Is the .to (Tonga) domain completely rogue and should be removed?

Karl Mueller writes:

Clearly, .COM is used for criminal and malicious activities.
I propose that we remove it due to abuse.

This points out the legal ambiguity of the global top-level domains.
At least with the .to domain it is clear who is responsible for
the domain. With .com, .net, etc. the name space crosses legal
boundaries inviting all sorts of legal confusion. The legal
situation could be clarified considerably if the gtld's were moved
under the country code domains.

Certainly the legal confusion surrounding the gtld's shouldn't
be used as a rational for not developing a process (which is
what Barry suggested) for attending to problems associated with
the country code domains.

What sort of problems?

This thread originally started out as a discussion of .TO spamming
domains. Someone else had mentioned that the TLD's aren't responsible
for nuking spammers.

If you're going to make a statement like that, I think it would be useful
to first delineate what problems are supposed to be fixed by the TLD admins,
and what problems are supposed to be fixed by the admins of the subdomains.

Actually, now that I think about it, it is hard for me to come up with
a situation where you could possibly hold a TLD administrator liable for
criminal activities perpetrated by a domain registrant. I'm sure someone
else will come up with something.

The specific question was whether or not the .to domain serves any
useful purpose (such as a TLD for the Kingdom of Tonga) -- is there
any reason to maintain it in the root servers?

That question has been addressed by a number of people already.
You also brought up the issue of "criminal" activity.

In the immortal words of Barry Shein (bzs@world.std.com):

The specific question was whether or not the .to domain serves any
useful purpose (such as a TLD for the Kingdom of Tonga) -- is there
any reason to maintain it in the root servers?

Is the Kingdom of Tonga a recognized nation-state? Does it have an ISO
country code assigned to it? Is the general policy of the root servers
to host NS records for any ISO country-code domain legitmately operated
by an entity within that country?

QED...

Barry, this seems sort of silly. They have a stated abuse policy. You
have evidence that one of their registrants is operating in contravention
to that policy. What on earth is preventing you from making the obvious
phone call?

For what it's worth, I suspect that we will see a similar effect any
time a new domain with a liberal registration policy comes online.
People will flock to it, and among those people will be some bad actors.
For a while, it'll be particularly visible, until the spammers and suchlike
figure out that a different domain name doesn't shield them from anything,
then it'll fade into the background -- just another TLD. Rinse and
repeat.

-n

------------------------------------------------------------<memory@blank.org>
And by / the phone / I live / in fear.
Sheer chance / will draw / you in / to here. (--Soul Coughing)
<http://www.blank.org/memory/&gt;\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-

Gosh that sounds so good Nathan.

Unfortunately, as of right this minute, 10/1 at 2:20PM EDT, these porn
domain forgers are back on the Tonga site and spamming away again
forging our domain name into their spams.

Something is very, very wrong with the Tongan domain and its
management. They're not removing criminal domain-hijacking spammers,
they're just letting them change their name as far as I can tell.

Unfortunately, as of right this minute, 10/1 at 2:20PM EDT, these porn
domain forgers are back on the Tonga site and spamming away again
forging our domain name into their spams.

If this is the issue at hand, why is the topic centered on a domain
registry that happens to resolve one of their ips? Shouldn't the issue be
taken up with whoever is providing transport to the said sites?

Perhaps this is an issue of my own lack of experience, but I don't
understand why .to should be singled out at all. For this case, the
miscreants could be running without any name resolution. Certainly
everyone here is willing to acknowledge that a domain name is simply
symbolic.

I think holding the Kingdom of Tonga responsible for these spammers having
namespace under their iso tld is just as ludicrous as holding STD
respnisble for 'permitting' their domain name to be forged.

..kg..

> Barry, this seems sort of silly. They have a stated abuse policy. You

[...]

Something is very, very wrong with the Tongan domain and its
management. They're not removing criminal domain-hijacking spammers,
they're just letting them change their name as far as I can tell.

Maybe because you haven't followed their abuse policy. Wow.

ag

In the immortal words of Barry Shein (bzs@world.std.com):

> Barry, this seems sort of silly. They have a stated abuse policy. You
> have evidence that one of their registrants is operating in contravention
> to that policy. What on earth is preventing you from making the obvious
> phone call?

Gosh that sounds so good Nathan.

Unfortunately, as of right this minute, 10/1 at 2:20PM EDT, these porn
domain forgers are back on the Tonga site and spamming away again
forging our domain name into their spams.

