ICANN/GNSO GNSO Email List Archives

[ga]


<<< Chronological Index >>>    <<< Thread Index >>>

Re: [ga] Re: [Politech] Jim Davidson on MySpace, GoDaddy, free speech; another GoDaddy story [fs]

  • To: "Jeff Williams" <jwkckid1@xxxxxxxxxxxxx>, "Declan McCullagh" <declan@xxxxxxxx>, "General Assembly of the DNSO" <ga@xxxxxxxxxxxxxx>
  • Subject: Re: [ga] Re: [Politech] Jim Davidson on MySpace, GoDaddy, free speech; another GoDaddy story [fs]
  • From: "kidsearch" <kidsearch@xxxxxxxxxxxxx>
  • Date: Tue, 30 Jan 2007 09:44:28 -0500
  • Cc: "Kathy Smith" <KSMITH@xxxxxxxxxxxx>, "icann board address" <icann-board@xxxxxxxxx>, "essential ecom" <ecommerce@xxxxxxxxxxxxxxxxxxx>
  • References: <45BEEFBE.8010909@well.com> <45BF3A31.87D22BE1@ix.netcom.com>
  • Sender: owner-ga@xxxxxxxxxxxxxx

My problem is that spoofers are able to get your domain name on the blacklists because the people running the anti-spam stuff don't care what the actual header is. I have a domain name, blogs.pn and everyday I get emails that have bounced due to unknown recipient or some spam filter found that domain on a blacklist and rejected the email. I have a catchall set up so that I can see these bounced emails. I set up SPF and it still doesn't stop the problem. It's on it's own IP and none opf the emails sent out are from that IP, yet the anti-spam squads still list that domain name as the cause of the spam.

Sometimes the cure is worse than the disease. If people are going to set themselves up as spam cops, the least they could do is be smarter than the emails so legitimate domains are not blacklisted.

Chris McElroy aka NameCritic
http://www.articlecontentprovider.com
----- Original Message ----- From: "Jeff Williams" <jwkckid1@xxxxxxxxxxxxx>
To: "Declan McCullagh" <declan@xxxxxxxx>; "General Assembly of the DNSO" <ga@xxxxxxxxxxxxxx>
Cc: "Kathy Smith" <KSMITH@xxxxxxxxxxxx>; "icann board address" <icann-board@xxxxxxxxx>; "essential ecom" <ecommerce@xxxxxxxxxxxxxxxxxxx>
Sent: Tuesday, January 30, 2007 7:29 AM
Subject: [ga] Re: [Politech] Jim Davidson on MySpace, GoDaddy, free speech; another GoDaddy story [fs]



Declan and all,

 Mr. Butler's response is inane as it in no way addresses SecLists.org
content in any way.  Where he is coming from baffles me in regards
to SecLists.org.  GoDaddy seems to be operating it's business in a
irresponsible manner and/or at the behest of others with false claims
and ill will.

Declan McCullagh wrote:

We've seen a bunch of critical messages about GoDaddy go over the list
in the last few days. I'm happy to extend an invitation to someone at
the company if they want to reply. The closest we've seen so far is this:

http://news.com.com/5208-1025_3-0.html?forumID=1&threadID=24518&messageID=232062
"I am Ben Butler, the Director of Network Abuse at Go Daddy and I want
to personally address your posts regarding SecLists.org... An important
issue I would ask you to consider is one that is a top priority for us
at Go Daddy ? child exploitation or even the potential for it... I don't
know of any parent who wouldn't want their child?s username and password
protected."

Previous Politech message:
http://www.politechbot.com/2007/01/29/response-to-godaddys/

-Declan

-------- Original Message --------
Subject: Re: [Politech] More experiences with GoDaddy, free speech, and
domain deletion [fs]
Date: Fri, 26 Jan 2007 10:52:28 -0800
From: Tom Collins <tom@xxxxxxxxxxxx>
To: Declan McCullagh <declan@xxxxxxxx>
References: <45BA335B.2030306@xxxxxxxx>

Declan,

A good friend ran into a serious problem with GoDaddy.  He had a
dedicated server with them, and when he confronted his sysadmin about
using the server to host sites for other people, the sysadmin freaked
out.  Since the sysadmin had access to the GoDaddy account, he was
able to renew the domain registration with his credit card, change
the password and change the Registrant info.  As a result, my friend
has lost complete control over the domain.  Since the sysadmin made
the last payment on the account, he now "owns" it.

My friend lives in Scottsdale, where GoDaddy headquarters is located,
but there isn't a physical office you can visit (no surprise there).
To regain control of the domain, he needs to sue the sysadmin and get
a court order to force GoDaddy to hand the domain back.

