Those lists are already in the clear, you can easily download them using rsync and whatnot, when they aren't being DDoSed.
The days of 'privately notify the owner his box was owned, and then put him on a blacklist when he does nothing about it' are long over. That stopped when the number of said machines hit a million.
Well, blacklist providers are finding it equally difficult to remove you, aren't they? Why do you get months to remove the spammers, who are commiting crimes against others using your resources, and yet blacklists don't have months to remove perfectly legal comments about this?
And why on earth would people want email from a network that, if it happens to get a spammer, is going to take months to shut them down? If that's still the situtation over there, please list your IPs so I can blacklist you until you fix your AUP.
Seriously, no one gives a flying fuck about your 'legal situtation' that mysteriously only you seem to have, they just care about blocking mail from places that are likely to produce spam.
And if you think it takes months to shut down a spammer, then you, sir, are very likely to produce spam.
You cannot be thrown in jail for contempt of court unless you are actually interacting with said court in a legal setting, be it you walking into a courthouse and set down in a courtroom, or if they are attempt to contact you and you are delibrately not showing up, or other indirect ways.
They can't just throw you in jail for contempt of court for calling them or even for mocking them as they walk past in the hallway at the courthouse. You have to be interferring with 'the court' (as in, the legal concept of a court in session) itself.
Which you cannot be doing if you call a judge to complain about a ruling. Unless he's for some reason got a telephone in the courtroom.
...there's really not much left for the FCC to do but deal with the content and types of communication going out after the telemarketer is actually on the phone.
And the FCC doesn't actually have the right to regulate the content of a telephone converstation, because of the 1st Amendment. It can stop harrassing calls (Harrassment is an action, even with done purely verbally.), but not calls that discuss X.
The judge's concept appears to be 'it uses the phone system, therefore the FCC must be in charge of it', but the FCC does little actual regulation of calls, and almost no regulation of what happens inside calls, they regulate the sytem, making sure all the phone companies play nice and can talk to each other.
That's not to say that the DNC would be outside the FCC's mandate, it is in fact a regulation of the system. But it's also a regulation of business, and thus pretending that it's outside the FTC's mandate is just stupid. There might be some jurisdiction issues if the FCC was violently opposed to the concept, but the FCC appears to love it, and the two agencies are working in sync. (Probably because it will stop a lot of stuff they're in charge of, like long distance carrier slamming.) The FTC is just nominally in charge.
And the judical branch has no right to dictate which agency is chosen by the legislative branch to do X, presuming X is legal to do. If Congress wanted the DEA to run this thing, the judical branch can't say a damn thing. (The executive branch, on the other hand, might have choice comments and issue orders telling DEA agents not to spend any time on it, which is entirely within their right to do.) The entire FTC and FCC, and their responsiblities are complete creations of the executive and legislative branches of government, so this is a very confusing ruling and I have no idea on what grounds it was made. The judical branch has never had any ability to comment on who was picked to enforce what law.
Now, if you do want something iffy about the DNC list...Congress told the FTC to do it, and the FTC can't regulate certain business. While other agencies can regulate those business, they were not told to make a DNC list, and them making the list apply to their business might be questionable. But that doesn't have anything to do with the base FTC list, or businesses that list applies to.
Actually, the FCC doesn't have 'full jurisdiction' to regulate content on TV. If any television station actually challenged the FCCs guidelines, the FCC could shut them down, but they would rightfully eventually win the case on First Amendment grounds.
The whole 'limited spectrum' is a reasonable argument for having an agency in charge of it, but there's no compelling reason why the agency in charge of it should regulate speech over it, they don't need to regulate speech to keep transmitters from stepping on each other.
There has been a ruling that television (Actually, I think it was radio.) is 'unusually intrusive' because it magically goes through the walls of a house, but that sort of argument won't hold up today, because there's really no difference between that and an internet connection, and underaged people can order internet connections. And call phone sex lines. We now have concepts of 'push' and 'pull' and realize there's a middle ground. No one is forcing anyone to look at any TV station, anymore than you're forced to look at all newsgroups your provider has. The fact you can tune in to them is meaningless. (And all fairly modern TV have the abilty it program channels, and thus remove them from your sight completely unless you find them on purpose. And the newest ones have V-chip that lets you block whatever content you don't want to see.)
And, basically, at some point, and I personally think we've already passed it, the court is going to look at this and say 'The inability of your receiver to stop from showing you content as you flip past does not legally oblige broadcasters to only broadcast content you like. If you have issues with some content, you need to upgrade your receiever to gain the ability to filter it.'. It's just that no court has looked at it yet.
