Thoughts on ccTLD blocking.

This was written in response to mail, to a public list (which is why I
don't mind quoting from it), from someone under .de.  Quotes below are
from the list mail in question.  If the author of that mail would
prefer to be credited, I'm fine with that (just let me know), but it
seems more appropriate to me to not drag a relatively unrelated
person's name into this unnecessarily, since it really has nothing to
do with him (the "real name" looks male to me, corrections welcome).

This is being written 2011-12-11; updates, if any, will be appended,
not edited into the mainline, except for trivial things like typo
corrections.

> [I tried to send this as private mail, but get

"This" was an on-list response to one of my on-list messages, which the
sender apparently tried to send off-list.  The list mail's From:
address was under .de.

> host Sparkle-4.Rodents-Montreal.ORG[216.46.5.7] refused to talk to me:
> 550-.de's whois server, whois.denic.de, is completely broken, handing
> 550-out no contact information at all when queried for .de domains in
> 550 the usual way.  Such a domain has no place on a civilized network.

> I don't know what this is about

Basically, exactly what it says: whois.denic.de requires a magic
denic-specific option before it is willing to return any data.  (Or at
least it did, and it still doesn't return data when queried without it;
I can't remember the option offhand, so I can't easily see if it still
works.)

> and why it hinders anybody from accepting my email.

It's a matter of principle.  WHOIS data is an important part of domain
transparency; any TLD not providing it is, in my opinion, actively
obstructing the smooth governance of the net, actively getting in the
way of people trying to chase down abusers and the like.  Back when I
was an active antispammer (I no longer am) WHOIS was one of the more
important resources I used.

So, I refuse to deal with such domains.  "Such a domain has no place on
a civilized network."

The German people, via their (supposedly-)representative government,
have chosen to act in a way that I consider uncivilized.  There may be
many other such offenders, for all I know; .de came to my attention
because I got spammed from them and ran into their broken WHOIS server
when trying to investigate the spam.  Any entity that sends me spam and
actively gets in the way of my dealing with it I consider part of the
precipitate.  That the entity is an entire country is sad, but it does
not change my reaction; "too big to block" is a nonsensical stance -
large entities should be held to stricter, not laxer, standards of
behaviour than their small colleagues.

> I also don't know whether whoever put this in place

Me.

> assumes me to be in a position to influence Denic's behaviour.

If you're actively using a .de domain, such as sending mail through it,
you're in more of a position to influence their behaviour than I am;
indeed, as one of their constitutents, they exist to serve you.  (In
theory.  It would not surprise me if they, like many governmental
entities, lost sight of that.)

Actually, whether or not you can do anything about their brokenness is
only part of the point.  Boycotting broken TLDs is only partially about
pressuring them to fix things (through their users, usually, there
being no other channel available); it's also about rejecting the spew
arising from the abuse-magnet properties their bad governance produces.

> Or suggests me moving to another country where my employer doesn't
> reside under the .de domain.

I don't think I suggested that, except implicitly in the sense that
"this TLD is broken" constitutes a "don't use this TLD" suggestion and
a "don't use this ccTLD" suggestion constitutes a "move out of its
jurisdiction" suggestion.  The latter is especially weak; there are
plenty of places willing to set you up with a mail tunnel to a
civilized mailserver.

> Or me using another special email address for communicating with
> people in his domain.]

"Special"?  If I were saddled with such a case, where I had an email
address that were broken somehow, I just wouldn't use it; I'd set up
something with a civilized provider, or even just run my own email.
The non-broken address would hardly be the special one.

In fact, that's exactly what I do, in a slightly different domain.  One
of my workplaces is all behind NAT and has no rDNS on their
world-facing NAT address.  (A different form of brokenness, but still
broken.)  So I just don't use them for things for which that matters,
using my house network (which I made sure does have rDNS on its public
addresses) instead.

It's also what I did, at nontrivial (though not particularly large)
expense in money and time, when .ca did something similar.  See
{ftp,http}://ftp.rodents-montreal.org/mouse/rodents-domain.txt for the
story of that incident.

/~\ The ASCII				  Mouse
\ / Ribbon Campaign
 X  Against HTML		mouse@rodents-montreal.org
/ \ Email!	     7D C8 61 52 5D E7 2D 39  4E F1 31 3E E8 B3 27 4B
			  (and postmaster@rodents-montreal.org)
