Merit Network
Can't find what you're looking for? Search the Mail Archives.
  About Merit   Services   Network   Resources & Support   Network Research   News   Events   Home

Discussion Communities: Merit Network Email List Archives

North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: fixing insecure email infrastructure (was: Re: [eweek article] Window of "anonymity" when domain exists, whois not updated yet)

  • From: Eric Brunner-Williams in Portland Maine
  • Date: Wed Jan 12 16:30:59 2005

> I suppose it depends on how you define 'unpublished'; and how you define
> 'non-resolving'.

Your opening remark was that policy foo must be applied to all domains.

This doesn't accomplish anything for the set of domains that will never
be published (registry reserved strings), nor those that absent seperate
acts of malfesance, will always have a very low average association with 
disfunction -- the 50% of the .net namespace that actually goes to real
boxen owned and operated by real people.

Between, and in addition to these two samples, there are classes of domains
that are vastly less likely to be used in uce and equivalent schemes. The
class of domains purchased simply to take them out, such as Hamming distance
buys around a defended mark, may never resolve.

"All" is too blunt a tool.

> I reported it to ICANN for having invalid whois data. It took them ...
> ... a year to have it removed from the root dbs.

That is an ICANN issue. It may come as a surprise to you but for the past
few years the "ISP Constituency" has ceased to exist, and has been folded
into Marilyn Cade and Philipe Sheppard's "Business Constituency".

> Please see my other message. Allowing domains with invalid whois data to
> remain in use facilitates abuse in other realms.

If it isn't "fixing insecure email infrastructure", then it needs to find
a thread and/or list of its own.

The little table of domain names and redirects is slightly useful, but it
would be more useful if your data could show registrar clustering. 

> I'd be delighted if you have pointers to a paid whois reformatter, but
> I still believe strongly that it should not be necessary.

The quality of data usually has a relationship with the cost of care
that has gone into that data, just like abuse desks.

Eric




Discussion Communities


About Merit | Services | Network | Resources & Support | Network Research
News | Events | Contact | Site Map | Merit Network Home


Merit Network, Inc.