[gnso-rds-pdp-purpose] new doc summary: "Advisory on Utilization of Whois Data For Phishing Site Take Down."

[Greg Aaron]

This is another new doc that is not on our current list, but should be added.
--Greg


"Advisory on Utilization of Whois Data For Phishing Site Take Down."  Anti-Phishing Working Group. March 2008

http://docs.apwg.org/reports/apwg-ipc_Advisory_WhoisDataForPhishingSiteTakeDown200803.pdf

"Given fundamental policy changes regarding accessibility of both domain and IP Whois data currently under consideration by ICANN, RIPE and others, and the evolving environment surrounding the Whois system, the APWG Internet Policy Committee (IPC) has updated this industrial advisory, comprised of a set of real-world case studies in which Whois data has been instrumental in neutralizing phishing sites in order to help ICANN, RIPE and others comprehensively inform their policy deliberations.  The intent is to better inform the broader internet policy community of the invaluable assistance the full range of Whois data provides in shutting down nearly 1,000 phishing sites per day (and climbing) at current rates....

In a majority of phishing cases, published Whois data of the domain name(s) and Internet Protocol (IP) network addresses involved have been irreplaceable components of the take down process -- invaluable resources, in fact, necessary to the resolution of most of the cited cases. For cases in which legitimate machines or services have been hacked or defrauded, published domain name or IP network address Whois information is an important tool used to quickly locate and communicate with site owners and service providers. For cases in which domain names are fraudulently registered, the published domain name Whois information can often be tied to other bogus registrations or proven false to allow for quick shut down....

It is the hope of the APWG's IPC that exposure to this information and the following case studies will allow the relevant committees of ICANN, RIPE and other governance bodies to make better informed decisions on Whois policy and promote policy modifications that will not result in reduced access to Whois data for those who use it to respond to phishing events....
In all, over 80% of phishing site take-downs involve using the domain name Whois system to find a contact for assistance via e-mail, phone and/or fax, or to prove the registration to be fraudulent through any or all portions of the available Whois information."
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mm.icann.org/pipermail/gnso-rds-pdp-purpose/attachments/20160419/5048b413/attachment.html>