Is the .to (Tonga) domain completely rogue and should be removed?

Andy_Walden · September 30, 1998, 8:14pm

I have a legit .to domain. I paid $100 for it like any .com domain,
which of course has no porn sites.

or something...

Sincerely,
Andy Walden
System Administrator
MTCO Communications
1-800-859-6826

Barry_Shein1 · October 1, 1998, 6:13am

By "legit" do you mean its purpose is to operate a business or other
entity organized within the Kingdom of Tonga?

Andy_Walden · October 1, 1998, 6:28am

"legit" in I paid $100 for a service, the same as you did when you
contracted the std.com domain. Network abuse needs to be handled on the
provider/upstream level. Leave the registries alone as they have enough
problems as it is.

Sincerely,
Andy Walden
System Administrator
MTCO Communications
1-800-859-6826

Alex_Mr_Worf_Yuriev · October 1, 1998, 6:32am

>
> I have a legit .to domain. I paid $100 for it like any .com domain,
> which of course has no porn sites.
>
> or something...

By "legit" do you mean its purpose is to operate a business or other
entity organized within the Kingdom of Tonga?

No, simply legally registered.
Let me ask the same question again: "Who are you to decide what is the
legitimate business activity for the Kingdom of Tonga?"
As far as businesses go, Loral Space and Communications Ltd would be a
Bermuda corporation. Does it mean that it has to have its website in
Bermuda's TLD?

Alex

Eric_Gullichsen · October 1, 1998, 7:04am

Mr. Shein:

I am the hostmaster and Administrative, Technical and Zone Contact at Tonic, the top level domain name registration authority for the .TO country code. (http://rs.internic.net/cgi-bin/whois?to5-dom).

Since June 1997, our automated domain name registry at http://www.tonic.to has been facilitating the registration of .TO names as a service to the global Internet community. (Neither Tonic nor IANA policy requires the registered owner of a .TO name to be physically situated in the Kingdom of Tonga.)

We've been having increasing problems with one or more porn sites in the
.to domain promoting itself by massive spamming of
AOL customers using one of our domains in their From: header thus causing
both complaints to us and thousands of bounces
from AOL due to bad AOL addresses in their spam lists.

We are sorry to hear that you have been having problem with SPAM involving a .TO domain, and wish to draw your attention to the fact that .TO is the *only* top level domain we know of with an explicit antispam policy. We at Tonic feel strongly about spam, and believe it to be theft of service, and a very bad thing for the net in general.

It is our policy to terminate the registration of a domain name involved in spam, after warning the domain name holder to cease unsolicited bulk mailings that involve a .TO name.

From our FAQ (at http://www.tonic.to/faq.htm):

Q: I'm a spammer. Is a .TO domain something I should use?

Tonic feels very strongly that the sending of unsolicited bulk email ("spamming") constitutes theft of service, and we do not condone the
use of .TO domain names for this purpose.

   If we receive complaints that a .TO domain name has been used for this purpose, we will advise the domain owner of the complaint and
   request that they desist from this activity. Tonic reserves the right
   to remove any .TO name registration if a name is used as a source of spam,
   or an address to which to reply to such bulk mail solicitations

We have had to delete a number of .TO domains for egregious SPAM and will continue to do so in the cases where a stern warning fails to solve the problem. Please send a copy of any SPAM involving a .TO domain name to: hostmaster@tonic.to and we will warn the spammer and/or terminate the domain name registration.

Looking at the .to domain I can't help but notice it's heavily laden with
what appear to be porn sites (sexonline.to, come.to,
xxxhardcore.to, etc.)

The .COM domain is no less "heavily laden" with porn sites. You will note that sexonline.com and xxxhardcore.com are names registered with the InterNIC. The come.to site is a free web redirection site supporting more than 100,000 customers. Furthermore, Tonic is a domain name registry, not a content censor.

In support of this assertion I want to show you an SMTP conversation with
what claims to be the Consulate of the
Government of Tonga in San Francisco (This San Francisco office is listed
as an official Tongan contact point for visas etc by
the US State Dept):

world% telnet sfconsulate.gov.to 25

Trying 209.24.51.169...
Connected to sfconsulate.gov.to.
Escape character is '^]'.
220 colo.to SMTP ready, Who are you gonna pretend to be today? VRFY

postmaster

500 Bloody Amateur! Proper forging of mail requires recognizable SMTP
commands!

The primary nameserver for .TO is physically located at the Consulate of Tonga in San Francisco. On all our machines, we run the Obtuse smtpd/smtpfwdd SMTP store and forward proxy (http://www.obtuse.com/smtpd.html) to secure our port 25 and thereby prevent third party mail relaying, so our server cannot itself be used
as a spam relay.

