On Tue, 16 Sep 2003, Jeroen Massar wrote:
-----BEGIN PGP SIGNED MESSAGE-----
Tim Wilde wrote:
On Tue, 16 Sep 2003, Niels Bakker wrote:
A wildcard A record in the net TLD.
$ host does.really-not-exist.net does.really-not-exist.net has address 64.94.110.11
$ host 64.94.110.11 11.110.94.64.IN-ADDR.ARPA domain name pointer sitefinder-idn.verisign.com
It even responds on port 25 (says 550 on every RCPT TO). Gah.
Even worse of this is that you can't verify domain names under .net any more for 'existence' as every .net domain suddenly has a A record and then can be used for spamming...
From: Spammer <i@spam.using.verisign.eventhoughthisdomaindoesntexist.net> To: You <spamtarget@example.com>
Thank you Verisign! Now we need to check for existence of an MX and then just break a couple of RFC's in the process :(
What about if the IP address returned by the DNS query is the same one as does.really-not-exist.net then the spam is returned to the owner of the IP address? In this case Versign. I think this is already done by some automated spam reporting tools. If AOL does it Verisign will probably get crushed by the load (if one is having a spam war with AOL's mail servers AOL will always win).
It's Verisign's return shot at the web browser "couldn't find this page" searches. Doesn't seem to have much by way of advertising yet, but I'm sure that'll change. I heard about this coming from somewhere last week, though I don't recall where. Probably Wired or the WSJ. Verisign wants the revenue that all those typos are generating. It's just the next shot in the eyeball war.
Who said the internet wasn't commercial again ? Thank you goverment of the United States of America for allowing such money hungry organisations to abuse one of the original tld's.
Wasn't .net meant for *networks* ? aka ISP backbone infrastructure and not for commercials?
That has been going on for several years now (unfortunately).
(And I thought that domain reselling was a yucky business)
Yep, but it can be profitable. I'm just waiting for someone to put out a typo in a large press release and then sue Verisign for stealing all the traffic. According to the article in the link posted from cbronline.com this has been done by NeuStar who runs the .biz and .us domain registries. The company which runs this service for NeuStar claims to be able to differentiate between http and other requests. I'm still waiting to see how they do this as you can't tell from a DNS request alone. bye, ken emery