
<div dir="ltr">Why isn&#39;t it? I&#39;ve been doing it for years. It&#39;s a great way to avoid having my PII abused. Please demonstrate these consequences to me.</div><div class="gmail_extra"><br><div class="gmail_quote">On Tue, Feb 14, 2017 at 2:34 PM, Hollenbeck, Scott <span dir="ltr">&lt;<a href="mailto:shollenbeck@verisign.com" target="_blank">shollenbeck@verisign.com</a>&gt;</span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">


<div lang="EN-US" link="blue" vlink="purple">

<div class="m_5600994440750076828WordSection1">

<p class="MsoNormal"><a name="m_5600994440750076828__MailEndCompose"><span style="font-size:11.0pt;font-family:&quot;Calibri&quot;,sans-serif;color:#993366">Greg, I used the email address example only to address this statement originally sent by Allison (with emphasis added in bold italics

 for people with HTML-capable mail readers):<u></u><u></u></span></a></p>

<p class="MsoNormal"><span><span style="font-size:11.0pt;font-family:&quot;Calibri&quot;,sans-serif;color:#993366"><u></u> <u></u></span></span></p>

<p class="MsoNormal"><span><span style="font-size:11.0pt;font-family:&quot;Calibri&quot;,sans-serif;color:#993366">“So put your contact address as &quot;123 fake st&quot; and your phone number as &quot;555-555-5555&quot;. Make a

<b><i>fake email</i></b>”<u></u><u></u></span></span></p>

<p class="MsoNormal"><span><span style="font-size:11.0pt;font-family:&quot;Calibri&quot;,sans-serif;color:#993366"><u></u> <u></u></span></span></p>

<p class="MsoNormal"><span><span style="font-size:11.0pt;font-family:&quot;Calibri&quot;,sans-serif;color:#993366">All I’m trying to do is note that this kind of advice can cause real unintended operational consequences for well-meaning

 registrants who might think it’s a great way to avoid having their PII published via services like WHOIS. It isn’t.<u></u><u></u></span></span></p>

<p class="MsoNormal"><span><span style="font-size:11.0pt;font-family:&quot;Calibri&quot;,sans-serif;color:#993366"><u></u> <u></u></span></span></p>

<div>

<p class="MsoNormal"><span><span style="font-size:11.0pt;font-family:&quot;Calibri&quot;,sans-serif;color:#993366">Scott<u></u><u></u></span></span></p>

</div>

<p class="MsoNormal"><span><span style="font-size:11.0pt;font-family:&quot;Calibri&quot;,sans-serif;color:#993366"><u></u> <u></u></span></span></p>

<span></span>

<div style="border:none;border-left:solid blue 1.5pt;padding:0in 0in 0in 4.0pt">

<div>

<div style="border:none;border-top:solid #e1e1e1 1.0pt;padding:3.0pt 0in 0in 0in">

<p class="MsoNormal"><b><span style="font-size:11.0pt;font-family:&quot;Calibri&quot;,sans-serif">From:</span></b><span style="font-size:11.0pt;font-family:&quot;Calibri&quot;,sans-serif"> Greg Aaron [mailto:<a href="mailto:gca@icginc.com" target="_blank">gca@icginc.com</a>]

<br>

<b>Sent:</b> Tuesday, February 14, 2017 2:20 PM<br>

<b>To:</b> Hollenbeck, Scott &lt;<a href="mailto:shollenbeck@verisign.com" target="_blank">shollenbeck@verisign.com</a>&gt;; &#39;<a href="mailto:elsakoo@gmail.com" target="_blank">elsakoo@gmail.com</a>&#39; &lt;<a href="mailto:elsakoo@gmail.com" target="_blank">elsakoo@gmail.com</a>&gt;<br>

<b>Cc:</b> &#39;<a href="mailto:gnso-rds-pdp-wg@icann.org" target="_blank">gnso-rds-pdp-wg@icann.org</a>&#39; &lt;<a href="mailto:gnso-rds-pdp-wg@icann.org" target="_blank">gnso-rds-pdp-wg@icann.org</a>&gt;<br>

<b>Subject:</b> [EXTERNAL] RE: [gnso-rds-pdp-wg] Dangers of public whois<u></u><u></u></span></p>

</div>

</div><div><div class="h5">

<p class="MsoNormal"><u></u> <u></u></p>

<p class="MsoNormal"><span style="font-size:11.0pt;font-family:&quot;Calibri&quot;,sans-serif">No, the RAA validation steps are trivially easy to get around.  You use the example of a fake email address.  Criminals know not to use fake email addresses, and they don’t

 need to because they can get email addresses for free.  One can sign up for free email accounts anonymously.  There are even underground services that will generate freemail accounts in bulk.  These services cater to criminals such as spammers who need to

 register lots of domain names. <u></u><u></u></span></p>

<p class="MsoNormal"><span style="font-size:11.0pt;font-family:&quot;Calibri&quot;,sans-serif"><u></u> <u></u></span></p>

<p class="MsoNormal"><span style="font-size:11.0pt;font-family:&quot;Calibri&quot;,sans-serif">All best,<u></u><u></u></span></p>

<p class="MsoNormal"><span style="font-size:11.0pt;font-family:&quot;Calibri&quot;,sans-serif">--Greg<u></u><u></u></span></p>

<p class="MsoNormal"><span style="font-size:11.0pt;font-family:&quot;Calibri&quot;,sans-serif"><u></u> <u></u></span></p>

<p class="MsoNormal"><span style="font-size:10.0pt;font-family:&quot;Calibri&quot;,sans-serif"><u></u> <u></u></span></p>

<p class="MsoNormal"><span style="font-size:11.0pt;font-family:&quot;Calibri&quot;,sans-serif"><u></u> <u></u></span></p>

<div>

<div style="border:none;border-top:solid #e1e1e1 1.0pt;padding:3.0pt 0in 0in 0in">

<p class="MsoNormal"><b><span style="font-size:11.0pt;font-family:&quot;Calibri&quot;,sans-serif">From:</span></b><span style="font-size:11.0pt;font-family:&quot;Calibri&quot;,sans-serif">

<a href="mailto:gnso-rds-pdp-wg-bounces@icann.org" target="_blank">gnso-rds-pdp-wg-bounces@icann.<wbr>org</a> [<a href="mailto:gnso-rds-pdp-wg-bounces@icann.org" target="_blank">mailto:gnso-rds-pdp-wg-<wbr>bounces@icann.org</a>]

<b>On Behalf Of </b>Hollenbeck, Scott<br>

<b>Sent:</b> Tuesday, February 14, 2017 1:57 PM<br>

<b>To:</b> &#39;<a href="mailto:elsakoo@gmail.com" target="_blank">elsakoo@gmail.com</a>&#39; &lt;<a href="mailto:elsakoo@gmail.com" target="_blank">elsakoo@gmail.com</a>&gt;<br>

<b>Cc:</b> &#39;<a href="mailto:gnso-rds-pdp-wg@icann.org" target="_blank">gnso-rds-pdp-wg@icann.org</a>&#39; &lt;<a href="mailto:gnso-rds-pdp-wg@icann.org" target="_blank">gnso-rds-pdp-wg@icann.org</a>&gt;<br>

<b>Subject:</b> Re: [gnso-rds-pdp-wg] Dangers of public whois<u></u><u></u></span></p>

</div>

</div>

<p class="MsoNormal"><u></u> <u></u></p>

<div style="border:none;border-left:solid blue 1.5pt;padding:0in 0in 0in 4.0pt">

<div>

<div style="border:none;border-top:solid #e1e1e1 1.0pt;padding:3.0pt 0in 0in 0in">

<p class="MsoNormal"><b><span style="font-size:11.0pt;font-family:&quot;Calibri&quot;,sans-serif">From:</span></b><span style="font-size:11.0pt;font-family:&quot;Calibri&quot;,sans-serif"> allison nixon [</span><a href="mailto:elsakoo@gmail.com" target="_blank"><span style="font-size:11.0pt;font-family:&quot;Calibri&quot;,sans-serif">mailto:elsakoo@gmail.com</span></a><span style="font-size:11.0pt;font-family:&quot;Calibri&quot;,sans-serif">]

<br>

<b>Sent:</b> Tuesday, February 14, 2017 1:35 PM<br>

<b>To:</b> Hollenbeck, Scott &lt;</span><a href="mailto:shollenbeck@verisign.com" target="_blank"><span style="font-size:11.0pt;font-family:&quot;Calibri&quot;,sans-serif">shollenbeck@verisign.com</span></a><span style="font-size:11.0pt;font-family:&quot;Calibri&quot;,sans-serif">&gt;<br>

<b>Cc:</b> </span><a href="mailto:vgreimann@key-systems.net" target="_blank"><span style="font-size:11.0pt;font-family:&quot;Calibri&quot;,sans-serif">vgreimann@key-systems.net</span></a><span style="font-size:11.0pt;font-family:&quot;Calibri&quot;,sans-serif">;

</span><a href="mailto:gnso-rds-pdp-wg@icann.org" target="_blank"><span style="font-size:11.0pt;font-family:&quot;Calibri&quot;,sans-serif">gnso-rds-pdp-wg@icann.org</span></a><span style="font-size:11.0pt;font-family:&quot;Calibri&quot;,sans-serif"><br>

<b>Subject:</b> [EXTERNAL] Re: [gnso-rds-pdp-wg] Dangers of public whois<u></u><u></u></span></p>

</div>

</div>

<p class="MsoNormal"><u></u> <u></u></p>

<div>

<p class="MsoNormal">&gt;&gt;[SAH] Actually, there *are* requirements to provide valid data and for registrars to perform validation processing:<u></u><u></u></p>

<div>

<p class="MsoNormal"><u></u> <u></u></p>

</div>

<div>

<p class="MsoNormal">How do you expect toothless policy to work *on the Internet*? Seriously?<u></u><u></u></p>

<p class="MsoNormal"><b><i><span style="font-size:11.0pt;font-family:&quot;Calibri&quot;,sans-serif;color:#1f497d"><u></u> <u></u></span></i></b></p>

<p class="MsoNormal"><span style="font-family:&quot;Calibri&quot;,sans-serif;color:#1f497d">Yes, seriously. Registrars who do not implement the policy are subject to having their accreditation revoked. ICANN has, in fact, revoked or suspended accreditations. Here are

 two examples:<u></u><u></u></span></p>

<p class="MsoNormal"><span style="font-family:&quot;Calibri&quot;,sans-serif;color:#1f497d"><u></u> <u></u></span></p>

<p class="MsoNormal"><a href="https://www.icann.org/news/announcement-2-2007-03-16-en" target="_blank"><span style="font-family:&quot;Calibri&quot;,sans-serif">https://www.icann.org/news/<wbr>announcement-2-2007-03-16-en</span></a><span style="font-family:&quot;Calibri&quot;,sans-serif;color:#1f497d"><u></u><u></u></span></p>

<p class="MsoNormal"><span style="font-family:&quot;Calibri&quot;,sans-serif;color:#1f497d"><u></u> <u></u></span></p>

<p class="MsoNormal"><a href="https://www.icann.org/en/system/files/correspondence/serad-to-patel-2-18jul14-en.pdf" target="_blank"><span style="font-family:&quot;Calibri&quot;,sans-serif">https://www.icann.org/en/<wbr>system/files/correspondence/<wbr>serad-to-patel-2-18jul14-en.<wbr>pdf</span></a><span style="font-family:&quot;Calibri&quot;,sans-serif;color:#1f497d"><u></u><u></u></span></p>

</div>

<div>

<p class="MsoNormal"><u></u> <u></u></p>

</div>

<div>

<p class="MsoNormal">worst that can happen when you put in fake whois data is that your domain gets reported, you change &quot;123 fake st&quot; to &quot;124 fake st&quot;, and your registrar is satisfied because what more can they possibly do. I know this because I went through

 this with an old sinkhole domain. It&#39;s a total joke. Let&#39;s not pretend it&#39;s anything more than that.<u></u><u></u></p>

</div>

<div>

<p class="MsoNormal"><u></u> <u></u></p>

</div>

</div>

<div>

<div>

<p class="MsoNormal"><span style="font-family:&quot;Calibri&quot;,sans-serif;color:#1f497d">Not true. A fake email address, for example, can be detected easily when email sent to it (one of the registrar’s validation requirements) gets bounced back. The worst that can

 happen is that your domain gets put into some non-operational state (“suspend the registration” per the RAA).<u></u><u></u></span></p>

<p class="MsoNormal"><span style="font-family:&quot;Calibri&quot;,sans-serif;color:#1f497d"><u></u> <u></u></span></p>

<p class="MsoNormal"><span style="font-family:&quot;Calibri&quot;,sans-serif;color:#1f497d">Scott<u></u><u></u></span></p>

</div>

</div>

</div>

</div></div></div>

</div>

</div>


</blockquote></div><br><br clear="all"><div><br></div>-- <br><div class="gmail_signature" data-smartmail="gmail_signature">_________________________________<br>Note to self: Pillage BEFORE burning.</div>

</div>