<div dir="ltr">>><span style="font-size:12.8px">A lot of the spam we see as registrars is tied to the creation date or renewal date of a domain name:</span><br style="font-size:12.8px"><span style="font-size:12.8px">>>"Your domain is expiring, transfer now!"</span><br style="font-size:12.8px"><span style="font-size:12.8px">>>"You registered this domain but it has not been listed with search engines yet!"</span><br style="font-size:12.8px"><span style="font-size:12.8px">etc.</span><div><span style="font-size:12.8px"><br></span></div><div><span style="font-size:12.8px">The issue is not because the spammer knows the expiration date. the issue is because the spammer knows the email and the emails were not properly filtered. multiple failures occurred along that path, but disclosing the expiration date of the domain was not one. </span></div><div><span style="font-size:12.8px"><br></span></div><div><span style="font-size:12.8px"><br></span></div><div><span style="font-size:12.8px">>></span><span style="font-size:12.8px">Any data being published is obvious nonsense. Data published by the data subjects themselves is also not problematic as long as they are aware of what they are doing. If I post my private information on my facebook profile, that is my choice and I clearly know what I am doing. If I give my hosting provider my address details without reading the registration agreement that I agree to, that is a totally different story.</span><span style="font-size:12.8px"> </span></div><div><span style="font-size:12.8px"><br></span></div><div><span style="font-size:12.8px">The blame for this lies solely on the registrars. don't their websites make it clear that WHOIS data is public? I'm pretty sure that when they try to sell WHOIS privacy, they make this very very clear. At this point this is an effort to protect people who fail to read very clear instructions that are unlikely to be buried in a EULA. </span></div><div><span style="font-size:12.8px"><br></span></div><div><span style="font-size:12.8px">>></span><span style="font-size:12.8px">I thought that term means constantly interrupting the other party to "correct" them without giving them opportunity to finish? I wasn't aware that this can be done by email.</span></div><div><span style="font-size:12.8px"><br></span></div><div><span style="font-size:12.8px">Interruptions don't work over email. My point is we see registrars attempting to lecture anti-spam people about spam using facts that are dead wrong. </span></div><div><span style="font-size:12.8px"><br></span></div><div><span style="font-size:12.8px">>></span><span style="font-size:12.8px">Just because there are alternative options that does not imply that the status quo is as it should or needs to be. Privacy officials have repeatedly told ICANN that the current WHOIS has significant issues and it is now time to address those issues.</span><span style="font-size:12.8px"> </span></div><div><span style="font-size:12.8px"><br></span></div><div><span style="font-size:12.8px">There absolutely are, especially if the registrars are not making it clear to their customers that WHOIS data is public. This is not a valid reason to shut down WHOIS.</span></div><div><span style="font-size:12.8px"><br></span></div><div><span style="font-size:12.8px"><br></span></div><div><span style="font-size:12.8px"><br></span></div><div><span style="font-size:12.8px"><br></span></div><div><span style="font-size:12.8px"><br></span></div><div><span style="font-size:12.8px"><br></span></div><div><span style="font-size:12.8px"><br></span></div></div><div class="gmail_extra"><br><div class="gmail_quote">On Thu, Jun 8, 2017 at 9:43 AM, Volker Greimann <span dir="ltr"><<a href="mailto:vgreimann@key-systems.net" target="_blank">vgreimann@key-systems.net</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<div text="#000000" bgcolor="#FFFFFF">
Hi Allison,<span class=""><br>
<blockquote type="cite">
<div dir="auto">
<div dir="auto"><br>
</div>
<div dir="auto">-registrars complain about spam, but they so far
haven't named a single criminal gang that spams. But they harp
over and over about domaintools, who do not contribute to
spam.</div>
</div>
</blockquote></span>
If we thought it would contribute to the discussion, we would name
the spammers we have seen, although I personally do not know who is
behind those mails we see. We are not investigators of such issues
after all. <br><span class="">
<br>
<blockquote type="cite">
<div dir="auto">
<div dir="auto">-there are also the ridiculous arguments that
the creation dates etc in whois can possibly be abused, no
evidence is provided.</div>
</div>
</blockquote></span>
A lot of the spam we see as registrars is tied to the creation date
or renewal date of a domain name:<br>
"Your domain is expiring, transfer now!"<br>
"You registered this domain but it has not been listed with search
engines yet!"<br>
etc.<span class=""><br>
<br>
<blockquote type="cite">
<div dir="auto">
<div dir="auto">-there are also the "legal" arguments where
people are saying making any data public is illegal now, but
if this is true, can we look forward to a total social media
shutdown too? No one can reconcile that simple logical
inconsistency.</div>
</div>
</blockquote></span>
Any data being published is obvious nonsense. Data published by the
data subjects themselves is also not problematic as long as they are
aware of what they are doing. If I post my private information on my
facebook profile, that is my choice and I clearly know what I am
doing. If I give my hosting provider my address details without
reading the registration agreement that I agree to, that is a
totally different story. <br><span class="">
<br>
<blockquote type="cite">
<div dir="auto">
<div dir="auto">-apparently those meetings with the much-adored
