Slashdot Mirror

← Back to Stories (view on slashdot.org)

Detecting Anonymously Registered Domains

Posted by kdawson on from the may-i-tell-them-who-is-calling dept.

Spamresource.com has up a piece describing a new service that could be useful in evaluating the reputation of sites you deal with — anonwhois.org returns information on domains registered anonymously. It provides a DNSBL-style service that "is not a blacklist and wasn't meant to be used for outright rejection of mail." Only 619,000 domains are listed so far, but more are added as they are queried, so the database will grow more complete. Anonwhois.org seems to be a sister site to Spam Eating Monkey.

2 of 97 comments (clear)

  1. Re:Continued misuse of blacklists by Anonymous Coward · · Score: 0, Flamebait

    [...]I host a site as a hobby and enjoy tinkering with forums and the like on it. I also don't like the idea of someone looking up my home address via whois and showing up at my front door to complain about something someone said on one of these forums. As a result, I opt for my ISP to be my proxy on the registration of the domain. Now, I know you think that means I have something to hide but I just really don't want my address and name out there because all I would have to put there is my house address.

    Anecdotes are not data (and a mailbox works as a contact address).

    Every single domain involved in spamming or hosting landing pages ARE registered anonymously or have fake contact details, because the lowlife, scumsucking, asshole criminals behind them DO have something to hide. If you want to set up a mail server on your anonymously registered hobbyist domain ... well ... good luck with that. Just another thing you can thank the spammers for.

    Admining a mail server (or god forbid - a whole room full of them - like I do) requires constant vigilance and lots and lots of contact with other mail admins. Most of the contact involves stuff that is broken, and if you can't contact anyone to get stuff fixed at their end which breaks your stuff, you have very few options. One of the options is to 55x them (with an informational reject message) until they take notice and contact YOU. If you never hear anything ... well ... then it's their problem.

    Operating a server with internet services is contrary to popular belief not for amateurs and basement dwelling guys of the "Hmmm. Lemme se how this works. Ooops!" persuasion. The internet is a global collaboration based on informal (and some not so informal) rules. It's not a testing ground for stuff you found on Google or software you downloaded from Sourceforge.

    Now get off my lawn before I call the Internet Police.

  2. Reasonable idea by Animats · · Score: 0, Flamebait

    That's a good idea. We do something like that at SiteTruth, where we down-rate commercial sites that don't have a real-world contact address on the site. We're looking at user-visible pages, though, not WHOIS. WHOIS data quality is too low.

    I'm all in favor of this sort of thing. But don't drop the messages silently; reject them during the SMTP session if you can, or send a mail bounce if you can't. There's much to be said for having a hard-ass attitude about this, but you have to handle the false positives properly.

    Anything that sends mail bounces needs to check SPF records. This makes it possible to stop joe-job mail bounce problems. (EXIM mailer people: please finish the implementation of SPF checking and advance it from "experimental", so large ISPs can use it.)

    Also, quit whining that putting your real name on your WHOIS registration will get you annoying phone calls, threats, or whatever. I've had my real name and contact info on all my web sites and WHOIS information for a decade, and that's just not happening.