The bandwidth is still negligible in the aggregate, compared to web surfing. I've used more of my ISP's bandwidth today reading Slashdot than getting spam, including the spam that came into their servers and was trashed by SpamAssassin or procmail. (That doesn't include the spam that didn't make it into their servers because of blacklisting - that probably would have been bigger than my web surfing most days.) I get maybe 200-300 spams a day, most of them under 10KB each and many under 2KB each.
The balance is different for niche email providers, because they're only handling email, not web traffic, so the fact that 60-80% of email is spam does double or triple their bandwidth and storage needs, as well as increasing their support costs cleaning the garbage up, fixing overloaded servers, emptying full bit buckets, and constantly updating and maintaining spam-prevention scripts. For them it's a big deal. But for ISPs that are primarily providing connectivity, or providing hosting, it's simply not a large fraction of the bits, so it's not a large fraction of the money.
The value of my time that the spammers waste is a lot higher than the incremental cost of shipping the bits - that's what they're really stealing. If you waste an hour or two a month cleaning up spam, that's worth more than the cost you're paying for your ISP's email service. The value of lost emails that got trapped by anti-spam techniques may also be higher.
Also, think about amortizing your development efforts over the long run - the amount of time you're wasting managing spam is time that you could be spending improving your ability to use appropriate anti-spam tools, like a good sniper rifle or a GPS-guided cruise missile.
As Courageous said, jurisdictional disputes are complicated - reading mailing lists with lawyers on them discussing jurisdiction is rather like reading Slashdotters discussing the correct pronunciation of GNU/Linux (RMS sucks! Does Not! Does Too!).
But you REALLY want this to be UnConstitutional, because otherwise, you'd be subject to every law in every state that your email goes to, and possibly every state where people can read your web pages or Usenet postings. You'd possibly even be subject to laws in other countries where your email/web/Usenet goes.
That would mean your Burning Man pictures could get you busted in Tennessee, because people there think that nekkid women waving fire around is obscene. (In the Amateur Action internet porn trial, it was a Federal prosecutor running the trial in Tennessee, so they're allowed to handle interstate commerce cases, and they'd also gotten the defendants to snail-mail them some video tapes, because internet bits were a pretty dodgy legal issue back then.) Think about what happens if every state and local jurisdiction each can go after you, independently, and then think about the fact that your web page is visible from Saudi Arabia, where pictures of women without their veils on aren't legal, and that you don't know where mailto:faisal12345@yahoo.com lives.
It would mean that your offer of a professional-quality massage in return for a place to stay when you go to the anti-spammer convention in RandomCity could get you busted. Sure, *you* were putting the time you were unemployed to good work learning a new skill that's widely appreciated in California, and among computer abusers, and maybe you're even certified, but RandomCity thinks that "massage" is something that happens at "massage parlors", so your email to that mailing list was "solicitation", or at least "offering massage services without a business license".
That flame you wrote about Company That Won't Be Named's product Operating System That Won't Be Named and Their Incompetent Lawyers Who Won't Be Named could get you busted for libel in Western State that won't be named under local laws and force you to show up at their local courthouse to defend yourself, whereas under Federal jurisdiction you get to discuss where the trial, if any, happens. And their UK office could also sue you - UK laws against libel are *much* more strongly weighted in favor of the plaintiff than US laws are, e.g. the fact that the negative thing you said was actually true isn't a sufficient defense there.
I'm sorry, but you are *way* wrong about that. The only way to make that happen is to force people to reveal their physical address in order to have an email address, and that's not only a severe privacy violation from the governmental-action side (and therefore something that the government would be happy to require:-), it's also a severe privacy violation for people who don't want marketers knowing where they sleep, where they get their paper mail, etc.
Geographically-specific domain names are a separate issue - it's reasonable to expect someone to guess that someuser@example-isp.sf.ca.us has an email mailbox in San Francisco, California, USA, though that may not be where their body hangs out or where they read their email from. Some people like that sort of address. But otherwise, it's not reasonable to expect that even if a given ISP has an office in City X, that that's where their servers are.
OK, ok, so spammers and spam blockers are in an arms race, and this will probably only work for 15 minutes if it gets deployed widely because spammers will change their spamware, but what happens if you give the spammer a broken third MX site? Some obvious ones are:
A machine that doesn't do SMTP on Port 25, so the connections get rejected.
