[policy] When Tech Meets Policy...
Douglas Otis
dotis at mail-abuse.org
Wed Aug 15 19:15:41 UTC 2007
On Aug 14, 2007, at 11:00 PM, Chris L. Morrow wrote:
>
> On Wed, 15 Aug 2007, Paul Ferguson wrote:
>>
>> More than ~85% of all spam is being generated by spambots.
>
> yes, that relates to my question how though? I asked: "Do spammers
> monitor the domain system in order to spam from the domains in flux
> as tastinng domains?" I asked this specifically because that
> behavior was being used as a 'resaon to stop tasting', or to clamp
> down on it atleast.
Links to pornography in spam could be used as an example of where use
of throw-away domains for this purpose is obscured by millions of
tasting domains. A reference to pornography is a category of threat
heavily blocked by domain in various products that extend beyond just
email. Most might not view pornography as a serious threat, but this
endeavor benefits from domain tasting chaff.
>> Spammers are gaming the domain registry system, not for MX record
>> manipulation, but to install their own nameservers on compromised
>> hosts, round-robin and fast-flux their ability to avoid detection,
>> and inevitably hide behind various layers of obfuscation.
>
> Sure, they are being bad, they are doing what akamai does (or other
> CDNs) only for illegal end reasons... That's not relevant to my
> question, but I agree it's a dirty trick still.
Blocking by domain name would be the response needed to dealing with
a DNS abuse problem. It can not be done by IP address. When there
are millions of domains continuously in flux, any database attempting
to address this issue will be inundated with nonsense. Over a few
weeks, this nonsense represents more information than that used by
all existing domains.
>> They are manipulating both the (legitimate) process of obtaining
>> IP addresses, registering domain names (and all the cruft that it
>> brings along with it, given the loopholes in the processes), and
>> manipulating the ability to move their nameservers around at-will.
>
> That's not a manipulation so much as using the system as designed.
Agreed. However, domain tasting makes any response to abuse of the
domain system much slower and far more expensive.
>> It's pretty much a mess -- these guys use the system to succeed.
>
> agreed, they are a mess (spammers and their current business)
If this were just limited to spammers, it would be less of a concern.
>> Honestly, I don't have any answers -- only questions at this
>> point. :-/
>
> me too, I just don't want to see the issue sidetracked on:
>
> 1) spammers using tasting to their benefit
> 2) phishers are tasters/use tasting to their benefit
>
> neither of which is, near as I can tell, true or real fears.
> Tasting is, in and of itself, a completely different problem with a
> completely different set of issues... Conflating the 3 (or parts of
> the 2 sets) is just as wrong as saying that 'tasting lets the
> terrorists win'.
This should be stated somewhat differently.
1) spammers benefit by domain tasting
2) phishers benefit by domain tasting
_Any_ protective measure to combat phishing, undesired or malicious
links will need to be done by domain name. Bots tend to thwart
reliance upon IP addresses. Assessment by domain name is made far
less effective by the very large amount of noise generated by domain
tasting. Domain tasting provides cover for the abusive criminal
activity. While domain tasting itself is not criminal, the harm it
permits could easily be seen as the result of a negligent policy.
-Doug
More information about the NANOG
mailing list