On Mon, Mar 18, 2019 at 05:02:38PM -0700, Ronald F. Guilmette wrote:
I generated the following survey, on the fly, last night, based on a simple reverse DNS scan of the evidently relevant addrdess ranges:
https://pastebin.com/raw/WtM0Y5yC
As anyone who isn't as blind as a bat can easily see, there's a bit of a pattern here.
I finally found time to check this out. And I have to ask: how in the heck did anybody accept this operation as a customer? Because it's obvious on inspection -- of the information in that paste -- that they're abusers. Let me 'splain. First, domains in certain TLDs should be considered as -- at best -- dubious until proven otherwise, because those TLDs are well-known as abuse magnets. Every domain in this sample falls in that category. Anyone making mass use of domains in those TLDs is up to something abusive. Second, anyone making mass requests for PTR records for random subdomains is up to something abusive. Third, anyone mass-registering domains whose names are permutations of each other is up to something abusive. (I'm not talking about someone registering a couple of domains that are plausible typos of a primary one or engaging in defensive registrations across a few TLDs. Look at the list, this is obviously quite different from those cases.) Fourth, anyone mass-registering domains whose names are intended to be typo'd and/or misread is up to something abusive. Anybody doing all of the above is not only up to something abusive, but they're standing on a rooftop screaming it through a bullhorn. The word "mass" is key throughout not only because it is a highly reliable indicator of ensuing abuse but because its nature makes detecting this up front quite easy. Once I got to it, it took me less than a minute of scanning that list to determine that there is absolutely no way I would accept this operation as a customer. I recognize that not everyone everyone has my experience in this area, but surely every operation should have someone equipped with modest experience and and a skeptical eye who screens new customers, and, at *minimum*, puts them on hold while some due diligence takes place. It's much easier (and cheaper) to refuse service to operations like this than to deal with the fallout that will inevitably ensue. It's also much better for the rest of us. So: how did these people ever get in the door? ---rsk