker called me last night to ask why I'd let one of my Callsigns
> expire.  A quick search of my mailbox showed that indeed, I was missing the
> 3-month-before reminder, the 1-month-before invoice, and the week-after
> 'hey this just expired' emails.
>
> I called them this morning to find out what on earth happened, and the
> very helpful fellow looked through their CRM for me, and said 'oh, you
> updated it from rendrag at rendrag.net to <redacted>@pinegap.net in June
> last year'.  Cue a couple of minutes of absolute confusion from me, until I
> started running through how they could even have possibly had THAT
> particular email, which hadn't been used for seven years until last year
> when the company it was used with had a breach (or sold customer details,
> they are heavily denying both) - and then realised that before I redirected
> that address to /dev/null on the mailserver, I lodged a spam complaint
> through the ACMA site.
>
> After discussing THAT with the fellow a bit, it turns out that the ACMA
> maintains a CRM for all clients - which includes all spam complaints via
> their website.  AND they cannot hold more than one email address for each
> client.  SO - if you go to their spam reporting form, and report a spam
> email, and provide your name and mobile number, that will get matched to
> your existing client record, and they will UPDATE your email address to
> match the one you just reported spam on...
>
> Personally, I'll never be reporting spam via the ACMA again, because that
> was almost disastrous. It was VERY close to the 60 days limit after
> expiry.  Given how many folks in here hold other forms of licenses and
> permits through the ACMA, I thought it was worth highlighting this stupidly
> dangerous process. (I've now added Calendar Reminders for each of my
> licenses, so that I can chase them up if they don't arrive - since
> basically anyone can punch in any ACMA client's name and phone number into
> a spam complaint, and trigger a change of their email address in the CRM...)
>
> --DG
>
> --
>
> Damien Gardner Jnr
> VK2TDG. Dip EE. GradIEAust
> rendrag at rendrag.net -  http://www.rendrag.net/
> --
> We rode on the winds of the rising storm,
>  We ran to the sounds of thunder.
> We danced among the lightning bolts,
>  and tore the world asunder
>
>

-- 

Damien Gardner Jnr
VK2TDG. Dip EE. GradIEAust
rendrag at rendrag.net -  http://www.rendrag.net/
--
We rode on the winds of the rising storm,
 We ran to the sounds of thunder.
We danced among the lightning bolts,
 and tore the world asunder
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.ausnog.net/pipermail/ausnog/attachments/20220404/d364a2cd/attachment.htm>


More information about the AusNOG mailing list