US Web Firm Described As "Phantom Registrar" Haven

snydeq writes "InfoWorld's Martin Heller directs attention to ongoing investigations of more than 40 phantom registrars linked to The Directi Group, including PDR, one of the 10 worst offenders on the Net. According to KnujOn, an additional 19,000 domains advertised through spam have been hiding their ownership behind PrivacyProtect.org, which The Washington Post has outed as Directi-owned. Directi claims it suspends illicit domains, but KnujOn provides documentation suggesting that Directi reports the registrars suspended and then reinstates them at another IP address. 'There has been some outcry about all this from the ICANN At-Large Committee, but as of this writing there has been no response from ICANN's Tim Cole,' Heller writers. 'Perhaps that has something to do with the fact that LogicBoxes, a Directi-owned registrar, has sponsored ICANN meetings in L.A. and Delhi.' Directi has since issued an official response to the allegations."

The Reason This Will Never End

[imyy4u3]

Quite simply, even if they shut Directi down, another company will take over the job of hiding the spammers for one simple reason: money. The spammers can afford to pay a company to hide them because they are making bank. Amazingly, about 1% of all spam emails actually result in a sale! So if you send out 1,000,000 emails, you can expect 10,000 sales! If people would just stop buying shit from spam emails, this wouldn't be a problem.

Now on the other hand, why do we even bother to try to pass spamming laws? Talk about another waste of time and money. If we pass a law saying all spam email must contain the words "unsolicited email" in the subject line, everyone will set their servers to block such email and therefore the spammers will certainly not put that in the subject line. So now we have to spend even more money to try and track the spammers down, which in essence we can't do because they pay companies like Directi money to hide their domains, IPs, etc.

Bottom line, this is an endless loop, and if anyone has any REAL suggestions on how to get rid of spammers, or how to force companies to stop hiding them and their domains, I'd love to hear it.

Re:The Reason This Will Never End

[thbigr]

I like spam. If you are not going to eat yours can I have it?

Re:The Reason This Will Never End

[Angostura]

Someone has modded you insightful, but just have a look at point 1:

Make all advertisement, solicitation, marketing, etc , etc via email illegal. No exceptions.

My 2 year old daughter is having a birthday party. Can I tell people about it and mention what particularly cheap gifts she might like?

Preposterous - Of course I can - you didn't mean that.

OK. How about her pre-school who is holding a Christmas fair, entry 50p. Can I mail the parents of the children? The local newspapers?

Of course - you didn't mean that.

What about if I forward a Red-cross chain main asking for donations following the destruction of Hurricane Hannah. Of course, that's OK.

The only way this might get rid of spammers, is by convincing them that there is more money to be made in the law - arguing about the definition of solicitation, marketing and advertisement.

Re:The Reason This Will Never End

[halcyon1234]

If people would just stop buying shit from spam emails, this wouldn't be a problem.

You're right. Spamming is easy and profitable. If you take away the easy, then it will deter some spammers, but will just encourage others to find an easier route. Spammers treat legislation like damage and route around it...

The consumers, on the other hand, are a finite resource. There's only so many of them (though it doesn't seem it). They buy stuff from spammers out of ignorance, greed, lack of fear of getting scammed/harmed, or by just being a chump.

But they wouldn't if there was enough compelling education out there to show that purchasing spammed products is harmful to your health. Think about any food recall in recent times, from e. coli tomatoes to Listeriosis contaminated deli-meats. The harm-to-humans is often very, very low-- a dozen or two at the most-- but the public reaction against the product is immediate and massive. DON'T EAT THAT MEAT! People will wrap themselves in unjustly paranoid levels of caution over what amounts to a statistically tiny chance of something happening to them.

So the trick to stopping spam is to get rid of the customers. And the trick to getting rid of the customers is to, well, get rid of them.

Legislation doesn't work because if you get rid of one spammer, ten more pop up. But it is possible to track down a spammer. Pick a few good-sized spammers. Hire a mercenary company to track them down, kill them (painfully or not, depending on your budget), and seize their customer list. Then mail out to every customer a free sample of V!@GREA. Except instead of the blue pill, you ship out blue-colored cyanide pills. Bam, hundreds to thousands of customers dead in an instant. Then you leak to the media that they were all customers of spam. Let the media hype it up in the way they do best, and within a day you'll have headlines everywhere that SPAMMERS ARE KILLING YOU AND YOUR FAMILY! Once the lowest common denominator gets wind that the magic blue pill from the internets will KILL THEM, they'll stop being customers.

No customers = no profit = no spam (or at least significantly reduced levels). You can then clean up the spam-stragglers with law enforcement and mercenary companies, as there won't be ten people waiting to pop up to replace them.

Re:The Reason This Will Never End

[Belial6]

It's not that Americans don't get enough physical activity either. The biggest problem is that one solution is trying to be assigned to every metabolism. A big one I see is that people are recommended to eat a 90% sugar diet. As you say, some people don't get enough exercise, but that certainly isn't THE reason people are fat. Then there is the skewed definition of "over weight" and "obese" by the BMI. The numbers shown in the BMI can be down right dangerous.

There are some people who's weight is primarily controlled by exercise. My wife is like that. It doesn't matter what she eats; a few days at the gym and she starts dropping weight. Some people's weight is primarily controlled by diet. This is how I am. When I get exercise, I don't burn up fat. I only build muscle. From a real health aspect, that is still good, but from an external view, as well as what is defined by the BMI, I become fatter, and thus more and more over weight. Even worse for the 'one true way' of weight loss, I pack on fat if I eat sugar. This include whole grains, fruits and many vegetables. For me, the only thing that makes me lose weight is to eat a primarily carnivorous high fat diet. That's right. If I don't get enough fat in my diet, I start putting on weight. Of course, there are also people that need a low fat diet, and people that need exercise and a change in diet.

We will never seen the weight 'problem' disappear until we stop using a crappy 19th century mathematician's chart to determine proper health, and stop thinking that everyone's body functions in the exact same way. We don't prescribe the same medicine to everyone. Ingesting the same medication can save one mans life, while the same medicine can kill another. Why would we think that the same diet and exercise plan would work exactly the same on everybody?

It could end if we

[AP31R0N]

Make sending unsolicited mail slightly criminal. Say, one minute in prison per recipient. 1M spams would be 695 days in jail.

Spam and viruses cost people money that they could have spent elsewhere. When a company buys a spam filter and hires people to run it, that's money that could have been profit or could have been spent on something useful to the company. Maybe that budget could go to making the health insurance a bit cheaper. Or give the receptionists a raise. Put a foosball table in the break room. 1K$/year is 1K$/year too much to spend on something you never wanted. Spammers are making people/companies/agencies throw away time and money. The only way to not get spam is to not have an address.

Hell, make it the penalty the sum of the amount other peoples time they wasted, 1 second per recipient. Even that would get people to think twice.

Alas, the spam from outside the US and extradition friendly countries would not be unabated, but it would be something.

Maybe such a law would be wrong/unethical, but it would give us some kind of satisfaction. i don't know, i'm speaking mostly out of frustration here. When i was a sys admin dealing with spam was a frustrating waste of my time and the time of my users.

Any law grokkers on hand to tell us what laws and penalties are in place?

Related: Spamhaus statement re Atrivo/Intercage

[McDutchie]

On a related note, Spamhaus recently issued this statement about Atrivo/Intercage, US-based persistent criminal spammer hosts. In the news.admin.net-abuse.email newsgroup, Steve Linford of Spamhaus indicated they made this statement because they are highly frustrated with law enforcement's inaction.

Send the tax collectors

[GaryOlson]

Al Capone was prosecuted and imprisoned because he failed to pay his taxes. Use the same tactic on spammers. Subpoena the customer list of these registrars under conspiracy to avoid taxation. Then audit the taxes of all the domain owners.

These types of registrars and domain owners will no longer have a viable business if the expense of avoiding the government is too high. This would also be a useful method of giving lawyers something to do and stop bothering us normal people (with NewYorkCountryLawyer as an exception of course).

Use the information against the spammers?

[Seriph]

I've been doing some digging into this over the last few months and noticed an awful lot of spamvertized sites seem to have their domains registered with such privacy protecting registrars.

I've been thinking about how to use the fact that a domain is registered with such a registrar as part of a spam scoring metric and whether anyone else has already done work on this? Just on the mail passing through my systems, I'm seeing a very strong correlation between a mail being spam and it referring to a domain registered with such a registrar, with the domain nameservers being on dynamic IP space, and with the DNS for the spam domain having a very low TTL value set.

It's also interesting to track back the nameservers for any domains referred to in the NS records of the spam domain. By doing so I can find fairly large networks of interrelated spam domains and spam websites, the addresses of many of which already appear on the likes of the Spamcop and Spamhaus SBL/XBL lists or appear there shortly afterwards.

The point is, is it practical to use this sort of information against spammers and is anyone already doing it?