<div dir="ltr">And a reverse search on the email and fake identity yields 270 domains! All of which can be blocked before any spam is sent, and any future domains with those same details can be blocked as well.<div><br></div><div>And all of this analysis can be done without having to get a judge's order in the country "1 HOST RUSSIA, INC" is in. How likely do you think that a Russian judge would grant an order to disclose the information needed to do this same analysis?</div><div><br></div></div><div class="gmail_extra"><br><div class="gmail_quote">On Thu, Jun 1, 2017 at 1:45 PM, Michael Peddemors <span dir="ltr"><<a href="mailto:michael@linuxmagic.com" target="_blank">michael@linuxmagic.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">When it comes to addressing 'thin' or 'thick' data, it helps to have an example of what kinds of data are valuable, and whether a 'specific' part of the data is important/invaluable to the community at large.. vs any privacy implications, and as already mentioned now several times, the personal information issue should be able to be addressed with simple 'informed consent' that the data is being made available..<br>
<br>
108.170.9.82 (M) 5 <a href="http://protecting.qlive.us" rel="noreferrer" target="_blank">protecting.qlive.us</a><br>
108.170.9.84 (M) 4 <a href="http://fortnight.catau.us" rel="noreferrer" target="_blank">fortnight.catau.us</a><br>
108.170.9.85 (M) 6 <a href="http://fancy.showsdepositplan.us" rel="noreferrer" target="_blank">fancy.showsdepositplan.us</a><br>
108.170.9.87 (M) 4 <a href="http://childhood.thesecarwarranty.us" rel="noreferrer" target="_blank">childhood.thesecarwarranty.us</a><br>
108.170.9.88 (M) 4 <a href="http://sweating.samplehairgrowth.us" rel="noreferrer" target="_blank">sweating.samplehairgrowth.us</a><br>
108.170.9.90 (M) 4 <a href="http://resignation.hirio.us" rel="noreferrer" target="_blank">resignation.hirio.us</a><br>
184.95.36.99 44 <a href="http://nowhere.yesfrenchwineflatbelly.us" rel="noreferrer" target="_blank">nowhere.yesfrenchwineflatbelly<wbr>.us</a><br>
184.95.36.100 33 <a href="http://vertical.bidea.us" rel="noreferrer" target="_blank">vertical.bidea.us</a><br>
184.95.36.101 41 <a href="http://relevance.indeednerverenew.us" rel="noreferrer" target="_blank">relevance.indeednerverenew.us</a><br>
184.95.36.102 15 <a href="http://decrease.iflifeinsurance.us" rel="noreferrer" target="_blank">decrease.iflifeinsurance.us</a><br>
192.3.137.211 (M) 8 <a href="http://talent.soldtimesharefrom.us" rel="noreferrer" target="_blank">talent.soldtimesharefrom.us</a><br>
192.3.137.212 (M) 12 <a href="http://global.reliefnervepainwith.us" rel="noreferrer" target="_blank">global.reliefnervepainwith.us</a><br>
192.3.137.213 (M) 7 <a href="http://steal.memoryfixgoodmini.us" rel="noreferrer" target="_blank">steal.memoryfixgoodmini.us</a><br>
192.3.137.214 (M) 8 <a href="http://show.viewautowarrantythat.us" rel="noreferrer" target="_blank">show.viewautowarrantythat.us</a><br>
192.3.137.215 (M) 7 <a href="http://culture.catho.us" rel="noreferrer" target="_blank">culture.catho.us</a><br>
192.3.137.216 (M) 9 <a href="http://reverse.oueme.us" rel="noreferrer" target="_blank">reverse.oueme.us</a><br>
192.3.137.217 (M) 5 <a href="http://include.causewineflattummy.us" rel="noreferrer" target="_blank">include.causewineflattummy.us</a><br>