It's a system of bluffing and unwillingness for broadcasters to outrage the public that keep the FCC's little 'regulations' in place. ER said 'shit' a few years back, a word the FCC says not to say, and they didn't run it by the FCC first.
As proof, I offer the fact that (non-movie channel) cable channels mostly follows these rules, with a few language loosenings, and they sure as hell don't need to follow any FCC rules on content at all. (Note that if you ask, cable companies are legally required to remove or block a channel from your cable feed for free, so there's absolutely no issue of 'being sent into your house without your consent'.)
Root servers cannot 'installed ISC's patch'. Root servers just return NS records pointing to the.com and.net servers! They can't filter, they can't do anything, all they say is 'That's over there.'. Root servers never even do a DNS lookup on another server, so ICS's patch is amazingly non-useful.
Root servers keep TLDs, period. They have both ccTLDs and gTLDs, and all they do is say where those things are located, who is supposed to be running '.whatever'.
Now, the.com and.net server managers (I forget the name for these people.) while they couldn't install the patch (Again, it only controls DNS lookups off other machines. It won't do a damn thing to servers that are serving the wildcard records.), could just set their configuration back to the way it was before Verisign had them change it to wildcard! But they're under the same sort of contract rules as Verisign is theoretically under, they can't go randomly screwing around with their servers or records. Of course, neither can Verisign, but just because some people go around breaking the rules doesn't mean everyone is willing to.
And, yes, in theory OpenNIC could drop.com and.net...which would rather immediately result in everyone stopping using them. (And which coincidentally happens to be against their rules. They recognize the oldest runner of a TLD, assuming it can successfully provide enough service, as legit. According to their rules, Verisign legitimately runs.com and.net.)
However, if people don't want to lookup.com and.net, they don't need to switch to OpenNIC and hope and pray they do that...it's trivially easy to do that with a random DNS cache. While I've never seen a cache that's advertised to do that, which should tell you how wanted it is, it shouldn't be hard to set one up to do that.
Posting with a +1 bonus to attempt to get people to see this.
It's amazing how many super cool random people are running around suggesting using OpenNIC, which, of course, won't do a DAMN FUCKING THING. Anyone who suggests an alternate root has demonstrated they have no knowledge of how DNS works at the topmost level.
Please, someone go around and find all the posts that mention this and moderate them up! I've posted at least three posts pointing this out, and other people have also.
I'm starting to think everyone should have a few emergency -1: Wrong mod points to get rid of information that is just flatout incorrect.
Except all the.net and.com owners run fairly standard BIND, and you can't wildcard NS records in BIND. They get their config from Verisign, not their software.
And if they did that somehow, everyone would just mark Verisign's new DNS servers as 'lame' and nothing they did would ever count.
Excellent point. It's fairly easy to set up mail servers to DNS lookup the recipient when they get handed the email message. This obviously doesn't do anything for other MTAs handing them mail, but when a user mistypes a domain, and attempts to send it, they will get an immediate error, instead of it having to cycle through the queue.
Now, granted, this isn't the greatest idea in the world...that other domain's DNS might just be down, in which case the optimal solution might be to accept it anyway and queue it...but, OTOH, then the user won't know what's going on. Rejecting it and letting the client retry is a valid configuration.
Um, saying 'the application isn't broke' is not supported in any way by the assertation 'and it's easy to fix anyway'.
And this broke postfix for me, as in, it doesn't work as well as it did before. It is no longer rejecting mail from invalid addresses, and thanks to their braindead SMTP server it's probably deferring multi-recipient messages to invalid domains.
Except that every single alternate root recognizes Verisign as the correct owner of.com and.net.
Good god, people. How do you manage to know what an alternate root is and still think that's a useful solution to this issue? Alternate roots add TLDs, they don't modify any existing ones except in the wacky case of.biz, which they had first, and I think the alternate one has shut down now.
Everyone single of one of them uses Verisign as the owners of com and net, as proven by the fact you can look up.com and.net addresses using them.
What needs to happen is that ICANN take.net and.com away from Verisign, like they took away.org. Good luck for that happening, though.
And the reason some random person would tell BIND to only allow delegation from mozezig.com is what, exactly?
Any idiot out there can easily break your own domain from resolving on his DNS servers, accidently or on purpose, that's not really an issue.
The point of saying something is delegate only is to put in a TLD, which don't even have A records. (Try 'dig com' sometime and see if you get an A record.) Saying 'don't accept A records, just NS records, when querying about the com record' won't break a single thing.
If someone said the same thing about the movezig.com record, hey, yeah, it's breaka lot of shit, but so would marking movezig.com's nameserver as lame, or firewalling it, or an infinite number of things they could do to screw themselves and become unable to reach you.
