18 Sep 22:36
VeriSign's SiteFinder & Britain Bungles Anti-spam Law
Pete Stephenson <pete <at> heypete.com>
2003-09-18 20:36:25 GMT
2003-09-18 20:36:25 GMT
SpamCop Digest 18 September 2003 * VeriSign's Sitefinder * Britian Bungles Anti-spam Law * Request from the author. ----------------------------------- * VeriSign's SiteFinder http://sitefinder.verisign.com/index.jsp VeriSign Naming and Directory Services, the company responsible for maintaining the root DNS registry and provisioning the .com and .net domain names, has decided that merely running the registry (and owning Network Solutions, a registrar of domain names) was no longer enough. Instead, they decided that since they maintain the root DNS system, they could direct *.com and *.net to their own system called SiteFinder (the URL of which is included above). This means that when a user enters a domain name that does not exist, instead of getting an error message that says "Error: Host Not Found" (which might not mean much for the average user, but at least they know something's wrong), they will be directed to VeriSign's website. Similarly, if someone attempts to send mail to a nonexistent domain, it will be directed to VeriSign's mailserver (which currently rejects all messages, though logs and statistics are likely to be kept...and what's to prevent them from collecting email addresses?). Other domain registrars must register domains individually (and pay $6/year to VeriSign NDS per domain. Some individuals and companies have found it rather lucrative to have permutations of common websites (i.e. http://www.goggle.com/ is a permutation of Google's popular search engine), and thus pay the registration fee for such domains. Now, all nonexistent domains resolve to VeriSign, which in my humble opinion means that they're abusing their power as the root registry. This breaks far more things than just web browsing and email. Network administrators frequently use tools that rely on DNS to troubleshoot network setups and DNS configurations. Now, instead of knowing that something's not configured right (before, they'd get "Host Not Found" errors), everything *seems* to be working, because even something that's misconfigured will resolve to VeriSign. Also, some spam filters will check to see if the From or Return-Path domain in a message exists as a test to determine if it's spam or not (the reasoning is that mail that claims to be from domains that don't exist is likely spam) -- these filters are not effective, as all .com and .net domains now exist and resolve to VeriSign's SiteFinder system. There seems to be widespread shock, alarm, and outrage at this decision of VeriSign, and many administrators and software developers are, respectively, re-configuring their networks and releasing software updates that would render VeriSign's change useless. For instance, the Internet Software Consortium, makers of the BIND DNS server have released a notice (http://www.isc.org/products/BIND/delegation-only.html) to this effect. For some people on certain providers, you will continue to receive the "Host Not Found" error when mis-typing a domain, as your network administrator has configured their systems to ignore VeriSign's wildcard, while others may not. If your ISP does not correct this, I suggest you contact them. Additionally, contacting VeriSign NDS and ICANN.org (the body designated by the US Department of Commerce to oversee the domain name system) will make your displeasure known (though they likely won't respond to individual messages, but if a large enough number of people complain, someone, somewhere might take notice). ----------------------------------- * Britain Bungles Anti-spam Law http://www.spamhaus.org/newsdog.lasso?article=119 "Britain has disappointed the Internet community by actually legalizing the spamming of British businesses. From 11 December it will be legal to send spam to the millions of hapless employees of British businesses (as long as each spammer gives each employee the opportunity to 'opt-out' of his individual spam campaign). Britain's firms will continue to suffer the onslaught of ever more spam, now from spammers claiming legality." Wow, it sounds almost as if the British government is nearly as inept as the US Congress, who is listening to the pro-spam lobbying groups formed by the Direct Marketing Association (who, I might add, have vast sums of money for campaign contributions) as opposed to the Right Thing(tm) for the internet community at large. Somehow, I suspect that the British members of Parliament are in the same boat as US Congresspeople: None of them read their own email, but have underlings sort through it and summarize it. They have no idea of the vastness of the spam problem, nor the worldwide costs it generates. ----------------------------------- * Request from the author. Hi folks. Just a quick request -- if you're going to be discontinuing a particular email address of yours, please unsubscribe it from the SpamCop Digest list. Dealing with undeliverable mail and "Vacation Replies" for a list with a few thousand subscribers can be somewhat of a tedious chore. Also, there's more than a few Abuse Departments of various ISPs subscribed to this list. Cool. However, please do *not* subscribe your abuse@ address to the list if it will reply automatically with a "ticket number" or some other kind of automatic response. I'd much rather if you subscribe your individual email addresses to the list, rather than a role account which sends back auto-replies. I can not "transfer" your subscription between addresses (i.e. if you had joeschmoe <at> example.com, and changed to joeschmoe <at> example.net). You'll need to unsubscribe the old address, and re-subscribe with the new address. And finally, please do not consider messages from the SpamCop Digest to be spam. They're not. Since its inception, the SpamCop Digest has confirmed all subscriptions. It is, however, published very infrequently, so you might not remember subscribing. If you do not wish to maintain your subscription to the Digest, that's fine...unsubscription instructions are included in the headers of every message, as well as at the URL posted at the bottom of every message. Unsubscribing takes merely a moment for you, yet manually searching through the subscriber list to locate your address and removing it takes me several minutes. That's all, folks! Enjoy the rest of your day. -- -- Pete Stephenson HeyPete.com
RSS Feed