From: Kee Hinckley <nazgul(_at_)somewhere(_dot_)com>
At 11:09 PM -0400 5/8/03, Yakov Shafranovich wrote:
Would registering more junk domains mean that the spammer will be
spending more money on sending spam? Wouldn't eventually that create a
big enough expense for the spammer which would be comparable with the
cost of postage for sending a regular letter? That would lead to higher
cost of sending spam thus
Given that some spammers already work this way, I would say not. Assuming
that you post several million (at least) messages per domain, and domains
cost about $10, I don't think it qualifies as a significant expense.
What I am wondering if it is possible to work out a formula and figure out
at what point does the spammer become unprofitable (messages sent per
domain vs. the domain price). This piece of information will not help by
itself, but can contribute to the overall solution
Also, if the ICANN rule about having correct WHOIS information would
actually be enforced with some kind of fines or penalties, wouldn't that
force the registrars to have better ID procedures on who actually
registers domain names thus reducing the overall number of junk domains?
This is part of the overall
The question is (as with any identification system), what would you do
with the information? Would you block based on physical address? And is
it really possible for a registrar to validate an address when it comes
from another part of the world?
There are also some practical considerations. Unfortunately you can't do
a whois query on every incoming domain. The registrars have some limit on
the number and type of automated queries you can do from a single IP
address (in part to keep out spammers, but there are also general
scalability issues). You could try round-robinning your requests, but it
turns out the different registrars return different formats. The only
real solution is to purchase the entire database and do periodic downloads
(Network Solutions supposedly sells it--although they never responded to
our queries--but other registrars do). So while it's a good solution for
a spam filtering service, it's not really useful as a generic tool.
As someone has mentioned before, the WHOIS data is more useful for tracking
spammers than spam. Thus, there is still a reason to have this data valid
or at the least to allow registrars to be able to cancel a registration for
having false contact information.
---------------------------------------------------------------------------------------------------
Yakov Shafranovich / <research(_at_)solidmatrix(_dot_)com>
SolidMatrix Research, a division of SolidMatrix Technologies, Inc.
---------------------------------------------------------------------------------------------------
"One who watches the wind will never sow, and one who keeps his eyes on
the clouds will never reap" (Ecclesiastes 11:4)
---------------------------------------------------------------------------------------------------
_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg