RE: The Registrants question (was: Re: [gnso-ff-pdp-may08] Draft - How are registrants affected by fast flux hosting?)

[Joe St Sauver <joe@xxxxxxxxxxxxxxxxxx>]

Eric mentioned:

#So when we chat about the harm to registrants, meaning somehow the 
#direct harm to registrants by the operations of third-parties who's 
#activities meet the (still murky) definition of "fastflux", it would be 
#helpful to distinguish direct harm which appears so statistically small 
#as to be difficult to detect by even very large random samples, and 
#indirect or conjectured harm.
#
#Harmful, but wicked rare. As a motivation for policy development, I 
#don't think it is compelling. Of course, there may be better (smaller) 
#estimates of the size of the universe of registrants, and better 
#(larger) estimates of the number of domain names used by activities 
#which meet the (still murky) definition of "fastflux", and correction is 
#welcome.

Let's consider another abuse phenomenon: spam.

Spamhaus estimates that just 100 known spam operations are responsible
for 80% of the world's spam (see http://www.spamhaus.org/rokso/index.lasso ).

But if there are "only" 100 spam operations, then from a "risk management"
perspective, obviously we should just ignore/absorb/deny/deflect/spin doctor
the abuse resulting from "just" those 100 spam operations -- surely the 
damage from "just" those 100 spam operations must be minimal, right? <cough>

I don't think so when it comes to spam, or when it comes to fastflux. We
as a community have a problem, and we should focus on properly describing
it and looking at ways to fix it.

Regards,

Joe