[Fwd: zone transfers, a spammer's dream?]
On Thu, Dec 09, 2004 at 03:52:38AM +0200, Gadi Evron wrote:
After a much too long introduction here comes my questions: is this deliberate? I can understand that Chad has bigger things to worry about than 24 domains getting on yet another spam list, but why Canada makes nearly half a million domains as easy to grab as this really is a mystery to me.
It doesn't matter: that toothpaste came out of the tube a long time ago. Spammers have been buying and selling domain registration information for years, and anyone with cash-in-hand can buy as much of it as they want: either by TLD or by country or by category. Here's just a tiny tip-of-the-iceberg sample of the hundreds (?) of buyers, sellers, and brokers for WHOIS data and tools to manipulate it: http://www.bestextractor.com/ http://www.massmailsoftware.com/whois/ http://lists.freebsd.org/pipermail/freebsd-chat/2004-January/001942.html http://gnso.icann.org/mailing-lists/archives/dow1-2tf/msg00121.html http://www.sherpastore.com/store/page.cfm/2003 You can find as many more as you wish by using your favorite search engine to look for various combinations of extractor whois contact domain fresh leads market target email url and then just following the links back to their sites. (If the sites are down, don't worry: they'll be back soon, maybe with a new domain, maybe on a new web host.) How are they getting it? I don't know. Maybe they have deals with registrars; maybe they have deals with registrar employees; maybe they just breached registrar security. Or maybe something else entirely. However they're getting it, they're getting updates: in fact, updated information carries higher market value. And anyone who is so foolish as to believe that their "private" (obfuscated, cloaked, whatever) domain registration information is *really* private is in for a rude awakening. The irony of all this is that spammers already have all this information -- yet registrars have gone out of their way to make it as difficult as possible for everyone else to get it (rate-limiting queries and so on). ---Rsk
--On 09 December 2004 10:24 -0500 Rich Kulawiec <rsk@gsp.org> wrote:
The irony of all this is that spammers already have all this information -- yet registrars have gone out of their way to make it as difficult as possible for everyone else to get it (rate-limiting queries and so on).
They clearly don't "already have" this information, or they wouldn't be a) offering to pay people for it b) continue to be trying to obtain it by data mining. Your argument is roughly equivalent to "The irony of this is that drug dealers already have drugs -- yet governments have gone out of their way to make it as difficult as possible for everyone else to get them". Or "Credit card fraudsters already have credit card numbers - yet credit card companies have gone out of their way to make it is difficult as possible for everyone else to get them". IE sure, there's a lot of leaked information out there (often including personal data), that doesn't mean responsible registries should add to it. Note also that responsible registries do provide query access (automable where necessary) to registration data in a variety of different ways; not all make it "as hard as possible" for others to access it. I will leave it to the reader's judgment to work out which registries come under the category "responsible". Alex
----- Original Message ----- From: "Alex Bligh" <alex@alex.org.uk> To: "Rich Kulawiec" <rsk@gsp.org>; <nanog@merit.edu> Cc: "Alex Bligh" <alex@alex.org.uk> Sent: Thursday, December 09, 2004 11:59 AM Subject: Re: [Fwd: zone transfers, a spammer's dream?]
--On 09 December 2004 10:24 -0500 Rich Kulawiec <rsk@gsp.org> wrote:
The irony of all this is that spammers already have all this information -- yet registrars have gone out of their way to make it as difficult as possible for everyone else to get it (rate-limiting queries and so on).
They clearly don't "already have" this information, or they wouldn't
agreed. also of note is that at least from here, the .ca folks have fixed the issue. -p --- paul galynin
Alex Bligh wrote:
The irony of all this is that spammers already have all this information -- yet registrars have gone out of their way to make it as difficult as possible for everyone else to get it (rate-limiting queries and so on).
They clearly don't "already have" this information, or they wouldn't be a) offering to pay people for it b) continue to be trying to obtain it by data mining.
There are lots of small-time spammers. Rest assured that the big fish already have access to most major zonefiles.
Your argument is roughly equivalent to "The irony of this is that drug dealers already have drugs -- yet governments have gone out of their way to make it as difficult as possible for everyone else to get them". Or "Credit card fraudsters already have credit card numbers - yet credit card companies have gone out of their way to make it is difficult as possible for everyone else to get them".
Drugs are bad. Domains aren't. For a certain value of aren't. Credit card numbers are all you need to commit fraud. Domains aren't. For a certain value of aren't.
IE sure, there's a lot of leaked information out there (often including personal data), that doesn't mean responsible registries should add to it.
Such as... selling access to the data to anyone who pays? No, responsible registries should of course not do this. - Kandra
--On 09 December 2004 18:46 +0100 Kandra Nygårds <kandra@foxette.net> wrote:
IE sure, there's a lot of leaked information out there (often including personal data), that doesn't mean responsible registries should add to it.
Such as... selling access to the data to anyone who pays? No, responsible registries should of course not do this.
Indeed. I wasn't suggesting they should. Alex
On Thu, 09 Dec 2004 18:46:32 +0100, =?ISO-8859-1?Q?Kandra_Nyg=E5rds?= said:
IE sure, there's a lot of leaked information out there (often including personal data), that doesn't mean responsible registries should add to it.
Such as... selling access to the data to anyone who pays? No, responsible registries should of course not do this.
It all depends on the registry's moral and ethical stance, and whether it feels more responsibility to the public trust, or responsibility to "maximize shareholder value". A large enough payment does wonders for shareholder value, and an incredible number of companies don't seem to feel any great need to benefit the public trust if not forced to do so. And of course, even a not-large payment often suffices, especially if it involves a suitcase and maximizing an underpaid employee's value... ;)
On Thu, Dec 09, 2004 at 04:59:33PM +0000, Alex Bligh wrote:
They clearly don't "already have" this information, or they wouldn't be a) offering to pay people for it b) continue to be trying to obtain it by data mining.
Sure, some of "them" quite clearly don't. And so they're buying it from those who do, or acquiring it themselves. But lots of "them" have it, and have means to acquire updates to it when it suits them. This can't be surprising to anybody, given the amount of money being thrown around, the technical sophistication that's been displayed, and the usual assortment of security issues.
Your argument [...]
It's not an argument. I'm just reporting the news. Well, okay, I suppose I'm also arguing that there's no point in maintaining the pretense that registrars are keeping it all tucked away safe from [automated] prying eyes because it's obvious to everyone that *if* that was ever true, it stopped being true a long time ago. It's done. It's over. It's history. Any debate about how it _should_ have been kept tucked safe away has been rendered moot, and while it might still hold some philosophical interest, its practical value is nil.
Note also that responsible registries do provide query access (automable where necessary) to registration data in a variety of different ways; not all make it "as hard as possible" for others to access it.
<shrug> I think it's time to abandon the charade and simply publish all of it -- one static web page per domain, refreshed when the backing info changes. That would at least level the playing field, and pull the rug out from under those who are selling it. ---Rsk
On Tue, 14 Dec 2004, Stephane Bortzmeyer wrote:
171 uk.zone
Everything is in subdomains like co.uk, so there is no point in blocking zone transfers for the TLD.
For the same reason, it is perfectly normal to $ dig @<LETTER>.root-servers.net. . axfr -- -- Todd Vierling <tv@duh.org> <tv@pobox.com>
participants (8)
-
Alex Bligh
-
Gadi Evron
-
Kandra Nygårds
-
Paul G
-
Rich Kulawiec
-
Stephane Bortzmeyer
-
Todd Vierling
-
Valdis.Kletnieks@vt.edu