Re: [gnso-ff-pdp-may08] Definition V4.2

[Joe St Sauver <joe@xxxxxxxxxxxxxxxxxx>]

#new version on the web site;
#
#https://st.icann.org/pdp-wg-ff/index.cgi?initial_draft_definitions

Compare that definition to the one that Spamhaus has at
http://www.spamhaus.org/faq/answers.lasso?section=ISP%20Spam%20Issues#164

What is "fast flux" hosting?

        Fast flux domain hosting involves the use of botnet zombie 
drones on broadband IPs infected to act as reverse proxies for the 
spammer's website or nameservers. The spamvertised domain, or its 
nameserver, is pointed at a rapidly changing series of zombie IPs (hence 
the name) with very short "TTL" values -- usually less than five minutes 
(300s). There are typically four or five "A" records to distribute the 
load and increase the odds of the website staying up. Their proxy 
service hides the IP location of the spammer's dedicated servers. As the 
very action of hijacking computers is illegal in most jurisdictions, 
such fast flux hosting is only used for further criminal activities such 
as phishing and child pornography. Because the criminals know they could 
be identified if they used valid "whois" data, they always use bogus 
data, so registrars can confidently HOLD (suspend) the domain based on 
ICANN 3.7.7.2.

[additional text and examples omitted here to avoid triggering spam 
filters]