As a result, he's registered a new domain name for their company
(using Dotster) and I'm hosting the site and email for them.  What a
mess.

-Tom

-------- Original Message --------
Subject: Re: [Politech] MySpace, GoDaddy pull plug on computer security
domain name without warning [fs]
Date: Mon, 29 Jan 2007 23:33:53 -0500
From: Jim Davidson <davidson@xxxxxxxx>
Reply-To: davidson@xxxxxxxx
To: Declan McCullagh <declan@xxxxxxxx>
References: <45B9C4BE.9060301@xxxxxxxx>

Dear Declan,

Your comments are completely appropriate throughout.

MySpace has terrible log-in security.  There is no way to get an SSL
link to log in securely.

As I understand it, all MySpace passwords are user generated, so many
of them are undoubtedly words found in the dictionary.  Many users
have fairly obvious e-mail addresses, too, which is what passes for a
user name.  So, learn a user's e-mail address (often by simply looking
at their MySpace page or a web link from their MySpace page) and then
their password may be one encrypted dictionary away.

If MySpace is serious about security, it can take a number of steps.
Adding https connections, at least as an option, lets those who have
decent passwords keep them private.  MySpace could add server generated
usernames or passwords, or at least offer replacement passwords that
are reasonably strong server-generated random character strings.

Another very frequent problem I've encountered is bot-generated pages
on MySpace.  Many of these pages come up with a covering image that
asserts the content is protected and for adults only, click on the
image to get special log in instructions.  Endless phishing goes on
with MySpace log-in look-alike pages.

It is a minefield trying to keep a MySpace page secure.  I see many
of my friends lose their passwords and then the bulletin board gets
loaded with spam apparently from their hijacked account.  One friend
clicked on a MySpace message he received, found an offer for a nude
video of Britney Spears, clicked that, his MySpace session was suddenly
"lost" and he found himself at a screen requesting login.  So, of
course, he logged in to a phishing site.

Yahoo mail and other sites such as Google don't have these apparent
difficulties.  What do they do differently?  I used to have to click
a particular link to get to Yahoo's SSL login, but now it seems to be
the default.  Gmail has always had SSL login screens.  Given user
selected usernames and passwords, SSL seems essential, to me.

MySpace seems to be run by amateurs, so it is not surprising that
they didn't bother to go to the site's owner before going to the
registrar demanding the plug be pulled.

As for GoDaddy, I find their attitude idiotic.  Most of the people
I know are moving toward Tucows registrars (WontonGold is a good
one) or other alternatives.

Yes, GoDaddy can act as judge, jury, and executioner.  But should
they?  And, if they are going to sit in judgement, doesn't the
accused have rights?  Right to present evidence in his defense, to
confront witnesses against him, to confront their testimony, to
take corrective action before having his domain eliminated?

Assuming these rights are not present in the GoDaddy contract,
then only a fool would register with GoDaddy.  Or perhaps a
prospective litigant.

The principles of liberty embodied in the constitution are not
just a bunch of complex ideas.  They are the distillation of
hundreds of years of common law and thousands of years of
mercantile law.  Treating the accused with respect for certain
rights is better for everyone, not just the accused.  It makes
for better results, a greater chance that justice prevails, it
reduces the potential for miscarriage of justice, for hard
feelings, and for bitterness.

Heavy handed brutality and torture may appeal to the socialists,
but they are wrong.  They've always been wrong.  Private property
and individual liberty make for a better society.

Regards,

Jim
  http://indomitus.net/

_______________________________________________
Politech mailing list
Archived at http://www.politechbot.com/
Moderated by Declan McCullagh (http://www.mccullagh.org/)

Regards,

--
Jeffrey A. Williams
Spokesman for INEGroup LLA. - (Over 134k members/stakeholders strong!)
"Obedience of the law is the greatest freedom" -
  Abraham Lincoln

"Credit should go with the performance of duty and not with what is
very often the accident of glory" - Theodore Roosevelt

"If the probability be called P; the injury, L; and the burden, B;
liability depends upon whether B is less than L multiplied by
P: i.e., whether B is less than PL."
United States v. Carroll Towing  (159 F.2d 169 [2d Cir. 1947]
===============================================================
Updated 1/26/04
CSO/DIR. Internet Network Eng. SR. Eng. Network data security
IDNS. div. of Information Network Eng.  INEG. INC.
ABA member in good standing member ID 01257402
E-Mail jwkckid1@xxxxxxxxxxxxx
Registered Email addr with the USPS
Contact Number: 214-244-4827





<<< Chronological Index >>>    <<< Thread Index >>>