RE: All .COM / .NET domain names now exist
If you want to do anything about this, go to below link and sign the petition to stop Verisign: http://www.whois.sc/verisign-dns/?view=latest Brian -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of [EMAIL PROTECTED] Sent: Monday, September 15, 2003 7:02 PM To: Exchange Discussions Subject: All .COM / .NET domain names now exist [My apologies for the cross-post, but this has the potential to impact just about everybody who uses the Internet...] As of a little while ago (it is around 7:45 PM US Eastern on Mon 15 Sep 2003 as I write this), VeriSign added a wildcard A record to the .COM and .NET TLD DNS zones. The IP address returned is 64.94.110.11, which reverses to sitefinder.verisign.com. What that means in plain English is that most mis-typed domain names that would formerly have resulted in a helpful error message now results in a VeriSign advertising opportunity. For example, if my domain name was somecompany.com, and somebody typed soemcompany.com by mistake, they would get VeriSign's advertising. (VeriSign is a company which purchased Network Solutions, another company which was given the task by the US government of running the .COM and .NET top-level domains (TLDs). VeriSign has been exploiting the Internet's DNS infrastructure ever since.) This will have the immediate effect of making network trouble-shooting much more difficult. Before, a mis-typed domain name in an email address, web browser, or other network configuration item would result in an obvious error message. You might not have known what to do about it, but at least you knew something was wrong. Now, though, you will have to guess. Every time. Some have pointed out that this will make an important anti-spam check impossible. A common anti-spam measure is to check and make sure the domain name of the sender really exists. (While this is easy to force, every little bit helps.) Since all .COM and .NET domain names now exist, that anti-spam check is useless. VeriSign's commentary: http://www.verisign.com/resources/gd/sitefinder/implementation.pdf http://www.verisign.com/resources/gd/sitefinder/bestpractices.pdf Third-party reference: http://www.cbronline.com/latestnews/d04afc52ae9da2ee80256d9c0018be8b -- Ben Scott [EMAIL PROTECTED] | The opinions expressed in this message are those of the author and do | | not represent the views or policy of any other person or organization. | | All information is provided without warranty of any kind. | _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Web Interface: http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchangetext_mode=; lang=english To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED] _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Web Interface: http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchangetext_mode=lang=english To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED]
RE: All .COM / .NET domain names now exist
VeriSign Sued Over Controversial Web Service: An Internet search company on Thursday filed a $100 million antitrust lawsuit against VeriSign Inc., accusing the Web address provider of hijacking misspelled and unassigned Web addresses with a service it launched this week. Read more (source): http://reuters.com/newsArticle.jhtml?type=internetNewsstoryID=3471297 -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Jason Clishe Sent: Wednesday, September 17, 2003 10:22 PM To: Exchange Discussions Subject: RE: All .COM / .NET domain names now exist I'm surprised how quiet this group is being regarding this issue. This has potentially enormous ramifications. For one thing, this effectively breaks reverse-DNS lookups that anti-spam applications use to verify sending domains as being valid. Come on now, Verisign is masking the difference between a valid domain and NXDOMAIN for all protocols, all users, and all software. Doesn't anyone here have an opinion? Jason -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of [EMAIL PROTECTED] Sent: Monday, September 15, 2003 8:02 PM To: Exchange Discussions Subject: All .COM / .NET domain names now exist [My apologies for the cross-post, but this has the potential to impact just about everybody who uses the Internet...] As of a little while ago (it is around 7:45 PM US Eastern on Mon 15 Sep 2003 as I write this), VeriSign added a wildcard A record to the .COM and .NET TLD DNS zones. The IP address returned is 64.94.110.11, which reverses to sitefinder.verisign.com. What that means in plain English is that most mis-typed domain names that would formerly have resulted in a helpful error message now results in a VeriSign advertising opportunity. For example, if my domain name was somecompany.com, and somebody typed soemcompany.com by mistake, they would get VeriSign's advertising. (VeriSign is a company which purchased Network Solutions, another company which was given the task by the US government of running the .COM and .NET top-level domains (TLDs). VeriSign has been exploiting the Internet's DNS infrastructure ever since.) This will have the immediate effect of making network trouble-shooting much more difficult. Before, a mis-typed domain name in an email address, web browser, or other network configuration item would result in an obvious error message. You might not have known what to do about it, but at least you knew something was wrong. Now, though, you will have to guess. Every time. Some have pointed out that this will make an important anti-spam check impossible. A common anti-spam measure is to check and make sure the domain name of the sender really exists. (While this is easy to force, every little bit helps.) Since all .COM and .NET domain names now exist, that anti-spam check is useless. VeriSign's commentary: http://www.verisign.com/resources/gd/sitefinder/implementation.pdf http://www.verisign.com/resources/gd/sitefinder/bestpractices.pdf Third-party reference: http://www.cbronline.com/latestnews/d04afc52ae9da2ee80256d9c0018be8b -- Ben Scott [EMAIL PROTECTED] | The opinions expressed in this message are those of the author and do | | not represent the views or policy of any other person or organization. | | All information is provided without warranty of any kind. | _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Web Interface: http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchanget ext_mode=lang=english To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED] _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Web Interface: http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchanget ext_mode= lang=english To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED] _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Web Interface: http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchangetext_mode=; lang=english To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED] _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Web Interface: http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchangetext_mode=lang=english To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED]
RE: All .COM / .NET domain names now exist
I don't believe you are correct, even though I do abhor the process. Many anti-spam will do lookups of the sender's domain, yes. And that part will break. Of course, I'd just set any domain which resolves to the Verisign IP address as an instant reject - problem solved. However, a reverse lookup is of the sender's IP address, and if it maps to a domain name. That part won't change, as I don't think they added a wildcard PTR record. -- Roger D. Seielstad - MTS MCSE MS-MVP Sr. Systems Administrator Inovis Inc. -Original Message- From: Jason Clishe [mailto:[EMAIL PROTECTED] Sent: Wednesday, September 17, 2003 11:22 PM To: Exchange Discussions Subject: RE: All .COM / .NET domain names now exist I'm surprised how quiet this group is being regarding this issue. This has potentially enormous ramifications. For one thing, this effectively breaks reverse-DNS lookups that anti-spam applications use to verify sending domains as being valid. Come on now, Verisign is masking the difference between a valid domain and NXDOMAIN for all protocols, all users, and all software. Doesn't anyone here have an opinion? Jason -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of [EMAIL PROTECTED] Sent: Monday, September 15, 2003 8:02 PM To: Exchange Discussions Subject: All .COM / .NET domain names now exist [My apologies for the cross-post, but this has the potential to impact just about everybody who uses the Internet...] As of a little while ago (it is around 7:45 PM US Eastern on Mon 15 Sep 2003 as I write this), VeriSign added a wildcard A record to the .COM and .NET TLD DNS zones. The IP address returned is 64.94.110.11, which reverses to sitefinder.verisign.com. What that means in plain English is that most mis-typed domain names that would formerly have resulted in a helpful error message now results in a VeriSign advertising opportunity. For example, if my domain name was somecompany.com, and somebody typed soemcompany.com by mistake, they would get VeriSign's advertising. (VeriSign is a company which purchased Network Solutions, another company which was given the task by the US government of running the .COM and .NET top-level domains (TLDs). VeriSign has been exploiting the Internet's DNS infrastructure ever since.) This will have the immediate effect of making network trouble-shooting much more difficult. Before, a mis-typed domain name in an email address, web browser, or other network configuration item would result in an obvious error message. You might not have known what to do about it, but at least you knew something was wrong. Now, though, you will have to guess. Every time. Some have pointed out that this will make an important anti-spam check impossible. A common anti-spam measure is to check and make sure the domain name of the sender really exists. (While this is easy to force, every little bit helps.) Since all .COM and .NET domain names now exist, that anti-spam check is useless. VeriSign's commentary: http://www.verisign.com/resources/gd/sitefinder/implementation.pdf http://www.verisign.com/resources/gd/sitefinder/bestpractices.pdf Third-party reference: http://www.cbronline.com/latestnews/d04afc52ae9da2ee80256d9c0018be8b -- Ben Scott [EMAIL PROTECTED] | The opinions expressed in this message are those of the author and do | | not represent the views or policy of any other person or organization. | | All information is provided without warranty of any kind. | _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Web Interface: http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchanget ext_mode=lang=english To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED] _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Web Interface: http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchanget ext_mode=lang=english To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED] _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Web Interface: http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchangetext_mode=lang=english To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED]
RE: All .COM / .NET domain names now exist
All you base are belong to us Sincerely, Andrey Fyodorov Systems Engineer Messaging and Collaboration Spherion -Original Message- From: Jason Clishe [mailto:[EMAIL PROTECTED] Sent: Wednesday, September 17, 2003 11:22 PM To: Exchange Discussions Subject: RE: All .COM / .NET domain names now exist I'm surprised how quiet this group is being regarding this issue. This has potentially enormous ramifications. For one thing, this effectively breaks reverse-DNS lookups that anti-spam applications use to verify sending domains as being valid. Come on now, Verisign is masking the difference between a valid domain and NXDOMAIN for all protocols, all users, and all software. Doesn't anyone here have an opinion? Jason -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of [EMAIL PROTECTED] Sent: Monday, September 15, 2003 8:02 PM To: Exchange Discussions Subject: All .COM / .NET domain names now exist [My apologies for the cross-post, but this has the potential to impact just about everybody who