Renewal chasing as-a-service is now a thing – and vendors love it The next time your vendor or reseller sends a mail reminding you it's time to renew your software licence, subscription, or support contract, the mail could come from a third party you've never met and never will – but which has been trusted with enough info about you to make the sale. The Register chatted with one such …
> So they're misrepresenting themselves and have the balls to claim they are legit?
Errm, Renewtrak aren't going to email random people with random combinations of software licenses on random renewal dates and hope they get a hit. They'll have a contract with the software company they're managing renewals for.
It's not a difficult concept to grasp, but here's an analogy to help: when I send an email, Gmail send it for me and it pretends to have come from my domain. That's because I've asked them to not because Google are misrepresenting me.
When I send an email Mythic Beasts send it for me from my domain because they're the MSP for that domain but it originates from my machine sent by me.
Somebody sending an email not via Mythic Beasts and purporting to be from my domain should be instantly treated as a scammer.
This is not just restricted to subscription renewals. We've never met mailchimp, but it's the source of a vast number of email "circulars". Reliable legal opinion has suggested that it's impossible to be GDPR compliant if you use the service, but that hasn't stopped anyone using it.
So basically Renewtrak is spoofing email addresses. Scam company to avoid at all costs.
I'd suggest blocking their URLs and IPs, as who knows what malware will be installed that "helpfully" searches for your payment details and renews stuff you didn't want to rebuy?
Hopefully the CIA/FBI etc can do their takedown thing against this bunch of criminals, much like they do for other ransomware groups.
Nevertheless, if they want to look like scammers they're going to be treated as such.
Maybe initially nobody will notice. Nobody, that is, except the scammers. When the customer gets used to this way of renewals they'll get scammed. Next time round after that the renewals are going to fall off.
No problem, the vendor manager will have had a couple of years' bonuses paid and it'll be time to move on and explain how he boosted the renewal rate at his last job.
First off, I have plenty of email bounce of people claiming they represent company X on account of coming from the wrong domain name.
Secondly, unless a vendor explicitly briefs me that they have made the mistake of adding to their overhead by outsourcing subscriptions toa third party I see no reason why I should consider the attempt to get me to subscribe as name fraud.
Maybe it's just me, but I foresee a few problems there..
Spam and fraud is normal - our corporate mail-server flags about 95% of all email as potential spam - I expect that the only change we'll see soon is that spam and fraud will increase to 99% and we'll quit supporting telephones because 80% of all calls attempt to tell us about issues with our recent purchase of 10 iPhones via Amazon or notify us that the cars warranties have ended.
I've just been spammed by a UK events company. I need to have a word with my lawyer if we cannot start a case against illegal use of our resources and bill them for wasted time - this is an existing company, there is no evidence I ever agreed to have my details abused and it's up to them to verify that before they use them.
I need to see if I have a budget for this, but it could be an interesting test case. If someone cannot prove they have acquired your details with your permission, that abuse and the time spent on addressing it ought to be chargeable to the offender if they can be identified. It would change the industry overnight.
I suspect we'd absolutely buried under spam for having the nerve to strike back, but it may just be worth it. This sh*t really has to stop.
We already have customer-relationship-as-a-service, debt-collection-as-a-service, and probably any number of ASSes, excuse me AASes that I don't know about. For that matter, outsourcing our jobs is really software-development-as-a service. Chasing-renewals-as-a-service was only a matter of time.
I don't like it but I see no way to stop it.
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2025
