Juha Saarinen wrote:
David Farrar wrote:
Scammers have told us that they use zone files for their scams. This is not hypothethical - this has happened with the .nz zone before it was restricted. And those scammers actually went and defrauded .nz registrants out of hundreds of thousands of dollars by using the zone file to get the whois data (and yes there is significant rate limiting technology used on the whois, but there are also scammers who use thousands of zombie machines to not trigger the restrictions, even if it takes them a couple of months). The scammers have actually said that the zone file data is very useful to them, because otherwise they need to do dictionary attacks on the whois, and they are much much easier to guard against.
You mean the scammers compiled a list of .nz domains from zone transfers, and then used them for whois queries? -- Juha