<html>
<head>
<meta content="text/html; charset=windows-1252"
http-equiv="Content-Type">
</head>
<body bgcolor="#FFFFFF" text="#000000">
<p><br>
</p>
<br>
<div class="moz-cite-prefix">On 06/06/2017 12:16 PM, Volker Greimann
wrote:<br>
</div>
<blockquote
cite="mid:c111e5bf-c3ef-3cef-3cad-894da959a8bc@key-systems.net"
type="cite">
<meta http-equiv="Content-Type" content="text/html;
charset=windows-1252">
<br>
<blockquote type="cite"
cite="mid:CACLR7wLRvp_1AAGZoWTvRHVfUSsO6Z47BRm=PjSfGDo8xeA25Q@mail.gmail.com">
<div dir="ltr">
<div><span style="font-size:12.8px"><br>
</span></div>
<div><span style="font-size:12.8px">>></span><span
style="font-size:12.8px">Just answer me on this why should
they be allowed a non contractual use of the data, and not
all Security are white hats which only do good</span></div>
<div><span style="font-size:12.8px"><br>
</span></div>
<div><span style="font-size:12.8px">Data can be used for good
and evil. I am sure the data is being used for some sort
of evil. Just because someone has devised a malicious use
for something doesn't mean that it should be shut down for
everyone. There's a balance of benefits and harms here,
and right now the benefits outweigh the harms by far. Any
analysis of the total harms caused by whois, versus the
harms prevented using whois will be far in favor of the
latter.</span></div>
</div>
</blockquote>
Granted, however if there is a way to limit the access of
evildoers while still allowing those without ill intent reasonable
access, should we not explore such a way preferentially? The more
we can shift the balance away from abusive potential and towards
positive use, the better.<br>
</blockquote>
<br>
There is not and its naive to think you ever can. It's 2017, you
can't verify that it's actually John Bambenek sending this e-mail
right now. Not much more than a few messages ago someone had
suggested it was impossible for a registrar to verify their domains
aren't being used for abuse.<br>
<br>
The people who are actually fighting abusive use are the ones saying
we need this tool.<br>
<br>
<br>
<blockquote
cite="mid:c111e5bf-c3ef-3cef-3cad-894da959a8bc@key-systems.net"
type="cite"> <br>
<blockquote type="cite"
cite="mid:CACLR7wLRvp_1AAGZoWTvRHVfUSsO6Z47BRm=PjSfGDo8xeA25Q@mail.gmail.com">
<div dir="ltr">
<div><span style="font-size:12.8px"><br>
</span></div>
<div><span style="font-size:12.8px"><br>
</span></div>
</div>
<div class="gmail_extra"><br>
<div class="gmail_quote">On Tue, Jun 6, 2017 at 1:01 PM, <a
href="mailto:benny@nordreg.se" moz-do-not-send="true">benny@nordreg.se</a>
<span dir="ltr"><<a href="mailto:benny@nordreg.se"
target="_blank" moz-do-not-send="true">benny@nordreg.se</a>></span>
wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0
.8ex;border-left:1px #ccc solid;padding-left:1ex"><span
class=""><br>
<br>
> On 6 Jun 2017, at 18:51, allison nixon <<a
href="mailto:elsakoo@gmail.com" moz-do-not-send="true">elsakoo@gmail.com</a>>
wrote:<br>
><br>
> >>You state that Public whois are important
so people can check if there personal info are used for
registration of domains, but can’t the same public data
be the source for the data being abused for
registrations?<br>
><br>
</span><span class="">> You are inventing an imaginary
edge case as a rebuttal to evidence based observations
that we have made in the course of our work.<br>
<br>
</span>Well I see different, where data in whois combined
with other sources are used for different kind of scams.<br>
<span class=""><br>
<br>
><br>
> >>Anti Abuse are important no one disagree on
that, what I just don’t get are why you and others can’t
come up with an idea of how we can make a better
solution than today which benefits all sides, instead of
fighting for Status Quo.<br>