Verisign's SiteFinder Email Handler which rejects messages for anybody? (Might as well get _some_ use out of them:-) Their first version would have worked better than the second one - it only rejected individual addresses at the RCPT TO: stage but didn't reject the whole session up front because some popular mailers reject brokenly to that (now it does both; not sure whether the spamware does or not.)
Your own reject-mailer, which can reject the connection with something more appropriate, like 452 "insufficient system storage - try again later", which has the advantage that if somehow a real user connects to it, their stuff should stay queued until your main mailer is working again. That's also a good place to run a VRFY that will happily claim that any address the spammer wants to test is a correct adddress (or if you're not worried about real mailers using VRFY, only spammers, you can have VRFY respond positively only for user names that don't exist, and negatively for user names that do exist.)
Of course, you can always teergrube the tertiary mailer, letting the sender get bogged down in something that _looks_ like it's accepting their messages, but doing so v....e....r....y.....s....l...ooooo.....wwww....ll lll.....yyyyyyyyy...... and logging connections. (That's also useful if you're seeding the web with spider-bait for harvesters using domain names that have their primary pointing to your teergrube.)
Friend of mine was working at a ~100 person company that wasn't doing well. Their manager called them together for a morning meeting and gave them the bad news and their severance checks. They had a bit of a discussion about whether what was left of the company would keep going and would their stock turn to wallpaper instantly, and he told them that, Well, we Haven't Had Any Official Announcements About That, but that were would be a Directors' Meeting tomorrow (or the afternoon or whatever.) They all made their saving throw and decided that when a nice guy says things like that in Capital Letters, that they should go to the bank that their company uses and get cash for their checks rather than just depositing them at their own banks and assuming they'd clear, and apparently it was the right choice, because the company announced bankruptcy at the Directors' Meeting. So they got to cash their checks while there was still money, rather than becoming last-in-line creditors.
The bank that the company used was a small local bank, and when they saw 50 people lined up at their door wanting to cash checks, some of the tellers started worrying if there was a bank run going on and was their bank having trouble, but the folks in line reassured them that, no, you're doing fine, it's just our company tanking.
I've probably gotten a few of the details wrong, and deliberately obscured others, but most of the story's pretty close to correct...
As a somewhat older professional who actually has people skills, she had the view that a manager's first job in that kind of situation is to keep her people informed and use whatever contacts she had to help them find new jobs. That was easier during the late boom and early crash than it was when they laid her off a bit later.
There are several places in Silicon Valley to get antique PCs. I can't help you with dBase, but sometimes they've got old software, and also newer spreadsheets and databases may be able to import it.
On the other hand, getting your kneecaps broken is less than ideal...
If you're in that situation again, an obvious job lead, at least until you find something else, is to ask the consultant if he'd like to hire you. After all, you know the network better than anybody....
The iPen and its ilk are available at consumer electronics stores for a lot less than Skymall would usually charge. One problem with a camera that shape is that almost all of them have built-in memory rather than removable cards, so you can't easily upgrade them, and have to use their lameoid data transfer software instead of just popping the card into a reader.
Several of the camera phones I've seen recently had 352x288 pixel CCD chips - the early pen cameras had that, though most are at least 640x480 and are starting to be higher than that.
Since the context of this discussion is whether the State can do anything useful about Spam, remember that the State does have laws against denial of service and other computer vandalism. Furthermore, sometimes spammers are using their own machines, but often they're abusing machines belonging to service providers with other customers, or hijacking machines owned by innocent bystanders (*negligent* bystanders, perhaps, but still innocent.) Don't Do That. And spammers can Joe Job people whose machines aren't even involved - that's an especially good reason to Not Do It. And people who want to DDOS you can forge spam from you and claim they're only responding to your spam.
However, there are friendlier solutions like Teergrube (google for it - it's German for "tarpit") which don't attack the spammer, but do respond to the SMTP protocol v...e...r....y.....s...l...o....w.....l....y.... and can prevent the spammer from sending at the high rates of speeds that spammers like; if enough people ran teergrubes, spammer SMTP machines would really bog down, as well as sending much of their spam to machines that will never actually deliver it.
Now, just because you shouldn't do active attacks on the spammer, that doesn't mean that you shouldn't have automated probing systems that check out any machine that appears to be spamming, report it to their ISP and/or blacklist systems, etc.
The first response is usually "Slam the mailbox lid", which would certainly get the attention of the perpetrator in the real situation (ahem)(though not in the email situation) and if that doesn't fix the problem, then some people do anything from non-violently critizing the perp for his aggressive behavior, calling their guard service or a bounty hunter, or starting an internet boycott of the perp (that one does have direct spam analogies), to loading their shotguns noisily. What you do with the bucket when it's full is a separate discussion.
