North American Network Operators Group
Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: [Fwd: zone transfers, a spammer's dream?]

  • From: Rich Kulawiec
  • Date: Thu Dec 09 11:29:07 2004 
On Thu, Dec 09, 2004 at 03:52:38AM +0200, Gadi Evron wrote:
> After a much too long introduction here comes my questions: is this
> deliberate? I can understand that Chad has bigger things to worry about
> than 24 domains getting on yet another spam list, but why Canada makes
> nearly half a million domains as easy to grab as this really is a
> mystery to me.

It doesn't matter: that toothpaste came out of the tube a long time
ago.  Spammers have been buying and selling domain registration
information for years, and anyone with cash-in-hand can buy as much
of it as they want: either by TLD or by country or by category.

Here's just a tiny tip-of-the-iceberg sample of the hundreds (?) of
buyers, sellers, and brokers for WHOIS data and tools to manipulate it:

        http://www.bestextractor.com/
        http://www.massmailsoftware.com/whois/
        http://lists.freebsd.org/pipermail/freebsd-chat/2004-January/001942.html
        http://gnso.icann.org/mailing-lists/archives/dow1-2tf/msg00121.html
        http://www.sherpastore.com/store/page.cfm/2003

You can find as many more as you wish by using your favorite search
engine to look for various combinations of

        extractor whois contact domain fresh leads market target email url

and then just following the links back to their sites.  (If the sites
are down, don't worry: they'll be back soon, maybe with a new domain,
maybe on a new web host.)

How are they getting it?  I don't know.  Maybe they have deals with
registrars; maybe they have deals with registrar employees; maybe they
just breached registrar security.  Or maybe something else entirely.

However they're getting it, they're getting updates: in fact, updated
information carries higher market value.  And anyone who is so foolish
as to believe that their "private" (obfuscated, cloaked, whatever) domain
registration information is *really* private is in for a rude awakening.

The irony of all this is that spammers already have all this information
-- yet registrars have gone out of their way to make it as difficult as
possible for everyone else to get it (rate-limiting queries and so on).

---Rsk