><br>
> The status quo is actually really good. We can do
our work without viewing people's ACTUAL private data,
like their billing info or personal internet traffic
from their ISP. And we can do our work without any
government coercion to force people to disclose
anything. I don't see why there is such a desire to
disrupt this balance. It is only downhill from here.<br>
<br>
</span>Sure I understand free and unlimited access are
nice to have…<br>
<span class=""><br>
><br>
> >>What business is it of ours how a
registrant uses a domain name<br>
><br>
> This is the exact same argument used by bullet
proof hosters, but the cops never buy it. I'm not saying
you are, but I'm saying that this argument has never
been regarded as a valid defense when open and rampant
abuse is happening among one's customer base.<br>
<br>
<br>
</span>Not a part of my comment and dont belong here when
you reply to my post…<br>
<span class=""><br>
<br>
><br>
> >>Well Registrars and Registries have
contractual obligations on how data shall be handled and
I don’t see why anti abuse and others handling those
data elements shall be allowed to freely use these data
in a non controlled manner were there are no contractual
obligations.<br>
><br>
> You do understand that the security industry is
more than willing to pay for bulk, unrestricted access
to this data, right?<br>
<br>
</span>Just answer me on this why should they be allowed a
non contractual use of the data, and not all Security are
white hats which only do good<br>
<div class="HOEnZb">
<div class="h5"><br>
><br>
><br>
><br>
><br>
> On Tue, Jun 6, 2017 at 11:59 AM, <a
href="mailto:benny@nordreg.se"
moz-do-not-send="true">benny@nordreg.se</a> <<a
href="mailto:benny@nordreg.se"
moz-do-not-send="true">benny@nordreg.se</a>>
wrote:<br>
> You state that Public whois are important so
people can check if there personal info are used for
registration of domains, but can’t the same public
data be the source for the data being abused for
registrations?<br>
> --<br>
> Med vänliga hälsningar / Kind Regards / Med
vennlig hilsen<br>
><br>
> Benny Samuelsen<br>
> Registry Manager - Domainexpert<br>
><br>
> Nordreg AB - ICANN accredited registrar<br>
> IANA-ID: 638<br>
> Phone: <a href="tel:%2B46.42197000"
value="+4642197000" moz-do-not-send="true">+46.42197000</a><br>
> Direct: <a href="tel:%2B47.32260201"
value="+4732260201" moz-do-not-send="true">+47.32260201</a><br>
> Mobile: <a href="tel:%2B47.40410200"
value="+4740410200" moz-do-not-send="true">+47.40410200</a><br>
><br>
> > On 6 Jun 2017, at 17:53, jonathan matkowsky
<<a href="mailto:jonathan.matkowsky@riskiq.net"
moz-do-not-send="true">jonathan.matkowsky@riskiq.net</a><wbr>>
wrote:<br>
> ><br>
> > What do you mean?<br>
> ><br>
> > Jonathan Matkowsky<br>
> ><br>
> > On Tue, Jun 6, 2017 at 6:39 PM, <a
href="mailto:benny@nordreg.se"
moz-do-not-send="true">benny@nordreg.se</a> <<a
href="mailto:benny@nordreg.se"
moz-do-not-send="true">benny@nordreg.se</a>>
wrote:<br>
> > And you can by that say with a 100 %
certainty that those abused data was not originating
from whois it self?<br>
> ><br>
> > --<br>
> > Med vänliga hälsningar / Kind Regards / Med
vennlig hilsen<br>
> ><br>
> > Benny Samuelsen<br>
> > Registry Manager - Domainexpert<br>
> ><br>
> > Nordreg AB - ICANN accredited registrar<br>
> > IANA-ID: 638<br>
> > Phone: <a href="tel:%2B46.42197000"
value="+4642197000" moz-do-not-send="true">+46.42197000</a><br>
> > Direct: <a href="tel:%2B47.32260201"
value="+4732260201" moz-do-not-send="true">+47.32260201</a><br>
> > Mobile: <a href="tel:%2B47.40410200"
value="+4740410200" moz-do-not-send="true">+47.40410200</a><br>
> ><br>
> > > On 6 Jun 2017, at 16:54, jonathan
matkowsky <<a
href="mailto:jonathan.matkowsky@riskiq.net"
moz-do-not-send="true">jonathan.matkowsky@riskiq.net</a><wbr>>
wrote:<br>
> > ><br>
> > > Abusive domains are also seriously
problematic from a privacy standpoint because apart
from fake credentials as Natale mentions below, I
can't begin to tell you how many cases I've seen in
the last several years where innocent peoples'
identities are compromised and then used in the Whois
as part of the abuse. Without access to the public
Whois, they never would have known their identity had
been stolen. Access to Whois for abusive domains
actually serves to protect privacy interests.<br>
> > ><br>
> > > Jonathan Matkowsky<br>
> > ><br>
> > > On Tue, Jun 6, 2017 at 4:58 PM, Natale
Maria Bianchi <<a href="mailto:nmb@spamhaus.org"
moz-do-not-send="true">nmb@spamhaus.org</a>>
wrote:<br>
> > > Besides private and business domains,
there is also the large category of<br>
> > > abusive domains - domains registered
(or acquired from a previous owner)<br>
> > > for the only purpose of abusing the
Internet. One may perhaps categorize<br>
> > > them as "business", but it does not
make much sense to put them together<br>
> > > with domains used legitimately, or
worry much about privacy issues -<br>
> > > those are typically registered giving
fake credentials, or the<br>
> > > credentials are hidden from the public
through an anonymous registration,<br>
> > > and no one will every file a privacy
complaint about those.<br>
> > ><br>
> > > There are operations out there that do
this on a massive, industrial scale,<br>
> > > registering hundreds or thousands of
domains per day that are going to be<br>
> > > used for a very short time, even a few
minutes in the most extreme cases<br>
> > > (hailstorm spammers). In these cases,
literally every second after<br>
> > > registration matters, and whois is
therefore a very critical resource for<br>
> > > abuse researchers. This is why I and
others are here.<br>
> > ><br>
> > > Due to the automated methods used for
these registrations and the<br>
> > > consequent correlations between them,
it is quite common to be able to<br>
> > > indeed distinguish this category of
domains with "sufficient accuracy"<br>
> > > once whois data have been retrieved.<br>
> > ><br>
> > > So please think in terms of three de
facto categories rather than two:<br>
> > ><br>
> > > * legitimate, private<br>
> > > * legitimate, business<br>
> > > * abusive<br>
> > ><br>
> > > I am not suggesting that one puts the
third category in ICANN<br>
> > > agreements :) I am merely reminding
that looking for abusive domains<br>
> > > is a very important operational aspect
of thin and thick whois, and<br>
> > > care should be taken not to throw this
other baby away with<br>
> > > the baby water.<br>
> > ><br>
> > > Natale Maria Bianchi<br>
> > > Spamhaus Project<br>
> > ><br>
> > ><br>
> > ><br>
> > > On Tue, Jun 06, 2017 at 11:24:10AM
+0200, Volker Greimann wrote:<br>
> > > > If you can differentiate the use
that a domain isgoing to be put to<br>
> > > > at the time of registration with
sufficient accuracy, you are due<br>
> > > > for an an award ;-)<br>
> > > ><br>
> > > ><br>
> > > > Am 02.06.2017 um 22:15 schrieb
Dotzero:<br>
> > > > >The overwhelming majority of
domains registered would be<br>
> > > > >considered for commercial
purposes. The fact that a small<br>
> > > > >percentage of domains are
registered by individuals for personal<br>
> > > > >use should not be the
determining factor as to what is appropriate<br>
> > > > >for ICANN to do. In fact, many
of what people assert are personal<br>
> > > > >domains have advertising on
them and would therefor be considered<br>
> > > > >by almost any jurisdiction to
be engaged in a commercial activity.<br>
> > > > >This includes many (most?)