uses the Internet...] As of a little while ago (it is around 7:45 PM US Eastern on Mon 15 Sep 2003 as I write this), VeriSign added a wildcard A record to the .COM and .NET TLD DNS zones. The IP address returned is 64.94.110.11, which reverses to sitefinder.verisign.com. What that means in plain English is that most mis-typed domain names that would formerly have resulted in a helpful error message now results in a VeriSign advertising opportunity. For example, if my domain name was somecompany.com, and somebody typed soemcompany.com by mistake, they would get VeriSign's advertising. (VeriSign is a company which purchased Network Solutions, another company which was given the task by the US government of running the .COM and .NET top-level domains (TLDs). VeriSign has been exploiting the Internet's DNS infrastructure ever since.) This will have the immediate effect of making network trouble-shooting much more difficult. Before, a mis-typed domain name in an email address, web browser, or other network configuration item would result in an obvious error message. You might not have known what to do about it, but at least you knew something was wrong. Now, though, you will have to guess. Every time. Some have pointed out that this will make an important anti-spam check impossible. A common anti-spam measure is to check and make sure the domain name of the sender really exists. (While this is easy to force, every little bit helps.) Since all .COM and .NET domain names now exist, that anti-spam check is useless. VeriSign's commentary: http://www.verisign.com/resources/gd/sitefinder/implementation.pdf http://www.verisign.com/resources/gd/sitefinder/bestpractices.pdf Third-party reference: http://www.cbronline.com/latestnews/d04afc52ae9da2ee80256d9c0018be8b -- Ben Scott [EMAIL PROTECTED] | The opinions expressed in this message are those of the author and do | | not represent the views or policy of any other person or organization. | | All information is provided without warranty of any kind. | _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Web Interface: http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchanget ext_mode=lang=english To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED] _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Web Interface: http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchangetext_mode=; lang=english To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED] _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Web Interface: http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchangetext_mode=lang=english To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED]
RE: All .COM / .NET domain names now exist
From Wired.com (http://www.wired.com/news/technology/0,1282,60473,00.html): VeriSign's controversial typo-squatting Site Finder service is about to be bypassed by an emergency software patch to many of the Internet's backbone computers. Paul Chinnery Network Administrator Mem Med Ctr -Original Message- From: Fyodorov, Andrey [mailto:[EMAIL PROTECTED] Sent: Thursday, September 18, 2003 9:09 AM To: Exchange Discussions Subject: RE: All .COM / .NET domain names now exist All you base are belong to us Sincerely, Andrey Fyodorov Systems Engineer Messaging and Collaboration Spherion -Original Message- From: Jason Clishe [mailto:[EMAIL PROTECTED] Sent: Wednesday, September 17, 2003 11:22 PM To: Exchange Discussions Subject: RE: All .COM / .NET domain names now exist I'm surprised how quiet this group is being regarding this issue. This has potentially enormous ramifications. For one thing, this effectively breaks reverse-DNS lookups that anti-spam applications use to verify sending domains as being valid. Come on now, Verisign is masking the difference between a valid domain and NXDOMAIN for all protocols, all users, and all software. Doesn't anyone here have an opinion? Jason -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of [EMAIL PROTECTED] Sent: Monday, September 15, 2003 8:02 PM To: Exchange Discussions Subject: All .COM / .NET domain names now exist [My apologies for the cross-post, but this has the potential to impact just about everybody who uses the Internet...] As of a little while ago (it is around 7:45 PM US Eastern on Mon 15 Sep 2003 as I write this), VeriSign added a wildcard A record to the .COM and .NET TLD DNS zones. The IP address returned is 64.94.110.11, which reverses to sitefinder.verisign.com. What that means in plain English is that most mis-typed domain names that would formerly have resulted in a helpful error message now results in a VeriSign advertising opportunity. For example, if my domain name was somecompany.com, and somebody typed soemcompany.com by mistake, they would get VeriSign's advertising. (VeriSign is a company which purchased Network Solutions, another company which was given the task by the US government of running the .COM and .NET top-level domains (TLDs). VeriSign has been exploiting the Internet's DNS infrastructure ever since.) This will have the immediate effect of making network trouble-shooting much more difficult. Before, a mis-typed domain name in an email address, web browser, or other network configuration item would result in an obvious error message. You might not have known what to do about it, but at least you knew something was wrong. Now, though, you will have to guess. Every time. Some have pointed out that this will make an important anti-spam check impossible. A common anti-spam measure is to check and make sure the domain name of the sender really exists. (While this is easy to force, every little bit helps.) Since all .COM and .NET domain names now exist, that anti-spam check is useless. VeriSign's commentary: http://www.verisign.com/resources/gd/sitefinder/implementation.pdf http://www.verisign.com/resources/gd/sitefinder/bestpractices.pdf Third-party reference: http://www.cbronline.com/latestnews/d04afc52ae9da2ee80256d9c0018be8b -- Ben Scott [EMAIL PROTECTED] | The opinions expressed in this message are those of the author and do | | not represent the views or policy of any other person or