We've been having increasing problems with one or more porn sites in
the .to domain promoting itself by massive spamming of AOL customers
using one of our domains in their From: header thus causing both
complaints to us and thousands of bounces from AOL due to bad AOL
addresses in their spam lists.
Looking at the .to domain I can't help but notice it's heavily laden
with what appear to be porn sites (sexonline.to, come.to,
xxxhardcore.to, etc.)
1. Performing traceroutes and other analyses seems to indicate that
this domain is NOT being used for communication with entities
legitimately located (legally, not only geographically) within the
sovereignty of the Kingdom of Tonga, as intended.
2. Clearly criminal and malicious activites are arising from sites to
which Tonga has provided comfort and sanctuary.
3. Therefore, I call for a process whereby it can be determined as to
whether or not it is appropriate to decommission the Tongan domain due
to negligence, mismanagement, and having allowed it to become an
attractive resource for criminal activities. I do not believe the
Tongan domain serves any legitimate purpose as an internet resource.
In support of this assertion I want to show you an SMTP conversation
with what claims to be the Consulate of the Government of Tonga in San
Francisco (This San Francisco office is listed as an official Tongan
contact point for visas etc by the US State Dept):
world% telnet sfconsulate.gov.to 25
Trying 209.24.51.169...
Connected to sfconsulate.gov.to.
Escape character is '^]'.
220 colo.to SMTP ready, Who are you gonna pretend to be today?
VRFY postmaster
500 Bloody Amateur! Proper forging of mail requires recognizable SMTP commands!
All that proves is someone has a sense of humor. I've seen plenty of
sites with these types of greetings, and they aren't hard to setup. I had
a friend who setup his SMTP server to say:
220 mail.host.com SMTP If you don't know what your doing, you don't need
to be here. And if you do know what you're doing, you really don't need
to be here.
Regards,
Joe Shaw - jshaw@insync.net
NetAdmin - Insync Internet Services
"Backhoes never sleep." - Patrick Greenwell
In support of this assertion I want to show you an SMTP conversation
with what claims to be the Consulate of the Government of Tonga in San
Francisco (This San Francisco office is listed as an official Tongan
contact point for visas etc by the US State Dept):
world% telnet sfconsulate.gov.to 25
Trying 209.24.51.169...
Connected to sfconsulate.gov.to.
Escape character is '^]'.
220 colo.to SMTP ready, Who are you gonna pretend to be today?
VRFY postmaster
500 Bloody Amateur! Proper forging of mail requires recognizable SMTP commands!
--------------------
Well, beyond the cutesy error messages, at least relaying is turned off.
fz(alexk):[~] telnet sfconsulate.gov.to 25
Trying 209.24.51.169...
Connected to sfconsulate.gov.to.
Escape character is '^]'.
220 colo.to SMTP ready, Who are you gonna pretend to be today?
helo tugger.net
250 colo.to Is thrilled beyond bladder control to meet tugger.net
mail from: alexk@tugger.net
250 sender is alexk@tugger.net, (yeah sure, it's probably forged)
rcpt to: alexk@freetld.net
550 NOPE UNKNOWN(204.168.18.98), I don't allow unauthorized relaying.
We've been having increasing problems with one or more porn sites in
the .to domain promoting itself by massive spamming of AOL customers
using one of our domains in their From: header thus causing both
complaints to us and thousands of bounces from AOL due to bad AOL
addresses in their spam lists.
Looking at the .to domain I can't help but notice it's heavily laden
with what appear to be porn sites (sexonline.to, come.to,
xxxhardcore.to, etc.)
So? There are numerous porn sites in .com too.
1. Performing traceroutes and other analyses seems to indicate that
this domain is NOT being used for communication with entities
legitimately located (legally, not only geographically) within the
sovereignty of the Kingdom of Tonga, as intended.
Intended by whom?
2. Clearly criminal and malicious activites are arising from sites to
which Tonga has provided comfort and sanctuary.
Is the U.S. now responsible because people have perpetrated the same
abuses from domain names under .com?
No.
3. Therefore, I call for a process whereby it can be determined as to
whether or not it is appropriate to decommission the Tongan domain due
to negligence, mismanagement, and having allowed it to become an
attractive resource for criminal activities. I do not believe the
Tongan domain serves any legitimate purpose as an internet resource.
Good luck.
/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\
Patrick Greenwell (800) 299-1288 v
CTO (925) 377-1212 v
NameSecure (925) 377-1414 f
Coming to the ISPF? The Forum for ISPs by ISPs http://www.ispf.com
\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/
Barry,
You're wasting your time.
