Re: Interesting new dns failures

North American Network Operators Group

Re: Interesting new dns failures

From: John LaCour
Date: Thu May 24 18:07:23 2007

Dkim-signature: a=rsa-sha1; c=relaxed/relaxed; d=gmail.com; s=beta; h=domainkey-signature:received:received:message-id:date:from:to:subject:cc:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references; b=D4uCpKkhft5G4vycOPSZK+NHCRYHzJzwwX+xEUrqdEg03tqWUQeTeATurcMZ169NQ8/Z4FWIl03JcU0/xsjlxzbkepWw6psNkJbF6bCkwa36z19Zm3Q4lMkOdF+hPw75UQx3CYjrVvQRzDO03WtRj8i6O+h8+wVLu8r278mxmSg=
Domainkey-signature: a=rsa-sha1; c=nofws; d=gmail.com; s=beta; h=received:message-id:date:from:to:subject:cc:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references; b=MmOZST5MpOl/R2+tysLB8D6mCACvb7hsbx7/vSw470moAGYa5iEpwRjzuCSLtlU9+Ryj1GHNnXUtyEDOy0xZ/8FjGtQWuiTMytU3oTLqK/HX2rTDjizcit/GD1S5VPW1hD6S20bUqHQtIZa8mOOP0hX80TRw52IF+7SXKMBhkOc=

On 5/24/07, Suresh Ramasubramanian <[email protected]> wrote:

On 5/24/07, David Ulevitch <[email protected]> wrote:

> Again, good idea, but doesn't belong in the core.  If I register a
> domain, it should be live immediately, not after some 5 day waiting
> period.  On the same token, if you want to track new domains and not
> accept any email from me until my domain is 5 days old, go for it.  Your
> prerogative.

Well then - all you need is to have some way to convince registrars
take down scammer domains fast.

Some of them do.   Others dont know (several in asia) or are aware and
dont care - theres some in russia, some stateside that mostly kite
domains but dont mind registering a ton of blog and email spammer
domains.


I'm late to this party...   Unresponsive registries and registrars is
a huge problem wrt phishing.   I am aware of at least 4 domains off
the top of my head that are used exclusively for phishing which have
been up for over a month since being reported to the registry and
registrar.

The Anti Phishing Working group has a committee working on educating
these reg folks and my own employer is spending significant money at
the next ICANN meeting to do the same.

If you're an network operator and you'd consider null routing IPs
associated with nameservers used only by phishers, please let me know
and we'll be happy to provide the appropriate evidence.

-John

Follow-Ups:
- Re: Interesting new dns failures Suresh Ramasubramanian

References:
- Re: Interesting new dns failures Gadi Evron
- Re: Interesting new dns failures Douglas Otis
- Re: Interesting new dns failures David Ulevitch
- Re: Interesting new dns failures Suresh Ramasubramanian

Prev by Date: Re: Interesting new dns failures
Next by Date: Re: Slate Podcast on Estonian DOS atatck
Date Index
Thread Index
Author Index
Historical