[dns-operations] [Ext] Re: Denying Whois DB by GeoIP

Doug Barton dougb at dougbarton.email
Mon Jun 12 05:36:42 UTC 2017 

On 06/11/2017 03:36 PM, Leo Vegoda wrote:
> Doug Barton wrote:
> 
> [...]
> 
>> You might also consider the decades of research that has
>> gone into demonstrating that spammers don't bother
>> harvesting e-mail address from whois data.
> 
> Adding to all the anecdata, the only research I am aware of on this topic
> concluded that spammer do harvest e-mail addresses from whois records:
> 
> https://www.icann.org/resources/pages/sac-023-2012-02-25-en
> 
> Maybe things have changed since 2007. But I doubt it.

You don't think things have changed in 10 years? On the Internet?

As John and I have both pointed out, there are so many other 
easier/cheaper ways for spammers to get e-mail addresses *now* that bulk 
searching of whois is not profitable for them.

I also question the SSAC's results given that according to them they 
received 0 solicitations for services related to the registration of the 
name itself. There's also a lack of reporting on when the spam was 
received. Was there a big flow up front, then it tailed off? Did it 
build up speed over time? That kind of information would be very 
valuable because it would give insight into how the addresses were being 
distributed. It might also help explain the stark difference between 
their results and the FTC's (who reported that there were 0 spam 
messages received to their custom whois addresses over their 6 week 
study period).

The study is also flawed because they did not use enough different TLDs 
that have different patterns of disclosing data. They used one thin gTLD 
registry (COM), two thick gTLDs (INFO and ORG); and DE, which does not 
display the registrant or admin contact data on port 43 (but does 
display tech and billing contacts, and most commonly the tech contact is 
the same as the registrant/admin). It appears (although I did not see it 
specified one way or the other) that they used the same address for all 
of the contacts for a given domain. That would also have been an 
interesting thing to diversify and compare the results.

That said, I do find it interesting that SSAC's study showed the 
anti-spam effectiveness of privacy registrations and reasonable 
restrictions on data access.

It would be a productive use of time for this study to be repeated, 
particularly given the ongoing discussion of which bits of whois data 
should appear where.

Doug

More information about the dns-operations mailing list