[77082] in North American Network Operators' Group
Re: fixing insecure email infrastructure (was: Re: [eweek article] Window of "anonymity" when domain exists, whois not updated yet)
daemon@ATHENA.MIT.EDU (Eric Brunner-Williams in Portland )
Wed Jan 12 17:22:10 2005
To: Steven Champeon <schampeo@hesketh.com>
Cc: nanog@merit.edu, brunner@nic-naa.net
In-Reply-To: Your message of "Wed, 12 Jan 2005 16:55:16 EST."
<20050112215516.GR20319@hesketh.com>
Date: Wed, 12 Jan 2005 18:20:45 +0000
From: Eric Brunner-Williams in Portland Maine <brunner@nic-naa.net>
Errors-To: owner-nanog-outgoing@merit.edu
> Why is it considered such a crazy proposition that domains should have
> valid and correct whois data associated with them?
There is no relationship between data and funcion. The data is not
necessary to implement function-based policy.
> Bah. You're saying that you're uninterested in discussing the root causes
> that allow and even encourage abuse to occur in specific realms. I guess
> you're not interested in actually "fixing insecure email infrastructure".
I have no idea what specific realms you could be referring to.
>> The little table of domain names and redirects is slightly useful, but it
>> would be more useful if your data could show registrar clustering.
>
> Why should this matter? Spammy can always choose a different registrar
> every day. So what? He is registering domains for use in abusive and
> criminal acts, and the message I'm getting from you is that it should
> only be of concern to you if he uses the same registrar?
OK. The choice of registrar, registrar policy, registrar price, and so on
isn't data that could be of use to anyone ever.
But you're going to get "valid and correct whois data" from all registrars.
How will you get that? What does "valid" and "correct" mean? Does it apply
to all the records in a single domain registration, or just some of them?
Eric