parked domains.<br>
> > > > [...]<br>
> > ><br>
> > > ______________________________<wbr>_________________<br>
> > > gnso-rds-pdp-wg mailing list<br>
> > > <a
href="mailto:gnso-rds-pdp-wg@icann.org"
moz-do-not-send="true">gnso-rds-pdp-wg@icann.org</a><br>
> > > <a
href="https://mm.icann.org/mailman/listinfo/gnso-rds-pdp-wg"
rel="noreferrer" target="_blank"
moz-do-not-send="true">https://mm.icann.org/mailman/<wbr>listinfo/gnso-rds-pdp-wg</a><br>
> > ><br>
> > > ______________________________<wbr>_________________<br>
> > > gnso-rds-pdp-wg mailing list<br>
> > > <a
href="mailto:gnso-rds-pdp-wg@icann.org"
moz-do-not-send="true">gnso-rds-pdp-wg@icann.org</a><br>
> > > <a
href="https://mm.icann.org/mailman/listinfo/gnso-rds-pdp-wg"
rel="noreferrer" target="_blank"
moz-do-not-send="true">https://mm.icann.org/mailman/<wbr>listinfo/gnso-rds-pdp-wg</a><br>
> ><br>
> ><br>
><br>
> ______________________________<wbr>_________________<br>
> gnso-rds-pdp-wg mailing list<br>
> <a href="mailto:gnso-rds-pdp-wg@icann.org"
moz-do-not-send="true">gnso-rds-pdp-wg@icann.org</a><br>
> <a
href="https://mm.icann.org/mailman/listinfo/gnso-rds-pdp-wg"
rel="noreferrer" target="_blank"
moz-do-not-send="true">https://mm.icann.org/mailman/<wbr>listinfo/gnso-rds-pdp-wg</a><br>
><br>
><br>
><br>
> --<br>
> ______________________________<wbr>___<br>
> Note to self: Pillage BEFORE burning.<br>
<br>
</div>
</div>
</blockquote>
</div>
<br>
<br clear="all">
<div><br>
</div>
-- <br>
<div class="gmail_signature" data-smartmail="gmail_signature">_________________________________<br>
Note to self: Pillage BEFORE burning.</div>
</div>
<br>
<fieldset class="mimeAttachmentHeader"></fieldset>
<br>
<pre wrap="">_______________________________________________
gnso-rds-pdp-wg mailing list
<a moz-do-not-send="true" class="moz-txt-link-abbreviated" href="mailto:gnso-rds-pdp-wg@icann.org">gnso-rds-pdp-wg@icann.org</a>
<a moz-do-not-send="true" class="moz-txt-link-freetext" href="https://mm.icann.org/mailman/listinfo/gnso-rds-pdp-wg">https://mm.icann.org/mailman/listinfo/gnso-rds-pdp-wg</a></pre>
</blockquote>
<br>
<pre class="moz-signature" cols="72">--
Bei weiteren Fragen stehen wir Ihnen gerne zur Verfügung.
