[gnso-rds-pdp-wg] Use Case - False registration data to appear as Facebook owned domain name
Susan Kawaguchi
susank at fb.com
Tue Aug 2 14:54:31 UTC 2016
No never received a request to verify the domain name. I am very familiar with the process that is similar with many different registrars. The language of the request may differ a bit but the process is very similar with all the registrars I do business with.
I would also always check the registration details as this type of registration happens more often than you would think.
Didn't verify by accident Onlinenic didn't send a verification request.
But the real issue with this use case is that anyone can steal an identity and use it in a Whois record. In this case their intent was harmful to FB users. A responsible registrar will immediately either suspend the domain name or transfer the domain name to FB.
Sent from my iPhone
On Aug 2, 2016, at 1:18 AM, Volker Greimann <vgreimann at key-systems.net<mailto:vgreimann at key-systems.net>> wrote:
Hi Susan,
depending on how that registrars validation system is set up, it may merely need a response to the verification request from any email, provided certain triggers are included. I do not know the details, but is it conceivable you accidentally verified the address in your response?
Just trying to guess what happened.
Volker
Am 01.08.2016 um 19:28 schrieb Susan Kawaguchi:
No auto response on Domain at fb.com<mailto:Domain at fb.com>. Not validated.
Susan Kawaguchi
Domain Name Manager
Facebook Legal Dept.
From: <gnso-rds-pdp-wg-bounces at icann.org<mailto:gnso-rds-pdp-wg-bounces at icann.org>> on behalf of Volker Greimann <vgreimann at key-systems.net<mailto:vgreimann at key-systems.net>>
Date: Monday, August 1, 2016 at 10:13 AM
To: "gnso-rds-pdp-wg at icann.org<mailto:gnso-rds-pdp-wg at icann.org>" <gnso-rds-pdp-wg at icann.org<mailto:gnso-rds-pdp-wg at icann.org>>
Subject: Re: [gnso-rds-pdp-wg] Use Case - False registration data to appear as Facebook owned domain name
Possibly the response was received, automatically noted as a valid response from that email address and presto: validated!
Volker
Am 01.08.2016 um 19:07 schrieb benny at nordreg.se<mailto:benny at nordreg.se>:
Yes I am aware of that but status on the domain per today indicates that it’s validated already, thats why I asked.
--
Med vänliga hälsningar / Kind Regards / Med vennlig hilsen
Benny Samuelsen
Registry Manager - Domainexpert
Nordreg AB - ICANN accredited registrar
IANA-ID: 638
Phone: +46.42197080
Direct: +47.32260201
Mobile: +47.40410200
From: Susan Kawaguchi <susank at fb.com><mailto:susank at fb.com>
Date: Monday 1 August 2016 at 19:04
To: Benny Samuelsen <benny at nordreg.se><mailto:benny at nordreg.se>, "gnso-rds-pdp-wg at icann.org"<mailto:gnso-rds-pdp-wg at icann.org> <gnso-rds-pdp-wg at icann.org><mailto:gnso-rds-pdp-wg at icann.org>
Subject: Re: [gnso-rds-pdp-wg] Use Case - False registration data to appear as Facebook owned domain name
The registrar sent an email to Domain at fb.com<mailto:Domain at fb.com> which I received but I immediately responded it was not a valid registration and asked for transfer. No word yet.
All phishers need is a few days to use the domain name.
Susan Kawaguchi
Domain Name Manager
Facebook Legal Dept.
From: "benny at nordreg.se<mailto:benny at nordreg.se>" <benny at nordreg.se<mailto:benny at nordreg.se>>
Date: Monday, August 1, 2016 at 10:01 AM
To: Susan kawaguchi <susank at fb.com<mailto:susank at fb.com>>, "gnso-rds-pdp-wg at icann.org<mailto:gnso-rds-pdp-wg at icann.org>" <gnso-rds-pdp-wg at icann.org<mailto:gnso-rds-pdp-wg at icann.org>>
Subject: Re: [gnso-rds-pdp-wg] Use Case - False registration data to appear as Facebook owned domain name
Curious, how did it get validated?
