fixing insecure email infrastructure (was: Re: [eweek article] Window of "anonym

Rich Kulawiec rsk at
Thu Jan 13 15:08:37 UTC 2005

On Thu, Jan 13, 2005 at 12:26:47PM +0100, Stephane Bortzmeyer wrote:
> > 4) all domains with invalid whois data MUST be deactivated (not
> > confiscated, just temporarily removed from the root dbs) immediately
> > and their owners contacted.
> Because there is no data protection on many databases (such as ".com"
> registrars who are forced to sell the data if requested), people lie
> when registering, because it is the only tool they have to protect
> their privacy.

Those people are fooling themselves.  Much of the domain registration
data is already being offered for sale (by spammers, of course) and no
doubt, when it suits their purposes to do so, the same people will find
a way to acquire the supposedly "private" data behind the rest.

(How are they getting the data?  I don't know.  Could be weak registrar
security, could be a backroom deal, could be a rogue employee.  But there
is demand for the data, and plenty of money to pay for it, therefore it
*will* be acquired and sold.)

The current pretense of "privacy" is nothing more than a convenient
mechanism for registrars to pad their wallets and evade responsible
for facilitating abuse.


More information about the NANOG mailing list