On September 30, 1998 at 14:40 jshaw@insync.net (Joe Shaw) wrote:

All that proves is someone has a sense of humor. I've seen plenty of sites with these types of greetings, and they aren't hard to setup. I had a friend who setup his SMTP server to say:

No I think it indicates that a bunch of clowns have taken over what advertises itself as the official US office of the Consulate of the Kingdom of Tonga. As I said, also take a look at the web page on that site and tell me what it has to do with the Consulate of the Kingdom of Tonga. Alone it would mean little. But as part of the whole picture, that Tonga's domain seems to be used as nothing but a "safe harbor" for porn sites engaged in criminal activity and even their own supposed govt consulate comes up as an ad for a software company etc, it would seem to indicate that this domain, .to, is not being used as a legitimate country TLD, is not being managed by the people it was assigned to for the purpose it was assigned, etc. -- -Barry Shein Software Tool & Die | bzs@world.std.com | http://www.world.com Purveyors to the Trade | Voice: 617-739-0202 | Login: 617-739-WRLD The World | Public Access Internet | Since 1989 *oo*

But as part of the whole picture, that Tonga's domain seems to be used as nothing but a "safe harbor" for porn sites engaged in criminal activity and even their own supposed govt consulate comes up as an ad for a software company etc, it would seem to indicate that this domain, .to, is not being used as a legitimate country TLD, is not being managed by the people it was assigned to for the purpose it was assigned, etc.

The simple question here is: who are you to tell a sovereign country what it can and what it cannot do? Re: ineffectiveness of international treaties. I beg to differ. The odds are that if one attempts to mess with computers not just located in outside US borders but operated by or on the behalf of the foreign government (no matter if we think that a clown and/or a scam artist operates it), one would quickly end up in the middle of a something that US Department of State would be handling. Remember, if those people are operating on the behalf of the government and are making money on it, they do have an ear of whoever awarded them the contract. Alex

UHH, I think I was wrong... me ==> </FLAME> I think he gets the idea... 'Awa (a gentleman's drink) please...

The question was what we should do, not what they should do. For example, should we remove their domain from the top level servers if it has ceased to serve any legitimate purpose?

Your answer might be "no", but I think that answers your "simple question". They can do what they like, I suppose.

But we can cut off our half of the connection if we feel it is primarily malicious and abusive.

On October 1, 1998 at 10:26 aglists@goldblatt.net (Aaron Goldblatt) wrote:

...

But we can cut off our half of the connection if we feel it is primarily malicious and abusive.

So, feel free to filter any IPs you see coming to Software Tool and Die's routers that reverse to a .to domain. Fire up your procmail filters.

But I have legitimate business with a client who is registered in the .to TLD. Where he got that registration from really is none of my business, from a strictly operational standpoint. My job is to make sure that my customers can talk to him if they want/need to.

Deactivating his TLD just 'cause one guy is getting spammed by them is ...

That was never the complaint. Are you being willfully ignorant or does it just come naturally?

well ... silly? I guess that means we should revoke AOL's SLD, and Hotmail's SLD, and Yahoo's SLD ... I get spam from them -all-the-time-.

ag

-- -Barry Shein Software Tool & Die | bzs@world.std.com | http://www.world.com Purveyors to the Trade | Voice: 617-739-0202 | Login: 617-739-WRLD The World | Public Access Internet | Since 1989 *oo*

...

All that proves is someone has a sense of humor. I've seen plenty of No I think it indicates that a bunch of clowns have taken over what advertises itself as the official US office of the Consulate of the Kingdom of Tonga.

You think? Really? You're not doing very well at it, then. Or, as my sponsor would say, "You do have a point. Your hair covers it nicely." ag

On September 30, 1998 at 20:03 darcy@druid.net (D'Arcy J. M. Cain) wrote:

Thus spake Barry Shein

...

On September 30, 1998 at 14:40 jshaw@insync.net (Joe Shaw) wrote:

...

All that proves is someone has a sense of humor. I've seen plenty of No I think it indicates that a bunch of clowns have taken over what advertises itself as the official US office of the Consulate of the

Actually, it proves that they are running the Juniper SMTP and haven't bothered to change the default messages. Connect to the smtp port at druid.net and it will issue the same messages.

Well, maybe you missed the part about the website for the San Francisco Consulate of the Kingdom of Tonga (which the US State Dept lists as their official presence in the US) being an advertisement for a software company. It was all part of a picture that the .to domain may have ceased to serve as a country TLD for the Kingdom of Tonga. What if a country ceased to exist entirely and the domain they were using was hijacked by some random, unrelated entity for their own malicious purposes? Would that justify decommissioning the TLD (meaning, removing it from the root servers)? -- -Barry Shein Software Tool & Die | bzs@world.std.com | http://www.world.com Purveyors to the Trade | Voice: 617-739-0202 | Login: 617-739-WRLD The World | Public Access Internet | Since 1989 *oo*

On Thu, Oct 01, 1998 at 04:00:20AM -0400, Barry Shein wrote:

What if a country ceased to exist entirely and the domain they were using was hijacked by some random, unrelated entity for their own malicious purposes? Would that justify decommissioning the TLD (meaning, removing it from the root servers)?

Here, at last, is a useful question. What _is_ the basis for the activation of an ISO 3166 2-letter ccTLD; that is, how does one get on and off ISO's list? Cheers, -- jra -- Jay R. Ashworth jra@baylink.com Member of the Technical Staff "The net is safer in bad weather: you The Suncoast Freenet can't run a backhoe Tampa Bay, Florida in a hurricane." (after Sean Donelan) +1 813 790 7592 Managing Editor, Top Of The Key sports e-zine ------------ http://www.totk.com

On Wed, Sep 30, 1998 at 05:16:50PM -0400, Barry Shein wrote:

But as part of the whole picture, that Tonga's domain seems to be used as nothing but a "safe harbor" for porn sites engaged in criminal activity and even their own supposed govt consulate comes up as an ad for a software company etc, it would seem to indicate that this domain, .to, is not being used as a legitimate country TLD, is not being managed by the people it was assigned to for the purpose it was assigned, etc.

This raises a qustion I was hoping we could avoid for quite a long time: Who is in a position of authority to pass judgement on whether the assigned authority over the .to top-level domain should "be allowed" to register such people in it's domain? Is there a policy on the root domain? Who enforces this? Who owns it? Cheers, -- jra -- Jay R. Ashworth jra@baylink.com Member of the Technical Staff "The net is safer in bad weather: you The Suncoast Freenet can't run a backhoe Tampa Bay, Florida in a hurricane." (after Sean Donelan) +1 813 790 7592 Managing Editor, Top Of The Key sports e-zine ------------ http://www.totk.com

On Wed, Sep 30, 1998 at 05:16:50PM -0400, Barry Shein wrote:

On September 30, 1998 at 14:40 jshaw@insync.net (Joe Shaw) wrote:

...

All that proves is someone has a sense of humor. I've seen plenty of sites with these types of greetings, and they aren't hard to setup. I had a friend who setup his SMTP server to say:

No I think it indicates that a bunch of clowns have taken over what advertises itself as the official US office of the Consulate of the Kingdom of Tonga. As I said, also take a look at the web page on that site and tell me what it has to do with the Consulate of the Kingdom of Tonga.

Alone it would mean little.

But as part of the whole picture, that Tonga's domain seems to be used as nothing but a "safe harbor" for porn sites engaged in criminal activity and even their own supposed govt consulate comes up as an ad for a software company etc, it would seem to indicate that this domain, .to, is not being used as a legitimate country TLD, is not being managed by the people it was assigned to for the purpose it was assigned, etc.

You don't know why it was really assigned, to who it was assigned, or what terms it was assigned under. Isn't it fun not being able to demand full, public, open accountability on these types of things? -- -- Karl Denninger (karl@denninger.net) http://www.mcs.net/~karl I ain't even *authorized* to speak for anyone other than myself, so give up now on trying to associate my words with any particular organization.

On Sat, Oct 10, 1998 at 09:21:36AM -0400, Rich Sena wrote:

That's all fine and spiffy Joe but being cutesy isn't the point - it is fairly obvious that this is not the "Kingdon of Tonga" (as it may be a principality or sovereign nation) but a for profit agency or group selling domains that they have absolute control over (much like the NIC - hmmm mebbe I'll reconsider my argument) - Now that in and of itself isn't illegal *but* they shouldn't have a top level principality domain.

