Thoughts on ccTLD blocking. This was written in response to mail, to a public list (which is why I don't mind quoting from it), from someone under .de. Quotes below are from the list mail in question. If the author of that mail would prefer to be credited, I'm fine with that (just let me know), but it seems more appropriate to me to not drag a relatively unrelated person's name into this unnecessarily, since it really has nothing to do with him (the "real name" looks male to me, corrections welcome). This is being written 2011-12-11; updates, if any, will be appended, not edited into the mainline, except for trivial things like typo corrections. > [I tried to send this as private mail, but get "This" was an on-list response to one of my on-list messages, which the sender apparently tried to send off-list. The list mail's From: address was under .de. > host Sparkle-4.Rodents-Montreal.ORG[216.46.5.7] refused to talk to me: > 550-.de's whois server, whois.denic.de, is completely broken, handing > 550-out no contact information at all when queried for .de domains in > 550 the usual way. Such a domain has no place on a civilized network. > I don't know what this is about Basically, exactly what it says: whois.denic.de requires a magic denic-specific option before it is willing to return any data. (Or at least it did, and it still doesn't return data when queried without it; I can't remember the option offhand, so I can't easily see if it still works.) > and why it hinders anybody from accepting my email. It's a matter of principle. WHOIS data is an important part of domain transparency; any TLD not providing it is, in my opinion, actively obstructing the smooth governance of the net, actively getting in the way of people trying to chase down abusers and the like. Back when I was an active antispammer (I no longer am) WHOIS was one of the more important resources I used. So, I refuse to deal with such domains. "Such a domain has no place on a civilized network." The German people, via their (supposedly-)representative government, have chosen to act in a way that I consider uncivilized. There may be many other such offenders, for all I know; .de came to my attention because I got spammed from them and ran into their broken WHOIS server when trying to investigate the spam. Any entity that sends me spam and actively gets in the way of my dealing with it I consider part of the precipitate. That the entity is an entire country is sad, but it does not change my reaction; "too big to block" is a nonsensical stance - large entities should be held to stricter, not laxer, standards of behaviour than their small colleagues. > I also don't know whether whoever put this in place Me. > assumes me to be in a position to influence Denic's behaviour. If you're actively using a .de domain, such as sending mail through it, you're in more of a position to influence their behaviour than I am; indeed, as one of their constitutents, they exist to serve you. (In theory. It would not surprise me if they, like many governmental entities, lost sight of that.) Actually, whether or not you can do anything about their brokenness is only part of the point. Boycotting broken TLDs is only partially about pressuring them to fix things (through their users, usually, there being no other channel available); it's also about rejecting the spew arising from the abuse-magnet properties their bad governance produces. > Or suggests me moving to another country where my employer doesn't > reside under the .de domain. I don't think I suggested that, except implicitly in the sense that "this TLD is broken" constitutes a "don't use this TLD" suggestion and a "don't use this ccTLD" suggestion constitutes a "move out of its jurisdiction" suggestion. The latter is especially weak; there are plenty of places willing to set you up with a mail tunnel to a civilized mailserver. > Or me using another special email address for communicating with > people in his domain.] "Special"? If I were saddled with such a case, where I had an email address that were broken somehow, I just wouldn't use it; I'd set up something with a civilized provider, or even just run my own email. The non-broken address would hardly be the special one. In fact, that's exactly what I do, in a slightly different domain. One of my workplaces is all behind NAT and has no rDNS on their world-facing NAT address. (A different form of brokenness, but still broken.) So I just don't use them for things for which that matters, using my house network (which I made sure does have rDNS on its public addresses) instead. It's also what I did, at nontrivial (though not particularly large) expense in money and time, when .ca did something similar. See {ftp,http}://ftp.rodents-montreal.org/mouse/rodents-domain.txt for the story of that incident. /~\ The ASCII Mouse \ / Ribbon Campaign X Against HTML mouse@rodents-montreal.org / \ Email! 7D C8 61 52 5D E7 2D 39 4E F1 31 3E E8 B3 27 4B (and postmaster@rodents-montreal.org)