organization. | | All information is provided without warranty of any kind. | _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Web Interface: http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchanget ext_mode=lang=english To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED] _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Web Interface: http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchangetext_mode=; lang=english To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED] _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Web Interface: http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchangetext_mode=lang=english To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED] _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Web Interface: http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchangetext_mode=lang=english To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin
RE: All .COM / .NET domain names now exist
Jason, When was the last time you got a spam from [EMAIL PROTECTED] When was the last time you got a spam from [EMAIL PROTECTED] Only spaking from personal experience, but the number of spam messages sent from a non-existant domain is tiny. -Walden PS. Having said that, I think what Verisign did was dumb. Walden H Leverich III President Tech Software (516) 627-3800 x11 (208) 692-3308 eFax [EMAIL PROTECTED] http://www.TechSoftInc.com Quiquid latine dictum sit altum viditur. (Whatever is said in Latin seems profound.) -Original Message- From: Jason Clishe [mailto:[EMAIL PROTECTED] Sent: Wednesday, September 17, 2003 11:22 PM To: Exchange Discussions Subject: RE: All .COM / .NET domain names now exist I'm surprised how quiet this group is being regarding this issue. This has potentially enormous ramifications. For one thing, this effectively breaks reverse-DNS lookups that anti-spam applications use to verify sending domains as being valid. Come on now, Verisign is masking the difference between a valid domain and NXDOMAIN for all protocols, all users, and all software. Doesn't anyone here have an opinion? Jason -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of [EMAIL PROTECTED] Sent: Monday, September 15, 2003 8:02 PM To: Exchange Discussions Subject: All .COM / .NET domain names now exist [My apologies for the cross-post, but this has the potential to impact just about everybody who uses the Internet...] As of a little while ago (it is around 7:45 PM US Eastern on Mon 15 Sep 2003 as I write this), VeriSign added a wildcard A record to the .COM and .NET TLD DNS zones. The IP address returned is 64.94.110.11, which reverses to sitefinder.verisign.com. What that means in plain English is that most mis-typed domain names that would formerly have resulted in a helpful error message now results in a VeriSign advertising opportunity. For example, if my domain name was somecompany.com, and somebody typed soemcompany.com by mistake, they would get VeriSign's advertising. (VeriSign is a company which purchased Network Solutions, another company which was given the task by the US government of running the .COM and .NET top-level domains (TLDs). VeriSign has been exploiting the Internet's DNS infrastructure ever since.) This will have the immediate effect of making network trouble-shooting much more difficult. Before, a mis-typed domain name in an email address, web browser, or other network configuration item would result in an obvious error message. You might not have known what to do about it, but at least you knew something was wrong. Now, though, you will have to guess. Every time. Some have pointed out that this will make an important anti-spam check impossible. A common anti-spam measure is to check and make sure the domain name of the sender really exists. (While this is easy to force, every little bit helps.) Since all .COM and .NET domain names now exist, that anti-spam check is useless. VeriSign's commentary: http://www.verisign.com/resources/gd/sitefinder/implementation.pdf http://www.verisign.com/resources/gd/sitefinder/bestpractices.pdf Third-party reference: http://www.cbronline.com/latestnews/d04afc52ae9da2ee80256d9c0018be8b -- Ben Scott [EMAIL PROTECTED] | The opinions expressed in this message are those of the author and do | | not represent the views or policy of any other person or organization. | | All information is provided without warranty of any kind. | _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Web Interface: http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchanget ext_mode=lang=english To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED] _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Web Interface: http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchangetext_mode=lang =english To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED] _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Web Interface: http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchangetext_mode=lang=english To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED]
RE: All .COM / .NET domain names now exist
I'd argue with you all the way to the IMS server with you on that point! ;0) Seriously...we get ~100k-150k (This is a conservative estimate) spams/month on our system. Probably 60-75% of those are from non-existant domains...and that's just the stuff that gets through. We get ~250k NDRs/month from people trying to brute-force spam us. 90% of that is from non-existant domains. -Original Message- From: Walden H. Leverich III [mailto:[EMAIL PROTECTED] Sent: Thursday, September 18, 2003 10:08 AM To: Exchange Discussions Subject: RE: All .COM / .NET domain names now exist :::snip::: Only spaking from personal experience, but the number of spam messages sent from a non-existant domain is tiny. -Walden _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Web Interface: http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchangetext_mode=lang=english To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED]
RE: All .COM / .NET domain names now exist
