back to article Renewal chasing as-a-service is now a thing – and vendors love it

The next time your vendor or reseller sends a mail reminding you it's time to renew your software licence, subscription, or support contract, the mail could come from a third party you've never met and never will – but which has been trusted with enough info about you to make the sale. The Register chatted with one such …

  1. Alumoi Silver badge

    Renewtrak is careful to avoid any appearance of shadiness

    Followed by Sending mail that appears to be from a customer's established reseller helps, too, as it's quickly assumed to be legit.

    So they're misrepresenting themselves and have the balls to claim they are legit?

    1. Anonymous Coward
      Anonymous Coward

      Re: Renewtrak is careful to avoid any appearance of shadiness

      Say you have VMware, the customer, and Renewtrak. Who is the "customers established reseller"?

      I must be kinda stupid for not knowing that.

    2. Anonymous Coward
      Anonymous Coward

      Re: Renewtrak is careful to avoid any appearance of shadiness

      > So they're misrepresenting themselves and have the balls to claim they are legit?

      Errm, Renewtrak aren't going to email random people with random combinations of software licenses on random renewal dates and hope they get a hit. They'll have a contract with the software company they're managing renewals for.

      It's not a difficult concept to grasp, but here's an analogy to help: when I send an email, Gmail send it for me and it pretends to have come from my domain. That's because I've asked them to not because Google are misrepresenting me.

      1. Doctor Syntax Silver badge

        Re: Renewtrak is careful to avoid any appearance of shadiness

        When I send an email Mythic Beasts send it for me from my domain because they're the MSP for that domain but it originates from my machine sent by me.

        Somebody sending an email not via Mythic Beasts and purporting to be from my domain should be instantly treated as a scammer.

    3. big_D Silver badge

      Re: Renewtrak is careful to avoid any appearance of shadiness

      Also breaks GDPR, unless the vendor has obtained explicit permission from its customers to allow it to pass on their information...

      1. Outski Silver badge

        Re: Renewtrak is careful to avoid any appearance of shadiness

        Legitimate management of the business relationship. It's not like they're passing on personal details like home address, DoB, NI/SSN. This is perfectly permissible under GDPR.

    4. Anonymous Coward
      Anonymous Coward

      Re: Renewtrak is careful to avoid any appearance of shadiness

      How about "Sending mail that appears to be directly from the customer helps, too, as it's quickly assumed to be legit."

      It might need that to pass the mail filters.

  2. Anonymous Coward
    Anonymous Coward

    "Sending mail that appears to be from a customer's established reseller" but isn't, is a sure fire trigger for a scam alert.

    AAAARRRROOOOOGGAAAHHH!

  3. Mike 137 Silver badge

    "the mail could come from a third party you've never met and never will"

    This is not just restricted to subscription renewals. We've never met mailchimp, but it's the source of a vast number of email "circulars". Reliable legal opinion has suggested that it's impossible to be GDPR compliant if you use the service, but that hasn't stopped anyone using it.

    1. Doctor Syntax Silver badge

      Re: "the mail could come from a third party you've never met and never will"

      It hasn't stopped me from treating it as phishing. Look like phishing, be treated as phishing.

  4. xyz123

    So basically Renewtrak is spoofing email addresses. Scam company to avoid at all costs.

    I'd suggest blocking their URLs and IPs, as who knows what malware will be installed that "helpfully" searches for your payment details and renews stuff you didn't want to rebuy?

    Hopefully the CIA/FBI etc can do their takedown thing against this bunch of criminals, much like they do for other ransomware groups.

    1. Pascal Monett Silver badge

      Not going to happen. Renewtrak is legit. It is a company legally established, serving as intermediary between two entites, one of which Renewtrak has a legal contract with, and the other that has a legal contract with the first.

      The FBI couldn't take that down if it wanted to.

      1. Anonymous Coward
        Anonymous Coward

        I have to agree with you Pascal.

        My comment is that the article reads as a puff piece for Renewtrak.

      2. Doctor Syntax Silver badge

        Nevertheless, if they want to look like scammers they're going to be treated as such.

        Maybe initially nobody will notice. Nobody, that is, except the scammers. When the customer gets used to this way of renewals they'll get scammed. Next time round after that the renewals are going to fall off.

        No problem, the vendor manager will have had a couple of years' bonuses paid and it'll be time to move on and explain how he boosted the renewal rate at his last job.

  5. Anonymous Coward
    Anonymous Coward

    How does that work with spam filters and fraud prevention?

    First off, I have plenty of email bounce of people claiming they represent company X on account of coming from the wrong domain name.

    Secondly, unless a vendor explicitly briefs me that they have made the mistake of adding to their overhead by outsourcing subscriptions toa third party I see no reason why I should consider the attempt to get me to subscribe as name fraud.

    Maybe it's just me, but I foresee a few problems there..

    1. Version 1.0 Silver badge
      Unhappy

      Re: How does that work with spam filters and fraud prevention?

      Spam and fraud is normal - our corporate mail-server flags about 95% of all email as potential spam - I expect that the only change we'll see soon is that spam and fraud will increase to 99% and we'll quit supporting telephones because 80% of all calls attempt to tell us about issues with our recent purchase of 10 iPhones via Amazon or notify us that the cars warranties have ended.

      1. Anonymous Coward
        Anonymous Coward

        Re: How does that work with spam filters and fraud prevention?

        I've just been spammed by a UK events company. I need to have a word with my lawyer if we cannot start a case against illegal use of our resources and bill them for wasted time - this is an existing company, there is no evidence I ever agreed to have my details abused and it's up to them to verify that before they use them.

        I need to see if I have a budget for this, but it could be an interesting test case. If someone cannot prove they have acquired your details with your permission, that abuse and the time spent on addressing it ought to be chargeable to the offender if they can be identified. It would change the industry overnight.

        I suspect we'd absolutely buried under spam for having the nerve to strike back, but it may just be worth it. This sh*t really has to stop.

        1. Inventor of the Marmite Laser

          Re: How does that work with spam filters and fraud prevention?

          Good for you. And all power to your bollock bashing boots.

  6. Anonymous Coward
    Facepalm

    Nothing new, nothing nice

    We already have customer-relationship-as-a-service, debt-collection-as-a-service, and probably any number of ASSes, excuse me AASes that I don't know about. For that matter, outsourcing our jobs is really software-development-as-a service. Chasing-renewals-as-a-service was only a matter of time.

    I don't like it but I see no way to stop it.

  7. Anonymous Coward
    Anonymous Coward

    biz is growing like a weed

    I LIKE the comparison! Here's a couple more: growing like mould, growing like a parasite, growing like a tumour, growing like facebook...

  8. Not Yb

    Perhaps the problem isn't the customers not renewing the software, but that the software requires renewal in the first place.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon