David Farrar wrote:
Scammers have told us that they use zone files for their scams. This is not hypothethical - this has happened with the .nz zone before it was restricted. And those scammers actually went and defrauded .nz registrants out of hundreds of thousands of dollars by using the zone file to get the whois data (and yes there is significant rate limiting technology used on the whois, but there are also scammers who use thousands of zombie machines to not trigger the restrictions, even if it takes them a couple of months). The scammers have actually said that the zone file data is very useful to them, because otherwise they need to do dictionary attacks on the whois, and they are much much easier to guard against.
Hang on, I'm confused now. Aren't you mixing up DNS zones and whois information there? You're talking about Chesley Rafferty targetting .nz domain name registrants by harvesting whois data, presumably? -- Juha