My mistyped domain resulted in versigns page.What a travesty. -Original Message- From: Chinnery, Paul [mailto:[EMAIL PROTECTED] Sent: Thursday, September 18, 2003 9:41 AM To: Exchange Discussions Subject: RE: All .COM / .NET domain names now exist From Wired.com (http://www.wired.com/news/technology/0,1282,60473,00.html): VeriSign's controversial typo-squatting Site Finder service is about to be bypassed by an emergency software patch to many of the Internet's backbone computers. Paul Chinnery Network Administrator Mem Med Ctr -Original Message- From: Fyodorov, Andrey [mailto:[EMAIL PROTECTED] Sent: Thursday, September 18, 2003 9:09 AM To: Exchange Discussions Subject: RE: All .COM / .NET domain names now exist All you base are belong to us Sincerely, Andrey Fyodorov Systems Engineer Messaging and Collaboration Spherion -Original Message- From: Jason Clishe [mailto:[EMAIL PROTECTED] Sent: Wednesday, September 17, 2003 11:22 PM To: Exchange Discussions Subject: RE: All .COM / .NET domain names now exist I'm surprised how quiet this group is being regarding this issue. This has potentially enormous ramifications. For one thing, this effectively breaks reverse-DNS lookups that anti-spam applications use to verify sending domains as being valid. Come on now, Verisign is masking the difference between a valid domain and NXDOMAIN for all protocols, all users, and all software. Doesn't anyone here have an opinion? Jason -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of [EMAIL PROTECTED] Sent: Monday, September 15, 2003 8:02 PM To: Exchange Discussions Subject: All .COM / .NET domain names now exist [My apologies for the cross-post, but this has the potential to impact just about everybody who uses the Internet...] As of a little while ago (it is around 7:45 PM US Eastern on Mon 15 Sep 2003 as I write this), VeriSign added a wildcard A record to the .COM and .NET TLD DNS zones. The IP address returned is 64.94.110.11, which reverses to sitefinder.verisign.com. What that means in plain English is that most mis-typed domain names that would formerly have resulted in a helpful error message now results in a VeriSign advertising opportunity. For example, if my domain name was somecompany.com, and somebody typed soemcompany.com by mistake, they would get VeriSign's advertising. (VeriSign is a company which purchased Network Solutions, another company which was given the task by the US government of running the .COM and .NET top-level domains (TLDs). VeriSign has been exploiting the Internet's DNS infrastructure ever since.) This will have the immediate effect of making network trouble-shooting much more difficult. Before, a mis-typed domain name in an email address, web browser, or other network configuration item would result in an obvious error message. You might not have known what to do about it, but at least you knew something was wrong. Now, though, you will have to guess. Every time. Some have pointed out that this will make an important anti-spam check impossible. A common anti-spam measure is to check and make sure the domain name of the sender really exists. (While this is easy to force, every little bit helps.) Since all .COM and .NET domain names now exist, that anti-spam check is useless. VeriSign's commentary: http://www.verisign.com/resources/gd/sitefinder/implementation.pdf http://www.verisign.com/resources/gd/sitefinder/bestpractices.pdf Third-party reference: http://www.cbronline.com/latestnews/d04afc52ae9da2ee80256d9c0018be8b -- Ben Scott [EMAIL PROTECTED] | The opinions expressed in this message are those of the author and do | | not represent the views or policy of any other person or organization. | | All information is provided without warranty of any kind. | _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Web Interface: http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchanget ext_mode=lang=english To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED] _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Web Interface: http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchangetext_mode=; lang=english To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED] _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Web Interface: http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchangetext_mode=; lang=english To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED
RE: All .COM / .NET domain names now exist
We get ~250k NDRs/month from people trying to brute-force spam us. 90% of that is from non-existant domains. Fair enough, guess I'm just lucky. I withdraw my comment. G -Walden Walden H Leverich III President Tech Software (516) 627-3800 x11 (208) 692-3308 eFax [EMAIL PROTECTED] http://www.TechSoftInc.com Quiquid latine dictum sit altum viditur. (Whatever is said in Latin seems profound.) _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Web Interface: http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchangetext_mode=lang=english To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED]
RE: All .COM / .NET domain names now exist
Actually, the travesty is that your company is so far behind in the hardware/software options available when spec'ing out and building a new computer from your web page. -Original Message- From: Matt [mailto:[EMAIL PROTECTED] Sent: Thursday, September 18, 2003 10:24 AM To: Exchange Discussions Subject: RE: All .COM / .NET domain names now exist My mistyped domain resulted in versigns page.What a travesty. _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Web Interface: http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchangetext_mode=lang=english To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED]
RE: All .COM / .NET domain names now exist
