In <407BE017(_dot_)6020603(_at_)ols(_dot_)es> David <david(_at_)ols(_dot_)es>
writes:
but that's the same i expect from the ip owner, well, in fact:
- having a ip block is more expensive than publishing a spf record
- ip email contacts are published via whois
- spf email contacts are not published
leads me to first try to contact the ip owner, which for sure has more
probabilities to have success.
spf email contacts are the same as the domain name contacts and are
also published within the whois database. I'm not sure why you think
that contacting the IP owner will have more success than contacting
the domain owner. Both can be either pretty flakey or very
responsive.
However, take a look at the amount of information you get from the
whois database for the IP address that sent your email to me:
(wayne(_at_)footbone) $ whois 208.58.1.195
RCN Corporation RCN-BLK-5 (NET-208-58-0-0-1)
208.58.0.0 - 208.59.255.255
TELENET LLC EROLS-CUST-5117 (NET-208-58-1-192-1)
208.58.1.192 - 208.58.1.207
# ARIN WHOIS database, last updated 2004-04-12 19:15
# Enter ? for additional hints on searching ARIN's WHOIS database.
That's not very much info, and it isn't very obvious to me how to
contact the owner of 208.58.1.195.
Now consider the domain name owner found on the SPF record:
(wayne(_at_)footbone) $ whois pobox.com
Whois Server Version 1.3
Domain names in the .com and .net domains can now be registered
with many different competing registrars. Go to http://www.internic.net
for detailed information.
Domain Name: POBOX.COM
Registrar: DOMAINDISCOVER
Whois Server: whois.domaindiscover.com
Referral URL: http://www.domaindiscover.com
Name Server: NS4.RIGHTBOX.COM
Name Server: NS1.RIGHTBOX.COM
Name Server: NS2.RIGHTBOX.COM
Name Server: NS3.RIGHTBOX.COM
Name Server: NS5.RIGHTBOX.COM
Status: ACTIVE
Updated Date: 15-dec-2003
Creation Date: 05-jan-1995
Expiration Date: 04-jan-2005
>>> Last update of whois database: Tue, 13 Apr 2004 07:17:14 EDT <<<
NOTICE: [big snip]
Registrant:
IC Group, Inc.
address
Philadelphia, PA 19103
US
Domain Name: POBOX.COM
Administrative Contact:
I C Group, Inc
Host Master
105 S 12th St
Philadelphia, PA 19107-4809
US
888-762-6926
hostmast(_at_)icgroup(_dot_)com
Technical Contact, Zone Contact:
IC Group, Inc.
IC Group, Inc
address
Philadelphia, PA 19103
US
hostmast(_at_)icgroup(_dot_)com
Domain created on 05-Jan-1995
Domain expires on 03-Jan-2005
Last updated on 11-Apr-2003
Domain servers in listed order:
NS1.RIGHTBOX.COM
NS2.RIGHTBOX.COM
NS3.RIGHTBOX.COM
NS4.RIGHTBOX.COM
NS5.RIGHTBOX.COM
That is a heck of a lot more information and if the information is not
correct, ICANN requires the registrar to get it fixed.
Note that while the IP addresses used by the name servers can be
changed, the actual domain names listed in the whois data and the
email addresses used as technical contacts can not be morphed as
quickly. Moreoever any morphing leaves tracks. Granted, some of
those tracks will need subpoenas to follow, but that is still a lot
better than tracks that lead to a hijacked PC on a cable modem.
There are already people who are quite successful at tracking spammers
by the use of "throw away domains" because of the name servers,
creation dates, and other info in the whois database.
So, while SPF can't directly force the domain owners to be more
accountable, the use of SPF will make them more accountable away.
-wayne