privacy commisioner did not include any voices from those who
worked in security. <br>
</div>
</div>
</blockquote></span>
If the needs of those that work in security means legal requirements
have to be violated then there is a problem. If they can work within
the legal requirements then there isn't. <br><span class="">
<br>
<blockquote type="cite">
<div dir="auto">
<div dir="auto">-we also have registrars attempting to
"mansplain" spam and abuse to people who work IN antispam and
antiabuse</div>
</div>
</blockquote></span>
I thought that term means constantly interrupting the other party to
"correct" them without giving them opportunity to finish? I wasn't
aware that this can be done by email.<span class=""><br>
<blockquote type="cite">
<div dir="auto">
<div dir="auto">-we have people complain about lack of privacy
in whois when it's already been proven that private people
have many options to choose from<br>
</div>
</div>
</blockquote></span>
Just because there are alternative options that does not imply that
the status quo is as it should or needs to be. Privacy officials
have repeatedly told ICANN that the current WHOIS has significant
issues and it is now time to address those issues. <br><span class="">
<blockquote type="cite">
<div dir="auto">
<div dir="auto">
<div dir="auto"><br>
</div>
<div dir="auto">So these logical inconsistencies raise serious
questions. Personally, i am not so quick to accuse people of
criminal motivations. After all, i did check the numbers to
see if any of the registrars participating here have a
disproportionate number of abusive customers. Thanks to the
existence of public whois, i did not observe anything
indicating that.</div>
</div>
</div>
</blockquote></span>
I do not see any inconsistencies. Maybe it depends on the point of
view and personal experience.<span class=""><br>
<blockquote type="cite">
<div dir="auto">
<div dir="auto">
<div dir="auto"><br>
</div>
<div dir="auto">Still, the logical inconsistencies raise many
questions. Personally, my theory is that the registrars dont
want to spend money on running whois servers. And they are
bitter that aggregators make money from it when they don't.
That type of argument is logically consistent and is
something i can actually work with. <br>
</div>
</div>
</div>
</blockquote></span>
Whois servers cost next to nothing to maintain. It is the complaints
of current or former customers why their current/old information is
(still) out there even though they sold or deleted their domain or
changed their data that cost time (=money). Having to explain to
customers that the agreement that they didn't read included a
reference to our obligation to publish their whois details and pass
them on to the registry and escrow service costs time. And yes, even
if that clause is seperated out and seperately agreement is
required, most customers simply will not read it.<span class=""><br>
<blockquote type="cite">
<div dir="auto">
<div dir="auto"><br>
<div dir="auto">I know youall are here to represent your
company's interests, and this is a serious fact worth
considering. I know that some similar monetization schemes
already, and if you dont see the opportunity then your
registrar is probably missing out. The registrars that do
this not only make extra money, but the data is used to do
anti-abuse work for them for free so they can keep their
customer base clean without hiring anyone extra. </div>
</div>
</div>
</blockquote></span>
Well, my employment and my company's interests are not all that
there is to me. I also firmly believe in consumer privacy and the
right of each individual to the privacy of their own data. <br>
<br>
Best,<br>
Volker<span class=""><br>
<br>
<blockquote type="cite">
<div dir="auto">
<div dir="auto">
<div dir="auto"><br>
</div>
<div dir="auto"><br>
</div>
</div>
<br>
<div class="gmail_extra" dir="auto"><br>
<div class="gmail_quote">On Jun 8, 2017 4:56 AM, "Stephanie
Perrin" <<a href="mailto:stephanie.perrin@mail.utoronto.ca" target="_blank">stephanie.perrin@mail.<wbr>utoronto.ca</a>>
wrote:<br type="attribution">
<blockquote class="m_1573727806736430813quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<div text="#000000" bgcolor="#FFFFFF">
<p><font size="+1"><font face="Lucida Grande">Calling me
naive, ill informed etc. does not actually answer
the question folks. It is, I am afraid, a valid
question. What criteria does an organization like
APWG apply, when it admits members and shares data
with them? How do you ensure you are not sharing
data with organizations who are going to misuse
it? that data of course is much more that what we
are talking about with thin data, but I did
actually work on this issue on successive versions
of the anti-spam legislation. Oddly enough,
government lawyers examining the issue (mostly
from the competition bureau who deal with criminal
matters) never labelled me "naive".</font></font></p>
<p><font size="+1"><font face="Lucida Grande">Folks, can
we please try to be polite to one another on this
list? When I have questions like this, I often
check with experts before I ask. They don't call
me naive, they answer my questions.</font></font></p>
<p><font size="+1"><font face="Lucida Grande">Thanks
again.</font></font></p>
<font color="#888888">
<p><font size="+1"><font face="Lucida Grande">Stephanie</font></font><br>
</p>
</font>
<div class="m_1573727806736430813elided-text"> <br>
<div class="m_1573727806736430813m_6811967983391159068moz-cite-prefix">On
2017-06-08 01:54, Neil Schwartzman wrote:<br>
</div>
</div>
<blockquote type="cite">
<div class="m_1573727806736430813elided-text"> My experience differs
slightly. They aren’t ignored. The presence of these
.TLDs is a strong indicator of abuse which bears
further investigation.