I think the travesty is in your flaming post, but that is my opinion and I am entitled to one. What does his company's website have to do with Verisign hijacking unregistered domains? Absolutely nothing and is unrelated to the list. Your comments are unnecessary and directed as a personal attack. I would appreciate it if you would refrain from posting to the list unless you can contribute in a useful manner. - Scott Weston - -Original Message- From: Blunt, James H (Jim) [mailto:[EMAIL PROTECTED] Sent: Thursday, September 18, 2003 12:31 PM To: Exchange Discussions Subject: RE: All .COM / .NET domain names now exist Actually, the travesty is that your company is so far behind in the hardware/software options available when spec'ing out and building a new computer from your web page. -Original Message- From: Matt [mailto:[EMAIL PROTECTED] Sent: Thursday, September 18, 2003 10:24 AM To: Exchange Discussions Subject: RE: All .COM / .NET domain names now exist My mistyped domain resulted in versigns page.What a travesty. _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Web Interface: http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchangetext_mode=lang =english To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED] _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Web Interface: http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchangetext_mode=lang=english To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED]
RE: All .COM / .NET domain names now exist
Im not one to usually post, and have been on the list for only about a year now. Within that year I have learned town things: 1) there are a handful of people on this list who REALLY know their stuff AND actively post here(and me thinks James is one of them) and 2)this list is one of the funniest damn list I can think of for just this reasonive gotten flamed myself a few times. I think its just a matter of taking it all in stride Move on -Original Message- From: Scott Weston [mailto:[EMAIL PROTECTED] Sent: Thursday, September 18, 2003 10:53 AM To: Exchange Discussions Subject: RE: All .COM / .NET domain names now exist I think the travesty is in your flaming post, but that is my opinion and I am entitled to one. What does his company's website have to do with Verisign hijacking unregistered domains? Absolutely nothing and is unrelated to the list. Your comments are unnecessary and directed as a personal attack. I would appreciate it if you would refrain from posting to the list unless you can contribute in a useful manner. - Scott Weston - -Original Message- From: Blunt, James H (Jim) [mailto:[EMAIL PROTECTED] Sent: Thursday, September 18, 2003 12:31 PM To: Exchange Discussions Subject: RE: All .COM / .NET domain names now exist Actually, the travesty is that your company is so far behind in the hardware/software options available when spec'ing out and building a new computer from your web page. -Original Message- From: Matt [mailto:[EMAIL PROTECTED] Sent: Thursday, September 18, 2003 10:24 AM To: Exchange Discussions Subject: RE: All .COM / .NET domain names now exist My mistyped domain resulted in versigns page.What a travesty. _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Web Interface: http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchangetext_mode=; lang =english To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED] _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Web Interface: http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchangetext_mode=; lang=english To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED] _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Web Interface: http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchangetext_mode=lang=english To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED]
RE: All .COM / .NET domain names now exist
oh yeesh. is it thursday again already? -Original Message- From: Mark Nold [mailto:[EMAIL PROTECTED] Posted At: Thursday, September 18, 2003 1:00 PM Posted To: MSExchange Mailing List Conversation: All .COM / .NET domain names now exist Subject: RE: All .COM / .NET domain names now exist Im not one to usually post, and have been on the list for only about a year now. Within that year I have learned town things: 1) there are a handful of people on this list who REALLY know their stuff AND actively post here(and me thinks James is one of them) and 2)this list is one of the funniest damn list I can think of for just this reasonive gotten flamed myself a few times. I think its just a matter of taking it all in stride Move on -Original Message- From: Scott Weston [mailto:[EMAIL PROTECTED] Sent: Thursday, September 18, 2003 10:53 AM To: Exchange Discussions Subject: RE: All .COM / .NET domain names now exist I think the travesty is in your flaming post, but that is my opinion and I am entitled to one. What does his company's website have to do with Verisign hijacking unregistered domains? Absolutely nothing and is unrelated to the list. Your comments are unnecessary and directed as a personal attack. I would appreciate it if you would refrain from posting to the list unless you can contribute in a useful manner. - Scott Weston - _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Web Interface: http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchangetext_mode=lang=english To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED]
RE: All .COM / .NET domain names now exist
I'm surprised how quiet this group is being regarding this issue. This has potentially enormous ramifications. For one thing, this effectively breaks reverse-DNS lookups that anti-spam applications use to verify sending domains as being valid. Come on now, Verisign is masking the difference between a valid domain and NXDOMAIN for all protocols, all users, and all software. Doesn't anyone here have an opinion? Jason -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of [EMAIL PROTECTED] Sent: Monday, September 15, 2003 8:02 PM To: Exchange Discussions Subject: All .COM / .NET domain names now exist [My apologies for the cross-post, but this has the potential to impact just about everybody who uses the Internet...] As of a little while ago (it is around 7:45 PM US Eastern on Mon 15 Sep 2003 as I write this), VeriSign added a wildcard A record to the .COM and .NET TLD DNS zones. The IP address returned is 64.94.110.11, which reverses to sitefinder.verisign.com. What that means in plain English is that most mis-typed domain names that would formerly have resulted in a helpful error message now results in a VeriSign advertising