Eric S. Raymond wrote:
Dustin Trammell <dtrammell(_at_)citadel(_dot_)com>:
So the question is, what *other* data might registrars publish to
facilitate identifying domains that are probably throwaways?
Perhaps they could publish whether or not they actually verified
the ID of a registrant and found them to be a real entity.
That seems more promising.
---8<--(snip)--8<--
I see a larger problem. What if the registrars worry that incorrectly
advertising a domain as verified when it is not (or vice-versa) could
open them to legal action?
Then they should not advertise a domain as being verified if they have
not verified the owner's information. (: Basically, what I see as the
benefit of this indicator is that it tells the world that the registrar
believes that they hold the real information for the entity that
purchased the domain name. If the domain is found to be spamming, the
people being spammed, taking note of this indicator, could contact the
registrar to track the spammer down. A blocklist could use this
indicator as a factor in a decision to accept or deny, if it does in
fact exist. If a registrar thinks that properly identifying the owners
of domains registered through them is too costly, associates too much
liability, etc., then they are not required to do it, and owners of
legitimate domains that want this extra level of protection will most
likely move their domains to a registrar that will provide this.
Ideally, we're looking for data that doesn't require the registrar to
make a potentially actionable judgment.
Like I said, they aren't required to, unless they want to as a value-add
to their customers. I would personally give any registrar that provides
a usable indicator like this my business, even if it cost me a few extra
bucks a domain to move to that registrar. The trick is, for the
indicator to actually be usable by blocklists and other anti-spam
mechanisms.
---
Dustin D. Trammell
Vulnerability Remediation Alchemist
Citadel Security Software, Inc.
-------
Sender Permitted From: http://spf.pobox.com/
Archives at http://archives.listbox.com/spf-discuss/current/
To unsubscribe, change your address, or temporarily deactivate your
subscription,
please go to
http://v2.listbox.com/member/?listname(_at_)½§Åv¼ð¦¾Øß´ë�ù1I�í-»F�qx(_dot_)com