Er, I take it from the "again" that you _did_ try to contact the
Tonic registry? You're being uncharactistically cagy on this point...

Something is very, very wrong with the Tongan domain and its
management. They're not removing criminal domain-hijacking spammers,
they're just letting them change their name as far as I can tell.

Barry, if they're even doing so much as _that_, that's more than
Network Solutions will do to somebody "abusing" the .com domain.

I'm really mystified by your approach to this. ".to" is a TLD like
any other. Your current crop of spammers isn't "on the Tonga site"
any more than Jeff Slayton or Sanford Wallace were "on" Network
Solution's "site".

And your perception that .to is largely or entirely comprised of
spammers and scam artists is, well, a perception, and one that
doesn't seem to really line up well with the facts at hand.

Look, I understand that you're frustrated that World is under
attack and that the culprits haven't been shut down yet, but
pointing the finger at their domain registry seems strangely
counterproductive, especially when that registry is doing no
worse (and in some lights much better) than any other TLD in
dealing with abuse issues.

-n

------------------------------------------------------------<memory@blank.org>
"Reading [James] Ellroy can be like deciphering Morse code tapped out by a
pair of barely sentient testicles." (--Dwight Garner, in _Salon_)
<http://www.blank.org/memory/&gt;\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-

The question is whether or not the .to domain is being run for any
legitimate purpose (i.e., should it be maintained in the root
servers), and how that question might be reviewed, or has it been
mostly hijacked for malicious purposes?

  -b

Barry.

Court cases have been won against spammers forging others' domains.

Suggestion: Concentrate on slamming these losers in court instead of railing
against the TLD admins.

I mean, I don't doubt you've already initiated legal action, but the
discussion we're having is counterproductive.

Please provide copies of any email or transcripts of phone conversations
between you and TONIC about these spammers.

I'm sure that TONIC would have cut them off if you had legitimate
complaints.

Even if they didn't, they have no more *obligation* to do so than NSI
has to remove a spammer from COM or ISI has to remove a spammer from US.

The Kingdom of Tonga has made a policy decision regarding a national
asset. That is their right to do, just as it's the US's right to ruin
the scenery at Niagara Falls and other national parks by allowing
commercialization.

This is an issue between you, TONIC, and IANA. Leave NANOG out of it.

Stephen (not Cisco)

Barry Shein wrote:

WRT "Is the .to (Tonga) domain completely rogue and should be removed?"

plonk<

This is the first filter I've had to place in NANOG. This subject is really
in the Domain-Policy area and not a part of NANOG. By definition, TO is not
in the realm of NANOG.

I note that Domain-Policy list is not even on this distro, whereas I know
for fact that you have also posted this subject there as well. Please leave
it there, that is where it properly belongs. Yes, many of us are also
subscribers to domain-policy list at the InterNIC. Actually, your remove TO
rant should go to IANA, but we both know that Postel is unresponsive to
such complaints.

Be that as it may, I rather not see this rant in NANOG any longer.

Aaron: Clearly we're talking about what to do in reaction to some of
the worst kinds of abusers on the net, second perhaps only to outright
crackers and smurfers, and the mismanaged resources they exploit.

We're talking about people who send tens of thousands, at least, of
unsolicited email messages daily, many with explicit language in the
Subject headers, advertising a porn site address in the .to domain.

In addition, these messages have From: addresses forged into them with
others' legitimate domain names, soas to cause the owners of that
domain to be pummelled day and night with bounces and complaints.

Judging from the actual behavior, which is indisputable, these
criminals are finding the .to domain to be a convenient haven to
operate out of, probably due to the mismanagement (I'm not really
accusing those involved with .to of anything more than possible
mismanagement) of the .to domain as much as anything else. For
example, it appears they, whoever is administering this .to domain
(and it's apparently not Tonga), have absolutely no idea who is
creating domains in their space, and will shut off an abusing domain
and a few minutes later give the same people another domain.

Now, explain to us again exactly what your interest in defending these
people so strenuously?

I don't get it.

These appear to be some of the worst vermin on the net and are
enormous time sink, and are being aided and abetted by what appears to
be gross mismanagement, at best, and yet there you are ready in a
second to leap to their defense?

Why?

Nobody's leaping to the spammers' defense. Everybody seems
  to be leaping to TOnic's defense...or, at least, saying that
  your gripe with TOnic is unfounded.

Damnit, Barry:

DID YOU MAKE THE CALL?

