<<<
Chronological Index
>>> <<<
Thread Index
>>>
Re: [gnso-ff-pdp-may08] Information based solutions instead of policy based solutions
- To: gnso-ff-pdp-may08@xxxxxxxxx
- Subject: Re: [gnso-ff-pdp-may08] Information based solutions instead of policy based solutions
- From: Marc Perkel <marc@xxxxxxxxxx>
- Date: Sat, 12 Jul 2008 10:07:10 -0700
Diaz, Paul wrote:
Just to underscore Greg's point about cyber-criminals using fake contact
data: in our experience most FF names are registered with stolen credit
cards. This definitely makes the registrant data unreliable. Therefore
I also do not think #2 addresses the means by which FF is executed.
I'm not really thinking about a Whois based solution because whois isn't
fast enough. And whois isn't supposed to be used that way. What I'm
thinking is a DNS based information solution that returns this
information. For example, if I do this command:
dig example.com.registrar.icann.info TXT
it might return "godaddy"
I then do:
dig example.com.age.godaddy.com TXT
And that would return 539 which is the number of days owned by the
current owner.
In the spam filtering world we used DNS to making information available
to the world about a wide variety of data - not just traditional name to
IP data. For a real example run:
dig icann.org.hostkarma.junkemailfilter.com
dig icann.org.hostkarma.junkemailfilter.com TXT
You will see that it indicates that hosts ending in icann.org are white
listed for spam filtering. So DNS (not whois) can provide outer
information than just the SOA and nameserver records. This additional
information would be useful to allow people like myself to distinguish
between free speech and fraud and we can change our rules as fast as
criminals change their tactics. We could also notify the registrars when
we detect a problem so that they can take action.
For example - I get an email that appears to be impersonating a bank. So
I fine a link in the message pointing me to a domain. I look up the
domain and I see the domain is hosted with godaddy, is new, and is
fluxing. That would allow me to determine that the message is bank fraud
and it would allow me, using automation, to fork a copy of the message
to abuse@xxxxxxxxxxx (for example) alerting them to the problem. This
alert might even trigger godaddy to start rate limiting name server
changes on that domain. If a lot of automated complaints came in about
one domain from a variety of spam filtering vendors then someone would
be able to take action on that.
<<<
Chronological Index
>>> <<<
Thread Index
>>>
|