“Registrar’s access agreement shall require the third party to agree not to use the data to allow, enable, or otherwise support any marketing activities, regardless of the medium used. Such media include but are not limited to e-mail, telephone, facsimile, postal mail, SMS, and wireless alerts.”

In fact this has been on the books since 2003. Yet on a daily basis I receive whois-crawled spam. Now yes, you can definitely whois any domain and readily spam the owner. But these people are not just spamming one or two domains, they’re spamming thousands, if not tens of thousands at a time. (As with all spam, you’ve got to fish a lot to catch anything). Access to this requires what ICANN calls ‘bulk whois’, which pretty much any registrar with an API will provide you. However it is up to them to prevent people from using this as a means to spam people. While I realize it is not trivial to track the spam back to the registrar allowing the mass harvest, it’s not like there is an infinite number of registrars. Tracking down the people providing this information to spammers would not be impossible. Considering ICANN is pretty much useless for everything else (it took them how long to stop turning a blind eye to domain tasting? oh right, 10 years), they could at least enforce this policy, track down offending registrars and remove their accreditation. (I kid, ICANN will never do this, their rules are pretty much toothless, and this article is really just to ridicule spammers who take themselves seriously)

Now, whois-crawled spam is a bit different than your usual spam. No viagra, OEM software or luxury watches. No, whois spammers usual take themselves a lot more seriously, which makes it all the funnier because they’re just as pathetic as the guy selling Chinese V1ag4ra. Let’s look at a few of  the types of assholes who take part in this practice. (and some of my favourite examples)

Web hosts offering quality web hosting at low low prices:

(Click to expand)

The idea behind this type of domain spammer is pretty simple. You own a domain name, everyone who owns a domain name has some sort of hosting for it, everyone likes cheaper hosting. Amusingly sales@ and abuse@ evul.net get *tons* of it, which is usually very poorly targeted (and ironic when it goes to abuse@). However, the spam pictured above was actually well targeted, because its offering local large scale hosting, the kind that evul.net might want. However there in lies the problem, why as a web site owner (or a web host like evul.net) would you ever want hosting from a *spammer*. It immediately calls into question the ethics, let alone the quality of such a provider. They all end up getting spamcop’d and in the case of this one, I wrote to the idiots to personally express my disgust, they are locally known and slimy. Hopefully enough spamcop reports will get these wannabe providers upstreams to slap them, as they’re almost always sent from North America.

SEO/marketing experts asking for links:

(Click to expand)

This one gets me. It’s pretty brainless. We get a ton of these at work for any blog that we have our email address on the whois for. The idea is that if you ask nicely enough for a link (they *always* come from female, likely fake, names) someone will give you that link, and your google pagerank will be increased! In reality you are a spammer. It must work enough of the time that it makes it worth while for these people to do it. I try and spamcop these guys, but it’s like pissing in the ocean: the email sources and spamvertised sites are almost always in South America, Asia or eastern Europe. (This particular one came from some ISP in Argentina) I have a feeling they are usually fronts for something else, (get a pseudo legit page pageranked up, use it to then push other pages up) as no legit page bulk emails out begging for links.

People selling ads/ad network services:

(Click to expand)

I save the best for last. These are the most ironic and we get them from time to time at work. People spam our own sites essentially offering their own advertising services. It’s even better (ironic), like in the above example, when they are spamming an obvious campaign site, showing there is likely no human intervention in the spam. They’re just looking for well pageranked sites and spamming the owners. This again begs the question, who actually receives one of these and takes them up on their most reputable (lol) offers. Sadly some people must to make it worth while. Since these are all pseudo legit (wannabe) marketing companies, they’re almost always in the US, so spamcop for great justice.

We received a good one from a company selling a Twitter trending solution recently, again well targeted against an actual twitter-based campaign site, but it begs the question of how new are these people to the internet. How is it, that in 2010 there are people out there who still believe their business has any legitimacy as soon as they send out unsolicited-bulk email to the same people who have been fighting such email for nearly *20 years*. In short, stop buying services/products you see in spam, have sweet dreams of useless ICANN actually enforcing the bulk-whois-marketing rule instead of ignoring registrars who allow it willy-nilly, and spamcop everything for great justice.

