Re: [DNSOP] DNSOP Call for Adoption draft-vixie-dns-rpz
Rich Kulawiec <rsk@gsp.org> Mon, 23 January 2017 18:20 UTC
Return-Path: <rsk@gsp.org>
X-Original-To: dnsop@ietfa.amsl.com
Delivered-To: dnsop@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B3FB9129706 for <dnsop@ietfa.amsl.com>; Mon, 23 Jan 2017 10:20:57 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.302
X-Spam-Level:
X-Spam-Status: No, score=-2.302 tagged_above=-999 required=5 tests=[BAYES_40=-0.001, RCVD_IN_DNSWL_MED=-2.3, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id qx8_Df6FlG_f for <dnsop@ietfa.amsl.com>; Mon, 23 Jan 2017 10:20:55 -0800 (PST)
Received: from taos.firemountain.net (taos.firemountain.net [207.114.3.54]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 4AB741296FD for <dnsop@ietf.org>; Mon, 23 Jan 2017 10:20:55 -0800 (PST)
Received: from gsp.org (localhost [127.0.0.1]) by taos.firemountain.net (8.15.1/8.14.9) with SMTP id v0NIKroF008196 for <dnsop@ietf.org>; Mon, 23 Jan 2017 13:20:54 -0500 (EST)
Date: Mon, 23 Jan 2017 13:20:52 -0500
From: Rich Kulawiec <rsk@gsp.org>
To: dnsop@ietf.org
Message-ID: <20170123182052.GA12543@gsp.org>
References: <CADyWQ+ETSd199ok0fgh=PB=--hW7buPgSoCg22aK51Bk4xxBmw@mail.gmail.com> <CAHw9_iJGXvep1EvnrMqb-XsWre4c3msVs+Bw8gE-_oU3eqOXag@mail.gmail.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Disposition: inline
In-Reply-To: <CAHw9_iJGXvep1EvnrMqb-XsWre4c3msVs+Bw8gE-_oU3eqOXag@mail.gmail.com>
User-Agent: Mutt/1.5.23 (2014-03-12)
Archived-At: <https://mailarchive.ietf.org/arch/msg/dnsop/HCQQrW3Uqvz9fkcGVmwxlO53DfE>
Subject: Re: [DNSOP] DNSOP Call for Adoption draft-vixie-dns-rpz
X-BeenThere: dnsop@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnsop>, <mailto:dnsop-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dnsop/>
List-Post: <mailto:dnsop@ietf.org>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 23 Jan 2017 18:20:58 -0000
I've been following this discussion and have taken a few weeks to think about the comments rendered here in some depth. I find that I most agree with this statement: On Tue, Dec 20, 2016 at 10:53:39PM +0000, Warren Kumari wrote: > I believe that RPZ (and the DNS lies which it creates) is evil -- > unfortunately we live in a world where this is a necessary evil. I started studying the use of domains by spammers 15 years ago. I expanded that study to phishers, typosquatters, domaineers, malware distributors, etc. as it became excruciatingly clear that these are quite often the same people or operations. (See "Sanford Wallace" for one of the canonical examples.) It's become clear to me that most Internet domains are malicious. In the new TLDs, "most" asymptotically approaches "all". ( If anyone doubts this, and you shouldn't unless you've done your own homework, I'll be happy to show you some sample data. Or you can spend your morning coffee time for the next week idly perusing new additions to zone files at https://domainpunch.com/tlds/daily.php and get the flavor of it for yourself. Popular this month: domains being used by boiler room fake technical support operations who make phone calls designed to convince users to handle over control of their systems. They're being registered much faster than I can track them. [1] ) This shouldn't surprise anyone who has even dabbled in the area. Abusers register domains by the tens or hundreds of thousands, burn through them, then register more. Registrars are happy to have high-volume repeat customers, so while they may make a pretense of responsibility by suspending a domain here or there, these are meaningless gestures designed to placate complainers and support maintenance of a facade of responsibility. And in the extremely rare cases where registrars fire a client, there are plenty of others ready to welcome them with open arms. The situation is so bad that I think it's a best practice in mail system operations to block quite a few of the new TLDs outright in MTAs and make exceptions for specific domains if/when the need arises. But even if that's done, it's an insufficient defense mechanism. We need a way to make huge numbers of domains effectively disappear from users' view of the Internet -- and this may be it. I don't like it. This is not the Internet I would have chosen. But I'm not the entity who has allowed registrars to profit handsomely off the Internet's collective misery for a couple of decades, or the entity who handed them a whole new way to do so by unleashing hundreds of TLDs for which there is precisely zero need and precisely zero legitimate purpose, or the entity which let them start obfuscating registration data -- one of the best things that's ever happened to operators of malicious domains. ---rsk [1] Here's a single data point, out of a huge number: http://www.firemountain.net/~rsk/online.txt Those are *some* of the domains registered by one registrant in one TLD in one day. It's thus a speck on a microscopic speck, but I assure you it's representative.