--
Med vänliga hälsningar / Kind Regards / Med vennlig hilsen
Benny Samuelsen
Registry Manager - Domainexpert
Nordreg AB - ICANN accredited registrar
IANA-ID: 638
Phone: +46.42197080
Direct: +47.32260201
Mobile: +47.40410200
From: <gnso-rds-pdp-wg-bounces at icann.org<mailto:gnso-rds-pdp-wg-bounces at icann.org>> on behalf of Susan Kawaguchi <susank at fb.com<mailto:susank at fb.com>>
Date: Monday 1 August 2016 at 17:17
To: "gnso-rds-pdp-wg at icann.org<mailto:gnso-rds-pdp-wg at icann.org>" <gnso-rds-pdp-wg at icann.org<mailto:gnso-rds-pdp-wg at icann.org>>
Subject: [gnso-rds-pdp-wg] Use Case - False registration data to appear as Facebook owned domain name
Hello All,
Attached is a use case we run into frequently, bad actors will use valid Facebook information in the registration data to make the registration to appear authentic.
Best regards,
Susan Kawaguchi
Domain Name Manager
Facebook Legal Dept.
_______________________________________________
gnso-rds-pdp-wg mailing list
gnso-rds-pdp-wg at icann.org<mailto:gnso-rds-pdp-wg at icann.org>https://mm.icann.org/mailman/listinfo/gnso-rds-pdp-wg<https://urldefense.proofpoint.com/v2/url?u=https-3A__mm.icann.org_mailman_listinfo_gnso-2Drds-2Dpdp-2Dwg&d=CwMD-g&c=5VD0RTtNlTh3ycd41b3MUw&r=gvEx8xF7ynrYQ7wShqEr-w&m=41Z58OxY4ZOFNMyXHWIv025wYlmxm_xDbGNXhie8zUU&s=YxkJV-idBtALQz_ZgfavlPRi5QtGZnV80ciwPShLw94&e=>
--
Bei weiteren Fragen stehen wir Ihnen gerne zur Verfügung.
Mit freundlichen Grüßen,
Volker A. Greimann
- Rechtsabteilung -
Key-Systems GmbH
Im Oberen Werk 1
66386 St. Ingbert
Tel.: +49 (0) 6894 - 9396 901
Fax.: +49 (0) 6894 - 9396 851
Email: vgreimann at key-systems.net<mailto:vgreimann at key-systems.net>
Web: www.key-systems.net<https://urldefense.proofpoint.com/v2/url?u=http-3A__www.key-2Dsystems.net&d=CwMD-g&c=5VD0RTtNlTh3ycd41b3MUw&r=gvEx8xF7ynrYQ7wShqEr-w&m=41Z58OxY4ZOFNMyXHWIv025wYlmxm_xDbGNXhie8zUU&s=eKFaDiM-18IILKpjGhVDlj4vhzR95VU1On6g0Sy-LFM&e=> / www.RRPproxy.net<https://urldefense.proofpoint.com/v2/url?u=http-3A__www.RRPproxy.net&d=CwMD-g&c=5VD0RTtNlTh3ycd41b3MUw&r=gvEx8xF7ynrYQ7wShqEr-w&m=41Z58OxY4ZOFNMyXHWIv025wYlmxm_xDbGNXhie8zUU&s=sknhFvOfbL8P_y1ROcvqO-IgGdP25lI2NVzk-s86FK0&e=>www.domaindiscount24.com<https://urldefense.proofpoint.com/v2/url?u=http-3A__www.domaindiscount24.com&d=CwMD-g&c=5VD0RTtNlTh3ycd41b3MUw&r=gvEx8xF7ynrYQ7wShqEr-w&m=41Z58OxY4ZOFNMyXHWIv025wYlmxm_xDbGNXhie8zUU&s=-kmRVZPoWec5uKf_tpYeFdwA47wemXy4IcjVdkyi6ng&e=> / www.BrandShelter.com<https://urldefense.proofpoint.com/v2/url?u=http-3A__www.BrandShelter.com&d=CwMD-g&c=5VD0RTtNlTh3ycd41b3MUw&r=gvEx8xF7ynrYQ7wShqEr-w&m=41Z58OxY4ZOFNMyXHWIv025wYlmxm_xDbGNXhie8zUU&s=GKI5BXrBrWYbPUHKhNgB2x4Cs0q7QKvJVDlFbSSLEJ0&e=>
Folgen Sie uns bei Twitter oder werden Sie unser Fan bei Facebook:
www.facebook.com/KeySystems<http://www.facebook.com/KeySystems>www.twitter.com/key_systems<https://urldefense.proofpoint.com/v2/url?u=http-3A__www.twitter.com_key-5Fsystems&d=CwMD-g&c=5VD0RTtNlTh3ycd41b3MUw&r=gvEx8xF7ynrYQ7wShqEr-w&m=41Z58OxY4ZOFNMyXHWIv025wYlmxm_xDbGNXhie8zUU&s=QoOoQD7CfKHDxv5XtG9uy-FuOrv2t9-PtGljQ0IZ69s&e=>
Geschäftsführer: Alexander Siffrin
Handelsregister Nr.: HR B 18835 - Saarbruecken
Umsatzsteuer ID.: DE211006534
Member of the KEYDRIVE GROUP
www.keydrive.lu<https://urldefense.proofpoint.com/v2/url?u=http-3A__www.keydrive.lu&d=CwMD-g&c=5VD0RTtNlTh3ycd41b3MUw&r=gvEx8xF7ynrYQ7wShqEr-w&m=41Z58OxY4ZOFNMyXHWIv025wYlmxm_xDbGNXhie8zUU&s=vllDL7ekmGsH0WP-l-xTQC60tEDAW8ziLqa37HaX5Lg&e=>
Der Inhalt dieser Nachricht ist vertraulich und nur für den angegebenen Empfänger bestimmt. Jede Form der Kenntnisgabe, Veröffentlichung oder Weitergabe an Dritte durch den Empfänger ist unzulässig. Sollte diese Nachricht nicht für Sie bestimmt sein, so bitten wir Sie, sich mit uns per E-Mail oder telefonisch in Verbindung zu setzen.
