North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: no whois info ?

  • From: Rich Kulawiec
  • Date: Sat Dec 11 19:59:04 2004

I don't want to turn this into a domain policy discussion, but
here are a few comments (in some semblance of order) which relate
to the operational aspects.

1. Anyone controlling an operational resource (such as a domain) can't
be anonymous.  This _in no way_ prevents anyone from doing things
anonymously on the Internet: it just means that they can't control an
operational resource, because that way lies madness.

2. If someone wants to remain anonymous -- say, as in the example Janet
cited, of sexual abuse victims -- then one of the very LAST things they
should do is register a domain.  Doing so creates a record (in the
registrar's billing department if nowhere else) that clearly traces
back to them.  Further, an anonymously-registered domain isn't much
good without services such as DNS and web hosting: and those, of course,
represent still more potential information leaks.

Anyone who thinks their "anonymous" registration is truly anonymous
is in for a rude awakening: if the data isn't already in the wild,
it will be as soon as the spammers find it useful to make it so.

It's much better, if anonymity is the goal, not to begin by causing
this data to exist.

3. Anonymous domain registration, like free email services, is an
abuse magnet.  [Almost] nobody offering either has yet demonstrated the
ability to properly deal with the ensuing abuse: they've simply forced
the costs of doing so onto the entire rest of the Internet.

It's thus not surprising that a pretty good working hypothesis is to
presume that any domain which either (a) has anonymous registration or
(b) has contact addresses at freemail providers is owned by people
intent on abusing the Internet.  No, it's not always true, but as a
first-cut approximation it works quite well.  Doubly so if the domain
is in a TLD known to be spammer-infested (e.g., ".biz") and triply so
if the domain name itself screams "spam" (e.g. ""). [1]

4. Spammers have a myriad of ways of "harvesting" mail addresses that
yield the same data but without requiring WHOIS output.  For example, some
of the malware they've released prowls through all the sent/received mail
on infected systems...which means that if anyone using their brand-new
anonymously-registered domain happens to send a single message to someone
else -- who is already or subsequently infected -- then the address in
question will shortly be in the wild, bought and sold and used by spammers.

Note that some of the infected systems are mail servers, so even if the
sender and recipient are secure from infection, the address in question
may still be acquired.  And no doubt some of them are inside registrars
and DNS hosts and web hosts, just like they're [nearly] everywhere else.

And this is just one way that addresses are harvested.

5. Spam is about far more than than merely SMTP these days.  SPIM (IM
spam) and SPIT (VOIP spam) and adware and all kinds of other things
are being used -- and by _the same people_, e.g. Spamford, to do exactly
the same thing: put content in front of eyeballs.  Even if we could throw
a switch and cut off all SMTP spam, the respite would only be temporary.
So just trying to hide from SMTP spam, although it might provide the
comfortable illusion of accomplishing something in the short term,
is useless in the long term.

6. Spam is a problem for everyone, and so it's everyone's responsibility
to fight it.  Those who want the privilege of controlling operational
resources must also accept the responsibility of doing their part.


[1] To save you the trouble of looking it up:

Domain Name:                                 CHEAP-PHENTERMINE-ONLINE.BIZ
Domain ID:                                   D3193600-BIZ
Sponsoring Registrar:                        DOTSTER
Domain Status:                               ok
Registrant ID:                               DOTS-1025016423
Registrant Name:                             N K
Registrant Organization:
Registrant Address1:                         -
Registrant Address2:                         n/a
Registrant City:                             -
Registrant State/Province:                   -
Registrant Postal Code:                      -
Registrant Country:                          United States
Registrant Country Code:                     US
Registrant Phone Number:                     +1.3155551212
Registrant Facsimile Number:                 +1.3155551212
Registrant Email:                            [email protected]

and so on.  A 200-foot-high billboard would only be slightly more obvious.