Article on spammers and their infrastructure

Fred Baker fred at cisco.com
Thu Dec 31 05:06:18 UTC 2009


One might say the same about the IETF, which Randy likes to lampoon.  
Not sure how it comes up in this context, as (as Randy loves to remind  
us) while many operators attend, it is not first-and-foremost an  
operational community. As to ICANN, I think Rich may be talking about  
the registries and registrars for their DNS names, but not the agency  
that coordinates them. At most, ICANN can give them suggestions. And  
as for addresses, they get them from their local ISPs.

What ICANN and many of the registries have in fact done is make an  
issue of domain name "tasting", which is a means by which some forms  
of abusers change names rapidly to evade filters. That is a matter of  
having the fox guard the henhouse, however; the registries make money  
on names being sold, and "tasting" is a means of making a lot of  
sales. So while some have good efforts there, not all are motivated to  
fight abuse.

As to addresses, we can point to at least one entire ISP shut down as  
most of the traffic coming from it was abusive. But for ISPs, it  
becomes at least in part a matter of the amount of trouble they cause  
their immediate neighbors. If they can link to other ISPs, who they  
sell their services too is somewhat opaque to the wider world. And  
since the abusers are not above "owning" systems, every network has  
some subset of its subscribers to think about.

I agree with your sentiment, Rich, and empathize with your  
frustration. Writing comments in blogs doesn't get the hard work of  
tools and policy done, though. You have to take the next step.


On Dec 30, 2009, at 8:26 PM, Paul Vixie wrote:

> Randy Bush <randy at psg.com> writes:
>>> If ARIN and/or RIPE and/or ICANN and/or anyone else were truly
>>> interested in making a dent in the problem, then they would have  
>>> already
>>> paid attention to our collective work product.
>>
>> the rirs, the ietf, the icann, ... each think they are the top of the
>> mountain.  we are supposed to come to them and pray.  more likely  
>> that
>> the itu will come to them and prey.
>
> ARIN (an RIR) does not think in terms of mountains.  the staff and  
> company
> does what members and the elected board and elected advisory council  
> ask.
> ARIN is a 501(c)(6) and sticks to its knitting, which thus far means  
> no
> distinguished role in "spammers and their infrastructure" but that  
> could
> change if someone writes a policy proposal which is adopted after the
> normal policy development process.
>
> please do consider whether ARIN could help with "spammers and their
> infrastructure" and if so, write a policy draft to that effect.   
> ARIN is
> responsive to community input, and has well established and well  
> publicized
> mechanisms for receiving and processing community input.  nobody has  
> to
> come and pray, but likewise, nobody should expect ARIN to look for  
> mission
> creep opportunities.  ARIN will go on doing what the community asks,  
> no
> less, no more.  ARIN has no mechanism, as a company, for "[paying]
> attention to [your] collective work product".  our members, and the  
> public
> at large who participates in ARIN's policy development process, do  
> that.
> -- 
> Paul Vixie
> Chairman, ARIN BoT
> KI6YSY
>

http://www.ipinc.net/IPv4.GIF





More information about the NANOG mailing list