Comment by zo1
4 years ago
Follow the chain.
1. Confirm domains are known for phishing and spam.
2. Figure out who registered said domains.
3. Add those people to known blacklists so they can't register anymore domains ever again. Likewise block all domains owned already by them.
4. Get domain registrars and email servers to block said domains too.
5. Rinse and repeat every time it happens.
6. Find similar accountability chains as above and make sure to close the loop on them each time. "Sorry we can't give out emails and personal details. Fuck you, stop enabling illegal activity." And fight for legislation and tech solutions to enable the above.
If you can't move to a better spot after identifying bad patterns, then it's just a giant game of useless wack-a-mole.
> 3. Add those people to known blacklists so they can't register anymore domains ever again. Likewise block all domains owned already by them.
You generally can't know who operates a given domain automatically. whois is almost always redacted now.
> 4. Get domain registrars and email servers to block said domains too.
Good luck with that. They make money from spammers, and don't have any incentive to stop
I tried Namecheap twice and provided them spams with valid DKIM signatures for domains registered to them (generally on TLDs on sale for 1$, which must be sold at a loss, right?). They refused to do something about it.
> 2. Figure out who registered said domains.
How? Have you ever seen a spam domain that provides accurate and actionable WHOIS?
Well that's the first problem to address. I wasn't trying to dismiss it as trivial.