Your reasoning as to why its responses to incorrect SMTP commands constitutes
evidence that the .TO domain is "negligent", "mismanaged" and "an attractive resource for criminal activities" is ironically incorrect. In fact, having an *unsecured* port 25 open to mail relaying would be negligent.

[Our thanks to the many participants in this thread who have presented views balancing those of Barry Shein.]

Best regards,

- Eric Gullichsen
  Tonic Corporation
  Kingdom of Tonga Network Information Center
  http://www.tonic.to
  Email: egullich@tonic.to

Barry_Shein1 · October 1, 1998, 8:22am

> >

> > > I have a legit .to domain. I paid $100 for it like any .com domain,
> > > which of course has no porn sites.
> > >
> > > or something...
> >
> > By "legit" do you mean its purpose is to operate a business or other
> > entity organized within the Kingdom of Tonga?
>
> No, simply legally registered.

In high school some upper-class students would sell incoming freshman
swimming pool passes. Unfortunately, our high school had no swimming
pool. But I guess if they paid for them they were "legitimate" pool
passes.

> Let me ask the same question again: "Who are you to decide what is the
> legitimate business activity for the Kingdom of Tonga?"

If it were solely up to me I wouldn't have to sound this issue out in
public.

> As far as businesses go, Loral Space and Communications Ltd would be a
> Bermuda corporation. Does it mean that it has to have its website in
> Bermuda's TLD?

No. It means it would be peculiar if it had its domain in the Kingdom
of Tonga's TLD.

However, you have the logic backwards.

The question isn't so much "does there exist any non-criminal SLD in
the .to TLD". The question is: Does there exist any legitimate purpose
for the .to TLD? Such as serving the Kingdom of Tonga or entities
organized in the Kingdom of Tonga in any way? Or is it just rogue?

Patrick_Greenwell2 · October 1, 1998, 4:26pm

Nope. Both .NU and .CC do as well off the top of my head.

/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\
Patrick Greenwell (800) 299-1288 v
CTO (925) 377-1212 v
NameSecure (925) 377-1414 f
Coming to the ISPF? The Forum for ISPs by ISPs http://www.ispf.com
\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/

J.D_Falk2 · October 1, 1998, 4:34pm

Who are we to decide? I think it's up to the Kingdom of Tonga,
  not a nearly-random group of network engineers. But as always,
  you are quite welcome to configure your nameservers to ignore
  .TO domains.

Aaron_Goldblatt · October 1, 1998, 4:54pm

The question isn't so much "does there exist any non-criminal SLD in
the .to TLD". The question is: Does there exist any legitimate purpose
for the .to TLD? Such as serving the Kingdom of Tonga or entities
organized in the Kingdom of Tonga in any way? Or is it just rogue?

That's for the owners of the TLD to decide, isn't it? Who are you or I to
determine what is and is not in the interests of the Kingdom of Tonga? For
example, can you tell me with absolute certainty that the porn sites you're
complaining about aren't in fact funded and operated by the government,
with the profits of these operations going into government coffers? Just
'cause that kind of thing is incomprehensible in the United States doesn't
mean that it can't, or even shouldn't, happen.

ag

Barry_Shein1 · October 1, 1998, 6:33pm

With all due respect, I think your management of the .to domain is a
hazard to the internet and should be ceased immediately. By your gross
negligence you are providing safe haven to criminals.

As of this minute, about 2:30PM EDT 10/1/98, the domain-hijacker
spammers have a web address in the .to domain and are
spamming/domain-forging to advertise this, as they have been
doing for weeks.

-Barry Shein

Barry_Shein1 · October 1, 1998, 6:35pm

"legit" in I paid $100 for a service, the same as you did when you

that doesn't make it legit, that just might mean you're out $100.

> contracted the std.com domain. Network abuse needs to be handled on the

No, I registered std.com as a commercial site in the commercial TLD.

And your connection to the Kingdom of Tonga is...?

> provider/upstream level. Leave the registries alone as they have enough
> problems as it is.

I think your opinion might be colored by the possibility of your being
out $100 if the .to domain is decommissioned.

J.D_Falk2 · October 1, 1998, 6:47pm

IIRC, TOnic was the first.

Stephen_Sprunk2 · October 1, 1998, 7:52pm

Please provide copies of any email or transcripts of phone conversations
between you and TONIC about these spammers.

I'm sure that TONIC would have cut them off if you had legitimate
complaints.

Even if they didn't, they have no more *obligation* to do so than NSI
has to remove a spammer from COM or ISI has to remove a spammer from US.

The Kingdom of Tonga has made a policy decision regarding a national
asset. That is their right to do, just as it's the US's right to ruin
the scenery at Niagara Falls and other national parks by allowing
commercialization.

This is an issue between you, TONIC, and IANA. Leave NANOG out of it.

