[dns-operations] [Ext] Re: Denying Whois DB by GeoIP
Doug Barton
dougb at dougbarton.email
Mon Jun 12 05:36:42 UTC 2017
On 06/11/2017 03:36 PM, Leo Vegoda wrote:
> Doug Barton wrote:
>
> [...]
>
>> You might also consider the decades of research that has
>> gone into demonstrating that spammers don't bother
>> harvesting e-mail address from whois data.
>
> Adding to all the anecdata, the only research I am aware of on this topic
> concluded that spammer do harvest e-mail addresses from whois records:
>
> https://www.icann.org/resources/pages/sac-023-2012-02-25-en
>
> Maybe things have changed since 2007. But I doubt it.
You don't think things have changed in 10 years? On the Internet?
As John and I have both pointed out, there are so many other
easier/cheaper ways for spammers to get e-mail addresses *now* that bulk
searching of whois is not profitable for them.
I also question the SSAC's results given that according to them they
received 0 solicitations for services related to the registration of the
name itself. There's also a lack of reporting on when the spam was
received. Was there a big flow up front, then it tailed off? Did it
build up speed over time? That kind of information would be very
valuable because it would give insight into how the addresses were being
distributed. It might also help explain the stark difference between
their results and the FTC's (who reported that there were 0 spam
messages received to their custom whois addresses over their 6 week
study period).
The study is also flawed because they did not use enough different TLDs
that have different patterns of disclosing data. They used one thin gTLD
registry (COM), two thick gTLDs (INFO and ORG); and DE, which does not
display the registrant or admin contact data on port 43 (but does
display tech and billing contacts, and most commonly the tech contact is
the same as the registrant/admin). It appears (although I did not see it
specified one way or the other) that they used the same address for all
of the contacts for a given domain. That would also have been an
interesting thing to diversify and compare the results.
That said, I do find it interesting that SSAC's study showed the
anti-spam effectiveness of privacy registrations and reasonable
restrictions on data access.
It would be a productive use of time for this study to be repeated,
particularly given the ongoing discussion of which bits of whois data
should appear where.
Doug
More information about the dns-operations
mailing list