1 / 21

“ (Ab) Using ICANN’s Procedures as a Way to minimize Spam”

Bob Bruen Garth Bruen. “ (Ab) Using ICANN’s Procedures as a Way to minimize Spam”. Standard Approaches. Filter & Block Identify Spammers Blacklist Criminal Prosecution Civil Litigation Challenge/Response Reputation Protection. Definition: Infrastructure The Front End . ICANN

MartaAdara
Download Presentation

“ (Ab) Using ICANN’s Procedures as a Way to minimize Spam”

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Bob Bruen Garth Bruen “(Ab)Using ICANN’s Procedures as a Way to minimize Spam”

  2. Standard Approaches • Filter & Block • Identify Spammers • Blacklist • Criminal Prosecution • Civil Litigation • Challenge/Response • Reputation Protection

  3. Definition: InfrastructureThe Front End • ICANN • Top Level Registrars • Retail Registrars • ISPs • Policies and Procedures • Resources Capacity

  4. Front End Problems • Because of: • Weak procedures • Policies not followed • Inadequate resources • Consquences are: • Target rich environment • Spam platform • Enhances botnets, malware, etc

  5. Whois Data Problem Report SystemWDPRS • Whoisdata accuracy REQUIRED • 15 days to fix whois record • Created for just these complaints • One at a time complaints • Designed for small numbers

  6. Modern Complaint Process • Match spammers capability • Employ large scale operations • Automate everything • Processing spam submissions • Filing of complaints Follow ups

  7. KnujOn • Delivers Massively Scalable Automated Spam Handling • Strict Use of ICANN Procedures Once Detected Front End Spam Prevention Compliments Spam Detection & Elimination

  8. What Is Different • Not a honeypot – real people • Spam collection spans years • Targeting transaction sites • Apply ICANN policy enforcement • Scale of complaints filed • ICANN Report 2006: ~45% was Project KnujOn

  9. 250,000 200,000 150,000 100,000 50,000 0 '06 '07 '08 '09 Volume of KnujOn Reports KnujOn Complaint Volume Through ICANN WDPR 2008 anticipated will be 4 times that of 2007

  10. KnujOn – Key Processes • “Follow the money” • User submitted spam (ftp or email)‏ • Spam analyzed for Transaction site • Whois data acquired & verified • Automated complaint filed if not accurate • Follow up

  11. MetaData • Large Database • We can correlate • Scam sites & individuals • Sites & criminal groups • Groups, ISPs, Registrars • Analyze trends

  12. Scale Problem • 50,000,000 Registrations in 2007 • 50,000 Complaints - Apparent Limit • Off by three orders of magnitude • Shutdown 55,000+ (PoC) • 20,000-25,000/day submissions

  13. 93% of Complaints at 10 Registrars All other registrars 10 Registrars “Big” Problem Actually Small

  14. Repairing the Infrastructure • Evaluate registrar services • Rate registrars • Rate ISPs • Challenge Privacy Protection • Test Whois Services • Identifying Fake DNS servers

  15. Registrar Evaluation • Number of complaints • Filed & total • Acknowledgment/timeliness • Action taken • Rot days • Engaged

  16. Rot Days • “Rot days” = Suspend date – file date • Should be shorter than: • Tasting days = 5 days (Add Grace Period)‏ • Average life time = 5 days (UCSD paper)‏ • Unfortunately increasing

  17. Rot Days

  18. Sample Registrar RatingCaveats • Only uses our filed complaints • Relative ratings matter • Small sample n = 9 (~1000 registrars)‏ • Better & worse registrars exist • Only .com numbers

  19. Example Rating Table Registrar Total Domains Complaints Filed Complaints rate MONIKER 1,956,780 29,855 1.53% directnfo 1,064,697 9,201 0.86% ENOM 6,179,440 39,609 0.64% BIZCN 223,728 815 0.36% NETSOL 5,046,746 15,397 0.31% Markmon 206,593 594 0.29% TUCOWS 4,552,986 7,646 0.17% nameking 788,110 713 0.09% GODADDY 15,295,392 12,036 0.08% Sorted by Rate – Smaller is better

  20. Goals • Fix the WDPRS • Enforce the rules • Audit the Registrars • Terminate the bad registrars

  21. Thank You Bob Bruen bob.bruen@coldrain.net http://www.coldrain.net Garth Bruen garth.bruen@coldrain.net http://www.knujon.com

More Related