nanog mailing list archives
Re: [policy] When Tech Meets Policy...
From: "Chris L. Morrow" <christopher.morrow () verizonbusiness com>
Date: Wed, 15 Aug 2007 06:00:20 +0000 (GMT)
On Wed, 15 Aug 2007, Paul Ferguson wrote:
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - -- "Chris L. Morrow" <christopher.morrow () verizonbusiness com> wrote:On Tue, 14 Aug 2007, Douglas Otis wrote:That point forward, spammers would be less able to take advantage of domains in flux, and policy schemes would be far less perilous forare spammers really doing this? do they mine the domain system for changes and utilze those for their purposes? I ask because i don't see that in my data, which is small admittedly... I see lots of existing well known domains in the 'from'. Unless you have some data showing otherwise (or someone else has data to share) I think this is a specious arguement.More than ~85% of all spam is being generated by spambots.
yes, that relates to my question how though? I asked: "Do spammers monitor the domain system in order to spam from the domains in flux as tastinng domains?" I asked this specifically because that behavior was being used as a 'resaon to stop tasting', or to clamp down on it atleast.
Spammers are gaming the domain registry system, not for MX record manipulation, but to install their own nameservers on compromised hosts, round-robin and fast-flux their ability to avoid detection, and inevitably hide behind various layers of obfuscation.
Sure, they are being bad, they are doing what akamai does (or other CDNs) only for illegal end reasons... That's not relevant to my question, but I agree it's a dirty trick stil.
They are manipulating both the (legitimate) process of obtaining IP addresses, registering domain names (and all the cruft that it brings along with it, given the loopholes in the processes), and manipulating the ability to move their nameservers around at-will.
That's not a manipulation so much as using the system as designed.
It's pretty much a mess -- these guys use the system to succeed.
agreed, they are a mess (spammers and their current business)
Honestly, I don't have any answers -- only questions at this point. :-/
me too, I just don't want to see the issue sidetracked on: 1) spammers using tasting to their benefit 2) phishers are tasters/use tasting to their benefit neither of which is, near as I can tell, true or real fears. Tasting is, in and of itself, a completely different problem with a completely different set of issues... Conflating the 3 (or parts of the 2 sets) is just as wrong as saying that 'tasting lets the terrorists win'. -Chris
Current thread:
- Re: [policy] When Tech Meets Policy..., (continued)
- Re: [policy] When Tech Meets Policy... Robert Bonomi (Aug 14)
- Domain tasting; a load of hot air? michael.dillon (Aug 14)
- Re: Domain tasting; a load of hot air? Marshall Eubanks (Aug 14)
- Re: Domain tasting; a load of hot air? Chris L. Morrow (Aug 14)
- RE: Domain tasting; a load of hot air? michael.dillon (Aug 15)
- Domain tasting; a load of hot air? michael.dillon (Aug 14)
- Re: [policy] When Tech Meets Policy... Robert Bonomi (Aug 14)
- Re: [policy] When Tech Meets Policy... Roger Marquis (Aug 14)
- Re: [policy] When Tech Meets Policy... Al Iverson (Aug 14)
- Re: [policy] When Tech Meets Policy... Chris L. Morrow (Aug 14)
- Re: [policy] When Tech Meets Policy... Douglas Otis (Aug 15)