Please... this is dead; let's let it stay that way, Cheers, -- jra -- Jay R. Ashworth jra@baylink.com Member of the Technical Staff Buy copies of The New Hackers Dictionary. The Suncoast Freenet Give them to all your friends. Tampa Bay, Florida http://www.ccil.org/jargon/ +1 813 790 7592

Yeah well, you probably have to *pay* for relaying. This is actualy of some value to spammers since its relatively easy to shut down a relay; I have actually seen spam advertising 'spam friendly' ISPs that offer relaying services. Gut 'em all, I say. On Wed, Sep 30, 1998 at 03:40:15PM -0400, Alex Kamantauskas wrote:

On Wed, 30 Sep 1998, Barry Shein wrote:

...

In support of this assertion I want to show you an SMTP conversation with what claims to be the Consulate of the Government of Tonga in San Francisco (This San Francisco office is listed as an official Tongan contact point for visas etc by the US State Dept):

world% telnet sfconsulate.gov.to 25 Trying 209.24.51.169... Connected to sfconsulate.gov.to. Escape character is '^]'. 220 colo.to SMTP ready, Who are you gonna pretend to be today? VRFY postmaster 500 Bloody Amateur! Proper forging of mail requires recognizable SMTP commands!

--------------------

Well, beyond the cutesy error messages, at least relaying is turned off.

fz(alexk):[~] telnet sfconsulate.gov.to 25 Trying 209.24.51.169... Connected to sfconsulate.gov.to. Escape character is '^]'. 220 colo.to SMTP ready, Who are you gonna pretend to be today? helo tugger.net 250 colo.to Is thrilled beyond bladder control to meet tugger.net mail from: alexk@tugger.net 250 sender is alexk@tugger.net, (yeah sure, it's probably forged) rcpt to: alexk@freetld.net 550 NOPE UNKNOWN(204.168.18.98), I don't allow unauthorized relaying.

...

Viewing the web page for the Tongan Consulate in the US (http://sfconsulate.gov.to) reveals nothing but an ad for a software company, this page ends with:

Need a domain name? Contact the Kingdom of Tonga Internet domain name registry.

--------------------

Consequently, I assert there is no reason for this domain to exist and it should be removed from the root name servers.

-- -Barry Shein

Software Tool & Die | bzs@world.std.com | http://www.world.com Purveyors to the Trade | Voice: 617-739-0202 | Login: 617-739-WRLD The World | Public Access Internet | Since 1989 *oo* - Send 'unsubscribe' in the body to 'list-request@inet-access.net' to leave. Eat sushi frequently. inet@inet-access.net is the human contact address.

-- Alex Kamantauskas Tugger Networks

On a bright Hawaiian night, someone wrote:

Does anyone have the email address of the Chief/King of Tonga? He might find this dialogue eye-opening...

HAHAHAHAHAHA!!! Someone is *really* not familiar with Polynesian culture! ;) 'Awa (kawa) anyone?

On Thu, Oct 01, 1998 at 04:29:02AM -0400, Barry Shein wrote:

Actually, he just told me that he'd stop the spammers if I marry his daughter.

I've taken it under consideration.

Now _this_ is the bzs I expect. Did you just get back and find the undergrad who was spoofing you? Cheers, -- jra -- Jay R. Ashworth jra@baylink.com Member of the Technical Staff "The net is safer in bad weather: you The Suncoast Freenet can't run a backhoe Tampa Bay, Florida in a hurricane." (after Sean Donelan) +1 813 790 7592 Managing Editor, Top Of The Key sports e-zine ------------ http://www.totk.com

On Wed, Sep 30, 1998 at 12:42:58PM -0700, Karl Mueller <karl@best.net> wrote:

I have two proposals:

1) Clearly, .COM is used for criminal and malicious activities. I propose that we remove it due to abuse.

Don't forget .ORG, .NET, .EDU, etc. After all, porn and/or spam might be coming from those as well! Since when do the root nameservers become responsible for monitoring and controlling spam and porn? I never understood that as one of their responsibilities. If it suddenly became that way, I'll be more than happy to forward them a list of spam domains that they can take care of.

2) Barry Shein serves no useful purpose and should also be removed.

Agreed. Obviously this message served no useful purpose, so according to the message below, Barry Shein and .std.com should be removed. -jkk

Karl

...

We've been having increasing problems with one or more porn sites in the .to domain promoting itself by massive spamming of AOL customers using one of our domains in their From: header thus causing both complaints to us and thousands of bounces from AOL due to bad AOL addresses in their spam lists.

Looking at the .to domain I can't help but notice it's heavily laden with what appear to be porn sites (sexonline.to, come.to, xxxhardcore.to, etc.)

1. Performing traceroutes and other analyses seems to indicate that this domain is NOT being used for communication with entities legitimately located (legally, not only geographically) within the sovereignty of the Kingdom of Tonga, as intended.

2. Clearly criminal and malicious activites are arising from sites to which Tonga has provided comfort and sanctuary.

3. Therefore, I call for a process whereby it can be determined as to whether or not it is appropriate to decommission the Tongan domain due to negligence, mismanagement, and having allowed it to become an attractive resource for criminal activities. I do not believe the Tongan domain serves any legitimate purpose as an internet resource.

In support of this assertion I want to show you an SMTP conversation with what claims to be the Consulate of the Government of Tonga in San Francisco (This San Francisco office is listed as an official Tongan contact point for visas etc by the US State Dept):

world% telnet sfconsulate.gov.to 25 Trying 209.24.51.169... Connected to sfconsulate.gov.to. Escape character is '^]'. 220 colo.to SMTP ready, Who are you gonna pretend to be today? VRFY postmaster 500 Bloody Amateur! Proper forging of mail requires recognizable SMTP commands!

--------------------

Viewing the web page for the Tongan Consulate in the US (http://sfconsulate.gov.to) reveals nothing but an ad for a software company, this page ends with:

Need a domain name? Contact the Kingdom of Tonga Internet domain name registry.

--------------------

Consequently, I assert there is no reason for this domain to exist and it should be removed from the root name servers.

-- -Barry Shein

Software Tool & Die | bzs@world.std.com | http://www.world.com Purveyors to the Trade | Voice: 617-739-0202 | Login: 617-739-WRLD The World | Public Access Internet | Since 1989 *oo*

-- Jim Klossner - jkk@frontiernet.net http://www.frontiernet.net Lead System Engineer Frontier GlobalCenter "I'm a krill. The whales aren't working today..."

Have you tried contacting the folks at tonic.to? I know them and they have a shoot first, ask questions later policy about spam. Here's a quote from their FAQ page.

Tonic feels very strongly that the sending of unsolicited bulk email or excessive Usenet posting ("spamming") constitutes theft of service, and we do not condone the use of .TO domain names for this purpose.

If we receive complaints that a .TO domain name has been used for this purpose, we will advise the domain owner of the complaint and request that they desist from this activity. Tonic reserves the right to remove any .TO name registration if a name is used as a source of spam, or an address to which to reply to such bulk mail solicitations. We will also publish the names and contact information for any accounts terminated for such a reason.

John -- John Harkin Internet Network and Systems Consulting jh@harkin.net voice: 415-472-2452 fax: 415-472-2454

On September 30, 1998 at 17:26 aglists@goldblatt.net (Aaron Goldblatt) wrote:

...

I think it's beginning to become obvious, to me anyhow, that any claim that the internet is better regulated by those who are involved in its engineering is a total failure as a concept.

You're therefore suggesting that the Internet is better regulated by those who are totally unfamiliar with it. Or, in other words, you want your heart transplant performed by a 10-year-old.

Totally unfamiliar with it? You mean, for example, that people in the FCC are totally unfamiliar with, say, telephony? Or that they're all ten year olds? People who work for the FAA know something about air traffic issues and aren't ten year olds. People who work for CDC know something about epidemiology and aren't ten year olds. Etc. Such regulatory agencies always employ people knowledgeable in the technical aspects of the subject. What's peculiarly missing in the internet realm is much anyone with any skills in building processes by which decision-making and review of policies can occur. That's why, I assume, raising any policy or resource issue is generally met with a flood of sarcastic remarks, non-sequitars, and in particular a total lack of process by which to address such an issue. It's completely missing. You may believe that the above regulatory bodies are less than perfect. But what you can't do is assert that what goes on in their stead on the net works any better. -- -Barry Shein Software Tool & Die | bzs@world.std.com | http://www.world.com Purveyors to the Trade | Voice: 617-739-0202 | Login: 617-739-WRLD The World | Public Access Internet | Since 1989 *oo*

On Thu, 1 Oct 1998, Barry Shein wrote:

On September 30, 1998 at 17:26 aglists@goldblatt.net (Aaron Goldblatt) wrote:

...

...

I think it's beginning to become obvious, to me anyhow, that any claim that the internet is better regulated by those who are involved in its engineering is a total failure as a concept.

You're therefore suggesting that the Internet is better regulated by those who are totally unfamiliar with it. Or, in other words, you want your heart transplant performed by a 10-year-old.

