Ok, I hadn't thought about parsing for transfer confirm, etc. I retract my last comment. Sure wish there were something we could do to at least make it work for them...
----- Original Message ----- From: "Robert L Mathews" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Thursday, May 30, 2002 12:48 AM Subject: Re: whois changes > At 5/29/02 11:27 PM, Paul Chvostek wrote: > > >I don't need OpenSRS to > >halfheartedly break a protocol I'm using in a fruitless attempt to > >inconvenience spammers. > > Yes. > > Intentionally messing with the format is pointless. Spammers will > trivially bypass it with a few minutes' work, and it will merely be an > inconvenience to those poor souls who do use it for legitimate purposes, > such as other registrars who parse it for transfer confirmation addresses. > > If OpenSRS wants to do something clever to prevent WHOIS spam, here's a > suggestion that works but doesn't interfere with parsers: offer the > option for WHOIS to generate temporary forwarding addresses on the fly. > > For example, an end-user's real address may be "[EMAIL PROTECTED]". But > when the WHOIS for example.com is queried, OpenSRS could give out the > address as "[EMAIL PROTECTED]" (making up a random number). > Then OpenSRS would forward mail for [EMAIL PROTECTED] to > [EMAIL PROTECTED] for, say, two weeks. Mail sent to the random address > after two weeks would be bounced with an explanatory error. > > This would mean that spammers couldn't compile and sell lists of names > from the WHOIS, because they would be out of date 14 days later. (The > problem is not that each spammer is compiling his own list from the > WHOIS, but that one idiot does so and sells it to thousands of other > spammers over the next few years.) > > This scheme would meet the requirement that the WHOIS contain a valid > contact address for the domain, and would work much better than various > challenge-response or whitelist systems I've seen in use (it requires no > configuration or maintenance at all), and it doesn't interfere with > automated systems like transfer confirmations. > > If I recall, some other registrar does something similar to this, > although I can't remember which one it is. > > This is actually on my list of things to implement locally by updating > the WHOIS forwarding address for each domain every so often, but it would > be better done at the registrar level. > > -- > Robert L Mathews, Tiger Technologies > > "The trouble with doing something right the first time is that nobody > appreciates how difficult it was." >