opportunity. For example, if my domain name was somecompany.com, and somebody typed soemcompany.com by mistake, they would get VeriSign's advertising. (VeriSign is a company which purchased Network Solutions, another company which was given the task by the US government of running the .COM and .NET top-level domains (TLDs). VeriSign has been exploiting the Internet's DNS infrastructure ever since.) This will have the immediate effect of making network trouble-shooting much more difficult. Before, a mis-typed domain name in an email address, web browser, or other network configuration item would result in an obvious error message. You might not have known what to do about it, but at least you knew something was wrong. Now, though, you will have to guess. Every time. Some have pointed out that this will make an important anti-spam check impossible. A common anti-spam measure is to check and make sure the domain name of the sender really exists. (While this is easy to force, every little bit helps.) Since all .COM and .NET domain names now exist, that anti-spam check is useless. VeriSign's commentary: http://www.verisign.com/resources/gd/sitefinder/implementation.pdf http://www.verisign.com/resources/gd/sitefinder/bestpractices.pdf Third-party reference: http://www.cbronline.com/latestnews/d04afc52ae9da2ee80256d9c0018be8b -- Ben Scott [EMAIL PROTECTED] | The opinions expressed in this message are those of the author and do | | not represent the views or policy of any other person or organization. | | All information is provided without warranty of any kind. | _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Web Interface: http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchanget ext_mode=lang=english To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED] _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Web Interface: http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchangetext_mode=lang=english To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED]
RE: All .COM / .NET domain names now exist
Yes, it sucks. Write to ICANN. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Jason Clishe Sent: Wednesday, September 17, 2003 10:22 PM To: Exchange Discussions Subject: RE: All .COM / .NET domain names now exist I'm surprised how quiet this group is being regarding this issue. This has potentially enormous ramifications. For one thing, this effectively breaks reverse-DNS lookups that anti-spam applications use to verify sending domains as being valid. Come on now, Verisign is masking the difference between a valid domain and NXDOMAIN for all protocols, all users, and all software. Doesn't anyone here have an opinion? Jason -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of [EMAIL PROTECTED] Sent: Monday, September 15, 2003 8:02 PM To: Exchange Discussions Subject: All .COM / .NET domain names now exist [My apologies for the cross-post, but this has the potential to impact just about everybody who uses the Internet...] As of a little while ago (it is around 7:45 PM US Eastern on Mon 15 Sep 2003 as I write this), VeriSign added a wildcard A record to the .COM and .NET TLD DNS zones. The IP address returned is 64.94.110.11, which reverses to sitefinder.verisign.com. What that means in plain English is that most mis-typed domain names that would formerly have resulted in a helpful error message now results in a VeriSign advertising opportunity. For example, if my domain name was somecompany.com, and somebody typed soemcompany.com by mistake, they would get VeriSign's advertising. (VeriSign is a company which purchased Network Solutions, another company which was given the task by the US government of running the .COM and .NET top-level domains (TLDs). VeriSign has been exploiting the Internet's DNS infrastructure ever since.) This will have the immediate effect of making network trouble-shooting much more difficult. Before, a mis-typed domain name in an email address, web browser, or other network configuration item would result in an obvious error message. You might not have known what to do about it, but at least you knew something was wrong. Now, though, you will have to guess. Every time. Some have pointed out that this will make an important anti-spam check impossible. A common anti-spam measure is to check and make sure the domain name of the sender really exists. (While this is easy to force, every little bit helps.) Since all .COM and .NET domain names now exist, that anti-spam check is useless. VeriSign's commentary: http://www.verisign.com/resources/gd/sitefinder/implementation.pdf http://www.verisign.com/resources/gd/sitefinder/bestpractices.pdf Third-party reference: http://www.cbronline.com/latestnews/d04afc52ae9da2ee80256d9c0018be8b -- Ben Scott [EMAIL PROTECTED] | The opinions expressed in this message are those of the author and do | | not represent the views or policy of any other person or organization. | | All information is provided without warranty of any kind. | _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Web Interface: http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchanget ext_mode=lang=english To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED] _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Web Interface: http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchangetext_mode=; lang=english To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED] _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Web Interface: http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchangetext_mode=lang=english To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED]
RE: All .COM / .NET domain names now exist