People who work for the FAA know something about air traffic issues and aren't ten year olds. People who work for CDC know something about epidemiology and aren't ten year olds. Etc.

Such regulatory agencies always employ people knowledgeable in the technical aspects of the subject.

Knowledgeable people != good policy makers Knowledgeable people != good decisions about regulatory issues Knowledgeable people != people you can trust

What's peculiarly missing in the internet realm is much anyone with any skills in building processes by which decision-making and review of policies can occur.

So the IANA and IETF have been doing what for the past several years?

That's why, I assume, raising any policy or resource issue is generally met with a flood of sarcastic remarks, non-sequitars, and in particular a total lack of process by which to address such an issue. It's completely missing.

I believe your assumption is incorrect. The issues involved are control and the power to change things. Is it all that surprising that people get a wee bit wound up over that? When you propose that policy should be made by some regulatory agency instead of by consensus, what do you expect? What you are proposing is nothing short of asking us to abdicate power.

You may believe that the above regulatory bodies are less than perfect. But what you can't do is assert that what goes on in their stead on the net works any better.

Why not? I can still pass a packet from one end to the other, and if I can't, I can buy transit to do so. Fundamentally, that's all the Internet needs to do. If that wasn't happening, or I couldn't buy transit to do so, then I might be a little warmer to your ideas. As it stands, I will vigorously oppose your desire to hand our collective power of policy making to another entity just because they _might_ do a better job than us. Regards, Chris ____________________________________________________________________ Chris Kilbourn System Administrator digital.forest kilbo@forest.net 425.483.0483 http://www.forest.net Macintosh Internet Services Since 1994.

On October 1, 1998 at 11:50 aglists@goldblatt.net (Aaron Goldblatt) wrote:

Previous attempts by government entities to regulate the Internet have been characterized by a total unfamiliarity with the medium. I have no reason to believe that any future attempt to regulate the Internet will be marked by any more competence than I've seen thus far.

Which of course begs the question as to whether or not it will be better than the current situation. As the expression goes, even a bad plan is better than no plan at all. -- -Barry Shein Software Tool & Die | bzs@world.std.com | http://www.world.com Purveyors to the Trade | Voice: 617-739-0202 | Login: 617-739-WRLD The World | Public Access Internet | Since 1989 *oo*

Well, I'll grant this response is much better than your initial sarcastic remarks. Do I want regulators involved in some of these processes? At this point, I'm not sure, perhaps. I do think the total inability of the community to regulate or govern itself is, at this point, a sad fact. On September 30, 1998 at 15:31 karl@best.net (Karl Mueller) wrote:

...

I'm not sure what your problem is or what prompted this childish remark. I'm sorry if I presented what I believe to have been a reasoned comment with evidence and documentation etc. and somehow elicted this from you. I can't figure out why, however.

[...]

Really, Barry, it never ceases to amaze me how people turn their particular experience or view of something on the Internet into what reality is or what should happen. After all Barry, YOU have seen .to domains used for criminal activities, and none of them to the contrary! Oh-my-God! That must mean that the whole TLD is nothing but a joke, or a haven for these people. I'd laugh but it's not really funny.

See, originally I was going to write an email on how Tonga had contacted IANA to run this idea of a registry by them. After all, it is their domain and they saw a business opportunity. Given that we have certain other TLDs selling domains (say, oh, .COM and .NET), I think the IANA figured it was their TLD to do with as they pleased. (within reason, of course)

Now, a good possible issue you could have brought up is .to addresses being used outside of Tonga, although I think this is a pretty moot point. But, reality is that it's silly to use DNS (or really anything else) to try and pinpoint geography on the Internet. Unless you are suggesting a plan to monitor inverse DNS mapping, I don't think there's much you can do here.

Instead, you choose to bring up spamming activities and criminal activities. Well, gee, when was the last time you contacted the InterNIC over a spam issue, Barry? Like TONIC, it's a *public* registry. Like TONIC, it has *nothing* to do with spamming issues.

It would be completely out of line for the NANOG and other communities to try and address the real problem of spamming by looking at TLDs. That is completely missing the problem, and a waste of time. Not only that, but it gets regulators interested in the wrong area. Do you really want regulators deciding what you can and cannot do with domain names or TLDs? Think about it. (and that's a different issue than whether it's legal to spam with a domain)

My apologies to cc'ing NANOG again. I tried to make light of the idiocies but failed.

Karl

P.S. My affiliation with Best has nothing to do with this. TONIC could move easily to another ISP.

P.P.S. Your "points" about them running a humerous version of sendmail scare me because they're so bogus.

-- -Barry Shein Software Tool & Die | bzs@world.std.com | http://www.world.com Purveyors to the Trade | Voice: 617-739-0202 | Login: 617-739-WRLD The World | Public Access Internet | Since 1989 *oo*

At 06:41 PM 9/30/98 -0400, Steven J. Sobol wrote:

On Wed, Sep 30, 1998 at 05:22:57PM -0400, Barry Shein wrote:

...

If .com were used, for example, only for Slobbovian Universities, were being managed by one to the exclusion of other uses, etc, then perhaps it would be a good reason to consider decommissioning .com.

And if the .to domain is not in any way being used as a TLD for the Kingdom of Tonga, but instead is being used only as a safe harbor for what appear to be malicious activities, then perhaps it should be decommissioned.

Is that simple enough?

I've already given you one example of a domain not used for porn.

Here's another one: bounce.to, another redirection service.

I'm sure I can find others.

Of course, according to you, the TLD is rogue unless there are absolutely no bad apples.

By this logic, I can argue for UUNet to turn off their circuit to you if I have solid proof of *ONE* of your customers spamming.

Yes, I know, your argument is that a majority of the domains are porn domains (not that that, in itself, is hard evidence of criminal activity) and are used to spam. Prove "a majority."

Actually, by his argument, the entire country of the Netherlands should be arrested becasue the allow legal prostitution, a criminal activity in "white bread" New Hampshire. ___________________________________________________ Roeland M.J. Meyer, ISOC (InterNIC RM993) e-mail: <mailto:rmeyer@mhsc.com>rmeyer@mhsc.com Internet phone: hawk.mhsc.com Personal web pages: <http://www.mhsc.com/~rmeyer>www.mhsc.com/~rmeyer Company web-site: <http://www.mhsc.com/>www.mhsc.com/ ___________________________________________ I bet the human brain is a kludge. -- Marvin Minsky

It is serving as their entry into the *global* e-marketplace. Ever tripped over something you didn't know was there?

So, to spell it out, the question is not whether or not there are non-porn sites in the .to domain. The question is whether or not there are any Tongan activities in the Tongan domain? Since the US Consulate of the Kingdom of Tonga isn't even a Tongan site one wonders just what purpose this domain is serving.

On October 1, 1998 at 01:37 jh@harkin.net (John Harkin) wrote:

At 12:22 AM -0700 10/1/98, Barry Shein wrote:

...

So, to spell it out, the question is not whether or not there are non-porn sites in the .to domain. The question is whether or not there are any Tongan activities in the Tongan domain? Since the US Consulate of the Kingdom of Tonga isn't even a Tongan site one wonders just what purpose this domain is serving.

The Tongan consulate in SF *is* Tongan territory, not US. Seems like a good place to keep a server to keep its traffic off the satellite to me.

The server with the tongan consulate net address appears to be a web server for some software company and has nothing to do with Tonga as far as I can tell. Is it located at the Tongan consulate? -- -Barry Shein Software Tool & Die | bzs@world.std.com | http://www.world.com Purveyors to the Trade | Voice: 617-739-0202 | Login: 617-739-WRLD The World | Public Access Internet | Since 1989 *oo*

Has Aaron read a word of this discussion? How can he reply over and over and not have understood a word of it. As of last time I checked, around 2:30PM EDT 10/1/98, the porn site involved in spamming and domain hijacking etc had an operational address within the .to name space, and they continue to spam and hijack/forge, the bounces and complaints are still coming in. On October 1, 1998 at 13:00 aglists@goldblatt.net (Aaron Goldblatt) wrote:

...

The server with the tongan consulate net address appears to be a web server for some software company and has nothing to do with Tonga as far as I can tell. Is it located at the Tongan consulate?

Why is this your business? Are you responsible for policing the .to TLD, or are you responsible for administering the network at the Tongan San Francisco Consulate?

If the answer is no to both of the above (and I suspect it is), get off it.

ag

-- -Barry Shein Software Tool & Die | bzs@world.std.com | http://www.world.com Purveyors to the Trade | Voice: 617-739-0202 | Login: 617-739-WRLD The World | Public Access Internet | Since 1989 *oo*

On Thu, 1 Oct 1998, Barry Shein wrote:

As of last time I checked, around 2:30PM EDT 10/1/98, the porn site involved in spamming and domain hijacking etc had an operational address within the .to name space, and they continue to spam and hijack/forge, the bounces and complaints are still coming in.

