[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Is WHOIS going to go away?
On Thu, Apr 19, 2018 at 05:57:48PM -0400, bzs at theworld.com wrote:
> One of the memes driving this WHOIS change is the old idea of
> "starving the beast".
>
> People involved in policy discussions complain that "spammers" -- many
> only marginally fit that term other than by the strictest
> interpretation -- use the public WHOIS data to contact domain owners.
>
> I've countered that 20+ years experience trying to "starve the beast"
> by trying to deny them access to email and other casual contact info
> has proven the approach to be useless.
I've been trying to kill this same meme for years, and it just won't die.
It's related to the equally-silly meme that says that email/newsgroup
archives should have the addresses of participant obfuscated, and it's
just as wrong. Let me make yet one more likely-futile effort:
1. WHOIS data is a poor source of email addresses. It always has been.
Much richer ones exist and new ones show up all day, every day. The
same can be said for mailing list/newsgroup archives. Moreover, many
of those people are poor choices as victims.
2. Those much richer sources include (and this is far from exhaustive):
- subscribing to mailing lists
- acquiring Usenet news feeds
- querying mail servers
- acquiring corporate email directories
- insecure LDAP servers
- insecure AD servers
- use of backscatter/outscatter
- use of auto-responders
- use of mailing list mechanisms
- use of abusive "callback" mechanisms
- dictionary attacks
- construction of plausible addresses (e.g. "firstname.lastname")
- purchase of addresses in bulk on the open market.
- purchase of addresses from vendors, web sites, etc.
- purchase of addresses from registrars, ISPs, web hosts, etc.
- domain registration (some registrars ARE spammers)
- misplaced/lost/sold media
- harvesting of the mail, address books and any other files
present on any of the hundreds of millions of
compromised systems
annnnnnd
- the security breach/dataloss incident of the day
3. The bottom line is that, starting about 15 years ago, it became
effectively impossible to keep any email address *that is actually
used* away from spammers. [1] Simultaneously, it became a best practice
to assume this up front and design defenses accordingly.
4. You know who is best-protected by restrictions on WHOIS and obfuscated
domain registration? Spammers, phishers, typosquatters, and other abusers.
It's not a coincidence that the number of malicious domains has skyrocketed
as these practices have spread. (And "skyrocket" is not an exaggeration.
I've been studying abuser domains for 15+ years and I have no hesitation
saying that easily 90% of all domains are malicious. And that's likely
a serious understatement. Why? Because whereas you and I and other
NANOG-ish people register one here, one there, whether for professional
or personal or other use, abusers are registering them by the tens of
thousands and more. Much more.)
---rsk
[1] Yes, there are edge cases. I *know*.