on Wed, Jan 12, 2005 at 01:49:53PM +0000, Eric Brunner-Williams in Portland Maine wrote:
Why would it matter if you deactivated an unpublished/non-resolving domain?
How do "you deactivate an unpublished/non-resolving domain"? You may borrow a registrar or registry hat if that is useful to answer the question.
I suppose it depends on how you define 'unpublished'; and how you define 'non-resolving'. A year and a half ago, I was subjected to a joe job by Brian Westby (the bounces stopped the day after the FCC fined him), using several domains, among them adultwebpasshosting.org. It had been registered, was in whois with obviously forged data, resolved to an IP, and I reported it to ICANN for having invalid whois data. It took them, as near as I can tell (I was never notified of the action taken) at least a year to have it removed from the root dbs. I'd like to avoid going through that nonsense again.
If you care about the domain, keep the whois data up to date and accurate.
That is the policy articulated by the trademarks "stakeholders" in the ICANN drama, but how does their policy, which is indifferent to any condition but strindspace allocation, relate to any infrastructure that has one or more additional constraints?
Please see my other message. Allowing domains with invalid whois data to remain in use facilitates abuse in other realms.
I'm not sure why anyone cares about a very large class of domains in the context of SMTP however.
For one thing, a very large class of domains are being used as throwaways by spammers ...
Do you know anything about the acquisition pattern at all, or if there is any useful characterization finer in scope than "all"?
One of the domains we host has been the victim of an ongoing joe job. The sender forges an address in the domain for the SMTP "MAIL FROM:" and when the message(s) bounce(s), we get the DSN(s). I've got bounce messages here going back several months. In the past month (since Dec 1), I've seen (not counting the tens of thousands of DSNs I've refused from idiot outscatter hosts): count domain received registered diff ----- ----------------------- -------------- ----------- ---- 13 kakegawasaki.com Jan 6 2005 Dec 23 2004 14d 7 oertlika.com Jan 7 2005 no whois info n/a 6 mikejensen.info Dec 30 2004 Dec 9 2004 21d 5 kristinaficci.info Jan 8 2005 Dec 22 2004 17d 4 rhianjonesmuchos.com Jan 10 2005 no whois info n/a 4 krauszolts.info Jan 7 2005 Dec 22 2004 16d 4 gregbryant.info Dec 31 2004 Dec 9 2004 22d 4 elitke.info Dec 1 2004 Nov 28 2004 3d 3 tlepolemosmilos.com Jan 9 2004 no whois info n/a 3 latvianet.info Dec 25 2004 Dec 3 2004 22d 3 judsononly.info Dec 30 2004 Dec 12 2004 18d 2 tarumisalata.info Dec 28 2004 Dec 12 2004 16d 2 sawawer.net Dec 13 2004 no whois info n/a 2 sakkama.info Dec 15 2004 Dec 3 2004 12d 2 purkyne.info Dec 9 2004 Nov 28 2004 11d 2 kazoplace.com Dec 31 2004 no whois info n/a 2 katrianne.info Dec 1 2004 Nov 28 2004 3d 2 heinrichkayser.info Dec 30 2004 Dec 9 2004 21d 2 cavaradossi.net Dec 23 2004 no whois info n/a 2 brangane.info Jan 3 2005 Dec 18 2004 16d 1 wurmhug.com Jan 1 2005 no whois info n/a 1 ulissedinires.com Dec 24 2004 Nov 11 2004 13d 1 onlycomello.info Dec 19 2004 Dec 3 2004 16d 1 mysalpetriere.com Dec 26 2004 Dec 23 2004 3d 1 konstitutsiya.com Dec 17 2004 Dec 3 2004 14d 1 eugenisisplace.info Dec 27 2004 Dec 12 2004 15d Very few of these sighted span more than an 18 hour period between first and last appearance in a bounce. All those I've tested simply redirect to some porn site or other; for a list from November, see below: domain redirects to ------------------------------------------------------------------------ anneraughop.com http://www.femalestars.com/RS/rsid-609603/ anneres.info http://www.allinternal.com/40195119/index.html armidais.net http://coolsites1.com/sites/milfmunchers/index.html barbarescoer.info dead (afilias - not found) brandtor.info dead (afilias - not found) byblis.info http://coolsites1.com/sites/oldfartfuckin/main.html caseylisser.info http://www.allinternal.com/40195119/index.html coudrasy.info http://coolsites1.com/sites/partiesshocking/index.html dinahner.net dead (registersite - found, but no DNS) dupontaop.net http://mendvd.com/?wmid=franky durdaes.net http://coolsites1.com/sites/milfmunchers/index.html flegelis.net http://www.allinternal.com/40195119/index.html jarrydlevine.info http://www.femalestars.com/RS/rsid-609603/ jizeras.net dead (NSI - not found) jo-annner.com http://www.allinternal.com/40195119/index.html jozsef.info http://coolsites1.com/sites/massivedickaction/index.php kadlu.info dead (yanked for spamming by GKG) kazakq.info http://www.allinternal.com/40195119/index.html ladaxs.net http://coolsites1.com/sites/asspussymouth/index.html oiunskijner.net http://www.allinternal.com/40195119/index.html oizumiw.net http://www.oldagefuckers.com/1e901999dbffa34452401ad02b55d569/ ortigaraner.info http://coolsites1.com/sites/milfmunchers/index.html rebekkaner.com http://www.femalestars.com/RS/rsid-609603/ rosselia.net dead (yanked for spamming by GKG) shirleyse.info http://coolsites1.com/sites/massivedickaction/index.php swingsey.net http://www.eyessprayedshut.com/99dfc7de9df4511de46761609f55b433/ zajtsev.info http://coolsites1.com/sites/massivedickaction/index.php All the same spammer. The redirecting domains resolve (where they resolve at all) to: 61.128.198.187 Chinanet 218.30.21.63 Chinanet 219.153.0.230 Chinanet 222.51.98.194 China Railway Telecommunications I may not be able to convince China not to host this dirtbag, but I should think I'd be able to prevent a registrar from repeatedly registering new domains to him using false whois information. As it stands I have one bad experience with ICANN taking a year to yank the domains for a convicted fraudster. I'd be delighted if you have pointers to a paid whois reformatter, but I still believe strongly that it should not be necessary. -- hesketh.com/inc. v: +1(919)834-2552 f: +1(919)834-2554 w: http://hesketh.com join us! http://hesketh.com/about/careers/account_manager.html join us!