This is your fault since you continue to send your vague complaints to NANOG instead of sending specific complaints, naming names, to hostmaster@tonic.to Note: I am not now and never have been an employee of Best. ;-) -- Michael Dillon - E-mail: michael@memra.com Check the website for my Internet World articles - http://www.memra.com

It has been changed within the duration of this monster thread. On Thu, 1 Oct 1998, John Harkin wrote:

I just looked at http://sfconsulate.gov.to/ and it is clearly about the Kingdom. I'm not sure what you saw.

On 10/01/98, Barry Shein <bzs@world.std.com> wrote:

Now what do people have to say about my claim that some sort of active fraud appears to be going on?

As many people have already said, whether your claim is valid or not, NANOG is not an approrpiate forum for airing it. -- J.D. Falk <jdfalk@cp.net> Have you hugged your backups today? Special Agent In Charge (Abuse Issues) Critical Path, Inc. ------ Critical Path is hiring in all departments! ------

Yep I noticed that too... I was starting to think I should have read this thread fully before I reponded to Barry's first post until I saw them palm the top card and deal from the bottom once this all surfaced here - but Barry has brought up a very valid point here that more than likely no-one will be able to answer or do anything about - why can't a company approach a small country with offers of free connectivity and administration in exchange (and of course some economy assisting green or whatever color that countries currency may actually be) for their aid in registerring a gTLD that they would in turn have full authority over on their behalf? Think about it - it's nice work if you can get it... time for a carreer move i think... On Thu, 1 Oct 1998, scott w wrote:

It has been changed within the duration of this monster thread.

On Thu, 1 Oct 1998, John Harkin wrote:

...

I just looked at http://sfconsulate.gov.to/ and it is clearly about the Kingdom. I'm not sure what you saw.

-- I am nothing if not net-Q! - ras@poppa.clubrich.tiac.net

Considering that the Last-Modified time on the Tongan consulate page is May 20, 1998, I'd bet that it was a server configuration error that has been corrected in the last 24 hours. The images on that page don't look like they were thrown together in response to your allegations, IMO. It has already been stated that the sfconsulate.gov.to is located at Best's server colocation facilities, which means it's probably on the same box as many other web servers. Such servers often have config problems, and that was probably brought to the attention of the folks at Best. I smell no fish. Stephen Barry Shein wrote:

Apparently it's been changed in the past 24 hours, probably as a result of this discussion.

I'm sure others here checked it out and found what I found, ads for a software company, you're the first one to report otherwise (and yes right now it does seem to suddenly say something about Tonga.)

I smell something fishy going on here.

-- | | Stephen Sprunk, KD5DWP, CCIE #3723 :|: :|: NSA, Network Consulting Engineer :|||: :|||: 14875 Landmark Blvd #400; Dallas, TX .:|||||||:..:|||||||:. Pager: 800-365-4578 / 800-901-6078 C I S C O S Y S T E M S Email: ssprunk@cisco.com

Barry, As you yourself have stated, how can anyone comment on how the pages have changed if they have not been personally involved in the management of the website. I don't see how you can then make claims that pointers have changed, and at the same time blow off other speculations concerning web server configurations, etc. This thread is started to smell like a dead horse; please, let it die. Mike Messick email: sysadmin@alaska.net Network Administration - Internet Alaska, Inc. (907) 562-4189 voice (907) 562-1677 fax 1024/FBB026B9 94 6B F6 05 DA 6A C0 1E 48 19 EC 27 F7 50 B8 A7 On Thu, 1 Oct 1998, Barry Shein wrote:

On October 1, 1998 at 14:46 ssprunk@cisco.com (Stephen Sprunk) wrote:

...

Considering that the Last-Modified time on the Tongan consulate page is May 20, 1998, I'd bet that it was a server configuration error that has been corrected in the last 24 hours. The images on that page don't look like they were thrown together in response to your allegations, IMO.

No, but the pointer (link) to the page may have been changed. I'm not shocked that the page contents have existed for a while, they just weren't visible via the consulate's address.

Although what you say is possibly true your reasoning borders on nonsense. The page could be years old, but wasn't being pointed to as the main page to load.

What's your interest in running such a stretch of reasoning anyhow? No one claiming to be involved in the actual management of the page has commented either way, thus far.

Isn't the more obvious explanation that someone changed the links in the past few hours, as others have observed?

Why the contortions to suggest otherwise?

...

It has already been stated that the sfconsulate.gov.to is located at Best's server colocation facilities, which means it's probably on the same box as many other web servers. Such servers often have config problems, and that was probably brought to the attention of the folks at Best.

I smell no fish.

Sometimes even your best friends won't tell you...

...

Stephen

Barry Shein wrote:

...

Apparently it's been changed in the past 24 hours, probably as a result of this discussion.

I'm sure others here checked it out and found what I found, ads for a software company, you're the first one to report otherwise (and yes right now it does seem to suddenly say something about Tonga.)

I smell something fishy going on here.

-- | | Stephen Sprunk, KD5DWP, CCIE #3723 :|: :|: NSA, Network Consulting Engineer :|||: :|||: 14875 Landmark Blvd #400; Dallas, TX .:|||||||:..:|||||||:. Pager: 800-365-4578 / 800-901-6078 C I S C O S Y S T E M S Email: ssprunk@cisco.com

Whelp there are quite a few ways to splain that - redirect the page to an existing site, hell you can even go as far as changing the pointer to go to another machine far or even swapping the servers entirely but it was prolly just redirected - regardless - you're right it could have been a misconfig - but I would have assumed the consulate might have picked up on that sometime since may and the redirection - if that's what happened - don't you? Regardless - the definite truth here is that this thread is old and I'm just adding to the noise - sorry kids... On Thu, 1 Oct 1998, Stephen Sprunk wrote:

Considering that the Last-Modified time on the Tongan consulate page is May 20, 1998, I'd bet that it was a server configuration error that has been corrected in the last 24 hours. The images on that page don't look like they were thrown together in response to your allegations, IMO.

It has already been stated that the sfconsulate.gov.to is located at Best's server colocation facilities, which means it's probably on the same box as many other web servers. Such servers often have config problems, and that was probably brought to the attention of the folks at Best.

I smell no fish.

Stephen

-- I am nothing if not net-Q! - ras@poppa.clubrich.tiac.net

Apparently it's been changed in the past 24 hours, probably as a result of this discussion. [...] I smell something fishy going on here.

Oh, I'm sure it can't be explained by something as simple as a mistyped entry in an SOA record. (Who among us can say that we have -never- botched a DNS record?) And even if it can't, it proves exactly what? My point isn't that I'm not paying attention, for indeed I am. My point, which my hair does indeed cover nicely, is that your continued rants are simply not based on reasonable troubleshooting and reality. You might ought to fix that. If you troubleshot a computer the way you've troubleshot this issue, you'd electrocute yourself. ag

My question here would be are these actual businesses or paper companies that exist for the sake of more nefarious scheme. I am certain that when 1 asserts that he represents another country that the web page they would write would be indicitive of things and or relating to things about that particular culture and the things they have to the offer the world and their cultural heritage and associated demographics that show gross national product with a breakdown into their repective catagories. Picking up the ring ring cloofon would be helpful in this instance. Henry R. Linneweh Sam Hayes Merritt, III wrote:

On Thu, 1 Oct 1998, Barry Shein wrote:

...

So, to spell it out, the question is not whether or not there are non-porn sites in the .to domain. The question is whether or not there are any Tongan activities in the Tongan domain? Since the US Consulate of the Kingdom of Tonga isn't even a Tongan site one wonders just what purpose this domain is serving.

http://www.isi.edu/in-notes/rfc1591.txt

Where does it say that to operated in a ccTLD you must physically be located in that country?

http://www.tongatapu.net.to/sponsors/moore/default.htm Moore Electronics Ltd., a company physically located in Tonga

http://www.tongatapu.net.to/sponsors/tess/default.htm Tonga Electronic Secretary Service, a company physically located in Tonga

http://www.tongatapu.net.to/tonga/news/default_l.htm is filled with lots of businesses in the Kingdom of Tonga

Since the above links prove that their is indeed Tongan activities, can we move on.

Sam

-- ™
¢4i1å

On October 1, 1998 at 11:08 sjsobol@nacs.net (Steven J. Sobol) wrote:

On Thu, Oct 01, 1998 at 03:22:55AM -0400, Barry Shein wrote:

...

No, a typical method of judgement used where something won't likely be 100% one way or the other is the "preponderance of evidence".

Agreed, and I don't think you have that, either!

That's nice, but lacking any review process you're just twiddling bits in public (and so am I, not my point.)

...