Does this mean that EVERY reverse DNS goes to sitefinder.verisign.com?? -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Sent: Monday, September 15, 2003 7:02 PM To: Exchange Discussions Subject: All .COM / .NET domain names now exist [My apologies for the cross-post, but this has the potential to impact just about everybody who uses the Internet...] As of a little while ago (it is around 7:45 PM US Eastern on Mon 15 Sep 2003 as I write this), VeriSign added a wildcard A record to the .COM and .NET TLD DNS zones. The IP address returned is 64.94.110.11, which reverses to sitefinder.verisign.com. What that means in plain English is that most mis-typed domain names that would formerly have resulted in a helpful error message now results in a VeriSign advertising opportunity. For example, if my domain name was somecompany.com, and somebody typed soemcompany.com by mistake, they would get VeriSign's advertising. (VeriSign is a company which purchased Network Solutions, another company which was given the task by the US government of running the .COM and .NET top-level domains (TLDs). VeriSign has been exploiting the Internet's DNS infrastructure ever since.) This will have the immediate effect of making network trouble-shooting much more difficult. Before, a mis-typed domain name in an email address, web browser, or other network configuration item would result in an obvious error message. You might not have known what to do about it, but at least you knew something was wrong. Now, though, you will have to guess. Every time. Some have pointed out that this will make an important anti-spam check impossible. A common anti-spam measure is to check and make sure the domain name of the sender really exists. (While this is easy to force, every little bit helps.) Since all .COM and .NET domain names now exist, that anti-spam check is useless. VeriSign's commentary: http://www.verisign.com/resources/gd/sitefinder/implementation.pdf http://www.verisign.com/resources/gd/sitefinder/bestpractices.pdf Third-party reference: http://www.cbronline.com/latestnews/d04afc52ae9da2ee80256d9c0018be8b -- Ben Scott [EMAIL PROTECTED] | The opinions expressed in this message are those of the author and do | | not represent the views or policy of any other person or organization. | | All information is provided without warranty of any kind. | _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Web Interface: http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchangetext_mode=lang =english To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED] _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Web Interface: http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchangetext_mode=lang=english To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED]
RE: All .COM / .NET domain names now exist
On Tue, 16 Sep 2003, at 7:58am, [EMAIL PROTECTED] wrote: Does this mean that EVERY reverse DNS goes to sitefinder.verisign.com?? No. Reverse DNS hasn't been changed. Yet. I don't know if VeriSign has any control over IN-ADDR.ARPA. Of course, VeriSign does run the SOA for the root domain, so in one sense, they have control over everything. But stealing a delegation explicitly violates their agreement with ICANN, and would likely get even that apathetic organization to respond. It is *forward* lookups which have been affected right now. For example, take your domain name, hofferpl.com. Say I mistype that as www.hofferlp.com (notice the transposed L and P in the second-level domain name). That will bring me to VeriSign's website. At least, that's the intent. Many ISPs, especially big ones, have implemented counter-measures, such as null-routing that IP address, filtering it, playing tricks with DNS, etc. -- Ben Scott [EMAIL PROTECTED] | The opinions expressed in this message are those of the author and do | | not represent the views or policy of any other person or organization. | | All information is provided without warranty of any kind. | _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Web Interface: http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchangetext_mode=lang=english To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED]
All .COM / .NET domain names now exist
[My apologies for the cross-post, but this has the potential to impact just about everybody who uses the Internet...] As of a little while ago (it is around 7:45 PM US Eastern on Mon 15 Sep 2003 as I write this), VeriSign added a wildcard A record to the .COM and .NET TLD DNS zones. The IP address returned is 64.94.110.11, which reverses to sitefinder.verisign.com. What that means in plain English is that most mis-typed domain names that would formerly have resulted in a helpful error message now results in a VeriSign advertising opportunity. For example, if my domain name was somecompany.com, and somebody typed soemcompany.com by mistake, they would get VeriSign's advertising. (VeriSign is a company which purchased Network Solutions, another company which was given the task by the US government of running the .COM and .NET top-level domains (TLDs). VeriSign has been exploiting the Internet's DNS infrastructure ever since.) This will have the immediate effect of making network trouble-shooting much more difficult. Before, a mis-typed domain name in an email address, web browser, or other network configuration item would result in an obvious error message. You might not have known what to do about it, but at least you knew something was wrong. Now, though, you will have to guess. Every time. Some have pointed out that this will make an important anti-spam check impossible. A common anti-spam measure is to check and make sure the domain name of the sender really exists. (While this is easy to force, every little bit helps.) Since all .COM and .NET domain names now exist, that anti-spam check is useless. VeriSign's commentary: http://www.verisign.com/resources/gd/sitefinder/implementation.pdf http://www.verisign.com/resources/gd/sitefinder/bestpractices.pdf Third-party reference: http://www.cbronline.com/latestnews/d04afc52ae9da2ee80256d9c0018be8b -- Ben Scott [EMAIL PROTECTED] | The opinions expressed in this message are those of the author and do | | not represent the views or policy of any other person or organization. | | All information is provided without warranty of any kind. | _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Web Interface: http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchangetext_mode=lang=english To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED]