And now someone's about to point out that Verisign can fix this problem by setting up a different wildcard nameserver, and return NS records for all invalid domains pointing at it but a) you can't wildcard NS records with standard BIND, so they'd end up having to issue a patch to all the.com and.net operators (And, no, calling them the 'root operators' is just confusing.), and b) Everyone would just immediately delegate that nameserver as lame and it would stop working.
In theory, Verisign could rotate the IPs fast enough that it's hard to catch, but they wouldn't do that very long before everyone just started marking all their IPs as lame. And at that point it's rather obvious they're going against the express wishes of the entire internet community.
You have managed to think of yet another problem that hadn't occured to me. We've all stupidly mistyped our own hostname at one time or another, now, unless it's web browsing, we're going to panic because apparently nothing is working correctly.
It's nothing to do with the root servers, and running your own will not help.
And the US does run the root server for each TLD, which is delegated to ICANN, which is delegated to Verisign. ICANN is a bunch of idiots, and Verisign are no better.
Sadly, it looks like Verisign is going to back down. I would much rather see Verisign do nothing, and ICANN do nothing. Then we'd see more outrage about this.
Instead, ICANN's going to pretend that it would have done something if they hadn't, which of course it wouldn't have.
All MX records must have hostnames. If you put an IP address in there, it's actually still a hostname, and the mail server will try to look it up as a hostname. If the IP address ends in.3, the server will go and look up the.3 TLD, which of course does not exist.
That's a common claim, but actually MX records cannot point to CNAMEs, they are only supposed to point to A records.
The fact it apparently works most of the time is just people being lax in what they accept. There are some mail servers that will not function correctly if you do that. (Well, they're functioning fine, you're the one not functioning correctly if you do it.)
They don't have to accept the email to see the address. You can go look at the SMTP standard, but I'll just tell you that they get who the mail is from, and who it is to, before they reject the connection.
Of course, who it is 'to' is not a useful address it any way, that domain doesn't even exist. Who it is from, OTOH, could be a real address. (OTGH, however, quite a lot of spammers are out there with nonexistent domains on their million address CDs, and thus the from and to are likely complete nonsense for most of the mails.)
And they'll be getting a hell of a lot of mail from postmaster@wherever explaining that the user they tried to deliver to does not exist, thanks to crappy mail systems that accept then bounce instead of rejecting.
No kidding. It's one thing when IE does it, IE is not a mail server, or any sort of server, or even an application that run without user intervention. It returns a clearly readable page saying the domain doesn't exist, and, you can turn it off to boot.
But there are millions of servers out there that Verisign cannot communicate 'this is not a real domain' to. It looks, tastes, acts, exactly like a real domain to them, one running a mail server that rejects any message they send it (But, of course, no mail server is smart enough to realize it rejects 'any' message...all a mail server knows is that it rejected the current message.), and a web server that seems normal.
Sure, these servers can be 'patched', but really just an absurd solution to fundementally breaking the protocol.
The days of 'privately notify the owner his box was owned, and then put him on a blacklist when he does nothing about it' are long over. That stopped when the number of said machines hit a million.
And why on earth would people want email from a network that, if it happens to get a spammer, is going to take months to shut them down? If that's still the situtation over there, please list your IPs so I can blacklist you until you fix your AUP.
Seriously, no one gives a flying fuck about your 'legal situtation' that mysteriously only you seem to have, they just care about blocking mail from places that are likely to produce spam.
And if you think it takes months to shut down a spammer, then you, sir, are very likely to produce spam.
You cannot be thrown in jail for contempt of court unless you are actually interacting with said court in a legal setting, be it you walking into a courthouse and set down in a courtroom, or if they are attempt to contact you and you are delibrately not showing up, or other indirect ways.
They can't just throw you in jail for contempt of court for calling them or even for mocking them as they walk past in the hallway at the courthouse. You have to be interferring with 'the court' (as in, the legal concept of a court in session) itself.
Which you cannot be doing if you call a judge to complain about a ruling. Unless he's for some reason got a telephone in the courtroom.
And the FCC doesn't actually have the right to regulate the content of a telephone converstation, because of the 1st Amendment. It can stop harrassing calls (Harrassment is an action, even with done purely verbally.), but not calls that discuss X.
The judge's concept appears to be 'it uses the phone system, therefore the FCC must be in charge of it', but the FCC does little actual regulation of calls, and almost no regulation of what happens inside calls, they regulate the sytem, making sure all the phone companies play nice and can talk to each other.
