Then there's the WHOIS information for Notchup. See how it's owned by Domains by Proxy? That means the true owner of the domain doesn't want you to be able to tell who they are. No business name, no street address, no contact info.
That's who people are giving their contact info to? A site where the true owners of the site don't want you to know who they are?
Yeah, I don't think I'll be signing up, just yet.
(More good points to think about here.)
If you're not familiar with the practice, you can read how it works here. I am under the impression that there are a number of registrars exploiting this practice to let them dip their toes in the domain pool, see what's worth keeping, then dump the rest without paying anything. It seems to have opened the floodgates to domain speculation.
Domain tasting is a weird thing. I'm struggling to find what potential legitimate uses for this "feature" would be. John Levine's been schooling me on the topic since early 2006, and I have yet to hear of a good reason for it.
The only value I see in domain tasting is for questionable activities. For fast-flux spammers trying to hide long term evidence of their activities. (Send spam, then people trying to trace it more than five days later can't find any evidence of the domain. Rinse, lather, repeat, millions of times.) For strange things like grabbing up the domains you look up and trying to sell them back to you. For people putting up thousands of sites with nothing but pay-per-click ads on them. (Apparently Google doesn't like this practice, either.)
I'm hopeful that making the registrar fee non-refundable will effectively end this practice by making it cost-prohibitive.
Then, check out this most excellent response to trolling criticism on my CircleID post. Written by Brian McNett, it examines the blurred intersections and transitions between vigilantes and professionals. Excerpt:
During the period of David’s anti-spam activity, which ended around 2001 with a tragic accident which nearly took his life and has left him permanently disabled, I myself volunteered my time, resources and expertise to track down and identify spammers. It is only because I was more circumspect in my public postings to USENET, that I myself did not draw the attention of the plaintiff in this case. It is only because I was available for employment, and not in a medically induced coma, that I was able to become a professional, and now do my investigation in an official capacity.
Mr. Ritz performed the alleged criminal acts during a time when Mr. Iverson, Mr. Chandler, Mr. Schwartzman, and myself would also have been considered criminals had we fallen under the gaze of the plaintiff. Thus, Mr. Thorson, you are, knowingly or otherwise, continually impunging the defendant and acting as an apologist for the plaintiff among a group of professional who, were it not for a twist of fate, would also include David Ritz. Many of the “crimes” (isn’t this a civil case?) Mr. Ritz is accused of, are things all of us have done at one time or another as a routine part of both our efforts as volunteers, and our jobs as professionals. Mr. Iverson’s reputation as a professional was largely established based on his ability to, as the ruling puts it “disguise himself as a mailserver”. Mr. Schwarztman, has carried what the court calls “vigilantism” to the point of being Canada’s foremost expert on spam. Mr. Chandler has taken his legal, advocacy, and forensic skills (developed in the late 1990’s in what the court judges to be “criminal activity") to a position at one of Mr. Iverson’s employer’s direct competitors. Mr. Iverson and Mr. Chandler work for companies whose business is sending commercial email. Their needs and the needs of their customers are frequently at odds with the likes of Mr. Schwartzman, Mr. Smith and myself. Nonetheless, we are all here, firmly in opposition to the decision of your beloved North Dakotan legal system.
Very well written. Brian McNett is my hero.
Don’t forget to surf on over to the CircleID copy to see the ongoing discussion in comments. Lots of good stuff, plus a couple of trolls. Pretty typical, as these things go. My favorite quote: “I think there is something that people are missing. In the eyes of the court, Mr. Ritz is a menace to Sierra.” Uh, no, we actually get that that this is apparently the court's opinion. That’s the point here – the court got it wrong.
One guy took issue with me taking a swipe at North Dakota ("the one lone technology professional in ND") and (I assume, jokingly) invited me to visit the Microsoft campus there. Hey, if he's not kidding, and he makes a big donation to David's legal defense fund, I'm game.
Ever been prosecuted for tracking spam? Running a traceroute? Doing a zone transfer? Asking a public internet server for public information that it is configured to provide upon demand?
No? Well, David Ritz has. And amazingly, he lost the case.
Here are just a few of the gems that the court has the audacity to call "conclusions of law." Read them while you go donate to David's legal defense fund. He got screwed here, folks, and needs your help.
"Ritz's behavior in conducting a zone transfer was unauthorized within the meaning of the North Dakota Computer Crime Law." You might not know what a zone transfer is, but I do. It's asking a DNS server for all the particular public info it provides about a given domain. This is a common task performed by system administrators for many purposes. The judge is saying that DNS zone transfers are now illegal in North Dakota.
"The Court rejects the test for "authorization" articulated by defendant's expert, Lawrence Baldwin. To find all access "authorized" which is successful would essentially turn the computer crime laws of this country upside down." That's untrue. The judge is trying to hang David out to dry, even when provided evidence of what actually constitutes hacking or cracking. Accessing a server on the public internet that is set up to provide that public info is not a crime, and saying that it is not a crime doesn't suddenly damage computer crime law. The judge just amended the definition of "unauthorized" to include public internet servers that were expressly configured to provide info to anybody who asks for that info.
"Ritz has engaged in a variety of activities without authorization on the Internet. Those activities include port scanning, hijacking computers, and the compilation and publication of Whois lookups without authorization from Network Solutions." I'm not touching the "hijacking computers" statement -- who knows what the judge means, and I don't think it's wise to assume that the judge's definition matches the common one. But what really jumps out here is this: Publication of WHOIS information. You know, business records. Who owns a domain. Public information. The judge has arbitrarily decided that it is illegal to take information from WHOIS data -- necessary information when compiling a report on a company or activity, to make sure you're talking about the right person -- and put it in a spam report or on a website.
Mickey Chandler calls the court documents in this case "12 pages of bad law," and I couldn't agree more.
My take on this is going to be short and sweet: You're crazy if you leave your wifi open. Here's what can or will happen if you don't secure your wifi:
- Your own download speeds suffer as neighbors' infected laptops find a new vector to spew spam and malware.
- You'll find your home IP address blacklisted and receiving spam complaints over bad stuff people send via your connection.
- The buck stops with you. Your ISP can trace it as far as you and no further. This means that if somebody uses your wifi network to send spam, or traffic in kiddie porn, you're the one whose door the feds or the FTC are going to knock on.
- Running a mail server? You'll get blacklisted due to all of the above.
It might be really neat to leave your car unlocked, with the keys inside, so your neighbors can borrow it as needed. But, is it wise? C'mon, people!
(I recall Ralsky being the guy who cried foul when, a few years ago, his home address was made public, and people signed him up for hundreds-to-thousands of junk mail postal lists.)
ISPs are continually tightening up their sending guidelines and acceptable use policies, and things you might have gotten away with in 2006 or 2007 will no longer be kosher.
Opt-out append? Purchased lists? Third-party lists? Mailing to the same, tired list forever? Forget about it. You're going to the bulk folder, if you get through at all.
ISPs are belt-tightening; automating sender-review and spam-prevention processes. Spam isn't a profit center for them; it sucks up their resources that they feel are better spent elsewhere. They're taking less and less time to individually review every whitelist request; they're relying more on automated, statistics-driven processes to keep more of the spam out, and they're catching more and more edge case senders in their new mechanisms. ISPs aren't making any money from the mail you're sending, they don't have a financial responsibility to accept that mail. And in a lot of cases, they firmly believe that their users are happier without the mail
It's up to you if you want to stay ahead of this problem, and stay in the inbox. The way to do it is avoid becoming that edge case. Maintain clear permission. Don't buy or sell lists. Avoid email append. Re-confirm your lists. Send people only what they expect.