Hi Vicky,I received one of these and it felt "phishy." Particularly since they
didn't know the "C" in ISC was for "consortium."Thanks for clarifying./John
-------- Original message --------From: Victoria Risk <vi...@isc.org>Update:
This was not the fraud we thought it was We have learned that emails we
originally identified as abuse were sent by an external contractor engaged by
ISC to conduct a focussed and short-term lead generation campaign. We have
instructed the vendor to halt that campaign.We clearly suffered some
communications failures here. Our communication with the vendor should have
made it clear that we would not be comfortable with the approach they adopted.
Plus, our internal communication failed as we lacked sufficient awareness of
the campaign to respond in a more appropriate fashion when we received
questions about the emails.We have been assured by the vendor that this was not
a bulk unsolicited email campaign. We affirm our stance that bulk unsolicited
email is counter to our mission in support of Internet infrastructure.We
apologize for any inconvenience or disruption this event may have caused. We
promptly canceled our abuse complaint concerning the domain name, and we ask
any of you who have taken any filtering or blocking or complaint action against
the domain name or the originating IP addresses to do the same. We appreciate
the outpouring of sympathy from our community, many of whom have emailed us
with helpful suggestions. We thank you for your continued support.On Jun 25,
2024, at 10:42 AM, Victoria Risk <vi...@isc.org> wrote:BIND-users,Someone is
sending emails from tryisc.com, pretending to be from Internet Systems
Corporation, and offering information about undisclosed BIND software
vulnerabilities. These emails are NOT from ISC, the authors of BIND, and they
are not authorized by ISC.If you feel you have received illegitimate
communications from someone purporting to be an ISC staff member, please report
it (https://www.isc.org/security-report/). If someone other than ISC.org is
offering to provide software vulnerability information about ISC software, this
is suspicious and probably fraudulent. ISC does offer professional support
services, which includes advance notification of security vulnerabilities in
our software but we have not authorized anyone else to disclose that
information prior to public disclosure.Be safe out there, and check the domain
name if you are not sure about the sender. ISC.org is signed, so you can also
validate it (since you are all operating resolvers, right?).Vicky Risk (working
at the actual ISC.org)
--
Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from
this list
ISC funds the development of this software with paid support subscriptions.
Contact us at https://www.isc.org/contact/ for more information.
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