Cjeers,
-- jra

You know, you're being boorish Jay but I'll answer anyhow because you
seem so fascinated with this train of thought it's made you blind to
the obvious:

As fast as one of these .to domains is shut down the domain hijackers
open another .to domain, apparently within minutes, and continue
spamming with that.

So it's not doing a lot of good asking tonic to shut down domain a.to
when that just results in seeing spam shortly thereafter advertising
b.to and then c.to and d.to and e.to and f.to etc.

One major problem is the mismanagement of the .to domain, and to what
purpose (apparently not to serve the Kingdom of Tonga as a national
TLD) remains fairly mysterious, other than "for money" and whatever
damage it does to others be damned.

It's like a site which won't close an open mail relay. Sure, it's
ultimately the spammers exploiting the open relay which are the actual
perps. But if all the open mail relay will do, for example, is block
the one domain from relaying so the spammers just jump to another
domain and use them as an open relay again, and again, and
again...well then just informing them of the latest domain on an
hourly basis isn't really doing it.

> Damnit, Barry:
> DID YOU MAKE THE CALL?

You know, you're being boorish Jay but I'll answer anyhow because you
seem so fascinated with this train of thought it's made you blind to
the obvious:

No, actually, I've been being merely logical.

As fast as one of these .to domains is shut down the domain hijackers
open another .to domain, apparently within minutes, and continue
spamming with that.

So it's not doing a lot of good asking tonic to shut down domain a.to
when that just results in seeing spam shortly thereafter advertising
b.to and then c.to and d.to and e.to and f.to etc.

This suggest that you'rve called them, but as someone noted earler,
you're being awfully cagey about it. A simple "yes, I called them; it
didn't help" would help your case immensely, Barry.

One major problem is the mismanagement of the .to domain, and to what
purpose (apparently not to serve the Kingdom of Tonga as a national
TLD) remains fairly mysterious, other than "for money" and whatever
damage it does to others be damned.

This exact argument could be aimed at NSI about the opening of the
.net TLD to non-network-management machines, actually.

It's like a site which won't close an open mail relay. Sure, it's
ultimately the spammers exploiting the open relay which are the actual
perps. But if all the open mail relay will do, for example, is block
the one domain from relaying so the spammers just jump to another
domain and use them as an open relay again, and again, and
again...well then just informing them of the latest domain on an
hourly basis isn't really doing it.

Ok. But, as far as I can see, you haven't actually proven here that
the people in question are _actually_ registered in the .to domain in
the first place, and not simply forging _that_ address too.

In which case, of course, it wouldn't be their problem at all.

Could the gentleman who posted from tonic earlier today please
enlighten us as to whetner Barry has actually opened a ticket on this
topic or not?

Cheers,
-- jr 'and you _still_ didn't answer me' a

As fast as one of these .to domains is shut down the domain hijackers
open another .to domain, apparently within minutes, and continue
spamming with that.

So it's not doing a lot of good asking tonic to shut down domain a.to
when that just results in seeing spam shortly thereafter advertising
b.to and then c.to and d.to and e.to and f.to etc.

One major problem is the mismanagement of the .to domain, and to what
purpose (apparently not to serve the Kingdom of Tonga as a national
TLD) remains fairly mysterious, other than "for money" and whatever
damage it does to others be damned.

It doesn't do any damage. A domain is just a domain ! Have you tried to
complain to abuse at foo.to:s network operator ? Could you please clarify
why it is worse to get a SPAM from foo.to than from foo.com ?
Internic will let anyone register a .com domain.

It's like a site which won't close an open mail relay. Sure, it's
ultimately the spammers exploiting the open relay which are the actual
perps. But if all the open mail relay will do, for example, is block
the one domain from relaying so the spammers just jump to another
domain and use them as an open relay again, and again, and
again...well then just informing them of the latest domain on an
hourly basis isn't really doing it.

You can't compare a TLD with a mail relay ... Still, a domain is just a
domain. You don't even NEED a domain to send out SPAMS. The only thing
you need is a connection to the Internet. Go complain to the network
operator !

Could you please clarify why .to should take more action against spammers
than Internic ?

<RANT>
Duh, here is a dark alley, oh, there is a drug-dealer in the dark alley.
Hummm, lets forbid dark alleys ....
</RANT>

Go to the god damn source of the problem. The Network Operator !

Do you run to Internic as soon as you get a SPAM from a .com domain ?
Most probably not. And most importantly, do you come whining on NANOG
as soon as you get a SPAM from a .com domain ?

Can't you see that this is just plain silly ?

--Magnus