- [DNSOP] DNSOP Call for Adoption draft-vixie-dns-r… tjw ietf
- Re: [DNSOP] DNSOP Call for Adoption draft-vixie-d… Suzanne Woolf
- Re: [DNSOP] DNSOP Call for Adoption draft-vixie-d… Ray Bellis
- Re: [DNSOP] DNSOP Call for Adoption draft-vixie-d… Jim Reid
- Re: [DNSOP] DNSOP Call for Adoption draft-vixie-d… Matthew Pounsett
- Re: [DNSOP] DNSOP Call for Adoption draft-vixie-d… Paul Wouters
- Re: [DNSOP] DNSOP Call for Adoption draft-vixie-d… Allan Liska
- Re: [DNSOP] DNSOP Call for Adoption draft-vixie-d… Paul Hoffman
- Re: [DNSOP] DNSOP Call for Adoption draft-vixie-d… Ray Bellis
- Re: [DNSOP] DNSOP Call for Adoption draft-vixie-d… Tim Wicinski
- Re: [DNSOP] DNSOP Call for Adoption draft-vixie-d… Paul Hoffman
- Re: [DNSOP] DNSOP Call for Adoption draft-vixie-d… Ray Bellis
- Re: [DNSOP] DNSOP Call for Adoption draft-vixie-d… bert hubert
- Re: [DNSOP] DNSOP Call for Adoption draft-vixie-d… Paul Wouters
- Re: [DNSOP] DNSOP Call for Adoption draft-vixie-d… Paul Hoffman
- Re: [DNSOP] DNSOP Call for Adoption draft-vixie-d… Ray Bellis
- Re: [DNSOP] DNSOP Call for Adoption draft-vixie-d… Paul Hoffman
- Re: [DNSOP] DNSOP Call for Adoption draft-vixie-d… Warren Kumari
- Re: [DNSOP] DNSOP Call for Adoption draft-vixie-d… Ralf Weber
- Re: [DNSOP] DNSOP Call for Adoption draft-vixie-d… bert hubert
- Re: [DNSOP] DNSOP Call for Adoption draft-vixie-d… bert hubert
- Re: [DNSOP] DNSOP Call for Adoption draft-vixie-d… william manning
- Re: [DNSOP] DNSOP Call for Adoption draft-vixie-d… Ted Lemon
- [DNSOP] Role of informational RFCs Re: DNSOP Call… Suzanne Woolf
- Re: [DNSOP] DNSOP Call for Adoption draft-vixie-d… sthaug
- Re: [DNSOP] Role of informational RFCs Re: DNSOP … Paul Hoffman
- Re: [DNSOP] DNSOP Call for Adoption draft-vixie-d… Paul Wouters
- Re: [DNSOP] DNSOP Call for Adoption draft-vixie-d… sthaug
- Re: [DNSOP] DNSOP Call for Adoption draft-vixie-d… Matthew Pounsett
- Re: [DNSOP] DNSOP Call for Adoption draft-vixie-d… Ted Lemon
- Re: [DNSOP] DNSOP Call for Adoption draft-vixie-d… Matthew Pounsett
- Re: [DNSOP] DNSOP Call for Adoption draft-vixie-d… Ted Lemon
- Re: [DNSOP] DNSOP Call for Adoption draft-vixie-d… Matthew Pounsett
- Re: [DNSOP] DNSOP Call for Adoption draft-vixie-d… Vernon Schryver
- Re: [DNSOP] DNSOP Call for Adoption draft-vixie-d… Paul Wouters
- Re: [DNSOP] DNSOP Call for Adoption draft-vixie-d… Vernon Schryver
- Re: [DNSOP] DNSOP Call for Adoption draft-vixie-d… Viktor Dukhovni
- Re: [DNSOP] DNSOP Call for Adoption draft-vixie-d… Mark Andrews
