----- Original Message -----
Sent: Wednesday, January 15, 2003 4:43
AM
Subject: [nc-whois] WHOIS and SPAM -
survey show no connection
Steve, interesting to read the Security and Stability
Advisory Committee recommendation on Whois. In relation to privacy you
state: "it is widely believed that Whois data is a source of e-mail addresses
for the distribution of spam". This may be a wide belief but empirical
evidence from the US Federal Trade Commission tells us otherwise. See the
last sentence of the note below in particular.
Philip
------------------
To find out which
fields spammers consider most fertile for harvesting, investigators "seeded"
175 different locations on the Internet with 250 new, undercover email
addresses. The locations included web pages, newsgroups, chat rooms, message
boards, and online directories for web pages, instant message users, domain
names, resumes, and dating services. During the six weeks after the postings,
the accounts received 3,349 spam emails. The investigators found
that:
- 86 percent of the addresses posted to web pages
received spam. It didn't matter where the addresses were posted on the page:
if the address had the "@" sign in it, it drew spam.
- 86 percent of the addresses posted to newsgroups
received spam.
- Chat rooms are virtual magnets for harvesting
software. One address posted in a chat room received spam nine minutes after
it first was used.
Addresses posted in other areas on the Internet
received less spam, the investigators found. Half the addresses posted on free
personal web page services received spam, as did 27 percent of addresses
posted to message boards and nine percent of addresses listed in email service
directories. Addresses posted in instant message service user profiles, "Whois" domain name registries, online resume services, and
online dating services did not receive any spam during the six weeks of the
investigation.