[gnso-rds-pdp-wg] Some reasoning about non-contact-data (was Re: key concepts: say "contact data" when that is what we mean)

Rob Golding rob.golding at astutium.com
Sat Dec 10 03:00:46 UTC 2016 

> How does showing a domain's status fields "increase the 'criminal
> activity' regarding a domain name"?

Simply that domain thieves have learned to concentrate on trying 
fake-transfers only with a domain that says status "ok".

Almost the only use of our fax in recent years have been dodgy transfer 
attempts on domains which are not locked, so showing it in my experience 
is inviting fraud/criminal-activity etc

I've also been one of those taking calls from people attempting "social 
engineering" to gain access to or control over a domain, and those 
domains are invariablly shown as "ok" due to the status flags

> How does showing a domain's
> create and expiration dates "increase abuse/malicious activity"?

Expiry date gets used by the masses of scum who send fake notices of 
renewal, fake directory listings.

Creation date is used by mass spammers for SEO offers, web-design offers 
and so on - the amount of those on domains less than a year old is 
significantly higher than on established domains

Similarly we've had numerous registrants scammed (and just as many 
complaining) because they register a domain, and then get bombarded by 
fraudsters with offers of other domains etc
- whilst I know a lot of that is scammers utilising the zone files and 
determining the changes, in a considerable number of cases the creation 
date is used/mentioned

A relatively common one is for a registrant to get a call which starts 
like
"Hi we're from (registrar) [outright lie] and the domain (domain-name) 
you registered on (creation date) is held with a question over payment, 
can you just confirm the method you used ...."

> As someone who's studied the criminal use of domains for many years,

We see almost no "criminal use" of domains - mostly we do see criminal 
attempts to get hold of domains (through theft or payment fraud), and 
abuse of services that a domain is being used to point at

> In fact, domain
> status and date information is important to people who investigate
> abuse or many want to make judgements about the trustworthiness of a
> domain.

Yes, something that is (in my experience) to the overall detriment of 
the Registrant and Registrar is "useful" to A-N-Other-party (whether 
that is  valid/legal/whatever or not) - this is always going to be the 
issue with "data"

Rob

More information about the gnso-rds-pdp-wg mailing list