- Re: [DNSOP] DNSOP Call for Adoption draft-vixie-d… Robert Edmonds
- Re: [DNSOP] DNSOP Call for Adoption draft-vixie-d… Nolan Berry
- Re: [DNSOP] DNSOP Call for Adoption draft-vixie-d… Stephane Bortzmeyer
- Re: [DNSOP] DNSOP Call for Adoption draft-vixie-d… Stephane Bortzmeyer
- Re: [DNSOP] Role of informational RFCs Re: DNSOP … Stephane Bortzmeyer
- Re: [DNSOP] DNSOP Call for Adoption draft-vixie-d… Ralf Weber
- Re: [DNSOP] DNSOP Call for Adoption draft-vixie-d… Patrik Wallstrom
- Re: [DNSOP] DNSOP Call for Adoption draft-vixie-d… John Levine
- Re: [DNSOP] DNSOP Call for Adoption draft-vixie-d… Ted Lemon
- Re: [DNSOP] DNSOP Call for Adoption draft-vixie-d… Donald Eastlake
- Re: [DNSOP] DNSOP Call for Adoption draft-vixie-d… Scott Schmit
- Re: [DNSOP] DNSOP Call for Adoption draft-vixie-d… John Levine
- Re: [DNSOP] DNSOP Call for Adoption draft-vixie-d… Richard Clayton
- Re: [DNSOP] DNSOP Call for Adoption draft-vixie-d… Scott Schmit
- Re: [DNSOP] DNSOP Call for Adoption draft-vixie-d… John Levine
- Re: [DNSOP] DNSOP Call for Adoption draft-vixie-d… Vernon Schryver
- Re: [DNSOP] DNSOP Call for Adoption draft-vixie-d… william manning
- Re: [DNSOP] DNSOP Call for Adoption draft-vixie-d… Ted Lemon
- Re: [DNSOP] DNSOP Call for Adoption draft-vixie-d… joel jaeggli
- Re: [DNSOP] DNSOP Call for Adoption draft-vixie-d… Viktor Dukhovni
- Re: [DNSOP] DNSOP Call for Adoption draft-vixie-d… Ted Lemon
- Re: [DNSOP] DNSOP Call for Adoption draft-vixie-d… Warren Kumari
- Re: [DNSOP] DNSOP Call for Adoption draft-vixie-d… Mukund Sivaraman
- Re: [DNSOP] DNSOP Call for Adoption draft-vixie-d… Warren Kumari
- Re: [DNSOP] DNSOP Call for Adoption draft-vixie-d… Paul Wouters
- Re: [DNSOP] DNSOP Call for Adoption draft-vixie-d… Vernon Schryver
- Re: [DNSOP] DNSOP Call for Adoption draft-vixie-d… Tony Finch
- Re: [DNSOP] DNSOP Call for Adoption draft-vixie-d… william manning
- Re: [DNSOP] DNSOP Call for Adoption draft-vixie-d… Barry Raveendran Greene
- Re: [DNSOP] DNSOP Call for Adoption draft-vixie-d… Scott Schmit
- Re: [DNSOP] DNSOP Call for Adoption draft-vixie-d… Avri Doria
- Re: [DNSOP] DNSOP Call for Adoption draft-vixie-d… Barry Raveendran Greene
- Re: [DNSOP] DNSOP Call for Adoption draft-vixie-d… Paul Wouters
- Re: [DNSOP] DNSOP Call for Adoption draft-vixie-d… Ted Lemon
- Re: [DNSOP] DNSOP Call for Adoption draft-vixie-d… Paul Wouters
- Re: [DNSOP] DNSOP Call for Adoption draft-vixie-d… Ted Lemon
- Re: [DNSOP] DNSOP Call for Adoption draft-vixie-d… Vernon Schryver
