On Sun, 12 Dec 2004, Janet Sullivan wrote:
I'm confused. You never try to contact the owners of a domain which appears to be the source of abuse, but insist that domains can't be anonymous?
All rhetoric aside, this appears to be a question of what it means to have a domain. Once upon a time, domain names were (somewhat) hard to get, and were given to organizations important enough to merit Internet connectivity (which was also somewhat hard to get). If you saw abuse coming from somewhere, you could look at the host the abuse was coming from, find the contact information for their domain, and contact their employer's or university's IT department to complain. To make matters even easier, the Internet was small enough at that point that dealing with such complaints wasn't all that overwhelming. That was ten or fifteen years ago. Now, domain names can be gotten by anybody with a few dollars, and having your own domain name is required if you want to be able to take your e-mail address with you when switching e-mail providers. Since lots of people want their e-mail addresses to be portable, there are lots of domains out there. I don't have actual stats on this, but I'm guessing that the percentage of domains that have hosts in them, and are therefore capable of being the source of abuse, is probably pretty small. A domain name is therefore now more like a phone number. Perhaps this is a mistake. Perhaps domain names are far too important to be wasted on individual conveninece. But if so, we're several years too late for that argument to be very useful. At this point, IP addresses tend to be a much better identifier of the party responsible for a network user than their domain name. If you're looking for a useful contact to talk to about a network problem, rather than some poor end user to harrass, you're probably much better off contacting the ISP or organization and that contact information is far more likely to be associated with the IP address than the domain name. Of course, there's also the question about whether the listed contact information on a static IP address should be the ISP's or the end user's, but that's much better discussed on the ARIN public policy mailing list and its equivalents than here. My question at this point is whether contact information for domains (or at least, for domains which aren't themselves criticial infrastructure) has any useful purpose at all. Domains without hosts in them aren't going to have technical problems (unless the lack of hosts is itself a technical problem) or abuse problems (except in terms of forgeries, which are really somebody else's problem). Domains with only an MX record strike me as the responsibility of whoever is providing the MX or DNS service. Domains with actual hosts in them are probably the most similar to the domains of a decade ago, but even there the IP addresses involved may be a better indicator of who to talk to about things. -Steve