fixing insecure email infrastructure (was: Re: [eweek article] Window of "anonymity" when domain exists, whois not updated yet)

Steven Champeon schampeo at
Wed Jan 12 17:11:38 UTC 2005

on Wed, Jan 12, 2005 at 12:55:06PM +0000, Eric Brunner-Williams in Portland Maine wrote:
> > 4) all domains with invalid whois data MUST be deactivated (not
> >    confiscated, just temporarily removed ...
> All? Even those unpublished and therefore non-resolving? Sensible for the
> scoped-to-totality trademarks weenies who argue that the stringspace is a
> venue for dilution, whether the registry publishes all of its allocations
> or not.

Why would it matter if you deactivated an unpublished/non-resolving domain?
If you care about the domain, keep the whois data up to date and accurate.
> I'm not sure why anyone cares about a very large class of domains in the
> context of SMTP however. 

For one thing, a very large class of domains are being used as
throwaways by spammers, who use them up at a rate approaching 1 every
six hours for some of them, after which they are abandoned. In the
meantime, their whois info is inaccurate or (thanks, VRSN!) not yet
published, anyway, so the criminals can hide behind the fact that nobody
seems to care about whether whois is accurate. This destroys any
potential protection value whois might offer, and allows spammers and
other abusers to fly below the radar, accountable to nobody.
> > 5) whois data MUST be normalized and available in machine-readable form
> There are some registries that use paper to answer registration queries.

> I'm not sure why anyone cares about a very small class of domains in the
> context of SMTP however. 

It's not a very small class of domains with more or less unpredictable
data formats. It's ALL of them, or damn near. I should be able to write
a program, relatively easily, that would give me any available contact
or registrant information on a per-field basis, from any whois service.
The wide variety and nonuniformity of the existing services makes that
task daunting at best; that the information is likely wrong or stale is
enough to undermine whatever faith we might have had in it once.
> Aggregation and reformatting have their place. We explored this in the
> whoisfix bofs but no working group congealed around "fixing" :43.

What were the objections/sticking points? 
> Again, I'm not sure why anyone cares about a very large class of whois:43
> output sources in the context of SMTP however. 

It's not just the context of SMTP. It's the context of accountability on
the Internet, which bad actors are exploiting, currently, via SMTP.

I really do think it would benefit some folks here to read up on the
"broken windows theory" of crime prevention. The majority of the 'Net
is looking more and more like a warehouse full of broken windows (no,
this isn't a deliberate pun on the OS) and it's no surprise that we
waste many billions of dollars a year as a result.

Let people get away with petty crimes, and they get the message loud and
clear that you probably don't care about the big crimes, either - while
giving them a great opportunity to perform those crimes in an atmosphere
of an almost complete lack of accountability.

-- v: +1(919)834-2552 f: +1(919)834-2554 w:
join us!    join us!

More information about the NANOG mailing list