Re: [Fwd: zone transfers, a spammer's dream?]
On Thu, Dec 09, 2004 at 03:52:38AM +0200, Gadi Evron [EMAIL PROTECTED] wrote a message of 174 lines which said: 171 uk.zone Everything is in subdomains like co.uk, so there is no point in blocking zone transfers for the TLD.
RE: [Fwd: zone transfers, a spammer's dream?]
--On 14 December 2004 10:17 + Matt Ryan [EMAIL PROTECTED] wrote: 171 uk.zone www.bl.uk? All bar the 171 lines :-) (.uk itself contains some legacy including bl.uk, govt.uk etc.). Alex
RE: [Fwd: zone transfers, a spammer's dream?]
www.bl.uk? Matt. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Stephane Bortzmeyer Sent: 14 December 2004 09:52 To: Gadi Evron Cc: nanog list Subject: Re: [Fwd: zone transfers, a spammer's dream?] On Thu, Dec 09, 2004 at 03:52:38AM +0200, Gadi Evron [EMAIL PROTECTED] wrote a message of 174 lines which said: 171 uk.zone Everything is in subdomains like co.uk, so there is no point in blocking zone transfers for the TLD. -- Live Life in Broadband www.telewest.co.uk The information transmitted is intended only for the person or entity to which it is addressed and may contain confidential and/or privileged material. Statements and opinions expressed in this e-mail may not represent those of the company. Any review, retransmission, dissemination or other use of, or taking of any action in reliance upon, this information by persons or entities other than the intended recipient is prohibited. If you received this in error, please contact the sender immediately and delete the material from any computer. ==
Re: [Fwd: zone transfers, a spammer's dream?]
On Tue, 14 Dec 2004, Stephane Bortzmeyer wrote: 171 uk.zone Everything is in subdomains like co.uk, so there is no point in blocking zone transfers for the TLD. For the same reason, it is perfectly normal to $ dig @LETTER.root-servers.net. . axfr -- -- Todd Vierling [EMAIL PROTECTED] [EMAIL PROTECTED]
Re: [Fwd: zone transfers, a spammer's dream?]
On Thu, Dec 09, 2004 at 03:52:38AM +0200, Gadi Evron wrote: After a much too long introduction here comes my questions: is this deliberate? I can understand that Chad has bigger things to worry about than 24 domains getting on yet another spam list, but why Canada makes nearly half a million domains as easy to grab as this really is a mystery to me. It doesn't matter: that toothpaste came out of the tube a long time ago. Spammers have been buying and selling domain registration information for years, and anyone with cash-in-hand can buy as much of it as they want: either by TLD or by country or by category. Here's just a tiny tip-of-the-iceberg sample of the hundreds (?) of buyers, sellers, and brokers for WHOIS data and tools to manipulate it: http://www.bestextractor.com/ http://www.massmailsoftware.com/whois/ http://lists.freebsd.org/pipermail/freebsd-chat/2004-January/001942.html http://gnso.icann.org/mailing-lists/archives/dow1-2tf/msg00121.html http://www.sherpastore.com/store/page.cfm/2003 You can find as many more as you wish by using your favorite search engine to look for various combinations of extractor whois contact domain fresh leads market target email url and then just following the links back to their sites. (If the sites are down, don't worry: they'll be back soon, maybe with a new domain, maybe on a new web host.) How are they getting it? I don't know. Maybe they have deals with registrars; maybe they have deals with registrar employees; maybe they just breached registrar security. Or maybe something else entirely. However they're getting it, they're getting updates: in fact, updated information carries higher market value. And anyone who is so foolish as to believe that their private (obfuscated, cloaked, whatever) domain registration information is *really* private is in for a rude awakening. The irony of all this is that spammers already have all this information -- yet registrars have gone out of their way to make it as difficult as possible for everyone else to get it (rate-limiting queries and so on). ---Rsk
Re: [Fwd: zone transfers, a spammer's dream?]
