I've been following this discussion and have taken a few weeks to think about the comments rendered here in some depth. I find that I most agree with this statement:
On Tue, Dec 20, 2016 at 10:53:39PM +0000, Warren Kumari wrote: > I believe that RPZ (and the DNS lies which it creates) is evil -- > unfortunately we live in a world where this is a necessary evil. I started studying the use of domains by spammers 15 years ago. I expanded that study to phishers, typosquatters, domaineers, malware distributors, etc. as it became excruciatingly clear that these are quite often the same people or operations. (See "Sanford Wallace" for one of the canonical examples.) It's become clear to me that most Internet domains are malicious. In the new TLDs, "most" asymptotically approaches "all". ( If anyone doubts this, and you shouldn't unless you've done your own homework, I'll be happy to show you some sample data. Or you can spend your morning coffee time for the next week idly perusing new additions to zone files at https://domainpunch.com/tlds/daily.php and get the flavor of it for yourself. Popular this month: domains being used by boiler room fake technical support operations who make phone calls designed to convince users to handle over control of their systems. They're being registered much faster than I can track them. [1] ) This shouldn't surprise anyone who has even dabbled in the area. Abusers register domains by the tens or hundreds of thousands, burn through them, then register more. Registrars are happy to have high-volume repeat customers, so while they may make a pretense of responsibility by suspending a domain here or there, these are meaningless gestures designed to placate complainers and support maintenance of a facade of responsibility. And in the extremely rare cases where registrars fire a client, there are plenty of others ready to welcome them with open arms. The situation is so bad that I think it's a best practice in mail system operations to block quite a few of the new TLDs outright in MTAs and make exceptions for specific domains if/when the need arises. But even if that's done, it's an insufficient defense mechanism. We need a way to make huge numbers of domains effectively disappear from users' view of the Internet -- and this may be it. I don't like it. This is not the Internet I would have chosen. But I'm not the entity who has allowed registrars to profit handsomely off the Internet's collective misery for a couple of decades, or the entity who handed them a whole new way to do so by unleashing hundreds of TLDs for which there is precisely zero need and precisely zero legitimate purpose, or the entity which let them start obfuscating registration data -- one of the best things that's ever happened to operators of malicious domains. ---rsk [1] Here's a single data point, out of a huge number: http://www.firemountain.net/~rsk/online.txt Those are *some* of the domains registered by one registrant in one TLD in one day. It's thus a speck on a microscopic speck, but I assure you it's representative. _______________________________________________ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop
