<div dir="ltr"><div>Speaking as someone who deals with anti-fraud and anti-abuse for a group of websites, we find a very high correlation between fraud/abuse and new account setups from newly created domains. John is correct that creation date is widely used by security and anti-abuse teams.<br><br></div>Michael Hammer<br></div><div class="gmail_extra"><br><div class="gmail_quote">On Wed, May 31, 2017 at 9:28 AM, Volker Greimann <span dir="ltr"><<a href="mailto:vgreimann@key-systems.net" target="_blank">vgreimann@key-systems.net</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">So if I register a new domain and immediately start using it as my new private email address, you would immediately consider that suspicious? Because I just did that a few months ago because my old address overflowed with spam...<br>
<br>
Many end-customers (normal people) also immediately operationalize their domains because they do not register it to use it later but rather because they have an immediate need for it.<br>
<br>
I think you are generalizing too much...<br>
<br>
Best,<br>
<br>
Volker<div class="HOEnZb"><div class="h5"><br>
<br>
<br>
Am 31.05.2017 um 15:07 schrieb John Bambenek via gnso-rds-pdp-wg:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
And creation date is used by security as a hugely valuable indicator of suspiciousness. Domain gets registered and starts sending mail immediately? Obviously spam or malicious. Criminals immediately operationalize their domains. Normal people don't. If we want to weigh the harms, I think having that date prevents a lot more problems than the ones you mention that can largely be solved by a mediocre spam filter.<br>
<br>
Sent from my iPhone<br>
<br>
On May 31, 2017, at 01:33, Rob Golding <<a href="mailto:rob.golding@astutium.com" target="_blank">rob.golding@astutium.com</a>> wrote:<br>
<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
Revoking that data can't stop brute force transfer attempts,<br>
</blockquote>
If the status is Transfer Prohibited, then yes it does, as they are automatically failed by the registry when the gaining registrar sends them.<br>
<br>
It's not about whether a domain needs a status, but whether that status should be "open to the public" rather than restricted to those who need it (registrant via their registrar, authenticated users for specific use cases, etc)<br>
<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
Registrars sell domains in precisely 1 year blocks<br>
of time.<br>
</blockquote>
one-or-more periods of years for most gTLDs, with 2,1,5 being the most common at my registrar (in that order)<br>
<br>
Creation date I left off, although it's easy to work out from the changes to the zone files<br>
<br>
Creation date does (in conjunction with the other data) get abused - I've had over 30 "contacts" from people trying to sell me seo, websites, stationary since registering a variation spelling of a domain on the 19th May (to help those who keep missing out the final "S" when sending an email to me from getting bounces) - 11pm on Monday from an Asian callcentre using a UK voip number (now reported to the TPS) being one of the most intrusive this week.<br>
<br>
Whilst I can't stop the free pens, adwords vouchers, brochures for radiator valves and other tat coming through the letterbox based on a domain registration, I've even seen _registrars_ doing it :(<br>
<br>
I didn't forget, but excluded Updated date - in my experience it's wrong at least as much as it's correct - and my opinion is that data you can't trust does more harm than good<br>
<br>
From 2 of my domains:<br>
1. Updated Date: 2017-04-11T23:15:07.0Z<br>
is correct, as that is when I renewed it<br>
<br>
2. Updated Date: 2016-01-09T22:25:53Z<br>
is not correct as I changed the nameservers in Dec<br>
<br>
To me it looks like it only changes the "updated date" when the _dates_ on a domain change, not on other types of updates.<br>
<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
I actually like the idea of revoking all nameserver data. I like that<br>
idea the more and more I think about it.<br>
</blockquote>
NS information is redundant in "whois", and depending on which whois server/system you ask, regularly incorrect - there are a variety of reasons for this, including but not limited to:<br>
* registrars don't tidy up<br>
* registries aren't realtime<br>
* 3rd-party systems cache the data<br>
* end-users dont know the difference between whois (service) and "whois" being in the name of a website<br>
and so on<br>
I've seen domains where Directi WHOIS has said one thing, a Whois website has said another and the actual nameservers were different to both of those on the domain at the registry (plus the actual issue I was diagnosing was that the zone slaved the nameservers off to yet different ns, which is why the A record the client thought should be returned wasn't the IP they were seeing)<br>
<br>
Use the right tools for the job, and in the case of DNS that's *NOT* whois - we'd be doing a global service to the internet by taking them out of it.<br>
<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
SOA data is almost always garbage. 95% of the time I find it useless.<br>
</blockquote>
With DNS Zones being mostly automated by hosting control panels, it's "variable" as to what goes in there, and SOAs rarely get updated once created beyond the serial changing, so sadly yes, it's of limited use now<br>
<br>
Rob<br>
______________________________<wbr>_________________<br>
gnso-rds-pdp-wg mailing list<br>
<a href="mailto:gnso-rds-pdp-wg@icann.org" target="_blank">gnso-rds-pdp-wg@icann.org</a><br>
<a href="https://mm.icann.org/mailman/listinfo/gnso-rds-pdp-wg" rel="noreferrer" target="_blank">https://mm.icann.org/mailman/l<wbr>istinfo/gnso-rds-pdp-wg</a><br>
</blockquote>
______________________________<wbr>_________________<br>
gnso-rds-pdp-wg mailing list<br>
<a href="mailto:gnso-rds-pdp-wg@icann.org" target="_blank">gnso-rds-pdp-wg@icann.org</a><br>
<a href="https://mm.icann.org/mailman/listinfo/gnso-rds-pdp-wg" rel="noreferrer" target="_blank">https://mm.icann.org/mailman/l<wbr>istinfo/gnso-rds-pdp-wg</a><br>
</blockquote>
<br></div></div><div class="HOEnZb"><div class="h5">
-- <br>
Bei weiteren Fragen stehen wir Ihnen gerne zur Verfügung.<br>
<br>
Mit freundlichen Grüßen,<br>
<br>
Volker A. Greimann<br>
- Rechtsabteilung -<br>
<br>
Key-Systems GmbH<br>
Im Oberen Werk 1<br>
66386 St. Ingbert<br>
Tel.: <a href="tel:%2B49%20%280%29%206894%20-%209396%20901" value="+4968949396901" target="_blank">+49 (0) 6894 - 9396 901</a><br>
Fax.: <a href="tel:%2B49%20%280%29%206894%20-%209396%20851" value="+4968949396851" target="_blank">+49 (0) 6894 - 9396 851</a><br>
Email: <a href="mailto:vgreimann@key-systems.net" target="_blank">vgreimann@key-systems.net</a><br>
<br>
Web: <a href="http://www.key-systems.net" rel="noreferrer" target="_blank">www.key-systems.net</a> / <a href="http://www.RRPproxy.net" rel="noreferrer" target="_blank">www.RRPproxy.net</a><br>
<a href="http://www.domaindiscount24.com" rel="noreferrer" target="_blank">www.domaindiscount24.com</a> / <a href="http://www.BrandShelter.com" rel="noreferrer" target="_blank">www.BrandShelter.com</a><br>
<br>
Folgen Sie uns bei Twitter oder werden Sie unser Fan bei Facebook:<br>
<a href="http://www.facebook.com/KeySystems" rel="noreferrer" target="_blank">www.facebook.com/KeySystems</a><br>
<a href="http://www.twitter.com/key_systems" rel="noreferrer" target="_blank">www.twitter.com/key_systems</a><br>
<br>
Geschäftsführer: Alexander Siffrin<br>
Handelsregister Nr.: HR B 18835 - Saarbruecken<br>
Umsatzsteuer ID.: DE211006534<br>
<br>
Member of the KEYDRIVE GROUP<br>
<a href="http://www.keydrive.lu" rel="noreferrer" target="_blank">www.keydrive.lu</a><br>
<br>
Der Inhalt dieser Nachricht ist vertraulich und nur für den angegebenen Empfänger bestimmt. Jede Form der Kenntnisgabe, Veröffentlichung oder Weitergabe an Dritte durch den Empfänger ist unzulässig. Sollte diese Nachricht nicht für Sie bestimmt sein, so bitten wir Sie, sich mit uns per E-Mail oder telefonisch in Verbindung zu setzen.<br>
<br>
------------------------------<wbr>--------------<br>
<br>
Should you have any further questions, please do not hesitate to contact us.<br>
<br>
Best regards,<br>
<br>
Volker A. Greimann<br>
- legal department -<br>
<br>
Key-Systems GmbH<br>
Im Oberen Werk 1<br>
66386 St. Ingbert<br>
Tel.: <a href="tel:%2B49%20%280%29%206894%20-%209396%20901" value="+4968949396901" target="_blank">+49 (0) 6894 - 9396 901</a><br>
Fax.: <a href="tel:%2B49%20%280%29%206894%20-%209396%20851" value="+4968949396851" target="_blank">+49 (0) 6894 - 9396 851</a><br>
Email: <a href="mailto:vgreimann@key-systems.net" target="_blank">vgreimann@key-systems.net</a><br>
<br>
Web: <a href="http://www.key-systems.net" rel="noreferrer" target="_blank">www.key-systems.net</a> / <a href="http://www.RRPproxy.net" rel="noreferrer" target="_blank">www.RRPproxy.net</a><br>
<a href="http://www.domaindiscount24.com" rel="noreferrer" target="_blank">www.domaindiscount24.com</a> / <a href="http://www.BrandShelter.com" rel="noreferrer" target="_blank">www.BrandShelter.com</a><br>
<br>
Follow us on Twitter or join our fan community on Facebook and stay updated:<br>
<a href="http://www.facebook.com/KeySystems" rel="noreferrer" target="_blank">www.facebook.com/KeySystems</a><br>
<a href="http://www.twitter.com/key_systems" rel="noreferrer" target="_blank">www.twitter.com/key_systems</a><br>
<br>
CEO: Alexander Siffrin<br>
Registration No.: HR B 18835 - Saarbruecken<br>
V.A.T. ID.: DE211006534<br>
<br>
Member of the KEYDRIVE GROUP<br>
<a href="http://www.keydrive.lu" rel="noreferrer" target="_blank">www.keydrive.lu</a><br>
<br>
This e-mail and its attachments is intended only for the person to whom it is addressed. Furthermore it is not permitted to publish any content of this email. You must not use, disclose, copy, print or rely on this e-mail. If an addressing or transmission error has misdirected this e-mail, kindly notify the author by replying to this e-mail or contacting us by telephone.<br>
<br>
<br>
<br></div></div><div class="HOEnZb"><div class="h5">
______________________________<wbr>_________________<br>
gnso-rds-pdp-wg mailing list<br>
<a href="mailto:gnso-rds-pdp-wg@icann.org" target="_blank">gnso-rds-pdp-wg@icann.org</a><br>
<a href="https://mm.icann.org/mailman/listinfo/gnso-rds-pdp-wg" rel="noreferrer" target="_blank">https://mm.icann.org/mailman/l<wbr>istinfo/gnso-rds-pdp-wg</a></div></div></blockquote></div><br></div>