nanog mailing list archives
Re: [eweek article] Window of "anonymity" when domain exists, whois not updated yet
From: "william(at)elan.net" <william () elan net>
Date: Mon, 10 Jan 2005 19:35:33 -0800 (PST)
On Tue, 11 Jan 2005, Suresh Ramasubramanian wrote:
and it is being abused - well, nanog found out about this a while back, but the popular press (read - eweek magazine) seems to have discovered it now, or at least think they've discovered it .. their idea of the situation is a bit skewed. ... http://www.eweek.com/article2/0,1759,1749328,00.asp
"One troublesome technique finding favor with spammers involves sending mass mailings in the middle of the night from a domain that has not yet been registered. After the mailings go out, the spammer registers the domain early the next morning." Well, spammers do sometimes register domains after mass mailing has already started. Its partial result of that spammer enterprises are no longer centralized and so one company that actually hosts websites that are being promoted is not necessarily same company that is doing mass mailing. Sometimes the order-taker spammer tells the mass-mailing spammer new domain to use for the spam compaign before domain is even registered - and while they expect to register it at the time mailing gets started their synronization may not be precize and in any case they actually prefer the first few people who receive such emails to not be able to get to the website (no whois and no dns - no chance to report it to hosting and quickly shut it down). But as article specifically mentions sending during the night and registration next morning that does seem to indicate eweek found out about "no whois" but with already registered domain, i.e. see
http://www.mail-archive.com/nanog () merit edu/msg28312.htmlRead NANOG archives - Verisign now allows immediate (well, within about 10 minutes) updates of .com/.net zones (also same for .biz) while whois data is still updated once or twice a day. That means if spammer registers new domain he'll be able to use it immediatly and it'll not yet show up in whois (and so not be immediatly identifiable to spam reporting tools) - and spammers are in fact using this "feature" more and more!
-- William Leibzon Elan Networks william () elan net
Current thread:
- [eweek article] Window of "anonymity" when domain exists, whois not updated yet Suresh Ramasubramanian (Jan 10)
- Re: [eweek article] Window of "anonymity" when domain exists, whois not updated yet william(at)elan.net (Jan 10)
- Re: [eweek article] Window of "anonymity" when domain exists, whois not updated yet Michael . Dillon (Jan 11)
- Re: [eweek article] Window of "anonymity" when domain exists, whois not updated yet David Barak (Jan 11)
- Re: [eweek article] Window of "anonymity" when domain exists, whois not updated yet Jay Hennigan (Jan 11)
- Re: [eweek article] Window of "anonymity" when domain exists, whois not updated yet Michael . Dillon (Jan 12)
- Re: [eweek article] Window of "anonymity" when domain exists, whois not updated yet Niels Bakker (Jan 12)
- Re: [eweek article] Window of "anonymity" when domain exists, whois not updated yet Michael . Dillon (Jan 12)
- Re: [eweek article] Window of "anonymity" when domain exists, whois not updated yet Niels Bakker (Jan 12)
- Re: [eweek article] Window of "anonymity" when domain exists, whois not updated yet Michael . Dillon (Jan 12)
- Re: [eweek article] Window of "anonymity" when domain exists, whois not updated yet Niels Bakker (Jan 12)
- Re: [eweek article] Window of "anonymity" when domain exists, whois not updated yet Owen DeLong (Jan 12)
- Re: [eweek article] Window of "anonymity" when domain exists, whois not updated yet Michael . Dillon (Jan 11)
- Re: [eweek article] Window of "anonymity" when domain exists, whois not updated yet william(at)elan.net (Jan 10)