On Wed, 2004-09-29 at 13:42, Nicholas Lee wrote:
How about restricting access to whois information via a registration-required web interface, rate limit access dependant on GeoIP location, and make it difficult for scripts.
I gave up sending abuse notices to owners of infected machines when several Asian registries started withholding information from whois servers and forcing me to use web interfaces. I see thousands of abused machines hitting our /16 every day. With an automated system I can notify the registered owners (assuming the data is accurate) of many of these system in the hope that they will clean up their machines and make the Internet a safer place for us all. But automated system relies on being able to get(at least halfway) structed data from whois. My take on this is that spammers and scammers will get the information anyway, why make it a little more difficult for them when the cost of doing so is breaking legitimate uses of the services. There is currently a very similar debate going on on the NZ ADSL list over the presence of email addresses in the archive and the fact that this is easy spam bait. My response to that argument is the same, taking the email addresses out of archives will not slow spammers down much but it will make the archives significantly less useful and lead to more traffic on the lists. Restricting access to zone files is a somewhat different issue, there are very few legitimate reasons for someone to pull a whole domain from a name server and almost all the time the administrator of the server know exactly who needs to do it so restricting access makes sense. -- Russell Fulton, Information Security Officer, The University of Auckland New Zealand