It would be nice if there was actually public accountability in ANY of the
DNS and IP space issues.
In my opinion, today:
There is not.
My prediction is that:
There will not be in the future.
Not now, not in the near future, and not, barring a major deviation from the
direction the US and other governments are taking today, in the far future
either.
If you like tilting at windmills, have at it. Or just solve the problem
for yourself by blocking everything from any TLD and IP range that offends
you.
I know leaving everyone else twisting isn't nice, but its reality.
Just get the plug pulled on the .to registry:
% traceroute 206.184.59.10
[...]
8 core1-hssi4-0.san-rafael.best.net (140.174.55.2) 114.937 ms 220.844 ms 138.449 ms
9 imatek.sfconsulate.gov.to (206.184.59.254) 202.017 ms 173.456 ms 156.222 ms
10 tonic.to (206.184.59.10) 175.428 ms 121.822 ms 339.575 ms
% whois 206.184.59.10@whois.arin.net
[rs.arin.net]
Best Internet Communications, Inc. (NETBLK-NBN-206-184-BEST) NBN-206-184-BEST
206.184.0.0 - 206.184.255.255
Government of the Kingdom of Tonga (NET-NBN3-59) NBN3-59 206.184.59.0
% whois NET-NBN3-59@whois.arin.net
[rs.arin.net]
Government of the Kingdom of Tonga (NET-NBN3-59)
[...]
Coordinator:
Gullichsen, Eric (EG31-ARIN) egullich@WARP.COM
+1.415.781.0365
-Dan
Come.to is not a spam domain but rather a redirection service.
Come.to is used by several sites that are NOT porn sites.
We've been having increasing problems with one or more porn sites in
the .to domain promoting itself by massive spamming of AOL customers
using one of our domains in their From: header thus causing both
complaints to us and thousands of bounces from AOL due to bad AOL
addresses in their spam lists.
I am seeing this more and more with .com too. Lets go ahead and remove
it.
Looking at the .to domain I can't help but notice it's heavily laden
with what appear to be porn sites (sexonline.to, come.to,
xxxhardcore.to, etc.)
www.porn.com
1. Performing traceroutes and other analyses seems to indicate that
this domain is NOT being used for communication with entities
legitimately located (legally, not only geographically) within the
sovereignty of the Kingdom of Tonga, as intended.
So? Is that now a requirement of using a ccTLD or is that just your
opinion?
2. Clearly criminal and malicious activites are arising from sites to
which Tonga has provided comfort and sanctuary.
?
3. Therefore, I call for a process whereby it can be determined as to
whether or not it is appropriate to decommission the Tongan domain due
to negligence, mismanagement, and having allowed it to become an
attractive resource for criminal activities. I do not believe the
Tongan domain serves any legitimate purpose as an internet resource.
Remove .com for it too is mismanaged and has allowed itself ot become
an attractive resource for criminal activities. I do not believe the .com
domain serves any legitimate purpose as an internet resource.
world% telnet sfconsulate.gov.to 25
Trying 209.24.51.169...
Connected to sfconsulate.gov.to.
Escape character is '^]'.
220 colo.to SMTP ready, Who are you gonna pretend to be today?
VRFY postmaster
500 Bloody Amateur! Proper forging of mail requires recognizable SMTP commands!
So they customized the messages? What would your point be?
Barry, I'm not sure what your purpose is. But if the Tongan goverment is
happy with the way their domain is being abused/used/operated/cheated,
then so be it.
Sam
1. Performing traceroutes and other analyses seems to indicate that
this domain is NOT being used for communication with entities
legitimately located (legally, not only geographically) within the
sovereignty of the Kingdom of Tonga, as intended.
Both ".to" and ".cc" are unusual cases. At the June 98 Usenix Conf. John
Quarterman showed a graph representing country population and registered
hosts for the country's TLD. Both ".to" and ".cc" were skewed because of
their outsourced registration practices. The TLD ".nu" is probably pretty
high as well.
2. Clearly criminal and malicious activites are arising from sites to
which Tonga has provided comfort and sanctuary.
I don't think a subdomain of ".to" would be considered "santuary".
If anything the country is really messing up their own Internet future due
to their lack of concern over what happens to their domain.
(Note: I've never tried this with a TLD before, so I'm not sure how
sendmail would interpret it).
In support of this assertion I want to show you an SMTP conversation
with what claims to be the Consulate of the Government of Tonga in San
Francisco (This San Francisco office is listed as an official Tongan
contact point for visas etc by the US State Dept):
world% telnet sfconsulate.gov.to 25
Trying 209.24.51.169...
