RE: [gnso-ff-pdp-may08] Statements of Interest -- required from "Individual" participants

[Joe St Sauver <joe@xxxxxxxxxxxxxxxxxx>]

Hi Mike!

#We need "statements of interest" from you, 
#describing what (if any) interest you or your company have in the 
#work that we're doing.   
[snip]
#Glen will pick them off the list and post 
#them to a URL for inclusion in our Interim and Final reports.
#
#It would be very helpful if we could have these back before the start 
#of the teleconference call this Friday.  Here's a list of the people 
#who need to provide SOIs;
#
#Joe St. Sauver
[snip]

I'd provided Glen a copy of my statement of interest on June 5th or so,
and Glen ack'd receiving that, but in case that somehow got lost in the 
mill thereafter:

Statement of Interest:

Virtually all spam (with the exception of things like pump-and-dump stock
spam), is meant to drive potential customers to web sites. As pressure
from law enforcement officials and block lists operators makes it
increasingly uncomfortable for commercial web service providers to host
spamvertised web pages, spammers may find themselves hard pressed to find
a safe source of conventional web hosting (or even premium-priced
so-called "bullet proof" web hosting), at least for certain types of
particularly egregious illegal content such as pirated software,
distribution of scheduled controlled substances, carding-related
websites, malware dropping web sites, or child pornography.

At the same time, a combination of increasingly effective DNS-based block
lists (along with ISP measures to control the emination of spam sent
direct-to-MX from compromised broadband-connected consumer systems)
means that botmasters find themselves with a substantial "inventory" or
"stockpile" of compromised-but-effectively-unusable-for-spamming PCs.

We need to take steps now to insure that DNS technical capabilities, as
well as DNS-related policies, make it impossible for micreants to
effectively repurpose their substantial inventory of "unspamable" PCs to
routinely host illegal/spamvertised content. Because of the technical
characteristics of fastflux hosting, it won't be possible to mechanically
block fastflux hosting the same way it is possible to control port 25
spam traffic; ultimately, only ICANN, registrars and the Internet
community as a whole will have the ability to make fastflux hosting
infeasible.

At the same time, it should be noted that it would be tragic to see
legitimate users of DNS facilities denied the flexibility to control
their name resources as may be needed to responsd to disasters or
other changes in network topology, or as part of an effective response
to distributed denial of service attacks. Thus, I'd hate to see
arbitrary limits on TTLs imposed, for example.