North American Network Operators Group Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical Re: [policy] When Tech Meets Policy...
On Aug 14, 2007, at 11:00 PM, Chris L. Morrow wrote:
Links to pornography in spam could be used as an example of where use of throw-away domains for this purpose is obscured by millions of tasting domains. A reference to pornography is a category of threat heavily blocked by domain in various products that extend beyond just email. Most might not view pornography as a serious threat, but this endeavor benefits from domain tasting chaff. Spammers are gaming the domain registry system, not for MX record manipulation, but to install their own nameservers on compromised hosts, round-robin and fast-flux their ability to avoid detection, and inevitably hide behind various layers of obfuscation. Blocking by domain name would be the response needed to dealing with a DNS abuse problem. It can not be done by IP address. When there are millions of domains continuously in flux, any database attempting to address this issue will be inundated with nonsense. Over a few weeks, this nonsense represents more information than that used by all existing domains. They are manipulating both the (legitimate) process of obtaining IP addresses, registering domain names (and all the cruft that it brings along with it, given the loopholes in the processes), and manipulating the ability to move their nameservers around at-will. Agreed. However, domain tasting makes any response to abuse of the domain system much slower and far more expensive. It's pretty much a mess -- these guys use the system to succeed. If this were just limited to spammers, it would be less of a concern. Honestly, I don't have any answers -- only questions at this point. :-/ This should be stated somewhat differently. 1) spammers benefit by domain tasting 2) phishers benefit by domain tasting _Any_ protective measure to combat phishing, undesired or malicious links will need to be done by domain name. Bots tend to thwart reliance upon IP addresses. Assessment by domain name is made far less effective by the very large amount of noise generated by domain tasting. Domain tasting provides cover for the abusive criminal activity. While domain tasting itself is not criminal, the harm it permits could easily be seen as the result of a negligent policy. -Doug
|