By contrast, it's the statists who whine about how the state ought to provide everybody with buckets. Ok, ok, so the Libertarians are actually more likely to be interested in the long discussion and recurring Internet flamewar with the statists than in actually fetching the bounty hunter...
RMX basically lets a site say "This IP address is/isn't allowed to send mail claiming to be from our domain name", so a recipient who receives email from username@example.com can verify whether the sender's envelope is plausible or is definitely forged and therefore can be discarded at the envelope level. The goal is to get a number of big email services (e.g. AOL, Hotmail, etc.) to use it, so that spammers can't get away with forging addresses from those sites. In theory that's good - you wouldn't need to discard everything from Hotmail to reduce spam, because you'd know whether a message really came from Hotmail, and Hotmail limits the rates that its users can send email to some volume that's too low to be practical for spammers, and tries to limit the rate at which users can create accounts.
The big problem is that it limits your ability to use your current Internet connection to send mail from whichever personna is appropriate for the message, at least without connecting through the personna's email provider's outbound relay. For instance, my Mozilla mail knows how to be my main home email address, and my work email, and my Yahoogroups John Doe address, and my Yahoogroups address with my real name on it, and my old Earthlink email address that's 99.9% spam now (the rest is ISP announcements). If I receive something on my home email address and want to forward it to a subscriber-only mailing list that my work email address subscribes to, right now I can just send it as my work address. But if my company used RMX, and the mailing list checked RMXs, it would see that it came from my home ISP's mail relay and reject it.
This kind of thing is especially an issue for the big free/cheap email providers, who are the target for this kind of thing, because they're some of the most common forgeries, but they're also the ones you most often want to use for public addresses that you change when they get too much spam.
The average spammer is dumber or ruder than the average politician. Unfortunately, that's not good enough to stop them, because the social processes are different. The average spammer is a variant on the script kiddie - they're mostly motivated by greed rather than curiosity or boredom, so they don't need to be as bright, but they're both dependent on other people to do the hard creative work of writing the programs that get the results. A large fraction of spammers are unsuccessful (duped by promises of easy money), and some fraction of the non-creative spammers are successful (because there are suckers to buy their products, including spamware products as well as penis enlargers), and a small fraction of spammers and spamware vendors are savvy creative technical folks who have to stay on the leading edge of the arms race with anti-spammers. Some of _those_ need to be really good at it, because they're using their own products to market penis enlargers, while others only need to maintain the appearance of expertise, because they're selling mediocre spamware to non-creative spammers, but all of the anklebiters can take advantage of what they produce.
Politicians, by contrast, usually aren't dumb - they tend to be lawyers or doctors or other professionals who can be part-time politicians, and even the ones who are real-estate developers have some clue about business - but they are often making laws about things they don't understand, and about things that change faster than the law-making process can adapt. Some small fraction of them are great statesmen or philosophers, but the average politician doesn't depend on them too strongly except as a PR figurehead; great fundraisers are more directly valuable...
At least one of the research approaches that was described was for making solar cells that were less efficient but much cheaper. For spacecraft, that can be a bad tradeoff, because you really care a lot about size and weight. Less efficient means that you need more surface area, so you need bigger panels, and the extra cost of launching bigger panels could quite easily outweigh the savings in the hardware cost of the solar cells.
A half-ton pickup truck or van does refer to the carrying capacity, but it's your basic full-sized model. The heavy-duty ones are 3/4 ton. Gross Vehicle Weight (that's including the half-ton of cargo) is about 2800-3300kg, so the truck itself is probably 2300-2800kg. It's still a lot smaller than a 400 ton mining truck.
Friend of mine from Kentucky said that the reason Southerners talk slow is that they used to all be farmers, and when you went over to visit somebody, you had to go some distance and it took a while, and you were gonna be there all day and hang out, so no point in hurrying to say everything in the first five minutes and then run out of things to say. Not like New Yorkers who want to get in a whole conversation while they're walking down the stairs to the subway.
Especially if you've got some knowledge of the material, there are some parts you'll want to listen to on fast forward, some at more normal speeds, and some you'll want to back over a couple of times on instant replay slo-mo. Do the codecs you're using give you an easy way to adjust the speed dynamically, or is it one of those "wade through a menu and play it from the top" kinds of interfaces?
