Eric Brunner-Williams is slightly incorrect in his description of the blog-spammer's attack, because he's misinterpreting whois. He states that based on the spammer's entry in the whois entry, the spammer "claims domicile" in whatever location. Whois records don't make any claims about domicile, legal jurisdiction, True Name, National Identity Number, Retina Prints, likely sleeping location, likely location of hardware, ICBM coordinates, or preferred subpoena acceptance location, though ICANN would certainly like it if they did. They're strictly indicating some postal contact information, and for the billing address, they're indicating where to send a paper bill. (Keeping them current is certainly good practice, and I'd recommend that Eric check nic-naa.net's whois phone numbers, which appear to have suffered from some helpful spreadsheet doing arithmetic on them.) Meanwhile, while it's annoying to have to do self-defense, rather than getting the miscreant's ISP to do it, if Eric's wife's machine is self-administered as opposed to administered by some hosting company, adding the miscreant's IP address to the firewall or routing table can take care of the bandwidth problem, and while collateral damage is a bad thing for ISPs to do, it's not unreasonable for personal machines. Bill Stewart, bill.stewart@pobox.com