North American Network Operators Group
Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: [policy] When Tech Meets Policy...

  • From: Douglas Otis
  • Date: Wed Aug 15 15:45:47 2007


On Aug 14, 2007, at 11:00 PM, Chris L. Morrow wrote:

On Wed, 15 Aug 2007, Paul Ferguson wrote:

More than ~85% of all spam is being generated by spambots.

yes, that relates to my question how though? I asked: "Do spammers monitor the domain system in order to spam from the domains in flux as tastinng domains?" I asked this specifically because that behavior was being used as a 'resaon to stop tasting', or to clamp down on it atleast.

Links to pornography in spam could be used as an example of where use of throw-away domains for this purpose is obscured by millions of tasting domains. A reference to pornography is a category of threat heavily blocked by domain in various products that extend beyond just email. Most might not view pornography as a serious threat, but this endeavor benefits from domain tasting chaff.

Spammers are gaming the domain registry system, not for MX record manipulation, but to install their own nameservers on compromised hosts, round-robin and fast-flux their ability to avoid detection, and inevitably hide behind various layers of obfuscation.

Sure, they are being bad, they are doing what akamai does (or other CDNs) only for illegal end reasons... That's not relevant to my question, but I agree it's a dirty trick still.

Blocking by domain name would be the response needed to dealing with a DNS abuse problem. It can not be done by IP address. When there are millions of domains continuously in flux, any database attempting to address this issue will be inundated with nonsense. Over a few weeks, this nonsense represents more information than that used by all existing domains.

They are manipulating both the (legitimate) process of obtaining IP addresses, registering domain names (and all the cruft that it brings along with it, given the loopholes in the processes), and manipulating the ability to move their nameservers around at-will.

That's not a manipulation so much as using the system as designed.

Agreed. However, domain tasting makes any response to abuse of the domain system much slower and far more expensive.

It's pretty much a mess -- these guys use the system to succeed.

agreed, they are a mess (spammers and their current business)

If this were just limited to spammers, it would be less of a concern.

Honestly, I don't have any answers -- only questions at this point. :-/

me too, I just don't want to see the issue sidetracked on:

1) spammers using tasting to their benefit
2) phishers are tasters/use tasting to their benefit

neither of which is, near as I can tell, true or real fears. Tasting is, in and of itself, a completely different problem with a completely different set of issues... Conflating the 3 (or parts of the 2 sets) is just as wrong as saying that 'tasting lets the terrorists win'.

This should be stated somewhat differently.

1) spammers benefit by domain tasting
2) phishers benefit by domain tasting

_Any_ protective measure to combat phishing, undesired or malicious links will need to be done by domain name. Bots tend to thwart reliance upon IP addresses. Assessment by domain name is made far less effective by the very large amount of noise generated by domain tasting. Domain tasting provides cover for the abusive criminal activity. While domain tasting itself is not criminal, the harm it permits could easily be seen as the result of a negligent policy.

-Doug