(picking up where I ejected on the email...argh) On Sat, Jun 28, 2008 at 12:19 AM, Christopher Morrow <[EMAIL PROTECTED]> wrote: > On Fri, Jun 27, 2008 at 11:13 PM, Tomas L. Byrnes <[EMAIL PROTECTED]> wrote: >> These issues are not separate and distinct, but rather related. >> >> A graduated level of analysis of membership in any of the sets of: >> >> 1: Recently registered domain. >> > > hi, I just registered 'newproduct.com' for my press release, I'm > sending you emails from that domain since you signed up with my > company for new news alerts abotu my great products! > >> 2: Short TTL >> > > I'm anticipating high traffic loads, I'm putting my pressrelease > things on akamai/llnw, I want to shift that away quickly when traffic > levels decrease. I made my ttl's short, for that, plus akamai sets my > ttl's on their responses to 5mins. > >> 3: Appearance in DShield, Shadowserver, Cyber-TA and other sensor lists. >> > > sure, these are fine folks... they get things wring at times :( > >> 4: Invalid/Non-responsive RP info in Whois >> > > oh, whois isn't updated with NS info updates... so for 6-12 hours that > data's not going to reflect 'valid' info while I send out my > notifications. > >> Create a pretty good profile of someone you probably don't want to >> accept traffic from. >> > > I agree that correlation across many forms of intell gathering is > good, and probably the way out for folks on the good side of this > battle. My point was that tossing FUD on top of the 'icann made a > mistake, maybe' isn't helping the argument nor discussion. > > There should be some work, and maybe there is work happening on this, > done to bring ICANN policies up to speed with respect to dealing with: > 1) domain owners who have invalid (chronically bad) info > 2) registrars who seem to solely
solely registering bad/criminal/abusive domains... -chris