- Re: [DNSOP] DNSOP Call for Adoption draft-vixie-d… Ted Lemon
- Re: [DNSOP] DNSOP Call for Adoption draft-vixie-d… Philip Homburg
- Re: [DNSOP] DNSOP Call for Adoption draft-vixie-d… 神明達哉
- Re: [DNSOP] DNSOP Call for Adoption draft-vixie-d… Vernon Schryver
- Re: [DNSOP] DNSOP Call for Adoption draft-vixie-d… Viktor Dukhovni
- Re: [DNSOP] DNSOP Call for Adoption draft-vixie-d… Philip Homburg
- Re: [DNSOP] DNSOP Call for Adoption draft-vixie-d… Ralf Weber
- Re: [DNSOP] DNSOP Call for Adoption draft-vixie-d… Rich Kulawiec
- Re: [DNSOP] DNSOP Call for Adoption draft-vixie-d… tjw ietf
- Re: [DNSOP] DNSOP Call for Adoption draft-vixie-d… Paul Wouters
- Re: [DNSOP] DNSOP Call for Adoption draft-vixie-d… Warren Kumari
- Re: [DNSOP] DNSOP Call for Adoption draft-vixie-d… Dave Crocker
- Re: [DNSOP] DNSOP Call for Adoption draft-vixie-d… joel jaeggli
- Re: [DNSOP] DNSOP Call for Adoption draft-vixie-d… Paul Wouters
- Re: [DNSOP] DNSOP Call for Adoption draft-vixie-d… Dave Crocker
- Re: [DNSOP] DNSOP Call for Adoption draft-vixie-d… william manning
- Re: [DNSOP] DNSOP Call for Adoption draft-vixie-d… Ray Bellis
- Re: [DNSOP] DNSOP Call for Adoption draft-vixie-d… Andrew Sullivan
- Re: [DNSOP] DNSOP Call for Adoption draft-vixie-d… Paul Wouters
- Re: [DNSOP] DNSOP Call for Adoption draft-vixie-d… Suzanne Woolf
- Re: [DNSOP] DNSOP Call for Adoption draft-vixie-d… Mukund Sivaraman
- Re: [DNSOP] DNSOP Call for Adoption draft-vixie-d… Dave Crocker
- Re: [DNSOP] DNSOP Call for Adoption draft-vixie-d… Paul Wouters
- Re: [DNSOP] DNSOP Call for Adoption draft-vixie-d… Paul Hoffman
- Re: [DNSOP] DNSOP Call for Adoption draft-vixie-d… Dave Crocker
- Re: [DNSOP] DNSOP Call for Adoption draft-vixie-d… Petr Špaček
- Re: [DNSOP] DNSOP Call for Adoption draft-vixie-d… Dave Crocker
- Re: [DNSOP] DNSOP Call for Adoption draft-vixie-d… Barry Raveendran Greene
- Re: [DNSOP] DNSOP Call for Adoption draft-vixie-d… Viktor Dukhovni
- Re: [DNSOP] DNSOP Call for Adoption draft-vixie-d… Melinda Shore
- Re: [DNSOP] DNSOP Call for Adoption draft-vixie-d… Dave Crocker
- Re: [DNSOP] DNSOP Call for Adoption draft-vixie-d… Dave Crocker
- Re: [DNSOP] DNSOP Call for Adoption draft-vixie-d… Doug Barton
- Re: [DNSOP] DNSOP Call for Adoption draft-vixie-d… Mark Andrews
- Re: [DNSOP] DNSOP Call for Adoption draft-vixie-d… Barry Raveendran Greene
- Re: [DNSOP] DNSOP Call for Adoption draft-vixie-d… Vernon Schryver
- Re: [DNSOP] DNSOP Call for Adoption draft-vixie-d… Vernon Schryver