Re: The Registrants question (was: Re: [gnso-ff-pdp-may08] Draft - How are registrants affected by fast flux hosting?)

[Eric Brunner-Williams <ebw@xxxxxxxxxxxxxxxxxxxx>]

Joe,

If I wanted to write about spam, I would have. Instead I wrote about 
"the registrants" from the perspective of a registry, and registrar. 
They are our customers, and the claim that they are affected -- in their 
capacity as registrants -- and in no other -- is the (possibly poorly 
posed) question. We registrars do get the hijack reports, the registrant 
complaints, and to the best of my knowledge, there is very very very 
weak correlation between domains associated with the (still murky) 
definition of "fastflux" and loss by any means of customer domains 
(customer error and misunderstaing included).
So, for the record, I claim a the correct probability is wicked close to 
zero. Your claim is _exactly_ what, other than wicked bigger?
There is another (also possibly poorly posed) question about the affect 
upon "internet users" (I'm writing this from memory). Perhaps you could 
make the case that all or a statistically significant subset of 
"internet users" (or whatever) are affected by spam which is associated 
with the (still murky) definition of "fastflux", but who were not 
affected by spam not associated with the (still murky) definition of 
"fastflux". Personally I think that will shake out the same, but its 
your spam, so run with it.
Eric

Joe St Sauver wrote:
> Eric mentioned:
>
> #So when we chat about the harm to registrants, meaning somehow the 
> #direct harm to registrants by the operations of third-parties who's 
> #activities meet the (still murky) definition of "fastflux", it would be 
> #helpful to distinguish direct harm which appears so statistically small 
> #as to be difficult to detect by even very large random samples, and 
> #indirect or conjectured harm.
> #
> #Harmful, but wicked rare. As a motivation for policy development, I 
> #don't think it is compelling. Of course, there may be better (smaller) 
> #estimates of the size of the universe of registrants, and better 
> #(larger) estimates of the number of domain names used by activities 
> #which meet the (still murky) definition of "fastflux", and correction is 
> #welcome.
> Let's consider another abuse phenomenon: spam.
>
> Spamhaus estimates that just 100 known spam operations are responsible
> for 80% of the world's spam (see http://www.spamhaus.org/rokso/index.lasso ).
>
> But if there are "only" 100 spam operations, then from a "risk management"
> perspective, obviously we should just ignore/absorb/deny/deflect/spin doctor
> the abuse resulting from "just" those 100 spam operations -- surely the 
> damage from "just" those 100 spam operations must be minimal, right? <cough>
> I don't think so when it comes to spam, or when it comes to fastflux. We
> as a community have a problem, and we should focus on properly describing
> it and looking at ways to fix it.
>
> Regards,
>
> Joe
>
>
>