[gnso-rds-pdp-wg] Use Case - False registration data to appear as Facebook owned domain name
Chris Pelling
chris at netearth.net
Mon Aug 1 20:29:08 UTC 2016
Hi Ade,
I am super picky, but how is the telephone number incorrect ?, I just want to see this from an outside pov.
This is a proper whois of the domain :
[Querying whois.verisign-grs.com]
[Redirected to whois.onlinenic.com]
[Querying whois.onlinenic.com]
[whois.onlinenic.com]
Domain Name: login-account.net
Registry Domain ID: 5696800_DOMAIN_COM-VRSN
Registrar WHOIS Server: whois.onlinenic.com
Registrar URL: http://www.onlinenic.com
Updated Date: 2016-07-24T04:00:00Z
Creation Date: 2016-07-24T04:00:00Z
Registrar Registration Expiration Date: 2017-07-24T04:00:00Z
Registrar: Onlinenic Inc
Registrar IANA ID: 82
Registrar Abuse Contact Email: onlinenic-enduser at onlinenic.com
Registrar Abuse Contact Phone: +1.5107698492
Domain Status: clientTransferProhibited https://icann.org/epp#clientTransferProhibited
Registry Registrant ID:
Registrant Name: Domain Administrator
Registrant Organization: Facebook, Inc.
Registrant Street: 1601 Willow Road,
Registrant City: Menlo Park
Registrant State/Province: CA
Registrant Postal Code: 94025
Registrant Country: US
Registrant Phone: +1.6505434800
Registrant Phone Ext:
Registrant Fax: +1.6505434800
Registrant Fax Ext:
Registrant Email: domain at fb.com
Registry Admin ID:
Admin Name: Domain Administrator
Admin Organization: Facebook, Inc.
Admin Street: 1601 Willow Road,
Admin City: Menlo Park
Admin State/Province: CA
Admin Postal Code: 94025
Admin Country: US
Admin Phone: +1.6505434800
Admin Phone Ext:
Admin Fax: +1.6505434800
Admin Fax Ext:
Admin Email: domain at fb.com
Registry Tech ID:
Tech Name: Domain Administrator
Tech Organization: Facebook, Inc.
Tech Street: 1601 Willow Road,
Tech City: Menlo Park
Tech State/Province: CA
Tech Postal Code: 94025
Tech Country: US
Tech Phone: +1.6505434800
Tech Phone Ext:
Tech Fax: +1.6505434800
Tech Fax Ext:
Tech Email: domain at fb.com
Name Server: ns1.dns-diy.net
Name Server: ns2.dns-diy.net
DNSSEC: unsigned
URL of the ICANN WHOIS Data Problem Reporting System: http://wdprs.internic.net/
>>> Last update of WHOIS database: 2016-07-24T04:00:00Z <<<
For more information on Whois status codes, please visit https://icann.org/epp
One quick grab of the facebook.com domain from MM servers :
[whois.markmonitor.com]
Domain Name: facebook.com
Registry Domain ID: 2320948_DOMAIN_COM-VRSN
Registrant Name: Domain Administrator
Registrant Organization: Facebook, Inc.
Registrant Street: 1601 Willow Road,
Registrant City: Menlo Park
Registrant State/Province: CA
Registrant Postal Code: 94025
Registrant Country: US
Registrant Phone: +1.6505434800
Registrant Phone Ext:
Registrant Fax: +1.6505434800
Registrant Fax Ext:
Registrant Email: domain at fb.com
So the telephone numbers between the 2 domains are the same.
Kind regards,
Chris
From: "Ade Cheek" <ade.cheek at legitscript.com>
To: "Pelling, Chris" <chris at netearth.net>
Cc: "Susan Kawaguchi" <susank at fb.com>, "gnso-rds-pdp-wg" <gnso-rds-pdp-wg at icann.org>
Sent: Monday, 1 August, 2016 21:15:52
Subject: Re: [gnso-rds-pdp-wg] Use Case - False registration data to appear as Facebook owned domain name
Chris,
The original question was "How was this validated to begin with" I simply explained that part, from my point of view. If I want to be picky, the WHOIS information is invalid as the phone numbers are incorrect so therefore it should never have been registered (but I'm being picky)
On Mon, Aug 1, 2016 at 1:09 PM, Chris Pelling < chris at netearth.net > wrote:
Hi Susan,
As mentioned to Ade, 15 days aren't up yet. Once 15 days are up and no positive confirmation, then the domain should be suspended. At this time apart from not responding to you, OnlineNic have not done anything wrong on this.
