[Jonathan Gardner]
The registrar shouldn't be registering people with false information. Any
registrar that does should be held accountable.
It looks like you never sow fake ID. Even your government issue them for
witness protection program.
They are committing a serious crime and when the hammer comes down,
it is going to come down hard. Now instead of just email system
administrators that want these people punished, we'll have credit card
companies on their tail as well.
Who cares? One more company will search for unknown person.
Bin Laden still not found. 25.000.000 USD at stake and a lot of FBI/CIA
resources.
http://www.fbi.gov/mostwant/topten/fugitives/fugitives.htm
Do you hope credit card company will be able to find person who has paid 60USD
for web-site hosting?
They will be able only if he will come to their office and tell them about this.
If we do this, the spammers have to spend significant resources turning
their grey-listed new throw-away domains into golden trusted domains. That
is not easy. It takes a serious investment of time and legitimate, real
email.
Not so big investment.
How much it will cost to hire designer, programmer and support people to create
tiny portal?
I can fit in 3000 USD. A few spam distributions will return all those money.
Even more - if portal will be profitable this will only benefit spammers.
If not - this portal will be easily converted in throwaway and all investments
will be returned.
You can't fake that. (If you do, you will get caught. For instance,
at eBay, they buy and sell AOL CDs to raise their reputation. Guess what?
That's a red flag.)
This is outdated technique.
They now use hacked accounts and use them as buyers to buy from themselves and
leave feedback. No more needs to sell CDs. They
can sell a ship, car or even house to themselves.
Even more - any your attempt to contact prior buyers will go to hackers. "Prior
buyers" will recommend you to buy everything
ASAP.
Accreditation services can come along and move you into the golden zone for
a fee. Of course, the accreditation services will have a level of trust, or
their word won't matter. If the spammer goes to a trusted accreditor, then
the accreditor will verify their information (or we wouldn't trust it,
would we?). When they spam, we will have a trail through the accreditor.
I've raised an question - how to make accreditation services information
sources reliable ?
I can attack accreditation services by flooding them that amazon.com spam me
constantly.
Trivially. Using 100-150 zombies on USA people computers.
Currently there is no reliable information for accreditation.
Only guesswork and same unreliable prior information used.
I was also attacked once by site that has nice reputation - but performed
illegal activities against me.
I've spent a lot of resources to recover after this attack. But it still leaves
a big material breach in my pocket.
There is no reliable accreditation possible.
You can become bankrupt and start making money from anything. Including your
reputation.
No way to prevent this.
--
Andriy G. Tereshchenko
TAG Software
Odessa, Ukraine
http://www.24.odessa.ua