North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: fixing insecure email infrastructure (was: Re: [eweek article] Window of "anonymity" when domain exists, whois not updated yet)

  • From: Eric Brunner-Williams in Portland Maine
  • Date: Wed Jan 12 12:52:00 2005

> Why would it matter if you deactivated an unpublished/non-resolving domain?

How do "you deactivate an unpublished/non-resolving domain"? You may borrow
a registrar or registry hat if that is useful to answer the question.

> If you care about the domain, keep the whois data up to date and accurate.

That is the policy articulated by the trademarks "stakeholders" in the ICANN
drama, but how does their policy, which is indifferent to any condition but
strindspace allocation, relate to any infrastructure that has one or more
additional constraints?

> > I'm not sure why anyone cares about a very large class of domains in the
> > context of SMTP however. 
> 
> For one thing, a very large class of domains are being used as
> throwaways by spammers ...

Do you know anything about the acquisition pattern at all, or if there is
any useful characterization finer in scope than "all"?

> ... (thanks, VRSN!) 

I pointed out to Mark here on NANOG months ago that there were side effects
to pursuit of zonefile publication that was asynchronous with whois data
publication.

Now that the temporal properties of resolution by one or more registries
has your attention, just what part of the actions by all registrants is
controlling?

> potential protection value whois might offer, and allows spammers and
> other abusers to fly below the radar, accountable to nobody.

I'm sure they pay their ns providers, and their isps, for the critical
portions of the value return path.

> > There are some registries that use paper to answer registration queries.
> 
> And?

You appear to see a policy that would cause them to change their operational
practice, and I'm not clear on how your policy goal would benefit them, or
how they would recover costs if your policy goal did not benefit them.

> > I'm not sure why anyone cares about a very small class of domains in the
> > context of SMTP however. 
> 
> It's not a very small class of domains with more or less unpredictable
> data formats. It's ALL of them, or damn near. 

So in your current conceptual model, a uniform distribution correctly
characterizes the utility of knowing any particular registrar's or registry's
whois (whois/tcp or http-form-post/tcp) format?

>                                               I should be able to write
> a program, relatively easily, that would give me any available contact
> or registrant information on a per-field basis, from any whois service.
> The wide variety and nonuniformity of the existing services makes that
> task daunting at best ...

Have you considered looking for a paid service that does :43 reformatting?

> > Aggregation and reformatting have their place. We explored this in the
> > whoisfix bofs but no working group congealed around "fixing" :43.
> 
> What were the objections/sticking points? 

I'll see if I still have the minutes.

> > Again, I'm not sure why anyone cares about a very large class of whois:43
> > output sources in the context of SMTP however. 
> 
> It's not just the context of SMTP. It's the context of accountability on
> the Internet, which bad actors are exploiting, currently, via SMTP.

Hmm. I'd prefer to stay on point. As for accountability and bad actors, this
is a target rich environment. For instance, all paid registrations for .net
domains after mid-year already present an interesting accountability issue.

> I really do think it would benefit some folks here to read up on the
> "broken windows theory" of crime prevention.

Anyone in particular? Is the theory a better choice than empirical data?

Eric
registry, registrar, whoisfix and epp hats lying around somewhere, most
collecting snow today.