And to “Data Centers Canada Inc.”, “Comodus” and “Linkstar”, congrats you are spammers, any hopes you had of every being taken seriously as legit businesses went down the drain when you sent out unsolicited bulk email to domain owners, no matter how well targeted it was.

Some Italian high school students uploaded a video of an autistic classmate to Google video. Let me start by saying this is terrible and cruel, and I cannot even imagine how cruel bullying must be in a post internet world. Google complied with the Italian law enforcement and handed over the details of the users who uploaded it. This is correct practice. If someone breaks the law, even if its over the internet, they are prosecutable, and content hosts are responsible to comply with law enforcement. I have done this many times and complied with Canadian law enforcement on some very interesting cases.

Apparently though this is not enough in Italy. Four Google Italy employees, including one who had left the company in 2008 were arrested, of which 3 were convicted of violating the videoed boy’s privacy rights. The courts demand that Google should have vetted the privacy of the content that was uploaded before sharing it with the world. REALLY? I mean are they serious? I’m sure they must realize how many videos are uploaded to Google/Youtube/etc every minute of every day? And to check to make sure EVERYONE in the video has signed a release as to their privacy? Heck its not feasible at a few videos per day, let alone the 20 hours of video uploaded to Youtube alone every minute of every day. This would be stupid coming from an armchair politician bitching on an internet forum, let alone the policy makers of an entire country. Seriously this worries me about the sanity of the law makers and future of the country.

It doesn’t stop at video, it could be pictures uploaded to Facebook, of which there are over a hundred million PER DAY. Should Facebook check EVERY photo to make sure nobodies privacy is being encroached upon? Get a clue!

My other complaint is why does every local government think they should be able to police the internet? I think Google should just pull its local offices out of Italy and then just let Italy decide if they want to block Google or not. Let all these insane countries play internet nanny for their citizens, maybe they can get a bulk deal on Cisco gear along with China and Australia… Hey Italy thanks for Ferrari but no thanks for your draconian attempts at internet policy!

Read Google’s own blog post on the matter…

For static content, this is easy, even RSYNCs will be scalable to push out changes to your content amongst your farm. User uploaded content is quite a bit trickier. Within a single datacenter you can efficiently (though not always affordably) solve this using shared storage, iSCSI or NFS. Then applications pretty much can work as if they’re on a single server, session management can be tackled by using cookie or host persistence on the load balancers to make sure a user stays on the same server. What about servers in different locations though? NFS and iSCSI will not be terribly effective over transit.

You will have to push content between your locations then. If you are trying to geographically distribute your own application, you would just write functionality in to immediately push any user uploaded content out to other locations as its created.  Google/Youtube are great examples of this. When you hit content they’ve hosted, it isn’t even hosted on every server, and they direct you to the closest server that has said content. If that content isn’t available locally to you yet, or at all, they can stream it over their own fiber backhaul and out your closest Google POP.

But what if you are hosting a variety of 3rd party software. To my knowledge none of the popular blog packages, forum software, etc has any sort of geo-diversity designed into them. You could of course fork them and write your own, but then you end up supporting N different software packages for your N clients, not affordable or reasonable.  Rsync would do this task but unfortunately it is very intensive and doesn’t scale particularly well because it md5′s your entire tree constantly to see if things changed. As your content scales, the rsyncs would get slower and slower just seeing if changes occurred, eventually leading to massive delays on syncing out user created content.

In the end, its a cool problem, a problem that not too many people have tackled so far. We came up with our own solution, which I unfortunately probably shouldn’t disclose. I wrote the basis of the software last month, though it still needs some bug fixes, testing and more modules to be written for it. It is a difficult problem to tackle, but having worked in telecommunications, no facility is bullet proof, no power is bullet proof, no connectivity is bullet proof, no hardware is bullet proof: geo-diversity is a must going forward in this highly demanding world where everyone expects connectivity and content 24/7