[dns-operations] [Ext] Re: Denying Whois DB by GeoIP

Mark Andrews marka at isc.org
Tue Jun 13 01:24:17 UTC 2017 

Well when you start with a broken definition of what is spam with
respect to whois email you can't get valid results.

	We classify incoming email either as solicited or spam,
	using the definition of spam in [24]. In short, an email
	is classified as spam if (i) it is unsolicited, and (ii)
	the recipient has not provided an explicit consent to receive
	such email. For this experiment, this means that all incoming
	email is treated as spam, except when it originates from
	the associated registrars (e.g., for billing).

Whois contact fields have always been about providing mechanisms
to report operational problems related to the domain / address
block.  Consent is always implicitly there for communications related
to those reasons and does not require explict consent.

The report also failed to look at whois as it relates to address
blocks and AS contacts.

In message <zx7vKBF$fmPZFAS3 at highwayman.com>, Richard Clayton writes:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
> 
> In message <e7522cd4160c4c71996b0acf8c0a4fd2 at PMBX112-W1-CA-
> 1.PEXCH112.ICANN.ORG>, Leo Vegoda <leo.vegoda at icann.org> writes
> 
> >Doug Barton wrote:
> >
> >[...]
> >
> >> You might also consider the decades of research that has
> >> gone into demonstrating that spammers don't bother
> >> harvesting e-mail address from whois data.
> >
> >Adding to all the anecdata, the only research I am aware of on this topic 
> >concluded that spammer do harvest e-mail addresses from whois records:
> >
> >https://www.icann.org/resources/pages/sac-023-2012-02-25-en
> >
> >Maybe things have changed since 2007. But I doubt it.
> 
> everything changes...
> 
> ... but here's an academic write-up of the work that Leontiadis &
> Christin did for ICANN in 2013 alongside the report I did on privacy and
> proxy registrations (the L&C document presumably also exists as an ICANN
> document, but my Google-fu doesn't immediately find that version).
> 
> They were interested not just in spam but snail mail "invoices" as
> well...
> 
> https://www.andrew.cmu.edu/user/nicolasc/publications/LC-ESORICS14.pdf
> 
> Abstract: WHOIS is a publicly-accessible online directory used to map
> domain names to the contact information of the people who registered
> them (registrants). Regrettably, registrants have anecdotally complained
> about their WHOIS information being misused, e.g., for spam, while there
> is also concrete evidence that maliciously registered domains often map
> to bogus or protected information. All of this has brought into question
> whether WHOIS is still needed. In this study, we empirically assess
> which factors, if any, lead to a measurable degree of misuse of WHOIS
> data. We register 400 domains spread over the five most popular global
> top level domains (gTLD), using unique artificial registrant identities
> linked to email addresses, postal addresses, and phone numbers under our
> control. We collect, over six months, instances of misuse targeting our
> artificial registrants, revealing quantitative insights on both the
> extent and the factors (gTLD, domain type, presence of anti-harvesting
> mechanisms) that appear to have statistically-significant impact on
> WHOIS misuse.
> 
> - -- 
> Dr Richard Clayton                               <richard.clayton at cl.cam.ac.u
> k>
> Director, Cambridge Cybercrime Centre                mobile: +44 (0)7887 7940
> 90
> Computer Laboratory, University of Cambridge, CB3 0FD   tel: +44 (0)1223 7635
> 70
> 
> -----BEGIN PGP SIGNATURE-----
> Version: PGPsdk version 1.7.1
> 
> iQA/AwUBWT5n/zu8z1Kouez7EQINMwCfZtY37ZfL7B5yqEqPi2wvtWVgoSAAnA7P
> 5qh12Ybk2yHLurjsheBzbxtZ
> =RB9q
> -----END PGP SIGNATURE-----
> _______________________________________________
> dns-operations mailing list
> dns-operations at lists.dns-oarc.net
> https://lists.dns-oarc.net/mailman/listinfo/dns-operations
> dns-operations mailing list
> https://lists.dns-oarc.net/mailman/listinfo/dns-operations
-- 
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742                 INTERNET: marka at isc.org

More information about the dns-operations mailing list