--------------------------------------------
Should you have any further questions, please do not hesitate to contact us.
Best regards,
Volker A. Greimann
- legal department -
Key-Systems GmbH
Im Oberen Werk 1
66386 St. Ingbert
Tel.: +49 (0) 6894 - 9396 901
Fax.: +49 (0) 6894 - 9396 851
Email: vgreimann at key-systems.net<mailto:vgreimann at key-systems.net>
Web: www.key-systems.net<https://urldefense.proofpoint.com/v2/url?u=http-3A__www.key-2Dsystems.net&d=CwMD-g&c=5VD0RTtNlTh3ycd41b3MUw&r=gvEx8xF7ynrYQ7wShqEr-w&m=41Z58OxY4ZOFNMyXHWIv025wYlmxm_xDbGNXhie8zUU&s=eKFaDiM-18IILKpjGhVDlj4vhzR95VU1On6g0Sy-LFM&e=> / www.RRPproxy.net<https://urldefense.proofpoint.com/v2/url?u=http-3A__www.RRPproxy.net&d=CwMD-g&c=5VD0RTtNlTh3ycd41b3MUw&r=gvEx8xF7ynrYQ7wShqEr-w&m=41Z58OxY4ZOFNMyXHWIv025wYlmxm_xDbGNXhie8zUU&s=sknhFvOfbL8P_y1ROcvqO-IgGdP25lI2NVzk-s86FK0&e=>www.domaindiscount24.com<https://urldefense.proofpoint.com/v2/url?u=http-3A__www.domaindiscount24.com&d=CwMD-g&c=5VD0RTtNlTh3ycd41b3MUw&r=gvEx8xF7ynrYQ7wShqEr-w&m=41Z58OxY4ZOFNMyXHWIv025wYlmxm_xDbGNXhie8zUU&s=-kmRVZPoWec5uKf_tpYeFdwA47wemXy4IcjVdkyi6ng&e=> / www.BrandShelter.com<https://urldefense.proofpoint.com/v2/url?u=http-3A__www.BrandShelter.com&d=CwMD-g&c=5VD0RTtNlTh3ycd41b3MUw&r=gvEx8xF7ynrYQ7wShqEr-w&m=41Z58OxY4ZOFNMyXHWIv025wYlmxm_xDbGNXhie8zUU&s=GKI5BXrBrWYbPUHKhNgB2x4Cs0q7QKvJVDlFbSSLEJ0&e=>
Follow us on Twitter or join our fan community on Facebook and stay updated:
www.facebook.com/KeySystems<http://www.facebook.com/KeySystems>www.twitter.com/key_systems<https://urldefense.proofpoint.com/v2/url?u=http-3A__www.twitter.com_key-5Fsystems&d=CwMD-g&c=5VD0RTtNlTh3ycd41b3MUw&r=gvEx8xF7ynrYQ7wShqEr-w&m=41Z58OxY4ZOFNMyXHWIv025wYlmxm_xDbGNXhie8zUU&s=QoOoQD7CfKHDxv5XtG9uy-FuOrv2t9-PtGljQ0IZ69s&e=>
CEO: Alexander Siffrin
Registration No.: HR B 18835 - Saarbruecken
V.A.T. ID.: DE211006534
Member of the KEYDRIVE GROUP
www.keydrive.lu<https://urldefense.proofpoint.com/v2/url?u=http-3A__www.keydrive.lu&d=CwMD-g&c=5VD0RTtNlTh3ycd41b3MUw&r=gvEx8xF7ynrYQ7wShqEr-w&m=41Z58OxY4ZOFNMyXHWIv025wYlmxm_xDbGNXhie8zUU&s=vllDL7ekmGsH0WP-l-xTQC60tEDAW8ziLqa37HaX5Lg&e=>
This e-mail and its attachments is intended only for the person to whom it is addressed. Furthermore it is not permitted to publish any content of this email. You must not use, disclose, copy, print or rely on this e-mail. If an addressing or transmission error has misdirected this e-mail, kindly notify the author by replying to this e-mail or contacting us by telephone.