192.3.137.218 (M) 8 <a href="http://pour.provedshepardweightloss.us" rel="noreferrer" target="_blank">pour.provedshepardweightloss.u<wbr>s</a><br>
192.3.137.219 (M) 11 <a href="http://looks.ylame.us" rel="noreferrer" target="_blank">looks.ylame.us</a><br>
192.3.137.220 (M) 32 <a href="http://forward.exactlymiracleoil.us" rel="noreferrer" target="_blank">forward.exactlymiracleoil.us</a><br>
192.3.137.221 (M) 37 <a href="http://sidesbrainboosters.us" rel="noreferrer" target="_blank">sidesbrainboosters.us</a><br>
192.3.137.222 (M) 35 <a href="http://ballet.bsume.us" rel="noreferrer" target="_blank">ballet.bsume.us</a><br>
<br>
<br>
Example, our spam auditors received reports of 'snowshoe' spammers over night from the following domains:<br>
<br>
<br>
While 'whois' information is not really standardized of course, but lets look at it from the perspective of what this registrar provides, and discuss the information that is valuable..<br>
<br>
Domain Name: <a href="http://QLIVE.US" rel="noreferrer" target="_blank">QLIVE.US</a><br>
^^^^^ Of course..<br>
Domain ID: D59983383-US<br>
Sponsoring Registrar: NAMECHEAP, INC.<br>
^^^^^ Some registrars have different reputation<br>
Sponsoring Registrar IANA ID: 1068<br>
Registrar URL (registration services): <a href="http://www.namecheap.com" rel="noreferrer" target="_blank">http://www.namecheap.com</a><br>
Domain Status: clientTransferProhibited<br>
Registrant ID: T112TZREYY9QGXNM<br>
Registrant Name: Ancell Powls<br>
^^^^^^ For comparison against other domains..<br>
We 'could' use a simple label, but that doesn't work across registrars<br>
Registrant Address1: 23 Main St<br>
Registrant Address2: P.O. Box 2033<br>
^^^^^^^ Use of a PO Box, and for comparison against other actors with similar/same information<br>
Registrant City: Symington<br>
^^^^^^^ Is the same city used?<br>
Registrant State/Province: Biggar<br>
^^^^^^^ Same province?<br>
Registrant Postal Code: ML12 6LJ<br>
^^^^^^^ Same Postal?<br>
Registrant Country: UNITED KINGDOM<br>
^^^^^^^ Same Country<br>
Registrant Country Code: GB<br>
Registrant Phone Number: <a href="tel:%2B44.3457220123" value="+443457220123" target="_blank">+44.3457220123</a><br>
^^^^^^^^ Is it valid, and conform to the specified geographical location<br>
Registrant Email: <a href="mailto:ancellpowls7627997@aol.com" target="_blank">ancellpowls7627997@aol.com</a><br>
^^^^^^^^^ FreeEmail provider, throwaway address<br>
Registrant Application Purpose: P1<br>
Registrant Nexus Category: C11<br>
Administrative Contact ID: K2GPWOMDZJLH056R<br>
Administrative Contact Name: Ancell Powls<br>
^^^^^^^^^ Similar reason for all administrative contact information<br>
and compared against the registrant data<br>
<clipped><br>
Billing Contact ID: WDKK5ZI9VTLK5GI6<br>
Billing Contact Name: Ancell Powls<br>
^^^^^^^^^ Similar reason for all administrative contact information<br>
and compared against the registrant data<br>
<clipped><br>
Technical Contact ID: UCTFQMK8L13PWK4A<br>
Technical Contact Name: Ancell Powls<br>
^^^^^^^^^ Similar reason for all administrative contact information<br>
and compared against the registrant data<br>
<clipped><br>
Name Server: <a href="http://JOSH.NS.CLOUDFLARE.COM" rel="noreferrer" target="_blank">JOSH.NS.CLOUDFLARE.COM</a><br>
Name Server: <a href="http://IRIS.NS.CLOUDFLARE.COM" rel="noreferrer" target="_blank">IRIS.NS.CLOUDFLARE.COM</a><br>
^^^^^^^^^ Which name servers do they use? Are they common across domains?<br>
