RE: What *are* they smoking?

[ken emery <ken () cnet com>]

On Tue, 16 Sep 2003, Jeroen Massar wrote:


> -----BEGIN PGP SIGNED MESSAGE-----
>
> Tim Wilde wrote:
>
> > On Tue, 16 Sep 2003, Niels Bakker wrote:
> >
> > > A wildcard A record in the net TLD.
> > >
> > > $ host does.really-not-exist.net
> > > does.really-not-exist.net has address 64.94.110.11
> > >
> > > $ host 64.94.110.11
> > > 11.110.94.64.IN-ADDR.ARPA domain name pointer sitefinder-idn.verisign.com
> > >
> > > It even responds on port 25 (says 550 on every RCPT TO).  Gah.
>
> Even worse of this is that you can't verify domain names under .net
> any more for 'existence' as every .net domain suddenly has a A record
> and then can be used for spamming...
>
> From: Spammer <i () spam using verisign eventhoughthisdomaindoesntexist net>
> To: You <spamtarget () example com>
>
> Thank you Verisign! Now we need to check for existence of an MX
> and then just break a couple of RFC's in the process :(

What about if the IP address returned by the DNS query is the same one as
does.really-not-exist.net then the spam is returned to the owner of
the IP address?  In this case Versign.  I think this is already done
by some automated spam reporting tools.  If AOL does it Verisign will
probably get crushed by the load (if one is having a spam war with AOL's
mail servers AOL will always win).

> > It's Verisign's return shot at the web browser "couldn't find this page"
> > searches.  Doesn't seem to have much by way of advertising yet, but I'm
> > sure that'll change.  I heard about this coming from somewhere last week,
> > though I don't recall where.  Probably Wired or the WSJ.
> > Verisign wants the revenue that all those typos are generating.  It's just
> > the next shot in the eyeball war.
>
> Who said the internet wasn't commercial again ?
> Thank you goverment of the United States of America for
> allowing such money hungry organisations to abuse one
> of the original tld's.
>
> Wasn't .net meant for *networks* ? aka ISP backbone infrastructure
> and not for commercials?

That has been going on for several years now (unfortunately).

> (And I thought that domain reselling was a yucky business)

Yep, but it can be profitable.  I'm just waiting for someone to put out
a typo in a large press release and then sue Verisign for stealing all
the traffic.

According to the article in the link posted from cbronline.com this has
been done by NeuStar who runs the .biz and .us domain registries.  The
company which runs this service for NeuStar claims to be able to
differentiate between http and other requests.  I'm still waiting to
see how they do this as you can't tell from a DNS request alone.

bye,
ken emery