Tim Ruiz
Godaddy
IANA Registrar id 146
Dear Tim,
I want to discuss how we registrars can cooperate, independent of Verisign (Registry or Registrar), even ICANN, if necessary, to police one aspect of internet theft. I propose we adopt a trial mechanim to alert the registrar-of-record, as GoDaddy is of casino-jp.com, when the name is used to steer traffic in a theft of service (spam, whether via SMTP or HTTP), or complete credit-card fraud schemes.
With this letter I'm informing you, registrar to registrar, RC member to RC member, that the URL casino-jp.com is being mechanically inserted into the comments of some political blogs I'm responsible for -- my wife's wampum and Lisa English's Ruminate This. This form of spam creates countable links in the victim web sites to the spamming beneficiary, which boosts the value of the spamming beneficiary. The general run of blog-abusing spam-bots is the usual casino, sex and drug product set.
In general terms, I propose we replace email and telephone calls between registrars with an EPP-like peer-to-peer protocol with and XML payload and end-point-is-a-registrar authentication. We can extend this to 3rd-parties who offer some pooled service, should any want to work that model, and to registries, should any want, or need to peer.
The send-side of the SMTP spam mechanism(s) does not rely upon names, neither does the write-side of the HTTP spam mechanism(s), so we can't do a damn thing about them. At worst, the writers into the SMTP or HTTP streams use disposable, captured hosts, which are harvested in the hundreds of thousands with every new release of an acquisition virus or worm. Where we can do something is on the use of persistant name to address mappings, where persistence means days or longer, in the furtherance of theft of service and credit card fraud.
Robo-scamming blogs is a major pain in the butt for the blog community, see Lisa English's post from last October. The "value" of each unit of spam is the persistence of the validity of the URL the spammer inserts into the comments area of the victum blog. We registrars can cut this off at the knees simply by agreement between ourselves to challenge the spammer-registrant and modifying the domain nameserver data to end the value of the spam-run to the spammer.
It comes down to this -- will you switch off a customer because I've asked you to, and will I switch off a customer because you've asked me to. If we can answer "yes", then we can build a service that someone can operate, and we can restrict the use of persistant names in the dns for the credit card fraud and theft of advertizing revenue and whatever next comes down the pike, to non-cooperating registrars and spam-friendly registries. Dan Jaye and I wrote an Internet-Draft for the distribution of content labels, and later privacy lables, with digital signatures, on HTTP cookies, with the intent to drive abusive commercial conduct "outside" of the US (and EU and OEDC) jurisdictions. The core set of principles in this draft were adopted by the W3C for privacy labels on cookies, and incorporated first by Microsoft into IE 6, and then into Mozilla/Netscape and other internet browsers two years ago.
I think we can do good, and make some money, and move that invisible line that deliniates "registry services" in the correct direction, by cooperating. I'll be writing to Ross and the others as well.
I look forward to seeing you next month in Rome.
Eric Brunner-Williams
Wampumpeag, LLC
Operator, USA Webhost
IANA Registrar id 449
Dear fellow bloggers. In real life wampumpeag, llc operates an ICANN accredited domain name registrar, USA Webhost. At present, ip blocking comment-bots is like plucking a cross between a hydra and a hedgehog. An alternative is toasting URLs used pervasively by spam-bots, and this is something (putting on the registrar hat) we registrars can do, if we can get over fear, doubt, and greed, and pull Verisign's thick fingers out of ICANN's institutional ears, and the ears of some registrars who only hear the sound of money. Interested readers can watch me start up a registrar at here.
Posted by at February 20, 2004 12:52 PM | TrackBackOk, I admit, that one went over my head, and I'm not exactly computer illerate.
Are you suggesting that sites which are refered to in spam should be shut down? Wouldn't this open the possibility for people to try to get other sites shut down by making spam with links that refer to those sites?
You got it correct, and yes, it is possible to game this. We already have sites classified as "porn" because spam-bots insert links to for-pay porn sites.
The point is, registrars (and dns publishers) can modify (reduce) the value of persistent names (links) to any business model, including the WaPo's (let it expire if they don't answer e-bills or e-disconnect notices, that is a policy), so how about the business models based on credit card fraud and theft-of-services (involuntary ad placement)?
We can't keep you from getting spammed, but we can make putting URLs in spam risky business.
Thanks for the question!
Posted by: Eric at February 22, 2004 11:22 AMLet me take this opportunity to put in a strong plug for Jay Allen's MT Blacklist, which I have found to be a very effective tool for preventing and deleting this very kind of spam. Try it, I guarantee you'll find it effective and easy to use.
Posted by: Charles Kuffner at February 23, 2004 04:33 PM