Some name servers might even be a preferred method ..<br>
Created by Registrar: NAMECHEAP, INC.<br>
Last Updated by Registrar: NAMECHEAP, INC.<br>
<br>
Domain Registration Date: Thu Jun 01 05:45:30 GMT 2017<br>
^^^^^^^^^^ Obvious, newly created.. and only an automated script can generate email under that domain that fast..<br>
Domain Expiration Date: Thu May 31 23:59:59 GMT 2018<br>
Domain Last Updated Date: Thu Jun 01 07:24:28 GMT 2017<br>
^^^^^^^^^^^<br>
DNSSEC: false<br>
^^^^^^^^^^^ Don't really care ;)<br>
<br>
We also like to compare against the 'rwhois' data.. same guy operate the IP(s)?<br>
<br>
network:Network-Name:Private<br>
network:IP-Network:<a href="http://108.170.9.80/28" rel="noreferrer" target="_blank">108.170.9.8<wbr>0/28</a><br>
network:IP-Network-Block:108.1<wbr>70.9.80 - 108.170.9.95<br>
network:Org-Name:AndreAgoncill<wbr>o<br>
network:Street-Address:#10 Rizal Street<br>
network:City:La Carlota City<br>
network:State:XX<br>
network:Postal-Code:6130<br>
network:Country-Code:PH<br>
<br>
Gives an indication of whether using a 3rd party..<br>
<br>
NetRange: 192.3.137.208 - 192.3.137.223<br>
CIDR: <a href="http://192.3.137.208/28" rel="noreferrer" target="_blank">192.3.137.208/28</a><br>
NetName: CC-192-3-137-208-28<br>
NetHandle: NET-192-3-137-208-1<br>
Parent: CC-15 (NET-192-3-0-0-1)<br>
NetType: Reallocated<br>
OriginAS: AS36352<br>
Organization: Hudson Valley Host (HVH-9)<br>
RegDate: 2017-03-06<br>
Updated: 2017-03-06<br>
Ref: <a href="https://whois.arin.net/rest/net/NET-192-3-137-208-1" rel="noreferrer" target="_blank">https://whois.arin.net/rest/ne<wbr>t/NET-192-3-137-208-1</a><br>
<br>
(that is simply bad information, known snowshoe haven, colocrossing)<br>
<br>
<br>
<br>
-- <br>
"Catch the Magic of Linux..."<br>
------------------------------<wbr>------------------------------<wbr>------------<br>
Michael Peddemors, President/CEO LinuxMagic Inc.<br>
Visit us at <a href="http://www.linuxmagic.com" rel="noreferrer" target="_blank">http://www.linuxmagic.com</a> @linuxmagic<br>
------------------------------<wbr>------------------------------<wbr>------------<br>
A Wizard IT Company - For More Info <a href="http://www.wizard.ca" rel="noreferrer" target="_blank">http://www.wizard.ca</a><br>
"LinuxMagic" a Registered TradeMark of Wizard Tower TechnoServices Ltd.<br>
------------------------------<wbr>------------------------------<wbr>------------<br>
<a href="tel:604-682-0300" value="+16046820300" target="_blank">604-682-0300</a> Beautiful British Columbia, Canada<br>
<br>
This email and any electronic data contained are confidential and intended<br>
solely for the use of the individual or entity to which they are addressed.<br>
Please note that any views or opinions presented in this email are solely<br>
those of the author and are not intended to represent those of the company.<br>
<br>
______________________________<wbr>_________________<br>
gnso-rds-pdp-wg mailing list<br>
<a href="mailto:gnso-rds-pdp-wg@icann.org" target="_blank">gnso-rds-pdp-wg@icann.org</a><br>
<a href="https://mm.icann.org/mailman/listinfo/gnso-rds-pdp-wg" rel="noreferrer" target="_blank">https://mm.icann.org/mailman/l<wbr>istinfo/gnso-rds-pdp-wg</a><br>
</blockquote></div><br><br clear="all"><div><br></div>-- <br><div class="gmail_signature" data-smartmail="gmail_signature">_________________________________<br>Note to self: Pillage BEFORE burning.</div>
</div>