Eric S. Raymond wrote:
So the question is, what *other* data might registrars publish to
facilitate identifying domains that are probably throwaways?
Perhaps they could publish whether or not they actually verified the ID
of a registrant and found them to be a real entity. This has been
mentioned before on the list, and it was suggested that if compliant
MTA's started rejecting mail based on a domain not being published with
a validated registrant indicator, then more registrars would begin
verifying ID's of their customers. The registrars would not necessarily
need to provide the information, but just display an indicator on the
whois record that the owner of the domain's ID has been verified. You
do however end up with somewhat of a chicken and egg scenario. The
registrars most likely won't provide this until they have to in order to
keep their customers happy, and MTA admins probably won't use this as a
factor in a decision until enough registrars make it available.
I would personally provide my contact information, copy of a photo ID,
etc. to my registrar if they could publish such an indicator on my
domains. This way, compliant MTA's could check this indicator and make
a decision knowing that if I am found to be spamming, there's a good
chance of tracking me down via my domain registrar. So far, I've been
registering domains for years upon years, and still have not been
required to provide much identification at all. If I didn't pay for
most of them with a credit card, I could just make up fake information.
I know this works because I have many friends that do this simply to
keep their information out of the whois database where spammers (both
e-mail and snail-mail) can pick their info up.
---
Dustin D. Trammell
Vulnerability Remediation Alchemist
Citadel Security Software, Inc.
-------
Sender Permitted From: http://spf.pobox.com/
Archives at http://archives.listbox.com/spf-discuss/current/
To unsubscribe, change your address, or temporarily deactivate your
subscription,
please go to
http://v2.listbox.com/member/?listname(_at_)½§Åv¼ð¦¾Øß´ë�ù1I�í-»F�qx(_dot_)com