[registrars] tracking spammers

Rick Wesson wessorh at ar.com
Wed Jan 24 00:22:24 UTC 2007 

to be utterly clear

   1) I'm not building a blacklist
   2) I'm not suggesting any name servers be blacklisted.


-rick


Paul Stahura wrote:
> yes, otherwise a spam with "www.ar.com" in the body would trigger not
> just blacklist of ar.com (which may or may not be correct action) but
> also all names using NS1.AR.COM and NS2.AR.COM for name servers.  
> 
> -----Original Message-----
> From: Mark Jeftovic [mailto:markjr at easydns.com] 
> Sent: Tuesday, January 23, 2007 10:55 AM
> To: Rob Hall
> Cc: Rick Wesson; Registrars Constituency
> Subject: Re: [registrars] tracking spammers
> 
> 
> Right,
> 
> I meant auto-generated reports broken down by nameserver, NOT 
> auto-adding to RBLs
> 
> Rick should be familiar with what I meant, we get similar lists of 
> botnet controllers, malware domains, etc to the dnsbl project list
> 
> Rob Hall wrote:
>> Rick,
>>
>> It is one thing to break the report down for us.  It would be quite
>> another for you to file it with any RBL lists.  I would prefer you
> give
>> it to us and let us deal with it.  I think Mark was suggesting that
> you
>> start auto-reporting.
>>
>> And I think overall it is a step in the right direction.  I know we
> will
>> be in touch.
>>
>> Rob.
>>
>> -----Original Message-----
>> From: Rick Wesson [mailto:wessorh at ar.com] 
>> Sent: Tuesday, January 23, 2007 1:46 PM
>> To: Rob Hall
>> Cc: Registrars Constituency; galvin+dnssac at elistx.com
>> Subject: Re: [registrars] tracking spammers
>>
>> rob,
>>
>> I've already got one request to break the report out by name servers
> so
>> registrars can understand whose infrastructure is at risk.
>>
>> really, i hope this kind of thing helps registrars and the industry at
>> large.
>>
>>
>> -rick
>>
>>
>> Rob Hall wrote:
>>
>>> Uh, no.
>>>
>>> I would rather have the list and cut off the domain, than have our
>>> entire DNS infrastructure blacklisted automatically.
>>>
>>> I bet most of the spammers are using the Registrars DNS
>> infrastructure.
>>
>>> Better to deal with it on a domain level and quickly.
>>>
>>> Sounds like a great service Rick
>>>
>>> Rob.
>>>
>>> -----Original Message-----
>>> From: owner-registrars at gnso.icann.org
>>> [mailto:owner-registrars at gnso.icann.org] On Behalf Of Mark Jeftovic
>>> Sent: Tuesday, January 23, 2007 1:23 PM
>>> To: Rick Wesson
>>> Cc: Registrars Constituency; galvin+dnssac at elistx.com
>>> Subject: Re: [registrars] tracking spammers
>>>
>>> We'll take a copy Rick.
>>>
>>> Is it possible to break it down by nameserver as well? THat way you 
>>> could file reports to dnsbl for the major DNS suppliers similar to the
>>
>>> malware domain reports we get.
>>>
>>> -mark
>>>
>>> Rick Wesson wrote:
>>>
>>>> Registrars:
>>>>
>>>> Its 2007 and SPAM/UCE continues to plague the Internet at large. I am
>>>> offering other Registrars the capability to understand which of their
>>>> registrants are abusing net network. Often these same users defraud
>>>> registrars and cause other resource issues within other registrars or
>>>> hosting providers.
>>>>
>>>> I can produce daily reports of spamvertized domains registered at
>> your
>>
>>>> registrar. Often these domains are used in Phishing or in the
>>>> monetization of SPAM and UCE.
>>>>
>>>> If you would like a report of domains registered by your registrar
>>> drop
>>>
>>>> me a note and I'll produce reports for your abuse department.
>>>>
>>>> Currently we are tracking around 39,000 domains for the past week
>>>> involving some 211 registrars.
>>>>
>>>> Currently there is no charge for this service and it is offered to
>>>> assist registrars in their efforts to end abuse of the DNS system.
>>>>
>>>>
>>>> best,
>>>>
>>>> -rick
>>>>
>>
>

More information about the registrars mailing list