Connected to sfconsulate.gov.to.
Escape character is '^]'.
220 colo.to SMTP ready, Who are you gonna pretend to be today?
VRFY postmaster
500 Bloody Amateur! Proper forging of mail requires recognizable SMTP commands!
Interesting responses, but you can hardly blame an admin for turning off
VRFY can you??
-- _______________
Chris Josephes __/ MRNet \
chrisj@mr.net __/ http://www.mr.net/
\________________/
Yeah well, you probably have to *pay* for relaying. This is actualy of
some value to spammers since its relatively easy to shut down a relay;
I have actually seen spam advertising 'spam friendly' ISPs that offer
relaying services.
Gut 'em all, I say.
No I think it indicates that a bunch of clowns have taken over what
advertises itself as the official US office of the Consulate of the
Kingdom of Tonga. As I said, also take a look at the web page on that
site and tell me what it has to do with the Consulate of the Kingdom
of Tonga.
Alone it would mean little.
But as part of the whole picture, that Tonga's domain seems to be used
as nothing but a "safe harbor" for porn sites engaged in criminal
activity and even their own supposed govt consulate comes up as an ad
for a software company etc, it would seem to indicate that this
domain, .to, is not being used as a legitimate country TLD, is not
being managed by the people it was assigned to for the purpose it was
assigned, etc.
</FLAME> I think he gets the idea...
Oops, now I understand Karl Mueller's sarcastic, nasty remark in
response to my note. He works for Best and Best is running this Tonga
link.
Aha!
-Barry Shein
Software Tool & Die | bzs@world.std.com | http://www.world.com
Purveyors to the Trade | Voice: 617-739-0202 | Login: 617-739-WRLD
The World | Public Access Internet | Since 1989 *oo*
Please define "a legitimate country TLD." Please point me to any documents
from those assigning country code TLDs that supports your definition.
/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\
Patrick Greenwell (800) 299-1288 v
CTO (925) 377-1212 v
NameSecure (925) 377-1414 f
Coming to the ISPF? The Forum for ISPs by ISPs http://www.ispf.com
\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/
I don't think whether or not a business is being operated for criminal
purposes is generally defended by showing that some things they do are
not entirely criminal.
I think it's judged by showing that nothing they do is criminal.
-Barry Shein
Software Tool & Die | bzs@world.std.com | http://www.world.com
Purveyors to the Trade | Voice: 617-739-0202 | Login: 617-739-WRLD
The World | Public Access Internet | Since 1989 *oo*
Guilty until proven innocent? Remind me never to be on trial and have you
as a juror.
/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\
Patrick Greenwell (800) 299-1288 v
CTO (925) 377-1212 v
NameSecure (925) 377-1414 f
Coming to the ISPF? The Forum for ISPs by ISPs http://www.ispf.com
\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/
I don't think whether or not a business is being operated for criminal
purposes is generally defended by showing that some things they do are
not entirely criminal.
No, actually you are incorrect. They are innocent until proven guilty, not
backwards.
I think it's judged by showing that nothing they do is criminal.
Alex
But as part of the whole picture, that Tonga's domain seems to be used
as nothing but a "safe harbor" for porn sites engaged in criminal
activity and even their own supposed govt consulate comes up as an ad
for a software company etc, it would seem to indicate that this
domain, .to, is not being used as a legitimate country TLD, is not
being managed by the people it was assigned to for the purpose it was
assigned, etc.
The simple question here is: who are you to tell a sovereign country what
it can and what it cannot do?
Re: ineffectiveness of international treaties. I beg to differ. The odds
are that if one attempts to mess with computers not just located in
outside US borders but operated by or on the behalf of the foreign
government (no matter if we think that a clown and/or a scam artist
operates it), one would quickly end up in the middle of a something that
US Department of State would be handling. Remember, if those people are
operating on the behalf of the government and are making money on it, they
do have an ear of whoever awarded them the contract.
Alex
Barry, please go to http://come.to/ .
I was merely saying that come.to is not a porn service, it's a redirection/
vanity domain service.
And if you are judging them as criminal based on the fact that they have
questionable domains, you'd better go after the InterNIC too, and the world's
other domain registries.
What evidence do you have that they are operating illegally?
> All that proves is someone has a sense of humor. I've seen plenty of
No I think it indicates that a bunch of clowns have taken over what
advertises itself as the official US office of the Consulate of the
Kingdom of Tonga.
You think? Really? You're not doing very well at it, then.
Or, as my sponsor would say, "You do have a point. Your hair covers it
nicely."
ag