<div><br>
</div>
<div>
<div>To the point at hand: I believe the notion of
certifying private cybercrime investigators to
be painfully naive (do I ignore reports from
someone without a Internet Investigator License?
Do we disallow them access to data?),
impractical in the developed world, and deeply
chauvinistic, patronizing and exclusionary to
our colleagues in emerging nations where
capacity building is exactly what’s needed to
deal with next-gen abuse.</div>
<div><br>
</div>
<div><br>
</div>
<div>
<div>
<blockquote type="cite">
<div>On Jun 8, 2017, at 2:36 AM, allison
nixon <<a href="mailto:elsakoo@gmail.com" target="_blank">elsakoo@gmail.com</a>>
wrote:</div>
<br class="m_1573727806736430813m_6811967983391159068Apple-interchange-newline">
<div><span style="font-family:Helvetica;font-size:12.800000190734863px;font-style:normal;font-variant-caps:normal;font-weight:normal;letter-spacing:normal;text-align:start;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px;float:none;display:inline!important">We're
getting there. Entire top level domains
are already ignored on many networks
like .science, .xyz, .pw, .top, .club,
et cetera</span></div>
</blockquote>
</div>
<br>
</div>
</div>
<br>
<fieldset class="m_1573727806736430813m_6811967983391159068mimeAttachmentHeader"></fieldset>
<br>
</div>
<div class="m_1573727806736430813quoted-text">
<pre>______________________________<wbr>_________________
gnso-rds-pdp-wg mailing list
<a class="m_1573727806736430813m_6811967983391159068moz-txt-link-abbreviated" href="mailto:gnso-rds-pdp-wg@icann.org" target="_blank">gnso-rds-pdp-wg@icann.org</a>
<a class="m_1573727806736430813m_6811967983391159068moz-txt-link-freetext" href="https://mm.icann.org/mailman/listinfo/gnso-rds-pdp-wg" target="_blank">https://mm.icann.org/mailman/l<wbr>istinfo/gnso-rds-pdp-wg</a></pre>
</div>
</blockquote>
<br>
</div>
<br>
______________________________<wbr>_________________<br>
gnso-rds-pdp-wg mailing list<br>
<a href="mailto:gnso-rds-pdp-wg@icann.org" target="_blank">gnso-rds-pdp-wg@icann.org</a><br>
<a href="https://mm.icann.org/mailman/listinfo/gnso-rds-pdp-wg" rel="noreferrer" target="_blank">https://mm.icann.org/mailman/l<wbr>istinfo/gnso-rds-pdp-wg</a><br>
</blockquote>
</div>
<br>
</div>
</div>
<br>
<fieldset class="m_1573727806736430813mimeAttachmentHeader"></fieldset>
<br>
<pre>______________________________<wbr>_________________
gnso-rds-pdp-wg mailing list
<a class="m_1573727806736430813moz-txt-link-abbreviated" href="mailto:gnso-rds-pdp-wg@icann.org" target="_blank">gnso-rds-pdp-wg@icann.org</a>
<a class="m_1573727806736430813moz-txt-link-freetext" href="https://mm.icann.org/mailman/listinfo/gnso-rds-pdp-wg" target="_blank">https://mm.icann.org/mailman/<wbr>listinfo/gnso-rds-pdp-wg</a></pre>
</blockquote>
<br>
</span><div><div class="h5"><pre class="m_1573727806736430813moz-signature" cols="72">--
Bei weiteren Fragen stehen wir Ihnen gerne zur Verfügung.