--
Bei weiteren Fragen stehen wir Ihnen gerne zur Verfügung.
Mit freundlichen Grüßen,
Volker A. Greimann
- Rechtsabteilung -
Key-Systems GmbH
Im Oberen Werk 1
66386 St. Ingbert
Tel.: +49 (0) 6894 - 9396 901
Fax.: +49 (0) 6894 - 9396 851
Email: vgreimann at key-systems.net<mailto:vgreimann at key-systems.net>
Web: www.key-systems.net<https://urldefense.proofpoint.com/v2/url?u=http-3A__www.key-2Dsystems.net&d=CwMG-g&c=5VD0RTtNlTh3ycd41b3MUw&r=gvEx8xF7ynrYQ7wShqEr-w&m=x255OH_56KRhk3YgcZ5wAZQgyBRtkBz-_4QJponchjE&s=YndtSyOVxVt7ljrHQQ2stBiOSOChW3q_I22KH-KXKwQ&e=> / www.RRPproxy.net<https://urldefense.proofpoint.com/v2/url?u=http-3A__www.RRPproxy.net&d=CwMG-g&c=5VD0RTtNlTh3ycd41b3MUw&r=gvEx8xF7ynrYQ7wShqEr-w&m=x255OH_56KRhk3YgcZ5wAZQgyBRtkBz-_4QJponchjE&s=6xautjX0FzDJ8VpFn6q7N82vG58XKxNaGZ-aacN0icI&e=>
www.domaindiscount24.com<https://urldefense.proofpoint.com/v2/url?u=http-3A__www.domaindiscount24.com&d=CwMG-g&c=5VD0RTtNlTh3ycd41b3MUw&r=gvEx8xF7ynrYQ7wShqEr-w&m=x255OH_56KRhk3YgcZ5wAZQgyBRtkBz-_4QJponchjE&s=_FLfmofy9BNE-4kbxUdhW2taqRTKT351NqWtD2PS0F8&e=> / www.BrandShelter.com<https://urldefense.proofpoint.com/v2/url?u=http-3A__www.BrandShelter.com&d=CwMG-g&c=5VD0RTtNlTh3ycd41b3MUw&r=gvEx8xF7ynrYQ7wShqEr-w&m=x255OH_56KRhk3YgcZ5wAZQgyBRtkBz-_4QJponchjE&s=Lhy0_0kghpi0X0tyZavUgNg7ifVEtuwzQY8nj8DdGGU&e=>
Folgen Sie uns bei Twitter oder werden Sie unser Fan bei Facebook:
www.facebook.com/KeySystems<http://www.facebook.com/KeySystems>
www.twitter.com/key_systems<https://urldefense.proofpoint.com/v2/url?u=http-3A__www.twitter.com_key-5Fsystems&d=CwMG-g&c=5VD0RTtNlTh3ycd41b3MUw&r=gvEx8xF7ynrYQ7wShqEr-w&m=x255OH_56KRhk3YgcZ5wAZQgyBRtkBz-_4QJponchjE&s=4mnedVdh8EdBmjT2mPTqk5THlr-0n_85d8-wqppT1JU&e=>
Geschäftsführer: Alexander Siffrin
Handelsregister Nr.: HR B 18835 - Saarbruecken
Umsatzsteuer ID.: DE211006534
Member of the KEYDRIVE GROUP
www.keydrive.lu<https://urldefense.proofpoint.com/v2/url?u=http-3A__www.keydrive.lu&d=CwMG-g&c=5VD0RTtNlTh3ycd41b3MUw&r=gvEx8xF7ynrYQ7wShqEr-w&m=x255OH_56KRhk3YgcZ5wAZQgyBRtkBz-_4QJponchjE&s=2hKS-IWNgCL0Hb7xhS96rbpl-STIxUSVSgKAxMG_fl4&e=>
Der Inhalt dieser Nachricht ist vertraulich und nur für den angegebenen Empfänger bestimmt. Jede Form der Kenntnisgabe, Veröffentlichung oder Weitergabe an Dritte durch den Empfänger ist unzulässig. Sollte diese Nachricht nicht für Sie bestimmt sein, so bitten wir Sie, sich mit uns per E-Mail oder telefonisch in Verbindung zu setzen.