Stephen (not Cisco)

Barry Shein wrote:

Jay_R_Ashworth · October 1, 1998, 10:17pm

Um, Barry? Not to put too fine a point on it, but I believe the answer
to that question is "good enough for the Kingdom of Tonga", and they're
the only people to whom it _needs_ to be a good enough connection...

or _are_ you asserting that it ought to be someone else's business?

Cheers,
-- jra

Jay_R_Ashworth · October 1, 1998, 10:20pm

Well, someone just offered to ask the king; here's what they should ask:

"Are you satisfied with the behavior of the people to whom you have
delegated the authority to manage your TLD?"

If he is... end of story.

Cheers,
-- jr 'for the _rest_ of us, anyway...' a

Nathan_J_Mehl1 · October 1, 1998, 11:00pm

In the immortal words of Jay R. Ashworth (jra@scfn.thpl.lib.fl.us):

> No, I registered std.com as a commercial site in the commercial TLD.
> And your connection to the Kingdom of Tonga is...?

Um, Barry? Not to put too fine a point on it, but I believe the answer
to that question is "good enough for the Kingdom of Tonga", and they're
the only people to whom it _needs_ to be a good enough connection...

Actually, the answer is:

A customer.

-n

-----------------------------------------------------------<memory@blank.org>
"History, which torments other countries, most just teases America."
(--www.suck.com)
<http://www.blank.org/memory/>-----------------------------------------------

Steve_Sobol1 · October 1, 1998, 11:28pm

In high school some upper-class students would sell incoming freshman
swimming pool passes. Unfortunately, our high school had no swimming
pool. But I guess if they paid for them they were "legitimate" pool
passes.

If the Tongan government were taking payments for domains that were
subsequently never registered, you'd have a point.

for the .to TLD? Such as serving the Kingdom of Tonga or entities
organized in the Kingdom of Tonga in any way? Or is it just rogue?

Would you even be raising these questions if someone using a .TO domain
hadn't forged a std.com address?

Steve_Sobol1 · October 1, 1998, 11:36pm

I will bet $5 right now that Barry hadn't even spoken to anyone at TONIC
until now.

Barry_Shein1 · October 1, 1998, 11:47pm

> > In high school some upper-class students would sell incoming freshman
> > swimming pool passes. Unfortunately, our high school had no swimming
> > pool. But I guess if they paid for them they were "legitimate" pool
> > passes.
>
> If the Tongan government were taking payments for domains that were
> subsequently never registered, you'd have a point.

No, if they're taking money for domains which later turn out to be
outside of their authority, possibly an authority lost due to
mismanagement, then the point would stand.

Put another way (that was an awfully bad sentence), I don't think
what makes .to legitimate is the mere fact that they've taken
money. If the domain is shut down the money is lost.

And maybe some who thought they could buy a cool-sounding domain name
in the namespace of the Kingdom of Tonga deserve what they get (big
deal, they're out $100, not exactly life or death, but you get my
point.)

> > for the .to TLD? Such as serving the Kingdom of Tonga or entities
> > organized in the Kingdom of Tonga in any way? Or is it just rogue?
>
> Would you even be raising these questions if someone using a .TO domain
> hadn't forged a std.com address?

Would anyone be interested in Timothy McVeigh if he hadn't blown up
the Murrah building?

I suppose not.

There's such a "blame the victim" mentality here it's truly amazing.

HEY:

I'm the victim of some pretty vicious activity, including domain
hijacking.

So are many of you, no doubt.

It looks like the folks who run the .to domain are making this vicious
activity easier, even if just by their apparent mismanagement. The
proof of that is in the pudding, these creeps keep using them.

So why do so many react as if I'm the one who needs to be examined?

How about the spammers? The domain hijackers? The .to domain admins?

Is there just absolutely no interest in expending one bit of energy
over the bad guys?

Maybe some of you should really ask yourselves why you have such an
urge to harass and harangue the victim.

Steve_Sobol1 · October 2, 1998, 2:29am

There's such a "blame the victim" mentality here it's truly amazing.

I'm not blaming you for a damned thing. I am saying you're going about
fixing it in entirely the wrong way, and I already told you the correct way
to deal with it, and you probably *already KNEW* the correct way to deal
with it anyhow.

I just need to shut up and stop responding. I'm tired of going back and
forth with you when the conversation is obviously going absolutely nowhere.

Is there just absolutely no interest in expending one bit of energy
over the bad guys?

Maybe some of you should really ask yourselves why you have such an
urge to harass and harangue the victim.

Good lord, Barry, shut up already. Enough. Sue the perps, go after the
dropboxes and dilaup accounts and/or colos or T-1's where the spewage is
coming from, and get the spammer nuked. Sue his ass off. Nuke him from here
to Cincinnati. But drop the arguments already. They're ridiculous. AND way
off topic (though I certainly am as guilty as you are in contributing to
this off-topic thread... another reason why I need to stop responding to
people in this thread.)