US Web Firm Described As "Phantom Registrar" Haven 161
snydeq writes "InfoWorld's Martin Heller directs attention to ongoing investigations of more than 40 phantom registrars linked to The Directi Group, including PDR, one of the 10 worst offenders on the Net. According to KnujOn, an additional 19,000 domains advertised through spam have been hiding their ownership behind PrivacyProtect.org, which The Washington Post has outed as Directi-owned. Directi claims it suspends illicit domains, but KnujOn provides documentation suggesting that Directi reports the registrars suspended and then reinstates them at another IP address. 'There has been some outcry about all this from the ICANN At-Large Committee, but as of this writing there has been no response from ICANN's Tim Cole,' Heller writers. 'Perhaps that has something to do with the fact that LogicBoxes, a Directi-owned registrar, has sponsored ICANN meetings in L.A. and Delhi.' Directi has since issued an official response to the allegations."
Re:The Reason This Will Never End (Score:3, Interesting)
Bottom line, this is an endless loop, and if anyone has any REAL suggestions on how to get rid of spammers, or how to force companies to stop hiding them and their domains, I'd love to hear it.
Well, if you can create anti-spam laws, why not create a law prohiting credit card companies to make payments on products / companies which have used spam to addvertise their products or services. Thus there would not be any money for
spamming.
Re:The Reason This Will Never End (Score:3, Interesting)
I agree, you prohibition never works. Laws against speeding don't work.
Why murder has been illegal for thousands of years, and it still continues.
What are we going to do??
It could end if we (Score:5, Interesting)
Make sending unsolicited mail slightly criminal. Say, one minute in prison per recipient. 1M spams would be 695 days in jail.
Spam and viruses cost people money that they could have spent elsewhere. When a company buys a spam filter and hires people to run it, that's money that could have been profit or could have been spent on something useful to the company. Maybe that budget could go to making the health insurance a bit cheaper. Or give the receptionists a raise. Put a foosball table in the break room. 1K$/year is 1K$/year too much to spend on something you never wanted. Spammers are making people/companies/agencies throw away time and money. The only way to not get spam is to not have an address.
Hell, make it the penalty the sum of the amount other peoples time they wasted, 1 second per recipient. Even that would get people to think twice.
Alas, the spam from outside the US and extradition friendly countries would not be unabated, but it would be something.
Maybe such a law would be wrong/unethical, but it would give us some kind of satisfaction. i don't know, i'm speaking mostly out of frustration here. When i was a sys admin dealing with spam was a frustrating waste of my time and the time of my users.
Any law grokkers on hand to tell us what laws and penalties are in place?
Re:The Reason This Will Never End (Score:3, Interesting)
1. Make all advertisement, solicitation, marketing, etc , etc via email illegal. No exceptions.
2. Institute a mass anti-spam campaign across the media, educating people about what to expect and what to do.
3. Prosecute spammers.
4. Prosecute people who buy from spammers.
Personally, I think step 4 is the option that will have the most effect. The more people who are responding to spam that get jail the better.
Related: Spamhaus statement re Atrivo/Intercage (Score:5, Interesting)
On a related note, Spamhaus recently issued this statement [spamhaus.org] about Atrivo/Intercage, US-based persistent criminal spammer hosts. In the news.admin.net-abuse.email newsgroup, Steve Linford of Spamhaus indicated they made this statement because they are highly frustrated [google.com] with law enforcement's inaction.
Send the tax collectors (Score:5, Interesting)
These types of registrars and domain owners will no longer have a viable business if the expense of avoiding the government is too high. This would also be a useful method of giving lawyers something to do and stop bothering us normal people (with NewYorkCountryLawyer as an exception of course).
Use the information against the spammers? (Score:5, Interesting)
I've been doing some digging into this over the last few months and noticed an awful lot of spamvertized sites seem to have their domains registered with such privacy protecting registrars.
I've been thinking about how to use the fact that a domain is registered with such a registrar as part of a spam scoring metric and whether anyone else has already done work on this? Just on the mail passing through my systems, I'm seeing a very strong correlation between a mail being spam and it referring to a domain registered with such a registrar, with the domain nameservers being on dynamic IP space, and with the DNS for the spam domain having a very low TTL value set.
It's also interesting to track back the nameservers for any domains referred to in the NS records of the spam domain. By doing so I can find fairly large networks of interrelated spam domains and spam websites, the addresses of many of which already appear on the likes of the Spamcop and Spamhaus SBL/XBL lists or appear there shortly afterwards.
The point is, is it practical to use this sort of information against spammers and is anyone already doing it?
Don't worry. CEO is advisor to CyberCrime Unit! (Score:2, Interesting)
Apparently, Bhavin Turakhia Founder, CEO & Chairman of Directi "...also serves as a technical advisor to the local CyberCrime Investigation Cell" it says on the Directi website.
Ha Ha Ha Ha Ha Ha! Sometimes you can't beat real life for a great laugh.
Hold on, it also says,"Directi operates various online web properties and web services. To report any form of abuse activity (spam, phishing, adware etc) with respect to any Directi service simply send an email to abuse [at] directi [dot] com"
Argh, ha ha, oh dear, oh dear, I think I'll never stop laughing...
They killed a spammer/scammer for me (Score:3, Interesting)
I was getting a lot of spam which had links redirecting to this scam [windows-scanner2009.com] site. It was one of those sites that does a fake virus scan and claims you're infected so they can sell you a bogus product (funny how it was scanning windows-related files on my Linux system, eh).
I sent the offending URL to privacyprotect and was surprised when they actually responded by pulling the spammer's protection, then forwarding the info to his ISP and having the domain itself pulled (the nameserver has been changed to "ns1.suspended-domain.com" and DNS no longer resolves).
Re:The Reason This Will Never End (Score:5, Interesting)
There are some people who's weight is primarily controlled by exercise. My wife is like that. It doesn't matter what she eats; a few days at the gym and she starts dropping weight. Some people's weight is primarily controlled by diet. This is how I am. When I get exercise, I don't burn up fat. I only build muscle. From a real health aspect, that is still good, but from an external view, as well as what is defined by the BMI, I become fatter, and thus more and more over weight. Even worse for the 'one true way' of weight loss, I pack on fat if I eat sugar. This include whole grains, fruits and many vegetables. For me, the only thing that makes me lose weight is to eat a primarily carnivorous high fat diet. That's right. If I don't get enough fat in my diet, I start putting on weight. Of course, there are also people that need a low fat diet, and people that need exercise and a change in diet.
We will never seen the weight 'problem' disappear until we stop using a crappy 19th century mathematician's chart to determine proper health, and stop thinking that everyone's body functions in the exact same way. We don't prescribe the same medicine to everyone. Ingesting the same medication can save one mans life, while the same medicine can kill another. Why would we think that the same diet and exercise plan would work exactly the same on everybody?
Re:They killed a spammer/scammer for me (Score:3, Interesting)
I currently work at Directi [1]. Official abuse policy when I don't get involved is to suspend the domain.
Abuse policy when I get involved is to suspend the customer (that's a few hundred domains for this sort of crap, or a few months ago, a few thousand. Unhappily, I don't have enough political clout yet to suspend large customers).
[1] Dealing with abuse issues is not part of the job description. That's a volunteer activity.