--------------------------------------------
Should you have any further questions, please do not hesitate to contact us.
Best regards,
Volker A. Greimann
- legal department -
Key-Systems GmbH
Im Oberen Werk 1
66386 St. Ingbert
Tel.: +49 (0) 6894 - 9396 901
Fax.: +49 (0) 6894 - 9396 851
Email: vgreimann at key-systems.net<mailto:vgreimann at key-systems.net>
Web: www.key-systems.net<https://urldefense.proofpoint.com/v2/url?u=http-3A__www.key-2Dsystems.net&d=CwMG-g&c=5VD0RTtNlTh3ycd41b3MUw&r=gvEx8xF7ynrYQ7wShqEr-w&m=x255OH_56KRhk3YgcZ5wAZQgyBRtkBz-_4QJponchjE&s=YndtSyOVxVt7ljrHQQ2stBiOSOChW3q_I22KH-KXKwQ&e=> / www.RRPproxy.net<https://urldefense.proofpoint.com/v2/url?u=http-3A__www.RRPproxy.net&d=CwMG-g&c=5VD0RTtNlTh3ycd41b3MUw&r=gvEx8xF7ynrYQ7wShqEr-w&m=x255OH_56KRhk3YgcZ5wAZQgyBRtkBz-_4QJponchjE&s=6xautjX0FzDJ8VpFn6q7N82vG58XKxNaGZ-aacN0icI&e=>
www.domaindiscount24.com<https://urldefense.proofpoint.com/v2/url?u=http-3A__www.domaindiscount24.com&d=CwMG-g&c=5VD0RTtNlTh3ycd41b3MUw&r=gvEx8xF7ynrYQ7wShqEr-w&m=x255OH_56KRhk3YgcZ5wAZQgyBRtkBz-_4QJponchjE&s=_FLfmofy9BNE-4kbxUdhW2taqRTKT351NqWtD2PS0F8&e=> / www.BrandShelter.com<https://urldefense.proofpoint.com/v2/url?u=http-3A__www.BrandShelter.com&d=CwMG-g&c=5VD0RTtNlTh3ycd41b3MUw&r=gvEx8xF7ynrYQ7wShqEr-w&m=x255OH_56KRhk3YgcZ5wAZQgyBRtkBz-_4QJponchjE&s=Lhy0_0kghpi0X0tyZavUgNg7ifVEtuwzQY8nj8DdGGU&e=>
Follow us on Twitter or join our fan community on Facebook and stay updated:
www.facebook.com/KeySystems<http://www.facebook.com/KeySystems>
www.twitter.com/key_systems<https://urldefense.proofpoint.com/v2/url?u=http-3A__www.twitter.com_key-5Fsystems&d=CwMG-g&c=5VD0RTtNlTh3ycd41b3MUw&r=gvEx8xF7ynrYQ7wShqEr-w&m=x255OH_56KRhk3YgcZ5wAZQgyBRtkBz-_4QJponchjE&s=4mnedVdh8EdBmjT2mPTqk5THlr-0n_85d8-wqppT1JU&e=>
CEO: Alexander Siffrin
Registration No.: HR B 18835 - Saarbruecken
V.A.T. ID.: DE211006534
Member of the KEYDRIVE GROUP
www.keydrive.lu<https://urldefense.proofpoint.com/v2/url?u=http-3A__www.keydrive.lu&d=CwMG-g&c=5VD0RTtNlTh3ycd41b3MUw&r=gvEx8xF7ynrYQ7wShqEr-w&m=x255OH_56KRhk3YgcZ5wAZQgyBRtkBz-_4QJponchjE&s=2hKS-IWNgCL0Hb7xhS96rbpl-STIxUSVSgKAxMG_fl4&e=>
This e-mail and its attachments is intended only for the person to whom it is addressed. Furthermore it is not permitted to publish any content of this email. You must not use, disclose, copy, print or rely on this e-mail. If an addressing or transmission error has misdirected this e-mail, kindly notify the author by replying to this e-mail or contacting us by telephone.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mm.icann.org/pipermail/gnso-rds-pdp-wg/attachments/20160802/6e2caf33/attachment.html>
More information about the gnso-rds-pdp-wg
mailing list