[59518] in North American Network Operators' Group
Re: National Do Not Call Registry has opened
daemon@ATHENA.MIT.EDU (Matthew Black)
Thu Jul 3 19:04:49 2003
Date: Thu, 3 Jul 2003 16:04:14 -0700
From: Matthew Black <black@csulb.edu>
To: nanog@merit.edu
Errors-To: owner-nanog-outgoing@merit.edu
Has anyone noticed an obvious hole in the new DNC Registry?
Anyone can start sending delete requests to remove another
person's phone number from the list. Since they don't save
anything about the request other than the phone number and
date (see Privacy Policy; they don't collect e-mail or IP
addresses), a devious person could remove your phone number
from the list. Simply go to the webpage, enter a phone
number and a throw-away address from YAHOO.COM. After
receiving the confirmation e-mail, simply reply YES.
Why didn't they require delete requests to come only from
the phone as opposed to annonymous web requests?
matthew black
network analyst
california state university, long beach