Certainly on the 16th day - jump on them for not suspending the domain name.
Kind regards,
Chris
From: "Susan Kawaguchi" < susank at fb.com >
To: "Ade Cheek" < ade.cheek at legitscript.com >
Cc: "gnso-rds-pdp-wg" < gnso-rds-pdp-wg at icann.org >
Sent: Monday, 1 August, 2016 19:58:58
Subject: Re: [gnso-rds-pdp-wg] Use Case - False registration data to appear as Facebook owned domain name
I should have used the term verify as used in the 2013 RAA the following was not done by Onlinenic.com
the email address of the Registered Name Holder (and, if different, the Account Holder) by sending an email requiring an affirmative response through a tool-based authentication method such as providing a unique code that must be returned in a manner designated by the Registrar,
Susan Kawaguchi
Domain Name Manager
Facebook Legal Dept.
From: Ade Cheek < ade.cheek at legitscript.com >
Date: Monday, August 1, 2016 at 11:36 AM
To: Susan kawaguchi < susank at fb.com >
Cc: " benny at nordreg.se " < benny at nordreg.se >, " gnso-rds-pdp-wg at icann.org " < gnso-rds-pdp-wg at icann.org >
Subject: Re: [gnso-rds-pdp-wg] Use Case - False registration data to appear as Facebook owned domain name
Onlinenic - No comment
Anyway, the address is valid, as in actually exists, hence the initial "validation". You don't need me to tell you that a large number of registrars simply automate the address check process and when complaints arise, they can claim that they had conducted validation checks. More often than not (in my experience) the complaint is then dropped by ICANN.
As silly as this sounds, if the sender address is not monitored, then the reply that it's not valid will simply not be read. I also see that they ask you to " contact your domain name Service Provider for direct assistance" if you need to correct any information. Again, don't contact us, it's not our problem.
On Mon, Aug 1, 2016 at 11:24 AM, Susan Kawaguchi < susank at fb.com > wrote:
BQ_BEGIN
We received a WDRP notice as you can see below. No way to validate the information and I responded that it is NOT valid… Completely out of compliance in my opinion.
From: " No-Reply at onlinenic.com " < No-Reply at onlinenic.com >
Date: Thursday, July 28, 2016 at 9:43 PM
To: domain < domain at fb.com >
Subject: [domain] Whois Data Reminder - login-account.net
Dear Domain Registrant,
This e-mail is a reminder for you to review and correct any inaccurate Whois information associated with your domain registration on login-account.net . Our records include the following information.
[whois info]
Domain: login-account.net
Registrar Name: ONLINENIC, INC.
Registrant:
Name: Domain Administrator
Address: 1601 Willow Road,
City: Menlo Park
State/Province: CA
Country: US
Postal Code: 94025
Administrative Contact:
Name: Domain Administrator
Address: 1601 Willow Road,
City: Menlo Park
State/Province: CA
Country: US
Postal Code: 94025
Phone: +1.6505434800
Fax: +1.6505434800
Email: domain at fb.com
Technical Contact:
Name: Domain Administrator
Address: 1601 Willow Road,
City: Menlo Park
State/Province: CA
Country: US
Postal Code: 94025
Phone: +1.6505434800
Fax: +1.6505434800
Email: domain at fb.com
Original Creation Date: 07/24/2016
Expiration Date: 07/24/2017
Nameserver Information:
Nameserver: ns1.dns-diy.net
Nameserver: ns2.dns-diy.net
Under ICANN rules at http://www.icann.org/whois/wdrp-registrant-faq.htm , domain name registrants are obligated to review the contact information associated with their domain names and make corrections whenever necessary. The provision of false Whois information can be grounds for cancellation of your domain name registration.
If you confirm the current whois information is full and accurate, you could simply ignore this notification.
If you need to update whois information, please contact your domain name Service Provider for direct assistance.
Regards.
Susan Kawaguchi
Domain Name Manager
Facebook Legal Dept.