More importantly, in the case of a gTLD, does it serve any useful purpose for which it was issued, overall?

Since the examples you've given don't seem to me to be entities organized within the Kingdom of Tonga, even if they're not porn sites*, what purpose is being served by keeping .to in the root servers?

It's already been pointed out that there IS no one-to-one mapping of domain names to geographical areas. What's your point?

Please. There may be no one-to-one mapping, but surely there is some reason we adopted the ISO two-letter codes as TLDs. Why must these discussions always devolve into nihilism?

...

* Porn per se was never the touchstone issue

OK - I am glad we agree on this.

--

Anyone who spams me will be subject to torture by Jake, my killer attack hedgehog, and/or Lizzy and Junior, my man-eating iguanas.

-- -Barry Shein Software Tool & Die | bzs@world.std.com | http://www.world.com Purveyors to the Trade | Voice: 617-739-0202 | Login: 617-739-WRLD The World | Public Access Internet | Since 1989 *oo*

On Thu, Oct 01, 1998 at 11:24:51AM -0500, Peter Stemwedel wrote:

...

And if the .to domain is not in any way being used as a TLD for the Kingdom of Tonga, but instead is being used only as a safe harbor for what appear to be malicious activities, then perhaps it should be decommissioned.

Like ending phrases and sentences in prepositions?

The sort of arrant pedantry up with which I will not put! Cheers, -- jra -- Jay R. Ashworth jra@baylink.com Member of the Technical Staff "The net is safer in bad weather: you The Suncoast Freenet can't run a backhoe Tampa Bay, Florida in a hurricane." (after Sean Donelan) +1 813 790 7592 Managing Editor, Top Of The Key sports e-zine ------------ http://www.totk.com

The problem doesn't even exist it is clearly covered under other procedures. And the TO domain as an abuse policy, Barry obivously hasn't followup up on it in any detail, or he would have indicated otherwise (at least he is usually very detail oriented. In message <199809302154.RAA17411@comet.connix.com>, Gary R Wright writes:

Karl Mueller writes:

...

Clearly, .COM is used for criminal and malicious activities. I propose that we remove it due to abuse.

This points out the legal ambiguity of the global top-level domains. At least with the .to domain it is clear who is responsible for the domain. With .com, .net, etc. the name space crosses legal boundaries inviting all sorts of legal confusion. The legal situation could be clarified considerably if the gtld's were moved under the country code domains.

Certainly the legal confusion surrounding the gtld's shouldn't be used as a rational for not developing a process (which is what Barry suggested) for attending to problems associated with the country code domains.

--- Jeremy Porter, Freeside Communications, Inc. jerry@fc.net PO BOX 80315 Austin, Tx 78708 | 512-458-9810 http://www.fc.net

"Steven J. Sobol" writes:

...

Certainly the legal confusion surrounding the gtld's shouldn't be used as a rational for not developing a process (which is what Barry suggested) for attending to problems associated with the country code domains.

What sort of problems?

Trademark/service mark conflicts come to mind. But in general I would say one function of a legal system is to mediate disputes. Barry raised an issue (valid or not, take your pick) and asked if we should have a system by which disputes related to Internet facilities (such as domain name space) could be handled. To be more specific, an entity utilizing the .TO domain name was misrepresenting themselves using Barry's domain in .COM. Now perhaps if Barry's domain was world.std.com.US he would have a more obvious legal process by which he could defend his use of world.std.com.US because it would clearly be within the name space assigned to the United States. I pointed out that with .TO the legal issue was somewhat clearer than with .COM because .TO is assigned to a legal entity whereas the legal context of .COM is ambiguous. This makes it difficult for Barry to pursue any legal action and it also make it easier for unscrupulous folks to use domains fraudulently (because it is hard to challenge them in a legal context). Of course it works the other way also, if someone from the Kingdom of Tonga were to read this thread and decide they *didn't* want to register spam and porn havens then perhaps it would be a good thing if that government (i.e., registry) had the authority to say who was in and who was out of the .TO domain. One reason why it is so discomforting to have the Internic make policy decisions regarding domain registrations in .com is that there is no legal entity that is clearly responsible for the gtld's. I don't see too many people shouting across international borders about how the .uk domain is managed but I'm reasonably sure if there is a shouting match going on within their borders they probably have a legal process that can be used to mediate the disputes--something that doesn't seem to exist regarding the Internic and the gtld's.

If you're going to make a statement like that, I think it would be useful to first delineate what problems are supposed to be fixed by the TLD admins, and what problems are supposed to be fixed by the admins of the subdomains.

I don't think it is necessary to have an enumerated list of potential and/or demonstrated problems as a prerequisite to developing a process for resolving disputes. All other things being equal, a naming system that facilitates problem resolution is better than a naming system that creates problems to be resolved.

On Thu, Oct 01, 1998 at 10:59:23AM -0400, Gary R Wright wrote:

"Steven J. Sobol" writes:

...

...

Certainly the legal confusion surrounding the gtld's shouldn't be used as a rational for not developing a process (which is what Barry suggested) for attending to problems associated with the country code domains.

What sort of problems?

Trademark/service mark conflicts come to mind. But in general I would say one function of a legal system is to mediate disputes.

That, of course, is what NSI does. They disclaim responsibility for arbitrating intellectual property disputes, and since they are not a legislative or judicial agency, I'd have to say that is the correct decision.

Barry raised an issue (valid or not, take your pick) and asked if we should have a system by which disputes related to Internet facilities (such as domain name space) could be handled.

Right.

To be more specific, an entity utilizing the .TO domain name was misrepresenting themselves using Barry's domain in .COM. Now perhaps if Barry's domain was world.std.com.US he would have a more obvious legal process by which he could defend his use of world.std.com.US because it would clearly be within the name space assigned to the United States.

No, I don't necessarily think so. When something is done that is actionable, either civilly (e.g. forgery of Barry's domain) or criminally (smurf attack), I don't see how it's possible to judge jurisdiction based on Internet domain. -- Anyone who spams me will be subject to torture by Jake, my killer attack hedgehog, and/or Lizzy and Junior, my man-eating iguanas.

On October 1, 1998 at 02:14 sjsobol@nacs.net (Steven J. Sobol) wrote:

Actually, now that I think about it, it is hard for me to come up with a situation where you could possibly hold a TLD administrator liable for criminal activities perpetrated by a domain registrant. I'm sure someone else will come up with something.

The specific question was whether or not the .to domain serves any useful purpose (such as a TLD for the Kingdom of Tonga) -- is there any reason to maintain it in the root servers? -- -Barry Shein Software Tool & Die | bzs@world.std.com | http://www.world.com Purveyors to the Trade | Voice: 617-739-0202 | Login: 617-739-WRLD The World | Public Access Internet | Since 1989 *oo*

In the immortal words of Barry Shein (bzs@world.std.com):

The specific question was whether or not the .to domain serves any useful purpose (such as a TLD for the Kingdom of Tonga) -- is there any reason to maintain it in the root servers?

Is the Kingdom of Tonga a recognized nation-state? Does it have an ISO country code assigned to it? Is the general policy of the root servers to host NS records for any ISO country-code domain legitmately operated by an entity within that country? QED... Barry, this seems sort of silly. They have a stated abuse policy. You have evidence that one of their registrants is operating in contravention to that policy. What on earth is preventing you from making the obvious phone call? For what it's worth, I suspect that we will see a similar effect any time a new domain with a liberal registration policy comes online. People will flock to it, and among those people will be some bad actors. For a while, it'll be particularly visible, until the spammers and suchlike figure out that a different domain name doesn't shield them from anything, then it'll fade into the background -- just another TLD. Rinse and repeat. -n ------------------------------------------------------------<memory@blank.org> And by / the phone / I live / in fear. Sheer chance / will draw / you in / to here. (--Soul Coughing) <http://www.blank.org/memory/>------------------------------------------------

Unfortunately, as of right this minute, 10/1 at 2:20PM EDT, these porn domain forgers are back on the Tonga site and spamming away again forging our domain name into their spams.

If this is the issue at hand, why is the topic centered on a domain registry that happens to resolve one of their ips? Shouldn't the issue be taken up with whoever is providing transport to the said sites? Perhaps this is an issue of my own lack of experience, but I don't understand why .to should be singled out at all. For this case, the miscreants could be running without any name resolution. Certainly everyone here is willing to acknowledge that a domain name is simply symbolic. I think holding the Kingdom of Tonga responsible for these spammers having namespace under their iso tld is just as ludicrous as holding STD respnisble for 'permitting' their domain name to be forged. ..kg..

Something is very, very wrong with the Tongan domain and its management. They're not removing criminal domain-hijacking spammers, they're just letting them change their name as far as I can tell.

