[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Is WHOIS going to go away?
On Thu, Apr 19, 2018 at 05:57:48PM -0400, bzs at theworld.com wrote:
> One of the memes driving this WHOIS change is the old idea of
> "starving the beast".
> People involved in policy discussions complain that "spammers" -- many
> only marginally fit that term other than by the strictest
> interpretation -- use the public WHOIS data to contact domain owners.
> I've countered that 20+ years experience trying to "starve the beast"
> by trying to deny them access to email and other casual contact info
> has proven the approach to be useless.
I've been trying to kill this same meme for years, and it just won't die.
It's related to the equally-silly meme that says that email/newsgroup
archives should have the addresses of participant obfuscated, and it's
just as wrong. Let me make yet one more likely-futile effort:
1. WHOIS data is a poor source of email addresses. It always has been.
Much richer ones exist and new ones show up all day, every day. The
same can be said for mailing list/newsgroup archives. Moreover, many
of those people are poor choices as victims.
2. Those much richer sources include (and this is far from exhaustive):
- subscribing to mailing lists
- acquiring Usenet news feeds
- querying mail servers
- acquiring corporate email directories
- insecure LDAP servers
- insecure AD servers
- use of backscatter/outscatter
- use of auto-responders
- use of mailing list mechanisms
- use of abusive "callback" mechanisms
- dictionary attacks
- construction of plausible addresses (e.g. "firstname.lastname")
- purchase of addresses in bulk on the open market.
- purchase of addresses from vendors, web sites, etc.
- purchase of addresses from registrars, ISPs, web hosts, etc.
- domain registration (some registrars ARE spammers)
- misplaced/lost/sold media
- harvesting of the mail, address books and any other files
present on any of the hundreds of millions of
- the security breach/dataloss incident of the day
3. The bottom line is that, starting about 15 years ago, it became
effectively impossible to keep any email address *that is actually
used* away from spammers.  Simultaneously, it became a best practice
to assume this up front and design defenses accordingly.
4. You know who is best-protected by restrictions on WHOIS and obfuscated
domain registration? Spammers, phishers, typosquatters, and other abusers.
It's not a coincidence that the number of malicious domains has skyrocketed
as these practices have spread. (And "skyrocket" is not an exaggeration.
I've been studying abuser domains for 15+ years and I have no hesitation
saying that easily 90% of all domains are malicious. And that's likely
a serious understatement. Why? Because whereas you and I and other
NANOG-ish people register one here, one there, whether for professional
or personal or other use, abusers are registering them by the tens of
thousands and more. Much more.)
 Yes, there are edge cases. I *know*.