From: " benny at nordreg.se " < benny at nordreg.se >
Date: Monday, August 1, 2016 at 10:30 AM
To: Ade Cheek < ade.cheek at legitscript.com >, Susan kawaguchi < susank at fb.com >
Cc: " gnso-rds-pdp-wg at icann.org " < gnso-rds-pdp-wg at icann.org >
Subject: Re: [gnso-rds-pdp-wg] Use Case - False registration data to appear as Facebook owned domain name
Please point me to the section where that are in compliance with RAA 2 013
The only occurance occurrance of getting a domain as OK without validation are if the Registrant ID are validated from before and no changes are done. In that case it indicates FB have validated the info
--
Med vänliga hälsningar / Kind Regards / Med vennlig hilsen
Benny Samuelsen
Registry Manager - Domainexpert
Nordreg AB - ICANN accredited registrar
IANA-ID: 638
Phone: +46.42197080
Direct: +47.32260201
Mobile: +47.40410200
From: Ade Cheek < ade.cheek at legitscript.com >
Date: Monday 1 August 2016 at 19:13
To: Susan Kawaguchi < susank at fb.com >
Cc: Benny Samuelsen < benny at nordreg.se >, " gnso-rds-pdp-wg at icann.org " < gnso-rds-pdp-wg at icann.org >
Subject: Re: [gnso-rds-pdp-wg] Use Case - False registration data to appear as Facebook owned domain name
Benny,
If the information provided ticks the boxes then it's validated. Most checks are retrospective as this takes time and time is money...
On Mon, Aug 1, 2016 at 10:11 AM, Ade Cheek < ade.cheek at legitscript.com > wrote:
BQ_BEGIN
As Susan mentions, all they need is a few days. At least the registrar actually conducted validation checks, many don't.
On Mon, Aug 1, 2016 at 10:04 AM, Susan Kawaguchi < susank at fb.com > wrote:
BQ_BEGIN
The registrar sent an email to Domain at fb.com which I received but I immediately responded it was not a valid registration and asked for transfer. No word yet.
All phishers need is a few days to use the domain name.
Susan Kawaguchi
Domain Name Manager
Facebook Legal Dept.
From: " benny at nordreg.se " < benny at nordreg.se >
Date: Monday, August 1, 2016 at 10:01 AM
To: Susan kawaguchi < susank at fb.com >, " gnso-rds-pdp-wg at icann.org " < gnso-rds-pdp-wg at icann.org >
Subject: Re: [gnso-rds-pdp-wg] Use Case - False registration data to appear as Facebook owned domain name
Curious, how did it get validated?
--
Med vänliga hälsningar / Kind Regards / Med vennlig hilsen
Benny Samuelsen
Registry Manager - Domainexpert
Nordreg AB - ICANN accredited registrar
IANA-ID: 638
Phone: +46.42197080
Direct: +47.32260201
Mobile: +47.40410200
From: < gnso-rds-pdp-wg-bounces at icann.org > on behalf of Susan Kawaguchi < susank at fb.com >
Date: Monday 1 August 2016 at 17:17
To: " gnso-rds-pdp-wg at icann.org " < gnso-rds-pdp-wg at icann.org >
Subject: [gnso-rds-pdp-wg] Use Case - False registration data to appear as Facebook owned domain name
Hello All,
Attached is a use case we run into frequently, bad actors will use valid Facebook information in the registration data to make the registration to appear authentic.
Best regards,
Susan Kawaguchi
Domain Name Manager
Facebook Legal Dept.
_______________________________________________
gnso-rds-pdp-wg mailing list
gnso-rds-pdp-wg at icann.org
https://mm.icann.org/mailman/listinfo/gnso-rds-pdp-wg
--
Adrian Cheek
Director of Global Partnerships
BQ_END
--
Adrian Cheek
Director of Global Partnerships
BQ_END
--
Adrian Cheek
Director of Global Partnerships
_______________________________________________
gnso-rds-pdp-wg mailing list
gnso-rds-pdp-wg at icann.org
https://mm.icann.org/mailman/listinfo/gnso-rds-pdp-wg
_______________________________________________
gnso-rds-pdp-wg mailing list
gnso-rds-pdp-wg at icann.org
https://mm.icann.org/mailman/listinfo/gnso-rds-pdp-wg
BQ_END
--
Adrian Cheek
Director of Global Partnerships
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mm.icann.org/pipermail/gnso-rds-pdp-wg/attachments/20160801/220c625a/attachment.html>
More information about the gnso-rds-pdp-wg
mailing list