[72704] in North American Network Operators' Group
Re: VeriSign's rapid DNS updates in .com/.net
daemon@ATHENA.MIT.EDU (Daniel Senie)
Fri Jul 23 10:45:20 2004
Date: Fri, 23 Jul 2004 10:43:39 -0400
To: "Christian Kuhtz" <christian.kuhtz@BELLSOUTH.COM>,
<nanog@nanog.org>
From: Daniel Senie <dts@senie.com>
In-Reply-To: <BD269361.2EE9%christian.kuhtz@bellsouth.com>
Errors-To: owner-nanog-outgoing@merit.edu
At 10:05 AM 7/23/2004, Christian Kuhtz wrote:
>On 7/23/04 5:29 AM, "Richard Cox" <richard@mandarin.com> wrote:
>
> >
> > On Thu, 22 Jul 2004 15:27:37 -1000 Randy Bush <randy@psg.com> wrote:
> >
> > | all they need to do is register foo.bar with delegation to their
> > | dns servers, and change a third level domain name at will.
> >
> > Er, no. They have of course tried that already!
> >
> > By registering foo.bar with delegation to THEIR dns servers gives full
> > identification of THEIR dns servers, and the host or upstream of those
> > servers can (and often does) start invoking their acceptable use policy.
> > If not, then all the considerations that Paul V. recently cited about
> > neighbours who allow bad things on their network, start to kick in.
> >
> > The scenario I have outlined - now well established, and the mechanism
> > understood - allows the malfeasants to operate on the 'net with zero
> > traceability of their identity or location, based on everything they do
> > being able to be done through zombied Windows PCs or open(ed) proxies.
>
>The distribution of spam is only half of the economy at work here. Spam
>doesn't occur in a vacuum. The other half is the "site(s)" profiting from
>the spam.
Let's just be clear that not all sites mentioned in spam are profiting at
all. Spammers mention sites unrelated to what they're advertising to:
1) throw off blocklists which attempt to build lists of sites mentioned in
spam.
2) purposely hurt the reputation of sites by getting blocklists to mention
those sites
3) and possibly cause flash traffic loads to sites that would otherwise not
get high loads.
Sites mentioned without permission common. Be clear with any attempt to go
after sites "profiting" from spam to explain how you will only affect those
who are really profiting and have given their permission.
