<<<
Chronological Index
>>> <<<
Thread Index
>>>
RE: [nc-whois] WHOIS and SPAM - survey show no connection
Title: Message
Marilyn,
Good to hear from you. We'll be glad
to interact with the TF. Ram Mohan is also a member of both the TF and our
committee, and he's volunteered to be a bridge as well. (I've cc'd him
explicitly on this message, which presumably means he'll get three
copies!)
In addition to Philip Sheppard's note citing
the FTC that indicates the whois database is not a primary source of email
addresses for spammers, we're also getting email from others indicating the
opposite. This obviously bears further study. My own experience
suggests email addresses are indeed collected from the whois database. I
get a fair amount of mail addressed to hostmaster@<domainname> for one of
my domains, and there is absolutely *no* instance of that email address being
used in any other context.
To press the point a bit further, it seems
to me there are two parts to this puzzle, one based in fact and one based in
policy. The factual question is whether the whois database does, in fact,
get used for gather email addresses for spam. As I said, we're getting a
range of opinions on this, but I expect we'll be able to get a reasonably good
handle on this after a while. The policy question is whether the whois
database is required to be publicly accessible as a whole. I consider it a
separate question as to whether individual entries should be accessible and to
whom. The issue for this discussion is whether an entire whois database
should be made available. If so, that's an exposure that needs to be
understood and made known to everyone who places an entry into the
database.
Let me also note that a related issue has
come up with respect to the DNS database, and that some have raised a concern
that the combination of the DNS database and the whois database results in a
considerable amount of information which can be exploited for commercial
purposes.
Thanks,
Steve
Steve, on behalf of Tony Harris and myself
as co-chairs, we will discuss an invitation to the committee to talk with the
TF. In the meantime, perhaps we could all be thinking about how best to ensure
cross communication between the Advisory Committee and the TF as you receive
comments.
Regards, Marilyn Cade
Steve, interesting to read the Security and Stability
Advisory Committee recommendation on Whois. In relation to privacy you
state: "it is widely believed that Whois data is a source of e-mail
addresses for the distribution of spam". This may be a wide belief but
empirical evidence from the US Federal Trade Commission tells us
otherwise. See the last sentence of the note below in
particular.
Philip
------------------
To find out which
fields spammers consider most fertile for harvesting, investigators "seeded"
175 different locations on the Internet with 250 new, undercover email
addresses. The locations included web pages, newsgroups, chat rooms, message
boards, and online directories for web pages, instant message users, domain
names, resumes, and dating services. During the six weeks after the
postings, the accounts received 3,349 spam emails. The investigators found
that:
- 86 percent of the addresses posted to web pages
received spam. It didn't matter where the addresses were posted on the
page: if the address had the "@" sign in it, it drew spam.
- 86 percent of the addresses posted to newsgroups
received spam.
- Chat rooms are virtual magnets for harvesting
software. One address posted in a chat room received spam nine minutes
after it first was used.
Addresses posted in other areas on the Internet received
less spam, the investigators found. Half the addresses posted on free
personal web page services received spam, as did 27 percent of addresses
posted to message boards and nine percent of addresses listed in email
service directories. Addresses posted in instant message service user
profiles, "Whois" domain name registries, online resume
services, and online dating services did not receive any spam during the six
weeks of the investigation.
<<<
Chronological Index
>>> <<<
Thread Index
>>>
|