One difference is that you may still be running Linux on that "cutting edge when you bought it" P2-233, but you're unlikely to be running XP on anything less than 800 MHz or so, plus you've got a bigger faster disk drive and more memory. Sure, you could do an apples-to-apples comparison, but the big reason that Win2k Pro boots so fast on my new work laptop is that it's an 1100MHz box. (Another reason is that Suspend/Resume finally works reliably enough that I don't need to reboot more than every week or so:-)
Yes, Windows does a login prompt earlier in its boot sequence than Linux usually does, but just because you've typed in your login and password doesn't mean you've got a usable system, especially on Windows. After you do that, it spends a while loading lots of System Tray applications, running whatever it runs to get pretty icons on your desktop, and also running whatever equivalents to.profile are set up on your network login as well as running your Startup folder apps. Moving the request for a password earlier doesn't really help much.
Also, with Linux, you could log in to a shell or console window before starting X, rather than waiting for X and XDCMP to put up a graphical login window, but you'd then have to wait for X to start after you boot, and most people don't seem to want that for the main user interface.
First of all, the First Amendment trumps the Patriot Act. Second, whether the Patriot Act is or is not the law isn't relevant if the FBI is merely waving it around as a bogeyman rather than actually following it, which appears to be the case here.
As a citizen, I've got a lot of problems with the Patriot Act - like the fact that almost none of the Congresscritters who voted for it had actually read the whole thing, as opposed to voting the way they were told by their party leaders and the Bush League. The two procedural ways to get rid of it (either in part or the whole thing) are for Congress to rescind it or for the courts to invalidate it. On the other hand, this appears to be a case of the FBI pretending it gives them authority they don't have, and that's a different kind of problem to fight.
The NY Times is usually on the right side of freedom of the press issues. In the Pentagon Papers case, for instance, they were willing to take on the War Machine, because the First Amendment clearly was the law and it was an important story, and they had the guts and resources to fight it.
Unfortunately, in this case, Lamo pissed off the NYT, and in "protecting" them, the FBI is willing to be sloppy about procedure and start threatening lots of journalists who aren't the NY Times. Some of them may have the resources to fight back, some don't.
Today we're the internet, and we're all journalists. The good part is that it's clear that we've got responsibilities and legal protections; the bad part is that there are now lots more journalists who don't have the legal resources to fight a heavy attack.
You probably meant "one who can afford expensive lawyers"?
No, a DOS on Sitefinder's IP address, which is what a DOS on bogus.com domain names would accomplish, wouldn't affect the root name servers. It would interfere with reaching their web search pages and email trap pages, taking longer for bouncegrams to get back, which is still bad, but it wouldn't bother DNS at all. And of course, it would still be Wrong and probably illegal.
Now, if you want to have fun with SiteFinder's email system, you can start leaving a bunch of bogus-domain email addresses around for spammers' harvesters to pick up. That would mean they'd be more likely to send their spams for random users or dictionary-attack to SiteFinder instead of real machines, but presumably Verisign sized their systems to account for this.
Verisign runs the Registry which keeps the master database that all the Registrars use when they're selling.com and.net domain names. Verisign is also a Registrar, but this is a Registry problem, not a Registrar problem.
That doesn't mean that you can't argue that Verisign doesn't owe somebody (themselves?) $6/name for the previously-unregistered names they're now using, or that they don't owe ICANN whatever cut ICANN gets of those names....
Verisign is responsible for the Registry, which is the official database of.com and.net domain names, IP addresses, and whois information, but the Root Servers actually implement the DNS. Aren't they also responsible for making sure their config files are correct (and *.com is obviously an error)? Some of them are run by Verisign, but some aren't, including some outside the US, and even some by Paul Vixie, the author of BIND who did the recent patch that made it not accept Verisign's bogus data. This may change the _operational_ issues, but they still should be doign the Right Thing.
The balance is different for niche email providers, because they're only handling email, not web traffic, so the fact that 60-80% of email is spam does double or triple their bandwidth and storage needs, as well as increasing their support costs cleaning the garbage up, fixing overloaded servers, emptying full bit buckets, and constantly updating and maintaining spam-prevention scripts. For them it's a big deal. But for ISPs that are primarily providing connectivity, or providing hosting, it's simply not a large fraction of the bits, so it's not a large fraction of the money.
The value of my time that the spammers waste is a lot higher than the incremental cost of shipping the bits - that's what they're really stealing. If you waste an hour or two a month cleaning up spam, that's worth more than the cost you're paying for your ISP's email service. The value of lost emails that got trapped by anti-spam techniques may also be higher.
