Verisign needs to respond to traffic hitting its websites. The namespace is...large. They also need to respond to mail sent to the namespace, if only to say "we can't deliver this". The namespace is again...large. And a dictionary attack against a...large namespace is...large and then some. There's the added overhead of resolving this large space at both root and secondary DNS servers.

One of the immediate benefits is that we now have a vastly larger space of possible email addresses with which to seed spammers. Given that domain validation itself is a signficiant cost of mail delivery (as much as email has costs), the task of filtering through some tens or hundreds of thousands, or millions, of email domains, is not inconsequential.

Of course, what's necessary is a system to generate seed addresses. While more sophisticated methods will doubtless emerge, one quick contingency is:

\r\n

\r\nwhile :\r\ndo \r\n    rand=$( ( date +%s%N; echo $RANDOM ) | md5sum | cut -b 1-14 )\r\n    echo http://www.$rand.com/index.html jp@$rand.com\r\ndone \r\n

\r\n

Pipe that through head -nn to generate the desired number of output domains. The namespace is over 18 quadrillion domains, and duplicates in a sample run of 1 million (360 minutes on P4 1.7 GHz) were zero. Some sed magic will generate HTML [link|http://kmself.home.netcom.com/Verisign/Verisign7.html|suitable for posting]. Suggested enhancements would be to incorporate dictionary words or common names, a simple Perl or Python enhancement.