That's not to say that the DNC would be outside the FCC's mandate, it is in fact a regulation of the system. But it's also a regulation of business, and thus pretending that it's outside the FTC's mandate is just stupid. There might be some jurisdiction issues if the FCC was violently opposed to the concept, but the FCC appears to love it, and the two agencies are working in sync. (Probably because it will stop a lot of stuff they're in charge of, like long distance carrier slamming.) The FTC is just nominally in charge.
And the judical branch has no right to dictate which agency is chosen by the legislative branch to do X, presuming X is legal to do. If Congress wanted the DEA to run this thing, the judical branch can't say a damn thing. (The executive branch, on the other hand, might have choice comments and issue orders telling DEA agents not to spend any time on it, which is entirely within their right to do.) The entire FTC and FCC, and their responsiblities are complete creations of the executive and legislative branches of government, so this is a very confusing ruling and I have no idea on what grounds it was made. The judical branch has never had any ability to comment on who was picked to enforce what law.
Now, if you do want something iffy about the DNC list...Congress told the FTC to do it, and the FTC can't regulate certain business. While other agencies can regulate those business, they were not told to make a DNC list, and them making the list apply to their business might be questionable. But that doesn't have anything to do with the base FTC list, or businesses that list applies to.
The whole 'limited spectrum' is a reasonable argument for having an agency in charge of it, but there's no compelling reason why the agency in charge of it should regulate speech over it, they don't need to regulate speech to keep transmitters from stepping on each other.
There has been a ruling that television (Actually, I think it was radio.) is 'unusually intrusive' because it magically goes through the walls of a house, but that sort of argument won't hold up today, because there's really no difference between that and an internet connection, and underaged people can order internet connections. And call phone sex lines. We now have concepts of 'push' and 'pull' and realize there's a middle ground. No one is forcing anyone to look at any TV station, anymore than you're forced to look at all newsgroups your provider has. The fact you can tune in to them is meaningless. (And all fairly modern TV have the abilty it program channels, and thus remove them from your sight completely unless you find them on purpose. And the newest ones have V-chip that lets you block whatever content you don't want to see.)
And, basically, at some point, and I personally think we've already passed it, the court is going to look at this and say 'The inability of your receiver to stop from showing you content as you flip past does not legally oblige broadcasters to only broadcast content you like. If you have issues with some content, you need to upgrade your receiever to gain the ability to filter it.'. It's just that no court has looked at it yet.
It's a system of bluffing and unwillingness for broadcasters to outrage the public that keep the FCC's little 'regulations' in place. ER said 'shit' a few years back, a word the FCC says not to say, and they didn't run it by the FCC first.
As proof, I offer the fact that (non-movie channel) cable channels mostly follows these rules, with a few language loosenings, and they sure as hell don't need to follow any FCC rules on content at all. (Note that if you ask, cable companies are legally required to remove or block a channel from your cable feed for free, so there's absolutely no issue of 'being sent into your house without your consent'.)
I'm on the list and I've gotten two telemarketing calls every single day for the last week. And I used to get one a week.
It was patented...130 years ago. The patent has long since expired.
Root servers keep TLDs, period. They have both ccTLDs and gTLDs, and all they do is say where those things are located, who is supposed to be running '.whatever'.
Now, the .com and .net server managers (I forget the name for these people.) while they couldn't install the patch (Again, it only controls DNS lookups off other machines. It won't do a damn thing to servers that are serving the wildcard records.), could just set their configuration back to the way it was before Verisign had them change it to wildcard! But they're under the same sort of contract rules as Verisign is theoretically under, they can't go randomly screwing around with their servers or records. Of course, neither can Verisign, but just because some people go around breaking the rules doesn't mean everyone is willing to.
And, yes, in theory OpenNIC could drop .com and .net...which would rather immediately result in everyone stopping using them. (And which coincidentally happens to be against their rules. They recognize the oldest runner of a TLD, assuming it can successfully provide enough service, as legit. According to their rules, Verisign legitimately runs .com and .net.)
However, if people don't want to lookup .com and .net, they don't need to switch to OpenNIC and hope and pray they do that...it's trivially easy to do that with a random DNS cache. While I've never seen a cache that's advertised to do that, which should tell you how wanted it is, it shouldn't be hard to set one up to do that.
OPenNIC does not 'pass on' anything except where .com and .net can be found. Routing every single DNS query in existence through them would kill them.
It's amazing how many super cool random people are running around suggesting using OpenNIC, which, of course, won't do a DAMN FUCKING THING. Anyone who suggests an alternate root has demonstrated they have no knowledge of how DNS works at the topmost level.
Please, someone go around and find all the posts that mention this and moderate them up! I've posted at least three posts pointing this out, and other people have also.
