[gnso-rds-pdp-wg] Use Case - False registration data to appear as Facebook owned domain name

benny at nordreg.se benny at nordreg.se
Tue Aug 2 04:20:30 UTC 2016 

The domain in the exampel are now 16 days old and put on hold

My use of validated should been verified

--
Med vänliga hälsningar / Kind Regards / Med vennlig hilsen

Benny Samuelsen
Registry Manager - Domainexpert

Nordreg AB - ICANN accredited registrar
IANA-ID: 638
Phone: +46.42197080
Direct: +47.32260201
Mobile: +47.40410200

From: <gnso-rds-pdp-wg-bounces at icann.org> on behalf of Chris Pelling <chris at netearth.net>
Date: Monday 1 August 2016 at 22:06
To: Ade Cheek <ade.cheek at legitscript.com>
Cc: "gnso-rds-pdp-wg at icann.org" <gnso-rds-pdp-wg at icann.org>
Subject: Re: [gnso-rds-pdp-wg] Use Case - False registration data to appear as Facebook owned domain name

Sorry Ade, but you may have missed the main point here, the domain is 9 days (yes nine) old, it is under the 15 day 2013 RAA Verification for email or telephone confirmation, whereby if not confirmed it is suspended.

The address could be correct (well it is lets be honest) and the telephone number could be correct (it is per facebook,com).  The registrar within the first 15 days has to have a positive feedback only, thus if a link is clicked (by accident) or an SMS at time of registration and the code entered on a webpage later - this is confirmation.

If nothing received - on day 16 (so 15 full days) the domain should be suspended.

Kind regards,

Chris

________________________________
From: "Ade Cheek" <ade.cheek at legitscript.com>
To: "Susan Kawaguchi" <susank at fb.com>
Cc: gnso-rds-pdp-wg at icann.org
Sent: Monday, 1 August, 2016 19:36:44
Subject: Re: [gnso-rds-pdp-wg] Use Case - False registration data to appear as Facebook owned domain name

Onlinenic - No comment
Anyway, the address is valid, as in actually exists, hence the initial "validation". You don't need me to tell you that a large number of registrars simply automate the address check process and when complaints arise, they can claim that they had conducted validation checks. More often than not (in my experience) the complaint is then dropped by ICANN.

As silly as this sounds, if the sender address is not monitored, then the reply that it's not valid will simply not be read. I also see that they ask you to "contact your domain name Service Provider for direct assistance" if you need to correct any information. Again, don't contact us, it's not our problem.



On Mon, Aug 1, 2016 at 11:24 AM, Susan Kawaguchi <susank at fb.com<mailto:susank at fb.com>> wrote:
We received a WDRP notice as you can see below.  No way to validate the information and I responded that it is NOT valid…   Completely out of compliance in my opinion.

From: "No-Reply at onlinenic.com<mailto:No-Reply at onlinenic.com>" <No-Reply at onlinenic.com<mailto:No-Reply at onlinenic.com>>
Date: Thursday, July 28, 2016 at 9:43 PM
To: domain <domain at fb.com<mailto:domain at fb.com>>
Subject: [domain] Whois Data Reminder - login-account.net<http://login-account.net>


Dear Domain Registrant,

This e-mail is a reminder for you to review and correct any inaccurate Whois information associated with your domain registration on login-account.net<http://login-account.net>. Our records include the following information.

[whois info]

    Domain: login-account.net<http://login-account.net>
    Registrar Name: ONLINENIC, INC.

    Registrant:
    Name: Domain Administrator
    Address: 1601 Willow Road,
    City: Menlo Park
    State/Province: CA
    Country: US
    Postal Code: 94025

    Administrative Contact:
    Name: Domain Administrator
    Address: 1601 Willow Road,
    City: Menlo Park
    State/Province: CA
    Country: US
    Postal Code: 94025
    Phone: +1.6505434800<tel:%2B1.6505434800>
    Fax: +1.6505434800<tel:%2B1.6505434800>
    Email: domain at fb.com<mailto:domain at fb.com>