--On 09 December 2004 10:24 -0500 Rich Kulawiec [EMAIL PROTECTED] wrote: The irony of all this is that spammers already have all this information -- yet registrars have gone out of their way to make it as difficult as possible for everyone else to get it (rate-limiting queries and so on). They clearly don't already have this information, or they wouldn't be a) offering to pay people for it b) continue to be trying to obtain it by data mining. Your argument is roughly equivalent to The irony of this is that drug dealers already have drugs -- yet governments have gone out of their way to make it as difficult as possible for everyone else to get them. Or Credit card fraudsters already have credit card numbers - yet credit card companies have gone out of their way to make it is difficult as possible for everyone else to get them. IE sure, there's a lot of leaked information out there (often including personal data), that doesn't mean responsible registries should add to it. Note also that responsible registries do provide query access (automable where necessary) to registration data in a variety of different ways; not all make it as hard as possible for others to access it. I will leave it to the reader's judgment to work out which registries come under the category responsible. Alex
Re: [Fwd: zone transfers, a spammer's dream?]
- Original Message - From: Alex Bligh [EMAIL PROTECTED] To: Rich Kulawiec [EMAIL PROTECTED]; [EMAIL PROTECTED] Cc: Alex Bligh [EMAIL PROTECTED] Sent: Thursday, December 09, 2004 11:59 AM Subject: Re: [Fwd: zone transfers, a spammer's dream?] --On 09 December 2004 10:24 -0500 Rich Kulawiec [EMAIL PROTECTED] wrote: The irony of all this is that spammers already have all this information -- yet registrars have gone out of their way to make it as difficult as possible for everyone else to get it (rate-limiting queries and so on). They clearly don't already have this information, or they wouldn't agreed. also of note is that at least from here, the .ca folks have fixed the issue. -p --- paul galynin
Re: [Fwd: zone transfers, a spammer's dream?]
Alex Bligh wrote: The irony of all this is that spammers already have all this information -- yet registrars have gone out of their way to make it as difficult as possible for everyone else to get it (rate-limiting queries and so on). They clearly don't already have this information, or they wouldn't be a) offering to pay people for it b) continue to be trying to obtain it by data mining. There are lots of small-time spammers. Rest assured that the big fish already have access to most major zonefiles. Your argument is roughly equivalent to The irony of this is that drug dealers already have drugs -- yet governments have gone out of their way to make it as difficult as possible for everyone else to get them. Or Credit card fraudsters already have credit card numbers - yet credit card companies have gone out of their way to make it is difficult as possible for everyone else to get them. Drugs are bad. Domains aren't. For a certain value of aren't. Credit card numbers are all you need to commit fraud. Domains aren't. For a certain value of aren't. IE sure, there's a lot of leaked information out there (often including personal data), that doesn't mean responsible registries should add to it. Such as... selling access to the data to anyone who pays? No, responsible registries should of course not do this. - Kandra
Re: [Fwd: zone transfers, a spammer's dream?]
--On 09 December 2004 18:46 +0100 Kandra Nygårds [EMAIL PROTECTED] wrote: IE sure, there's a lot of leaked information out there (often including personal data), that doesn't mean responsible registries should add to it. Such as... selling access to the data to anyone who pays? No, responsible registries should of course not do this. Indeed. I wasn't suggesting they should. Alex
Re: [Fwd: zone transfers, a spammer's dream?]
On Thu, Dec 09, 2004 at 04:59:33PM +, Alex Bligh wrote: They clearly don't already have this information, or they wouldn't be a) offering to pay people for it b) continue to be trying to obtain it by data mining. Sure, some of them quite clearly don't. And so they're buying it from those who do, or acquiring it themselves. But lots of them have it, and have means to acquire updates to it when it suits them. This can't be surprising to anybody, given the amount of money being thrown around, the technical sophistication that's been displayed, and the usual assortment of security issues. Your argument [...] It's not an argument. I'm just reporting the news. Well, okay, I suppose I'm also arguing that there's no point in maintaining the pretense that registrars are keeping it all tucked away safe from [automated] prying eyes because it's obvious to everyone that *if* that was ever true, it stopped being true a long time ago. It's done. It's over. It's history. Any debate about how it _should_ have been kept tucked safe away has been rendered moot, and while it might still hold some philosophical interest, its practical value is nil. Note also that responsible registries do provide query access (automable where necessary) to registration data in a variety of different ways; not all make it as hard as possible for others to access it. shrug I think it's time to abandon the charade and simply publish all of it -- one static web page per domain, refreshed when the backing info changes. That would at least level the playing field, and pull the rug out from under those who are selling it. ---Rsk
