[council] A secret email address between registrar and registrant, please (WAS: RE: [gnso-dow123] RE: [council] RE: WHOIS combined task force call 1 March 2005)

Wed Mar 2 20:22:51 UTC 2005

Marc, I agree. Publishing the main contact addresses is the main reason 
their holders never reply to a message -- a probable symptom they are 
not being able to handle the spam overflow.

So, definitely, the "secret" registry/tar - registrant email should be 
implemented. However, there remains the problem of not being able to 
contact an Internet provider once a serious phishing schema, for 
example, is detected as coming from its network, since they are 
seemingly ignoring all messages coming to their published email addresses.

--c.a.

Marc Schneiders wrote:

>I was pretty sympathetic to the proposal (if I understoord it right)
>of Tim, vid. that only the registrar would have the authoritative
>email address of the registrant, which would NOT be displayed in
>whois. As we all know all email addresses displayed in whois are
>spammed to death. As a result email to this address will in due course
>be impossible to read or monitor. Consequently the poor registrant
>will not see the reminder to renew. Nor the message that her domain
>will be transferred to a hijacker through another registrar.
>
>IN SHORT: I strongly urge us all to create a method, where the
>authoritative email for transfers and the like is NOT in whois.  Not
>for .com nor for the thick registries. This is essential in this age
>of spam.
>
>I have some domains and I am forced to accept some 300 spam messages a
>day and to go through them each day. One of these may be a reminder to
>renew...
>
>This can so easily be changed: A 'secret' email address for
>communication between registrar and registrant. As an option this
>should be introduced soon.
>
>On Mon, 28 Feb 2005, at 11:53 [=GMT-0600], Tim Ruiz wrote:
>
>  
>
>>Jeff,
>>
>>You're right. We do not have any problems with thick registry TLDs in this
>>regard. But don't take this as an endorsement, or non-endorsement, of the
>>thick registry model in any way :)
>>
>>Tim
>>
>>
>>-----Original Message-----
>>From: Neuman, Jeff [mailto:Jeff.Neuman at neustar.us]
>>Sent: Monday, February 28, 2005 11:50 AM
>>To: Marilyn Cade; Tim Ruiz; Bruce Tonkin
>>Cc: Chris Disspain; gnso-dow123 at gnso.icann.org; council at gnso.icann.org;
>>Maria Farrell
>>Subject: RE: [gnso-dow123] RE: [council] RE: WHOIS combined task force call
>>1 March 2005
>>
>>For the record, each of the "thick registries" are required to display the
>>e-mail of the registrant even though registrars are not required.  For the
>>thick registries, the solution may be a simple reliance on the registries
>>whois database rather than the registrars.  I believe the transfer policy
>>does mention that.   Of course that does not solve the problems with respect
>>to .com and currently .net (although several bidders for .net did propose a
>>thick registry).
>>
>>Jeff
>>
>>-----Original Message-----
>>From: owner-gnso-dow123 at icann.org [mailto:owner-gnso-dow123 at icann.org]On
>>Behalf Of Marilyn Cade
>>Sent: Monday, February 28, 2005 12:34 PM
>>To: 'Tim Ruiz'; 'Bruce Tonkin'
>>Cc: 'Chris Disspain'; gnso-dow123 at gnso.icann.org;
>>council at gnso.icann.org; 'Maria Farrell'
>>Subject: RE: [gnso-dow123] RE: [council] RE: WHOIS combined task force
>>call 1 March 2005
>>
>>
>>Thanks, both Bruce and Tim.
>>
>>I am sure the TF would be happy to invite Chris. We are also interested in
>>inviting cc's from Latin America, so we can ask Chris for possible
>>circulation of a request to the cc's from Latin America as well. That way,
>>we will hear from several countries. I'll put this on the TF agenda tomorrow
>>as another possible guest speaker for the next set of calls, which will have
>>to probably be after Mar de Plata, given all that is on our plates. We also
>>need to hear from governmental agencies about their uses and views, and we
>>haven't gotten around to identifying that set of invitees yet. In the past,
>>in WHOIS panels, etc., we have invites a range of consumer protection;
>>privacy, law enforcement, etc.
>>
>>Tim, your point about transfers and its reliance on the email of the