    Technical Contact:
    Name: Domain Administrator
    Address: 1601 Willow Road,
    City: Menlo Park
    State/Province: CA
    Country: US
    Postal Code: 94025
    Phone: +1.6505434800<tel:%2B1.6505434800>
    Fax: +1.6505434800<tel:%2B1.6505434800>
    Email: domain at fb.com<mailto:domain at fb.com>

    Original Creation Date: 07/24/2016
    Expiration Date: 07/24/2017

    Nameserver Information:
    Nameserver: ns1.dns-diy.net<http://ns1.dns-diy.net>
    Nameserver: ns2.dns-diy.net<http://ns2.dns-diy.net>

Under ICANN rules at http://www.icann.org/whois/wdrp-registrant-faq.htm<https://urldefense.proofpoint.com/v2/url?u=http-3A__www.icann.org_whois_wdrp-2Dregistrant-2Dfaq.htm&d=CwMBAg&c=5VD0RTtNlTh3ycd41b3MUw&r=DQBitvw2wt4C9NKwu0gx6g&m=6ZQETFuwFeXy8l_T-xbW3SRW8Gq1DvccW4pYvCG_J9I&s=tkiE78dd1OtI_U8KqYyfLcWi2XRY1S6cNI8nF9ZnUUs&e=>, domain name registrants are obligated to review the contact information associated with their domain names and make corrections whenever necessary. The provision of false Whois information can be grounds for cancellation of your domain name registration.

If you confirm the current whois information is full and accurate, you could simply ignore this notification.

If you need to update whois information, please contact your domain name Service Provider for direct assistance.

Regards.
Susan Kawaguchi
Domain Name Manager
Facebook Legal Dept.


From: "benny at nordreg.se<mailto:benny at nordreg.se>" <benny at nordreg.se<mailto:benny at nordreg.se>>
Date: Monday, August 1, 2016 at 10:30 AM
To: Ade Cheek <ade.cheek at legitscript.com<mailto:ade.cheek at legitscript.com>>, Susan kawaguchi <susank at fb.com<mailto:susank at fb.com>>
Cc: "gnso-rds-pdp-wg at icann.org<mailto:gnso-rds-pdp-wg at icann.org>" <gnso-rds-pdp-wg at icann.org<mailto:gnso-rds-pdp-wg at icann.org>>
Subject: Re: [gnso-rds-pdp-wg] Use Case - False registration data to appear as Facebook owned domain name

Please point me to the section where that are in compliance with RAA 2013

The only occurance occurrance of getting a domain as OK without validation are if the Registrant ID are validated from before and no changes are done. In that case it indicates FB have validated the info



--
Med vänliga hälsningar / Kind Regards / Med vennlig hilsen

Benny Samuelsen
Registry Manager - Domainexpert

Nordreg AB - ICANN accredited registrar
IANA-ID: 638
Phone: +46.42197080<tel:%2B46.42197080>
Direct: +47.32260201<tel:%2B47.32260201>
Mobile: +47.40410200<tel:%2B47.40410200>

From: Ade Cheek <ade.cheek at legitscript.com<mailto:ade.cheek at legitscript.com>>
Date: Monday 1 August 2016 at 19:13
To: Susan Kawaguchi <susank at fb.com<mailto:susank at fb.com>>
Cc: Benny Samuelsen <benny at nordreg.se<mailto:benny at nordreg.se>>, "gnso-rds-pdp-wg at icann.org<mailto:gnso-rds-pdp-wg at icann.org>" <gnso-rds-pdp-wg at icann.org<mailto:gnso-rds-pdp-wg at icann.org>>
Subject: Re: [gnso-rds-pdp-wg] Use Case - False registration data to appear as Facebook owned domain name

Benny,

If the information provided ticks the boxes then it's validated. Most checks are retrospective as this takes time and time is money...

On Mon, Aug 1, 2016 at 10:11 AM, Ade Cheek <ade.cheek at legitscript.com<mailto:ade.cheek at legitscript.com>> wrote:
As Susan mentions, all they need is a few days. At least the registrar actually conducted validation checks, many don't.

On Mon, Aug 1, 2016 at 10:04 AM, Susan Kawaguchi <susank at fb.com<mailto:susank at fb.com>> wrote:
The registrar sent an email to Domain at fb.com<mailto:Domain at fb.com> which I received but I immediately responded it was not a valid registration and asked for transfer.  No word yet.

