Re: [tlug] spammers

[Godwin Stewart <gstewart@example.com>]

On Sat, 13 Mar 2004 01:33:23 -0800, Jonathan Byrne <jq@example.com>
wrote:

> Believe it or not, there are actually a few legit .biz domains
> out there.

They have my condolences! :)

> In fact, we have a few of them as customers. I suspect they probably date
> back to the days before spammers took over .biz and .info.  Even .us is
> rather suspect now.

Agreed. Neulevel strikes again...

> It's interesting that one thing you (or at least I) don't seem
> to ever see discussed in anti-spam forums is how much spamming
> benefits domain registrars.

Some of the registrars *are* the spammers, or at least that's what some
people have been wondering in places like NANAE and the spamcop newsgroups.
They set up shop as a registrar with ICANN and/or local registrar
accreditation (like ICANN is ever going to pull that...) and they can
register whatever domains they like at bulk price. Can you say
"paycenter.com.cn", "DirectI" and "ENom"? Anything coming from a domain
registered with any of those registrars is more than likely to be spam.

Of course, they register domains for regular suckers^W customers too. They
need to have a human shield preventing them from being nuked off the face of
the earth.

> The way they go through throway domains is kind of impressive to watch. 
> To a spammer, registering 50 domains at a crack and only getting a week's
> good use out of them before they are all filtered to oblivion is just a
> cost of doing business.

And a non-significant cost at that.

> The registrars must have a resaonable idea of who they are and what
> they are doing (you can't hide that sort of activity from data mining
> software, or even from admins who are watching), yet it goes on
> week in and week out.  I don't think any registrar would fold from
> putting in effective safeguards to keep spammers out,

No, not at all. Look at godaddy.com for instance. Ben, who works the abuse
desk, is active in thwapping people who use a godaddy-registered domain for
spamming. The nameservers become ns(1,2).shut-down-for-abuse.com or
something like that and the domain is put on hold so the spammer can't
transfer it to another registrar.

A subsidiary of godaddy, domainsbyproxy.com, which registers domains on
behalf of customers who wish to remain anonymous, does *not* hesitate to
lift the veil on registrants who use their anonymity to spam.

The ISP's are the first people who need to be forced to cooperate. Places
like UUNet/MCI/WorldScum, VSNL, cogentco, xo and chinanet receive complaints
about spamvertized websites by the bucketload. Even complaints about
websites which offer kiddie pr0n, stolen credit cards or fake ID documents -
in short, things which are blatently illegal in just about every country on
this planet - get deleted without action. They all quack about how they have
strict anti-abuse policies, but they all "forget" to tell you that they
don't actually *enforce* their policies.

What about Ron Guilmette (of monkeys.com fame) who would make public the
results of his proxypot, showing us (tinu) in no uncertain terms *who* was
responsible for hijacking proxies and sending out spam? He got DDoS'ed off
the 'Net.

What about Joe Jared, who ran a DNSBL which was, IMO, very effective? He got
DDoS'ed off the 'Net.

It's all very frustrating.

Anyway, I've rambled on for long enough. Time to get back to Linux now...

-- 
G. Stewart   --   gstewart@example.com -- gstewart@example.com
Registered Linux user #284683 (Slackware 9.0, Linux 2.4.25)
--------------------------------------------------------------
If money doesn't grow on trees then why do banks have branches?

Attachment: pgp00066.pgp
Description: PGP signature