Mit freundlichen Grüßen,
Volker A. Greimann
- Rechtsabteilung -
Key-Systems GmbH
Im Oberen Werk 1
66386 St. Ingbert
Tel.: +49 (0) 6894 - 9396 901
Fax.: +49 (0) 6894 - 9396 851
Email: <a moz-do-not-send="true" class="moz-txt-link-abbreviated" href="mailto:vgreimann@key-systems.net">vgreimann@key-systems.net</a>
Web: <a moz-do-not-send="true" class="moz-txt-link-abbreviated" href="http://www.key-systems.net">www.key-systems.net</a> / <a moz-do-not-send="true" class="moz-txt-link-abbreviated" href="http://www.RRPproxy.net">www.RRPproxy.net</a>
<a moz-do-not-send="true" class="moz-txt-link-abbreviated" href="http://www.domaindiscount24.com">www.domaindiscount24.com</a> / <a moz-do-not-send="true" class="moz-txt-link-abbreviated" href="http://www.BrandShelter.com">www.BrandShelter.com</a>
Folgen Sie uns bei Twitter oder werden Sie unser Fan bei Facebook:
<a moz-do-not-send="true" class="moz-txt-link-abbreviated" href="http://www.facebook.com/KeySystems">www.facebook.com/KeySystems</a>
<a moz-do-not-send="true" class="moz-txt-link-abbreviated" href="http://www.twitter.com/key_systems">www.twitter.com/key_systems</a>
Geschäftsführer: Alexander Siffrin
Handelsregister Nr.: HR B 18835 - Saarbruecken
Umsatzsteuer ID.: DE211006534
Member of the KEYDRIVE GROUP
<a moz-do-not-send="true" class="moz-txt-link-abbreviated" href="http://www.keydrive.lu">www.keydrive.lu</a>
Der Inhalt dieser Nachricht ist vertraulich und nur für den angegebenen Empfänger bestimmt. Jede Form der Kenntnisgabe, Veröffentlichung oder Weitergabe an Dritte durch den Empfänger ist unzulässig. Sollte diese Nachricht nicht für Sie bestimmt sein, so bitten wir Sie, sich mit uns per E-Mail oder telefonisch in Verbindung zu setzen.
--------------------------------------------
Should you have any further questions, please do not hesitate to contact us.
Best regards,
Volker A. Greimann
- legal department -
Key-Systems GmbH
Im Oberen Werk 1
66386 St. Ingbert
Tel.: +49 (0) 6894 - 9396 901
Fax.: +49 (0) 6894 - 9396 851
Email: <a moz-do-not-send="true" class="moz-txt-link-abbreviated" href="mailto:vgreimann@key-systems.net">vgreimann@key-systems.net</a>
Web: <a moz-do-not-send="true" class="moz-txt-link-abbreviated" href="http://www.key-systems.net">www.key-systems.net</a> / <a moz-do-not-send="true" class="moz-txt-link-abbreviated" href="http://www.RRPproxy.net">www.RRPproxy.net</a>
<a moz-do-not-send="true" class="moz-txt-link-abbreviated" href="http://www.domaindiscount24.com">www.domaindiscount24.com</a> / <a moz-do-not-send="true" class="moz-txt-link-abbreviated" href="http://www.BrandShelter.com">www.BrandShelter.com</a>
Follow us on Twitter or join our fan community on Facebook and stay updated:
<a moz-do-not-send="true" class="moz-txt-link-abbreviated" href="http://www.facebook.com/KeySystems">www.facebook.com/KeySystems</a>
<a moz-do-not-send="true" class="moz-txt-link-abbreviated" href="http://www.twitter.com/key_systems">www.twitter.com/key_systems</a>
CEO: Alexander Siffrin
Registration No.: HR B 18835 - Saarbruecken
V.A.T. ID.: DE211006534
Member of the KEYDRIVE GROUP
<a moz-do-not-send="true" class="moz-txt-link-abbreviated" href="http://www.keydrive.lu">www.keydrive.lu</a>
This e-mail and its attachments is intended only for the person to whom it is addressed. Furthermore it is not permitted to publish any content of this email. You must not use, disclose, copy, print or rely on this e-mail. If an addressing or transmission error has misdirected this e-mail, kindly notify the author by replying to this e-mail or contacting us by telephone.
</pre>
<br>
<fieldset class="mimeAttachmentHeader"></fieldset>
<br>
<pre wrap="">_______________________________________________
gnso-rds-pdp-wg mailing list
<a class="moz-txt-link-abbreviated" href="mailto:gnso-rds-pdp-wg@icann.org">gnso-rds-pdp-wg@icann.org</a>
<a class="moz-txt-link-freetext" href="https://mm.icann.org/mailman/listinfo/gnso-rds-pdp-wg">https://mm.icann.org/mailman/listinfo/gnso-rds-pdp-wg</a></pre>
</blockquote>
<br>
</body>
</html>