>>registrant is interesting.  Does this show up in the report of the ICANN
>>staff as one of the problem areas that is emerging/internally disputed
>>transfers... sounds like perhaps the technical contact might be the ISP, for
>>instance, and they do a transfer, and the actual registrant isn't informed,
>>or doesn't agree, and then disputes? What a nightmare for the registrar!
>>
>>Maria, would you ask Tim Cole/Kurt Pritz when the report that Kurt discussed
>>on the last Council call will be actually published? I know it wasn't quite
>>final when he reported on it, but I assume is forthcoming... just useful to
>>know of when to expect it.
>>Thanks, MC
>>
>>-----Original Message-----
>>From: owner-gnso-dow123 at icann.org [mailto:owner-gnso-dow123 at icann.org] On
>>Behalf Of Tim Ruiz
>>Sent: Monday, February 28, 2005 5:21 AM
>>To: Bruce Tonkin
>>Cc: Chris Disspain; gnso-dow123 at gnso.icann.org; council at gnso.icann.org
>>Subject: RE: [gnso-dow123] RE: [council] RE: WHOIS combined task force call
>>1 March 2005
>>
>>I'd like to point out an issue with the current (new) transfer process
>>that needs to be considered here.
>>
>>Right now, there is no requirement to display the email address of the
>>Registrant in the Whois of gTLDs. So most gaining registrars use the
>>email address of the Administrative Contact to confirm transfer
>>requests. The problem we have seen, and I am sure others as well to one
>>degree or another, is that even after a "good" transfer is completed
>>(confirmed by the Administrative Contact), the Registrant sometimes
>>comes forward and says they did not authorize it. Under the current
>>policy, we have to reverse the transfer or risk going into a dispute
>>that the gaining registrar will lose and pay for.
>>
>>Since the Registrant has ultimate authority over a transfer, and that
>>makes sense, then their email address should at least be available to
>>Registrars in any tiered access model. At least as long as the transfer
>>policy is what it is.
>>
>>Tim
>>
>>
>>-------- Original Message --------
>>Subject: [gnso-dow123] RE: [council] RE: WHOIS combined task force call
>>1 March 2005
>>From: "Bruce Tonkin" <Bruce.Tonkin at melbourneit.com.au>
>>Date: Sun, February 27, 2005 10:48 pm
>>To: council at gnso.icann.org
>>Cc: "Chris Disspain" <ceo at auda.org.au>, gnso-dow123 at gnso.icann.org
>>
>>Hello Marilyn,
>>
>>    
>>
>>> We are also still looking for cc's who use a form of tiered access.
>>>      
>>>
>>The WHOIS task force may wish to invite Chris Disspain, the CEO of .au
>>Domain Administration (auDA) which is the policy body for .au, to
>>explain the mechanism used in Australia.
>>
>>au uses a tiered access structure.
>>
>>There are three tiers.
>>
>>(1) public access (see http://whois.ausregistry.com.au/ ), which
>>provides the following information:
>>
>>Domain Name:
>>Last Modified:
>>Registrar ID:
>>Registrar Name:
>>Status:
>>Registrant name:
>>Registrant ID:
>>Registrant ROID:
>>Registrant Contact Name:
>>Registrant Email:
>>Tech ID:
>>Tech Name:
>>Tech Email:
>>Name Server:
>>Name Server IP:
>>Name Server:
>>Name Server IP:
>>
>>(2) Registrar access.  A registrar can access the full records for the
>>names under their management, and can also access other registry
>>records, if the registrant provides them with an access password
>>(auth_info).  The access password is typically provided by a registrant
>>that wishes to transfer to the registrar.  The registrar is able to
>>retrieve the full record as part of the process of authenticating the
>>transfer request.
>>
>>(3) Law enforcement access.  An Australian law enforcement agency may
>>make a request to auDA for access to particular records in writing.
>>auDA has full access to all records for this purpose.
>>
>>
>>Regards,
>>Bruce Tonkin
>>Registrars representative on the GNSO Council
>>
>>
>>
>>    
>>
>
>
>
>  
>

-- 
++++++++++++++++++++++++++++++++++++++++++++++++
Carlos Afonso
diretor de planejamento
Rede de Informações para o Terceiro Setor - Rits
Rua Guilhermina Guinle, 272, 6º andar - Botafogo
Rio de Janeiro RJ - Brasil         CEP 22270-060
tel +55-21-2527-5494        fax +55-21-2527-5460
ca at rits.org.br            http://www.rits.org.br
++++++++++++++++++++++++++++++++++++++++++++++++