/
Improved Information Sharing

Improved Information Sharing

Owned by naveed
Last updated: Apr 18, 2011Version comment

DRAFT -- For discussion purposes only

  • Publicly encourage service providers to have abuse reporting addresses, and current domain/IP/ASN whois point of contact data (including an explicit abuse contact in those whois records). Flag those who elect NOT to do so.
  • Migrate or mirror whois data to a DNS based system so that it can be queried through automation rather than manually. Whois is a manual protocol and not suitable for real time queries by spam filtering systems.
  • Name servers in domain registrations should be identified as static or dynamic by the registrant. If static name servers, the IP's used for those name servers should be provided. If dynamic, that's fine, but sites electing to use dynamic name servers should expect that their choice will be taken into account when other sites assess their reputation and decide what (if anything) they want to do with their traffic. Charge a premium for dynamic name server domains.
  • Changes to static name server IPs should also incur a nominal fee, split between ICANN and the Registry, with the funds received from that fee should be dedicated to abuse handling/security-related purposes at ICANN and each Registry.
    • Commentary - I'm generally opposed to using fees as an anti-spam solution. The reason to me is somewhat obvious. Spammers have/make a lot of money and can afford it. Fees tend to discourage use by poor people. A small fee to us is a day's wages in parts of Africa. Alternatively we should require capcha to eliminate automation, and if automation is required by legit services then charge a fee for automation access.
      • Commentary - What about a non-monetary fee? That's one way to think of Steve Crawford's time-delay proposal
  • Encourage ISPs to document IP address ranges which should NOT be hosting web pages or DNS servers, much as the PBL is used to document IP address ranges which should not be emitting email.
    • Commentary - or provide non-routable addresses to customers by default
    • Commentary - If there were an open source project to create tools for ISPs to manage spambots I think ISPs would use them.
  • Fix the WDPRS process, so that fastflux domains with bogus contact information can be efficiently reported. What would such a "fix" entail? Well, I'd start with:
    • If one domain with a given bit of bad information is reported, make it possible for submitters to request equivalent treatment for ALL domains that share that same specific information defect. Thus, for example, if someone registers 150 domains that all have the hypothetical and obviously bogus address: blah blah blah you can't catch me north, pole 99999 do NOT require someone reporting those addresses to report all (or some fraction of all) 150 domains one-by-one.
    • Publish monthly summaries of unique complaint volumes by registrar, by TLD, and by name server. Also provide a report by privacy protection service associated with complained-of domains.
    • FOLLOW UP on WDPRS complaints and make sure that something is DONE about the issues which get identified.
    • Provide a channel for Internet users to report illegal domain use (currently it is rather ironic that ICANN will let me report a domain for having the wrong zip code, but not for hosting a phishing site or child pr0n -- something's wrong there, I think).
    • Allow users to flag domains that appear to be fastfluxing.
      • Commentary - These suggestion require 2 things that I'm asking for. Whois information through DNS and an automated way to send the message to the correct abuse address. Suppose such information existed. Then the user can click on the "this is spam" button and the message is sent to the abuse department that handles the source where it came from. Thus the ISP would know instantly where the problems are.
  • Encourage ISPs to instrument their own networks, so they have visibility into what's being done with their resources, and to their customers. Fastflux can only survive if networks are blind to upstream hosts.
  • Encourage Microsoft to make security patches available to the public to be used even on pirated copies of Windows.