I'm starting to think everyone should have a few emergency -1: Wrong mod points to get rid of information that is just flatout incorrect.
And if they did that somehow, everyone would just mark Verisign's new DNS servers as 'lame' and nothing they did would ever count.
Now, granted, this isn't the greatest idea in the world...that other domain's DNS might just be down, in which case the optimal solution might be to accept it anyway and queue it...but, OTOH, then the user won't know what's going on. Rejecting it and letting the client retry is a valid configuration.
Or, at least, it used to be.
And this broke postfix for me, as in, it doesn't work as well as it did before. It is no longer rejecting mail from invalid addresses, and thanks to their braindead SMTP server it's probably deferring multi-recipient messages to invalid domains.
I don't really see how that's relevant, though.
Good god, people. How do you manage to know what an alternate root is and still think that's a useful solution to this issue? Alternate roots add TLDs, they don't modify any existing ones except in the wacky case of .biz, which they had first, and I think the alternate one has shut down now.
Everyone single of one of them uses Verisign as the owners of com and net, as proven by the fact you can look up .com and .net addresses using them.
What needs to happen is that ICANN take .net and .com away from Verisign, like they took away .org. Good luck for that happening, though.
Any idiot out there can easily break your own domain from resolving on his DNS servers, accidently or on purpose, that's not really an issue.
The point of saying something is delegate only is to put in a TLD, which don't even have A records. (Try 'dig com' sometime and see if you get an A record.) Saying 'don't accept A records, just NS records, when querying about the com record' won't break a single thing.
If someone said the same thing about the movezig.com record, hey, yeah, it's breaka lot of shit, but so would marking movezig.com's nameserver as lame, or firewalling it, or an infinite number of things they could do to screw themselves and become unable to reach you.
And now someone's about to point out that Verisign can fix this problem by setting up a different wildcard nameserver, and return NS records for all invalid domains pointing at it but a) you can't wildcard NS records with standard BIND, so they'd end up having to issue a patch to all the .com and .net operators (And, no, calling them the 'root operators' is just confusing.), and b) Everyone would just immediately delegate that nameserver as lame and it would stop working.
In theory, Verisign could rotate the IPs fast enough that it's hard to catch, but they wouldn't do that very long before everyone just started marking all their IPs as lame. And at that point it's rather obvious they're going against the express wishes of the entire internet community.
You have managed to think of yet another problem that hadn't occured to me. We've all stupidly mistyped our own hostname at one time or another, now, unless it's web browsing, we're going to panic because apparently nothing is working correctly.
It's a new, fun way to purchase domains.
And the US does run the root server for each TLD, which is delegated to ICANN, which is delegated to Verisign. ICANN is a bunch of idiots, and Verisign are no better.
Sadly, it looks like Verisign is going to back down. I would much rather see Verisign do nothing, and ICANN do nothing. Then we'd see more outrage about this.
Instead, ICANN's going to pretend that it would have done something if they hadn't, which of course it wouldn't have.
All MX records must have hostnames. If you put an IP address in there, it's actually still a hostname, and the mail server will try to look it up as a hostname. If the IP address ends in .3, the server will go and look up the .3 TLD, which of course does not exist.
The fact it apparently works most of the time is just people being lax in what they accept. There are some mail servers that will not function correctly if you do that. (Well, they're functioning fine, you're the one not functioning correctly if you do it.)
It's called ICANN, it's a non-profit, and they don't do a damn thing. They're the ones in charge of domains, not Verisign.
And it was supposed to have all sort of representation, from the internet community, and doesn't.
Somehow, I don't think the UN creating them instead of the US government would have a very large alteration in their method of operations.
Of course, who it is 'to' is not a useful address it any way, that domain doesn't even exist. Who it is from, OTOH, could be a real address. (OTGH, however, quite a lot of spammers are out there with nonexistent domains on their million address CDs, and thus the from and to are likely complete nonsense for most of the mails.)
And they'll be getting a hell of a lot of mail from postmaster@wherever explaining that the user they tried to deliver to does not exist, thanks to crappy mail systems that accept then bounce instead of rejecting.
I think it's more like to Jesus to return in the next few hours and fix this problem than for ICANN to do anything about it.
But there are millions of servers out there that Verisign cannot communicate 'this is not a real domain' to. It looks, tastes, acts, exactly like a real domain to them, one running a mail server that rejects any message they send it (But, of course, no mail server is smart enough to realize it rejects 'any' message...all a mail server knows is that it rejected the current message.), and a web server that seems normal.
Sure, these servers can be 'patched', but really just an absurd solution to fundementally breaking the protocol.