Also, think about amortizing your development efforts over the long run - the amount of time you're wasting managing spam is time that you could be spending improving your ability to use appropriate anti-spam tools, like a good sniper rifle or a GPS-guided cruise missile.
But you REALLY want this to be UnConstitutional, because otherwise, you'd be subject to every law in every state that your email goes to, and possibly every state where people can read your web pages or Usenet postings. You'd possibly even be subject to laws in other countries where your email/web/Usenet goes.
Geographically-specific domain names are a separate issue - it's reasonable to expect someone to guess that someuser@example-isp.sf.ca.us has an email mailbox in San Francisco, California, USA, though that may not be where their body hangs out or where they read their email from. Some people like that sort of address. But otherwise, it's not reasonable to expect that even if a given ISP has an office in City X, that that's where their servers are.
- A machine that doesn't do SMTP on Port 25, so the connections get rejected.
- Verisign's SiteFinder Email Handler which rejects messages for anybody? (Might as well get _some_ use out of them
:-) Their first version would have worked better than the second one - it only rejected individual addresses at the RCPT TO: stage but didn't reject the whole session up front because some popular mailers reject brokenly to that (now it does both; not sure whether the spamware does or not.) - Your own reject-mailer, which can reject the connection with something more appropriate, like 452 "insufficient system storage - try again later", which has the advantage that if somehow a real user connects to it, their stuff should stay queued until your main mailer is working again. That's also a good place to run a VRFY that will happily claim that any address the spammer wants to test is a correct adddress (or if you're not worried about real mailers using VRFY, only spammers, you can have VRFY respond positively only for user names that don't exist, and negatively for user names that do exist.)
Of course, you can always teergrube the tertiary mailer, letting the sender get bogged down in something that _looks_ like it's accepting their messages, but doing so v....e....r....y.....s....l...ooooo.....wwww....lThe bank that the company used was a small local bank, and when they saw 50 people lined up at their door wanting to cash checks, some of the tellers started worrying if there was a bank run going on and was their bank having trouble, but the folks in line reassured them that, no, you're doing fine, it's just our company tanking.
I've probably gotten a few of the details wrong, and deliberately obscured others, but most of the story's pretty close to correct...
As a somewhat older professional who actually has people skills, she had the view that a manager's first job in that kind of situation is to keep her people informed and use whatever contacts she had to help them find new jobs. That was easier during the late boom and early crash than it was when they laid her off a bit later.
On the other hand, getting your kneecaps broken is less than ideal...
If you're in that situation again, an obvious job lead, at least until you find something else, is to ask the consultant if he'd like to hire you. After all, you know the network better than anybody....
Several of the camera phones I've seen recently had 352x288 pixel CCD chips - the early pen cameras had that, though most are at least 640x480 and are starting to be higher than that.
However, there are friendlier solutions like Teergrube (google for it - it's German for "tarpit") which don't attack the spammer, but do respond to the SMTP protocol v...e...r....y...
Now, just because you shouldn't do active attacks on the spammer, that doesn't mean that you shouldn't have automated probing systems that check out any machine that appears to be spamming, report it to their ISP and/or blacklist systems, etc.
By contrast, it's the statists who whine about how the state ought to provide everybody with buckets. Ok, ok, so the Libertarians are actually more likely to be interested in the long discussion and recurring Internet flamewar with the statists than in actually fetching the bounty hunter...
The big problem is that it limits your ability to use your current Internet connection to send mail from whichever personna is appropriate for the message, at least without connecting through the personna's email provider's outbound relay. For instance, my Mozilla mail knows how to be my main home email address, and my work email, and my Yahoogroups John Doe address, and my Yahoogroups address with my real name on it, and my old Earthlink email address that's 99.9% spam now (the rest is ISP announcements). If I receive something on my home email address and want to forward it to a subscriber-only mailing list that my work email address subscribes to, right now I can just send it as my work address. But if my company used RMX, and the mailing list checked RMXs, it would see that it came from my home ISP's mail relay and reject it.
This kind of thing is especially an issue for the big free/cheap email providers, who are the target for this kind of thing, because they're some of the most common forgeries, but they're also the ones you most often want to use for public addresses that you change when they get too much spam.