-- -Barry Shein

Software Tool & Die | bzs@world.std.com | http://www.world.com Purveyors to the Trade | Voice: 617-739-0202 | Login: 617-739-WRLD The World | Public Access Internet | Since 1989 *oo*

WRT "Is the .to (Tonga) domain completely rogue and should be removed?"

plonk<

This is the first filter I've had to place in NANOG. This subject is really in the Domain-Policy area and not a part of NANOG. By definition, TO is not in the realm of NANOG. I note that Domain-Policy list is not even on this distro, whereas I know for fact that you have also posted this subject there as well. Please leave it there, that is where it properly belongs. Yes, many of us are also subscribers to domain-policy list at the InterNIC. Actually, your remove TO rant should go to IANA, but we both know that Postel is unresponsive to such complaints. Be that as it may, I rather not see this rant in NANOG any longer. _________________________________________________ Morgan Hill Software Company, Inc. Colorado Springs, CO - Livermore, CA - Morgan Hill, CA                                    Domain Administrator MHSC2-DOM and MHSC3-DOM Administrative and Technical contact ____________________________________________ InterNIC Id: MHSC hostmaster (HM239-ORG) e-mail: <mailto:hostmaster@mhsc.com>mailto:hostmaster@mhsc.com web -pages: <http://www.mhsc.com/>http://www.mhsc.com/ ____________________________________________ A group of politicians deciding to dump a President because his morals are bad is like the Mafia getting together to bump off the Godfather for not going to church on Sunday. -- Russell Baker

On October 1, 1998 at 14:08 aglists@goldblatt.net (Aaron Goldblatt) wrote:

...

...

Barry, this seems sort of silly. They have a stated abuse policy. You [...] Something is very, very wrong with the Tongan domain and its management. They're not removing criminal domain-hijacking spammers, they're just letting them change their name as far as I can tell.

Maybe because you haven't followed their abuse policy. Wow.

Aaron: Clearly we're talking about what to do in reaction to some of the worst kinds of abusers on the net, second perhaps only to outright crackers and smurfers, and the mismanaged resources they exploit. We're talking about people who send tens of thousands, at least, of unsolicited email messages daily, many with explicit language in the Subject headers, advertising a porn site address in the .to domain. In addition, these messages have From: addresses forged into them with others' legitimate domain names, soas to cause the owners of that domain to be pummelled day and night with bounces and complaints. Judging from the actual behavior, which is indisputable, these criminals are finding the .to domain to be a convenient haven to operate out of, probably due to the mismanagement (I'm not really accusing those involved with .to of anything more than possible mismanagement) of the .to domain as much as anything else. For example, it appears they, whoever is administering this .to domain (and it's apparently not Tonga), have absolutely no idea who is creating domains in their space, and will shut off an abusing domain and a few minutes later give the same people another domain. Now, explain to us again exactly what your interest in defending these people so strenuously? I don't get it. These appear to be some of the worst vermin on the net and are enormous time sink, and are being aided and abetted by what appears to be gross mismanagement, at best, and yet there you are ready in a second to leap to their defense? Why? -- -Barry Shein Software Tool & Die | bzs@world.std.com | http://www.world.com Purveyors to the Trade | Voice: 617-739-0202 | Login: 617-739-WRLD The World | Public Access Internet | Since 1989 *oo*

I've never threatened to sue anyone in my life. On October 1, 1998 at 17:55 jcgreen@netins.net (Jon Green) wrote:

On Thu, 1 Oct 1998 18:30:23 -0400, bzs@world.std.com writes:

...

These appear to be some of the worst vermin on the net and are enormous time sink, and are being aided and abetted by what appears to be gross mismanagement, at best, and yet there you are ready in a second to leap to their defense?

Perhaps you should threaten to sue them, as you did a few years back when someone wanted to delink your IRC server.

Please, immediately telnet to the clue server and issue the 'get' command.

-Jon

----------------------------------------------------------------- * Jon Green * "Life's a dance * * jcgreen@netins.net * you learn as you go" * * Finger for Geek Code/PGP * * * #include "std_disclaimer.h" * http://www.quadrunner.com/~jon * -------------------------------------------------------------------------

Aaron: Clearly we're talking about what to do in reaction to some of the worst kinds of abusers on the net, second perhaps only to outright crackers and smurfers, and the mismanaged resources they exploit.

Okay, lemme ask ya something. You say the TLD is mismanaged. Have you followed the policy that they've promulgated to deal with abuse? If you have not followed their procedure for dealing with abuse, you have no way to say that a place is mismanaged or not. For example, I can tell you that the car repair shop I used to fix my car is likely suffering from mismanagement. I left my car with them, and they didn't execute my service requests properly, and when I followed their customer satisfaction procedures I still was not satisfied appropriately. However, I can't say that about the fast food restaurant I went to today and got bad food from. I didn't bother following it up. The fact that I got bad food by itself doesn't mean much, since I made no management attempt to resolve it. Think about that before you spout again.

On Thu, Oct 01, 1998 at 02:23:30PM -0400, Barry Shein wrote:

Unfortunately, as of right this minute, 10/1 at 2:20PM EDT, these porn domain forgers are back on the Tonga site and spamming away again forging our domain name into their spams.

Barry. Court cases have been won against spammers forging others' domains. Suggestion: Concentrate on slamming these losers in court instead of railing against the TLD admins. I mean, I don't doubt you've already initiated legal action, but the discussion we're having is counterproductive. -- Anyone who spams me will be subject to torture by Jake, my killer attack hedgehog, and/or Lizzy and Junior, my man-eating iguanas.

On Thu, Oct 01, 1998 at 02:23:30PM -0400, Barry Shein wrote:

On October 1, 1998 at 11:09 memory@blank.org (Nathan J. Mehl) wrote:

...

Barry, this seems sort of silly. They have a stated abuse policy. You have evidence that one of their registrants is operating in contravention to that policy. What on earth is preventing you from making the obvious phone call?

Gosh that sounds so good Nathan.

Unfortunately, as of right this minute, 10/1 at 2:20PM EDT, these porn domain forgers are back on the Tonga site and spamming away again forging our domain name into their spams.

Something is very, very wrong with the Tongan domain and its management. They're not removing criminal domain-hijacking spammers, they're just letting them change their name as far as I can tell.

Damnit, Barry: DID YOU MAKE THE CALL? Cjeers, -- jra -- Jay R. Ashworth jra@baylink.com Member of the Technical Staff "The net is safer in bad weather: you The Suncoast Freenet can't run a backhoe Tampa Bay, Florida in a hurricane." (after Sean Donelan) +1 813 790 7592 Managing Editor, Top Of The Key sports e-zine ------------ http://www.totk.com

On Thu, Oct 01, 1998 at 08:14:47PM -0400, Barry Shein wrote:

On October 1, 1998 at 19:43 jra@scfn.thpl.lib.fl.us (Jay R. Ashworth) wrote:

...

Damnit, Barry: DID YOU MAKE THE CALL?

You know, you're being boorish Jay but I'll answer anyhow because you seem so fascinated with this train of thought it's made you blind to the obvious:

No, actually, I've been being merely logical.

As fast as one of these .to domains is shut down the domain hijackers open another .to domain, apparently within minutes, and continue spamming with that.

So it's not doing a lot of good asking tonic to shut down domain a.to when that just results in seeing spam shortly thereafter advertising b.to and then c.to and d.to and e.to and f.to etc.

This suggest that you'rve called them, but as someone noted earler, you're being awfully cagey about it. A simple "yes, I called them; it didn't help" would help your case immensely, Barry.

One major problem is the mismanagement of the .to domain, and to what purpose (apparently not to serve the Kingdom of Tonga as a national TLD) remains fairly mysterious, other than "for money" and whatever damage it does to others be damned.

This exact argument could be aimed at NSI about the opening of the .net TLD to non-network-management machines, actually.

It's like a site which won't close an open mail relay. Sure, it's ultimately the spammers exploiting the open relay which are the actual perps. But if all the open mail relay will do, for example, is block the one domain from relaying so the spammers just jump to another domain and use them as an open relay again, and again, and again...well then just informing them of the latest domain on an hourly basis isn't really doing it.

Ok. But, as far as I can see, you haven't actually proven here that the people in question are _actually_ registered in the .to domain in the first place, and not simply forging _that_ address too. In which case, of course, it wouldn't be their problem at all. Could the gentleman who posted from tonic earlier today please enlighten us as to whetner Barry has actually opened a ticket on this topic or not? Cheers, -- jr 'and you _still_ didn't answer me' a -- Jay R. Ashworth jra@baylink.com Member of the Technical Staff "The net is safer in bad weather: you The Suncoast Freenet can't run a backhoe Tampa Bay, Florida in a hurricane." (after Sean Donelan) +1 813 790 7592 Managing Editor, Top Of The Key sports e-zine ------------ http://www.totk.com

Thus spake Barry Shein

On October 1, 1998 at 19:43 jra@scfn.thpl.lib.fl.us (Jay R. Ashworth) wrote:

...

