[plug] 'australian cheap domains' spammers?

Mark O'Shea mark at musicalstoat.co.uk
Fri Mar 11 16:07:37 WST 2005


On Fri, March 11, 2005 3:38 pm, Shayne O'Neill said:
>
> Well what has me worried, and since this is a public list I'll add that
> I'm not accusing just wondering, is that to do a whois, you have to know
> the name exists. And its a pretty obsure sort of name too.
>
I'm not saying that you shouldn't be worried (I'll also add that I'm not
accusing anyone) but that while it is on a public database you can't be
sure, or accuse anyone.

Note that some nameservers are not set up that well and allow zone
transfers to anywhere (some windows admins don't understand the box that
says 'allow bind transfers' and leave the box checked, and some bind
admins don't understand bind), there was a note on bugtraq a couple of
months ago about several nameservers for tld's allowing zone transfers
showing all the registered domains for that country (.au was not one of
them, .ca was the biggest but that is now fixed).  Also note that if you
set up the domain to be pointed to by the ptr record for an ip address it
is trivial to do reverse dns lookups on large net blocks.  Also (though
granted more far fetched) the emails between you and your registrar could
have been intercepted en-route if they were not encrypted.

And I'm sure that's not an exhaustive list of how spammers get their
addresses.

Like I said, don't stop worrying about what your registrar is doing with
your details, but unless you are going to go to great lengths to discover
and prove that they are doing anything wrong don't worry about it so much
you lose sleep.

-- 
Mark O'Shea




More information about the plug mailing list