Politicians, by contrast, usually aren't dumb - they tend to be lawyers or doctors or other professionals who can be part-time politicians, and even the ones who are real-estate developers have some clue about business - but they are often making laws about things they don't understand, and about things that change faster than the law-making process can adapt. Some small fraction of them are great statesmen or philosophers, but the average politician doesn't depend on them too strongly except as a PR figurehead; great fundraisers are more directly valuable...
At least one of the research approaches that was described was for making solar cells that were less efficient but much cheaper. For spacecraft, that can be a bad tradeoff, because you really care a lot about size and weight. Less efficient means that you need more surface area, so you need bigger panels, and the extra cost of launching bigger panels could quite easily outweigh the savings in the hardware cost of the solar cells.
A half-ton pickup truck or van does refer to the carrying capacity, but it's your basic full-sized model. The heavy-duty ones are 3/4 ton. Gross Vehicle Weight (that's including the half-ton of cargo) is about 2800-3300kg, so the truck itself is probably 2300-2800kg. It's still a lot smaller than a 400 ton mining truck.
Friend of mine from Kentucky said that the reason Southerners talk slow is that they used to all be farmers, and when you went over to visit somebody, you had to go some distance and it took a while, and you were gonna be there all day and hang out, so no point in hurrying to say everything in the first five minutes and then run out of things to say. Not like New Yorkers who want to get in a whole conversation while they're walking down the stairs to the subway.
Especially if you've got some knowledge of the material, there are some parts you'll want to listen to on fast forward, some at more normal speeds, and some you'll want to back over a couple of times on instant replay slo-mo. Do the codecs you're using give you an easy way to adjust the speed dynamically, or is it one of those "wade through a menu and play it from the top" kinds of interfaces?
One difference is that you may still be running Linux on that "cutting edge when you bought it" P2-233, but you're unlikely to be running XP on anything less than 800 MHz or so, plus you've got a bigger faster disk drive and more memory. Sure, you could do an apples-to-apples comparison, but the big reason that Win2k Pro boots so fast on my new work laptop is that it's an 1100MHz box. (Another reason is that Suspend/Resume finally works reliably enough that I don't need to reboot more than every week or so :-)
100ms is when your machine is 10% of the way to totally hammered by network connections.
Also, with Linux, you could log in to a shell or console window before starting X, rather than waiting for X and XDCMP to put up a graphical login window, but you'd then have to wait for X to start after you boot, and most people don't seem to want that for the main user interface.
As a citizen, I've got a lot of problems with the Patriot Act - like the fact that almost none of the Congresscritters who voted for it had actually read the whole thing, as opposed to voting the way they were told by their party leaders and the Bush League. The two procedural ways to get rid of it (either in part or the whole thing) are for Congress to rescind it or for the courts to invalidate it. On the other hand, this appears to be a case of the FBI pretending it gives them authority they don't have, and that's a different kind of problem to fight.
Unfortunately, in this case, Lamo pissed off the NYT, and in "protecting" them, the FBI is willing to be sloppy about procedure and start threatening lots of journalists who aren't the NY Times. Some of them may have the resources to fight back, some don't.
Today we're the internet, and we're all journalists. The good part is that it's clear that we've got responsibilities and legal protections; the bad part is that there are now lots more journalists who don't have the legal resources to fight a heavy attack.
No, a DOS on Sitefinder's IP address, which is what a DOS on bogus .com domain names would accomplish, wouldn't affect the root name servers. It would interfere with reaching their web search pages and email trap pages, taking longer for bouncegrams to get back, which is still bad, but it wouldn't bother DNS at all. And of course, it would still be Wrong and probably illegal.
Now, if you want to have fun with SiteFinder's email system, you can start leaving a bunch of bogus-domain email addresses around for spammers' harvesters to pick up. That would mean they'd be more likely to send their spams for random users or dictionary-attack to SiteFinder instead of real machines, but presumably Verisign sized their systems to account for this.
That doesn't mean that you can't argue that Verisign doesn't owe somebody (themselves?) $6/name for the previously-unregistered names they're now using, or that they don't owe ICANN whatever cut ICANN gets of those names....
Verisign is responsible for the Registry, which is the official database of .com and .net domain names, IP addresses, and whois information, but the Root Servers actually implement the DNS. Aren't they also responsible for making sure their config files are correct (and *.com is obviously an error)? Some of them are run by Verisign, but some aren't, including some outside the US, and even some by Paul Vixie, the author of BIND who did the recent patch that made it not accept Verisign's bogus data. This may change the _operational_ issues, but they still should be doign the Right Thing.