DID YOU MAKE THE CALL? [Yadda, yadda, yadda]... again...well then just informing them of the latest domain on an hourly basis isn't really doing it.

I have another question. How come you didn't answer Jay's question? -- D'Arcy J.M. Cain <darcy@{druid|vex}.net> | Democracy is three wolves http://www.druid.net/darcy/ | and a sheep voting on +1 416 424 2871 (DoD#0082) (eNTP) | what's for dinner.

perps. But if all the open mail relay will do, for example, is block the one domain from relaying so the spammers just jump to another domain and use them as an open relay again, and again, and again...well then just informing them of the latest domain on an hourly basis isn't really doing it.

Ah, so maybe the problem isn't a mismanaged TLD at all -- maybe it's stupid sendmail operators with open relays! By gosh, I think we've found it! ag

</FLAME> I think he gets the idea...

On Wed, Sep 30, 1998 at 05:36:43PM -0400, Barry Shein wrote:

Oops, now I understand Karl Mueller's sarcastic, nasty remark in response to my note. He works for Best and Best is running this Tonga link.

Aha!

-Barry Shein

Barry, you're wrong, you sound like an idiot, and I'm going to nominate you for the very first Karl Denninger award. You and Karl have both been around for years and both of you may be technically proficient, but I hear stuff from both you and Karl that leaves me shaking my head in disbelief. (I don't work for Best, incidentally. FYI.) -- Anyone who spams me will be subject to torture by Jake, my killer attack hedgehog, and/or Lizzy and Junior, my man-eating iguanas.

On Wed, Sep 30, 1998 at 09:01:44PM -0400, Jay R. Ashworth wrote:

Hmmm... I'm not accustomed to _either_ of them being idiotic. Karl is often loudmouthed and opinionated, but I usually understand where he's coming from if I don't agree.

IMHO, Karl has said his share of foolish things. (Which is not to say I never agree with him) However, if I was to give Barry the KD award, it would be due to Barry's hard-headedness and inability to acknowledge that maybe he's wrong and others are right. Those are both traits that Karl has demonstrated multiple times. -- Anyone who spams me will be subject to torture by Jake, my killer attack hedgehog, and/or Lizzy and Junior, my man-eating iguanas.

I don't think whether or not a business is being operated for criminal purposes is generally defended by showing that some things they do are not entirely criminal. I think it's judged by showing that nothing they do is criminal. -Barry Shein Software Tool & Die | bzs@world.std.com | http://www.world.com Purveyors to the Trade | Voice: 617-739-0202 | Login: 617-739-WRLD The World | Public Access Internet | Since 1989 *oo* On September 30, 1998 at 16:00 sjsobol@nacs.net (Steven J. Sobol) wrote:

On Wed, Sep 30, 1998 at 03:22:38PM -0400, Barry Shein wrote:

...

We've been having increasing problems with one or more porn sites in the .to domain promoting itself by massive spamming of AOL customers using one of our domains in their From: header thus causing both complaints to us and thousands of bounces from AOL due to bad AOL addresses in their spam lists.

Looking at the .to domain I can't help but notice it's heavily laden with what appear to be porn sites (sexonline.to, come.to, xxxhardcore.to, etc.)

Come.to is not a spam domain but rather a redirection service.

Come.to is used by several sites that are NOT porn sites.

--

Anyone who spams me will be subject to torture by Jake, my killer attack hedgehog, and/or Lizzy and Junior, my man-eating iguanas.

On September 30, 1998 at 15:05 patrick@namesecure.com (Patrick Greenwell) wrote:

On Wed, 30 Sep 1998, Barry Shein wrote:

...

I don't think whether or not a business is being operated for criminal purposes is generally defended by showing that some things they do are not entirely criminal.

I think it's judged by showing that nothing they do is criminal.

Guilty until proven innocent? Remind me never to be on trial and have you as a juror.

Patrick, you seem to be having a lot of trouble with the words like "defended" and "judged". -- -Barry Shein Software Tool & Die | bzs@world.std.com | http://www.world.com Purveyors to the Trade | Voice: 617-739-0202 | Login: 617-739-WRLD The World | Public Access Internet | Since 1989 *oo*

On Wed, Sep 30, 1998 at 05:48:21PM -0400, Barry Shein wrote:

I don't think whether or not a business is being operated for criminal purposes is generally defended by showing that some things they do are not entirely criminal.

I think it's judged by showing that nothing they do is criminal.

Barry, please go to http://come.to/ . I was merely saying that come.to is not a porn service, it's a redirection/ vanity domain service. And if you are judging them as criminal based on the fact that they have questionable domains, you'd better go after the InterNIC too, and the world's other domain registries. What evidence do you have that they are operating illegally? -- Anyone who spams me will be subject to torture by Jake, my killer attack hedgehog, and/or Lizzy and Junior, my man-eating iguanas.

On the same bright Hawaiian night, he wrote:

The problem is mass spammers operating from within that domain forging legitimate host names into their spam.

Proof of mass please. (not to the lists...)

They're advertising a porn site within the .to domain.

a... as in one?

On October 1, 1998 at 08:05 harter@feeding.frenzy.com (Sam Hayes Merritt, III) wrote:

On Thu, 1 Oct 1998, Barry Shein wrote:

...

The problem is mass spammers operating from within that domain forging legitimate host names into their spam. They're advertising a porn site within the .to domain.

And? .com has this problem too

Com does not have the problem that it's nearly exclusively used for these kinds of things. If com had just about zero commercial sites you might have a point. The .to domain seems to have about zero sites having anything to do with Tonga (no one has yet pointed even one out to me) or any entity organized within Tonga. Even the site which appears by its name to be the Consulate of Tonga (sfconsulate.gov.to) is an ad for a software company and says nothing about Tonga. The San Francisco Consulate of the Kingdom of Tonga is listed by the US State Dept as the contact point for visas etc. That's a different kettle of fish.

So does .tj and .cc and .nu at times A registry/registar should not have to police their domains, that isn't their purpose in life. You are advocating taking away a countried ccTLD because they are using it at as a gTLD.

http://www.isi.edu/in-notes/rfc1591.txt:

In cases when there are persistent problems with the proper operation of a domain, the delegation may be revoked, and possibly delegated to another designated manager.

But that paragraph is located with describing how the TLD should technically be operated.

Sam

-- -Barry Shein Software Tool & Die | bzs@world.std.com | http://www.world.com Purveyors to the Trade | Voice: 617-739-0202 | Login: 617-739-WRLD The World | Public Access Internet | Since 1989 *oo*

This is not a review process, what good would providing any proof whatsoever do? Other than perhaps satisfying your personal curiosity. That's the whole point. -b On October 1, 1998 at 15:43 sjsobol@nacs.net (Steven J. Sobol) wrote:

On Thu, Oct 01, 1998 at 01:43:03PM -0400, Barry Shein wrote:

...

Com does not have the problem that it's nearly exclusively used for these kinds of things.

Provide proof that .TO DOES.

...

If com had just about zero commercial sites you might have a point.

This assertion is based on what proof?

--

Anyone who spams me will be subject to torture by Jake, my killer attack hedgehog, and/or Lizzy and Junior, my man-eating iguanas.

On October 1, 1998 at 16:13 up@3.am (up@3.am) wrote:

Flames aside, I think it's safe to conclude that removing the .to TLD would have roughly zero effect on spam, yet plenty of negative effect on the thousands of legitimate users of the TLD.

Not clear. Obviously .to is being run in a very unusual way. Among other things, I guess the spammers can instantly sign up new domains for their web sites as fast as .to can take them down (which isn't very fast, but for discussion's sake.) That's quite unusual, and the entire activity seems to have nothing to do with the Kingdom of Tonga or any entitites within that country except inasmuch as they seem to look the other way and probably get some money for it (others have claimed this.) But the proof is in the pudding, ADULTSIGHTS.COM is finding the way the .to domain is being managed very useful to their mass spamming and other criminal (e.g., domain hijacking) activities. Taken togther, I say that's a problem. What should be done about it is yet another question, of course. Also, I'm not sure I agree with your characterization that businesses etc which have registered a Tongan domain, but have no other relationship with Tonga, are "legitimate". They may be banal, harmless, other than what may well be prima facie evidence of intent to defraud by advertising a business etc in a country they don't actually have any presence in, but that doesn't necessarily make the usage "legitimate". I don't think I'd want to be on the wrong side of a court case, even if unfair, with the other side pointing out that I was doing business via a network address in the Kingdom of Tonga, unless I really had a good reason for doing so other than "I thought the name was cute". The law doesn't tend to look kindly on businesses which purposely obfuscate their identity and whereabouts.