All phishers need is a few days to use the domain name.
Susan Kawaguchi
Domain Name Manager
Facebook Legal Dept.


From: "benny at nordreg.se<mailto:benny at nordreg.se>" <benny at nordreg.se<mailto:benny at nordreg.se>>
Date: Monday, August 1, 2016 at 10:01 AM
To: Susan kawaguchi <susank at fb.com<mailto:susank at fb.com>>, "gnso-rds-pdp-wg at icann.org<mailto:gnso-rds-pdp-wg at icann.org>" <gnso-rds-pdp-wg at icann.org<mailto:gnso-rds-pdp-wg at icann.org>>
Subject: Re: [gnso-rds-pdp-wg] Use Case - False registration data to appear as Facebook owned domain name

Curious, how did it get validated?


--
Med vänliga hälsningar / Kind Regards / Med vennlig hilsen

Benny Samuelsen
Registry Manager - Domainexpert

Nordreg AB - ICANN accredited registrar
IANA-ID: 638
Phone: +46.42197080<tel:%2B46.42197080>
Direct: +47.32260201<tel:%2B47.32260201>
Mobile: +47.40410200<tel:%2B47.40410200>

From: <gnso-rds-pdp-wg-bounces at icann.org<mailto:gnso-rds-pdp-wg-bounces at icann.org>> on behalf of Susan Kawaguchi <susank at fb.com<mailto:susank at fb.com>>
Date: Monday 1 August 2016 at 17:17
To: "gnso-rds-pdp-wg at icann.org<mailto:gnso-rds-pdp-wg at icann.org>" <gnso-rds-pdp-wg at icann.org<mailto:gnso-rds-pdp-wg at icann.org>>
Subject: [gnso-rds-pdp-wg] Use Case - False registration data to appear as Facebook owned domain name

Hello All,

Attached is a use case we run into frequently, bad actors will use valid Facebook information in the registration data to make the registration to appear authentic.

Best regards,

Susan Kawaguchi
Domain Name Manager
Facebook Legal Dept.


_______________________________________________
gnso-rds-pdp-wg mailing list
gnso-rds-pdp-wg at icann.org<mailto:gnso-rds-pdp-wg at icann.org>
https://mm.icann.org/mailman/listinfo/gnso-rds-pdp-wg<https://urldefense.proofpoint.com/v2/url?u=https-3A__mm.icann.org_mailman_listinfo_gnso-2Drds-2Dpdp-2Dwg&d=CwMGaQ&c=5VD0RTtNlTh3ycd41b3MUw&r=gvEx8xF7ynrYQ7wShqEr-w&m=X0PxikbdWYe1qnRLBvj7NpVBwJZ9lefkBvSnTMUav2k&s=y8pKkA5htvW2aMfadVs4cTis3K112j7m5MpRvq2Y8cw&e=>



--
Adrian Cheek
Director of Global Partnerships
[https://docs.google.com/uc?export=download&id=0B1czF3rFjMNlUlBBQ2RCbmI5bVE&revid=0B1czF3rFjMNlb2gzSFZiOHNiQmRuOC8yMHlMQU94WGxVcWM4PQ]



--
Adrian Cheek
Director of Global Partnerships
[https://docs.google.com/uc?export=download&id=0B1czF3rFjMNlUlBBQ2RCbmI5bVE&revid=0B1czF3rFjMNlb2gzSFZiOHNiQmRuOC8yMHlMQU94WGxVcWM4PQ]



--
Adrian Cheek
Director of Global Partnerships
[https://docs.google.com/uc?export=download&id=0B1czF3rFjMNlUlBBQ2RCbmI5bVE&revid=0B1czF3rFjMNlb2gzSFZiOHNiQmRuOC8yMHlMQU94WGxVcWM4PQ]

_______________________________________________
gnso-rds-pdp-wg mailing list
gnso-rds-pdp-wg at icann.org
https://mm.icann.org/mailman/listinfo/gnso-rds-pdp-wg
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mm.icann.org/pipermail/gnso-rds-pdp-wg/attachments/20160802/c179f402/attachment.html>

More information about the gnso-rds-pdp-wg mailing list