[UA-discuss] Email from new domains going to Junk (was: Requesting a contact from outlook/hotmail)

[Mark Svancarek (CELA)]

Jothan, thanks, I was wondering about something like RPZ and good to know that it already exists.  This is interesting to multiple areas of my new role (UASG and RDS).  Are you or Cole attending this?


From: Jothan Frakes <jothan at jothan.com>
Sent: Thursday, August 2, 2018 17:36
To: John Levine <john.levine at standcore.com>
Cc: Mark Svancarek (CELA) <marksv at microsoft.com>; ua-discuss at icann.org
Subject: Re: [UA-discuss] Email from new domains going to Junk (was: Requesting a contact from outlook/hotmail)

Have you heard of RPZ?  The TL;DR on RPZ is that the concept of things like Spamhaus RBL blacklisting to quickly resolve SPAM is going to start expanding into DNS so it is domain (or potentially TLD) based and not protocol-specific

Paul Vixie from Farsight will be speaking at MERGE about RPZ - many of you have the privilege of knowing him and his many contributions to the stability and security of the Internet

https://mergeorlando2018.sched.com/event/FXXd/takedown-vs-staydown-for-internet-identifiers-the-dns-rpz-firewall-approach<https://na01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fmergeorlando2018.sched.com%2Fevent%2FFXXd%2Ftakedown-vs-staydown-for-internet-identifiers-the-dns-rpz-firewall-approach&data=02%7C01%7Cmarksv%40microsoft.com%7Ca5338ce922814ab08ebd08d5f8d925ba%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C636688533884906155&sdata=VnRV7yVzNN6gsWRGtur6nj%2Fjf4GBYOgepxuQho6R4jI%3D&reserved=0>

This is something that a network administrator can institute at its perimeter nameservers / firewall, but that dominion can be a nation or a large ISP just as easily as a company.

RPZ is worth some awareness within UASG as it may impact domain names from resolving everywhere immediately that are first activating because RPZ intentionally creates a delay (I am oversimplifying this)

The delay is involved intentionally to counter fast-flux or fluid-instant registrations often seen in command and control networks, and there are some exceptions and tuning that can happen.

-J

Jothan Frakes
Tel: +1.206-355-0230

On Thu, Aug 2, 2018 at 5:07 PM, John Levine <john.levine at standcore.com<mailto:john.levine at standcore.com>> wrote:
I can conceive of a scenario where every instance of a particular IOT device receives a unique domain name in the same way it receives a MAC address and unique serial number; the domain name could in fact be its serial number.  That would be a legit example for bulk acquisition of domain names.

Of course every device has its own name, but nobody in their right mind
would buy them one at a time from a TLD registry.

For a whole lot of domain names, see https://wild.web.sp.am<https://na01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwild.web.sp.am&data=02%7C01%7Cmarksv%40microsoft.com%7Ca5338ce922814ab08ebd08d5f8d925ba%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C636688533885062406&sdata=PwTZnZh3175hVDAXddeFnqS7%2Fhh96NA%2FbEJPyw1gHxw%3D&reserved=0>, click on a few links, and look at the domain names.  If you followed the links long enough you'd find roughly 2 billion different names.

Regards,
John Levine, john.levine at standcore.com<mailto:john.levine at standcore.com>
Standcore LLC

PS: When I first set up that site, it broke the Bingbot.  After alerting one of your colleagues to the problem, who told me that it led to some very loud conversations down the hall, Bing now knows enough to stay away but I have a log file with 6 million entries from people who don't.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mm.icann.org/pipermail/ua-discuss/attachments/20180815/4b9611a6/attachment.html>