Truly a case of throwing out the baby with the bath water, IMHO. James Smallacombe PlantageNet, Inc. CEO and Janitor up@3.am http://3.am ==================================================================== ISPF, The Forum for ISPs by ISPs. October 26-28, 1998, Atlanta, GA. Three days of clues, news, and views from the industry's best and brightest. http://www.ispf.com/ for information and registration. ====================================================================

-- -Barry Shein Software Tool & Die | bzs@world.std.com | http://www.world.com Purveyors to the Trade | Voice: 617-739-0202 | Login: 617-739-WRLD The World | Public Access Internet | Since 1989 *oo*

Mueller: You really need to explain your financial interest in all this before making these pathetic spin attempts. On October 1, 1998 at 16:09 karl@best.net (Karl Mueller) wrote:

Nobody warned me that Jim Fleming had a brother! Ayeiii....

We now return you to TongaV8, in progress..

Karl

...

Not clear. Obviously .to is being run in a very unusual way. Among other things, I guess the spammers can instantly sign up new domains for their web sites as fast as .to can take them down (which isn't very fast, but for discussion's sake.)

That's quite unusual, and the entire activity seems to have nothing to do with the Kingdom of Tonga or any entitites within that country except inasmuch as they seem to look the other way and probably get some money for it (others have claimed this.)

But the proof is in the pudding, ADULTSIGHTS.COM is finding the way the .to domain is being managed very useful to their mass spamming and other criminal (e.g., domain hijacking) activities.

Taken togther, I say that's a problem. What should be done about it is yet another question, of course.

Also, I'm not sure I agree with your characterization that businesses etc which have registered a Tongan domain, but have no other relationship with Tonga, are "legitimate".

They may be banal, harmless, other than what may well be prima facie evidence of intent to defraud by advertising a business etc in a country they don't actually have any presence in, but that doesn't necessarily make the usage "legitimate".

I don't think I'd want to be on the wrong side of a court case, even if unfair, with the other side pointing out that I was doing business via a network address in the Kingdom of Tonga, unless I really had a good reason for doing so other than "I thought the name was cute". The law doesn't tend to look kindly on businesses which purposely obfuscate their identity and whereabouts.

On Thu, 1 Oct 1998, Barry Shein wrote:

Also, I'm not sure I agree with your characterization that businesses etc which have registered a Tongan domain, but have no other relationship with Tonga, are "legitimate".

Would it be illegitimate for a writer to write an article for a travel magazine about Tonga when that writer has no other relationship with Tonga other than having spent 10 days vacationing there? Would it be illegitimate for a wine merchant to advertise that they are a "French" wine merchant when they have no other relationship with France other than the fact that they buy wine from that country? I could go on. But I don't feel like a raving lunatic today. And I don't work for Best, not now, not ever. And I have never been a sheriff in the state of Kansas either. -- Michael Dillon - E-mail: michael@memra.com Check the website for my Internet World articles - http://www.memra.com

Turn it off... turn it off... ...for the love of god, turn it off! Seriously people, take this offline. -r

On Thu, Oct 01, 1998 at 04:04:30PM -0400, Barry Shein wrote:

This is not a review process, what good would providing any proof whatsoever do? Other than perhaps satisfying your personal curiosity.

Or providing evidence that you have a valid argument. -- Anyone who spams me will be subject to torture by Jake, my killer attack hedgehog, and/or Lizzy and Junior, my man-eating iguanas.

On October 1, 1998 at 11:06 sjsobol@nacs.net (Steven J. Sobol) wrote:

On Thu, Oct 01, 1998 at 03:05:35AM -0400, Barry Shein wrote:

...

The problem is mass spammers operating from within that domain forging legitimate host names into their spam.

I run the mail server for FREE, one of the antispam groups.

There have been many spam runs from .NET and .COM sites with our domain forged into Received headers.

Do you hear me calling for decomissioning of the NET and COM TLDs? I think not.

You miss the point: If that were ALL (or just about all) NET and COM were being used for you might have an analogy. The underlying question was what review process exists to determine whether or not this is the case and, if so, what to do about it. The answer appears to be: There exists absolutely no review process, no way to ascertain and air out the facts of the matter, the law of the jungle rules in these matters. -- -Barry Shein Software Tool & Die | bzs@world.std.com | http://www.world.com Purveyors to the Trade | Voice: 617-739-0202 | Login: 617-739-WRLD The World | Public Access Internet | Since 1989 *oo*

At 06:35 PM 9/30/98 -0400, Steven J. Sobol wrote:

On Wed, Sep 30, 1998 at 04:19:44PM -0500, Jeremy Porter wrote:

...

Not that I would advocate such activity, but unless there exists an extradition treaty that allows for computer trespass or denial of service attacks, I imagine that a few weeks of being hacked and DoS attacks would have them reconsidering the fee's that they charge to spam houses.

I hope you're kidding.

This statement is an order of magnitude dumber than anything Barry's contributed to this thread.

Agreed! SPAM-L has determined, over years of operation (including getting CyberPromo busted out of Agis), that the most effective policy is reasonable complaint, followed by blackholing (a la RBL). Any "Cracker" or DoS attacks simply open you up for criminal charges and actually place the spam-haus in a favorable light wrt LEOs. They then become the "oh so innocent and helpless" victim. Also, there are a lot of TO SLDs that aren't spam-hauses. The normal SPAM complaint process to their upstream providers usually does the trick, regardless of what domain they're in. ___________________________________________________ Roeland M.J. Meyer, ISOC (InterNIC RM993) e-mail: <mailto:rmeyer@mhsc.com>rmeyer@mhsc.com Internet phone: hawk.mhsc.com Personal web pages: <http://www.mhsc.com/~rmeyer>www.mhsc.com/~rmeyer Company web-site: <http://www.mhsc.com/>www.mhsc.com/ ___________________________________________ I bet the human brain is a kludge. -- Marvin Minsky

On Wed, Sep 30, 1998 at 08:57:08PM -0500, Jeremy Porter wrote:

So what you are saying is that Barry has a perfectly functional method of dealing with the problem and all the rest of this is a complete and utter waste of our time. Mr Sobol's comments doubly so, as they add no new information.

Where do you see him saying that? I don't think either your solution or his will work. -- Anyone who spams me will be subject to torture by Jake, my killer attack hedgehog, and/or Lizzy and Junior, my man-eating iguanas.

On Thu, Oct 01, 1998 at 12:13:51AM -0500, Jeremy Porter wrote:

In message <19980930233307.53929@shell.nacs.net>, "Steven J. Sobol" writes:

...

On Wed, Sep 30, 1998 at 08:57:08PM -0500, Jeremy Porter wrote:

...

So what you are saying is that Barry has a perfectly functional method of dealing with the problem and all the rest of this is a complete and utter waste of our time. Mr Sobol's comments doubly so, as they add no new information.

RBL doesn't work? Abuse reporting doesn't work. Strong claims, lets see some proof?

...

Where do you see him saying that? I don't think either your solution or his will work.

I was referring to Barry's solution (disabling whole TLDs) versus DoS attacks. *Neither* of those actions constitutes a solution to the problem being discussed. I apologize for not being clearer. Again, as I mentioned before, I am not arguing the effectiveness of the RBL. -- Anyone who spams me will be subject to torture by Jake, my killer attack hedgehog, and/or Lizzy and Junior, my man-eating iguanas.

At 11:33 PM 9/30/98 -0400, Steven J. Sobol wrote:

On Wed, Sep 30, 1998 at 08:57:08PM -0500, Jeremy Porter wrote:

...

So what you are saying is that Barry has a perfectly functional method of dealing with the problem and all the rest of this is a complete and utter waste of our time. Mr Sobol's comments doubly so, as they add no new information.

Where do you see him saying that? I don't think either your solution or his will work.

With spammers, *nothing* works 100%. Even killing their link. It took a long time of concentrated effort to get Spamford bounced off the net. Mostly, they just pop up somewhere else. So what if you get TO deleted, big deal. Those spammers will simply move on. The only thing we can do is work on reducing the forgeries so they can be more easily filtered and GET THOSE RELAYS CLOSED. Everyone, running sendmail, should be at v8.9.1 and subscribed to the RBL, IMHO. ___________________________________________________ Roeland M.J. Meyer, ISOC (InterNIC RM993) e-mail: <mailto:rmeyer@mhsc.com>rmeyer@mhsc.com Internet phone: hawk.mhsc.com Personal web pages: <http://www.mhsc.com/~rmeyer>www.mhsc.com/~rmeyer Company web-site: <http://www.mhsc.com/>www.mhsc.com/ ___________________________________________ I bet the human brain is a kludge. -- Marvin Minsky