Mit freundlichen Grüßen,
Volker A. Greimann
- Rechtsabteilung -
Key-Systems GmbH
Im Oberen Werk 1
66386 St. Ingbert
Tel.: <a href="tel:+49%206894%209396901" value="+4968949396901" target="_blank">+49 (0) 6894 - 9396 901</a>
Fax.: <a href="tel:+49%206894%209396851" value="+4968949396851" target="_blank">+49 (0) 6894 - 9396 851</a>
Email: <a class="m_1573727806736430813moz-txt-link-abbreviated" href="mailto:vgreimann@key-systems.net" target="_blank">vgreimann@key-systems.net</a>
Web: <a class="m_1573727806736430813moz-txt-link-abbreviated" href="http://www.key-systems.net" target="_blank">www.key-systems.net</a> / <a class="m_1573727806736430813moz-txt-link-abbreviated" href="http://www.RRPproxy.net" target="_blank">www.RRPproxy.net</a>
<a class="m_1573727806736430813moz-txt-link-abbreviated" href="http://www.domaindiscount24.com" target="_blank">www.domaindiscount24.com</a> / <a class="m_1573727806736430813moz-txt-link-abbreviated" href="http://www.BrandShelter.com" target="_blank">www.BrandShelter.com</a>
Folgen Sie uns bei Twitter oder werden Sie unser Fan bei Facebook:
<a class="m_1573727806736430813moz-txt-link-abbreviated" href="http://www.facebook.com/KeySystems" target="_blank">www.facebook.com/KeySystems</a>
<a class="m_1573727806736430813moz-txt-link-abbreviated" href="http://www.twitter.com/key_systems" target="_blank">www.twitter.com/key_systems</a>
Geschäftsführer: Alexander Siffrin
Handelsregister Nr.: HR B 18835 - Saarbruecken
Umsatzsteuer ID.: DE211006534
Member of the KEYDRIVE GROUP
<a class="m_1573727806736430813moz-txt-link-abbreviated" href="http://www.keydrive.lu" target="_blank">www.keydrive.lu</a>
Der Inhalt dieser Nachricht ist vertraulich und nur für den angegebenen Empfänger bestimmt. Jede Form der Kenntnisgabe, Veröffentlichung oder Weitergabe an Dritte durch den Empfänger ist unzulässig. Sollte diese Nachricht nicht für Sie bestimmt sein, so bitten wir Sie, sich mit uns per E-Mail oder telefonisch in Verbindung zu setzen.
------------------------------<wbr>--------------
Should you have any further questions, please do not hesitate to contact us.
Best regards,
Volker A. Greimann
- legal department -
Key-Systems GmbH
Im Oberen Werk 1
66386 St. Ingbert
Tel.: <a href="tel:+49%206894%209396901" value="+4968949396901" target="_blank">+49 (0) 6894 - 9396 901</a>
Fax.: <a href="tel:+49%206894%209396851" value="+4968949396851" target="_blank">+49 (0) 6894 - 9396 851</a>
Email: <a class="m_1573727806736430813moz-txt-link-abbreviated" href="mailto:vgreimann@key-systems.net" target="_blank">vgreimann@key-systems.net</a>
Web: <a class="m_1573727806736430813moz-txt-link-abbreviated" href="http://www.key-systems.net" target="_blank">www.key-systems.net</a> / <a class="m_1573727806736430813moz-txt-link-abbreviated" href="http://www.RRPproxy.net" target="_blank">www.RRPproxy.net</a>
<a class="m_1573727806736430813moz-txt-link-abbreviated" href="http://www.domaindiscount24.com" target="_blank">www.domaindiscount24.com</a> / <a class="m_1573727806736430813moz-txt-link-abbreviated" href="http://www.BrandShelter.com" target="_blank">www.BrandShelter.com</a>
Follow us on Twitter or join our fan community on Facebook and stay updated:
<a class="m_1573727806736430813moz-txt-link-abbreviated" href="http://www.facebook.com/KeySystems" target="_blank">www.facebook.com/KeySystems</a>
<a class="m_1573727806736430813moz-txt-link-abbreviated" href="http://www.twitter.com/key_systems" target="_blank">www.twitter.com/key_systems</a>
CEO: Alexander Siffrin
Registration No.: HR B 18835 - Saarbruecken
V.A.T. ID.: DE211006534
Member of the KEYDRIVE GROUP
<a class="m_1573727806736430813moz-txt-link-abbreviated" href="http://www.keydrive.lu" target="_blank">www.keydrive.lu</a>
This e-mail and its attachments is intended only for the person to whom it is addressed. Furthermore it is not permitted to publish any content of this email. You must not use, disclose, copy, print or rely on this e-mail. If an addressing or transmission error has misdirected this e-mail, kindly notify the author by replying to this e-mail or contacting us by telephone.
</pre>
</div></div></div>
<br>______________________________<wbr>_________________<br>
gnso-rds-pdp-wg mailing list<br>
<a href="mailto:gnso-rds-pdp-wg@icann.org">gnso-rds-pdp-wg@icann.org</a><br>
<a href="https://mm.icann.org/mailman/listinfo/gnso-rds-pdp-wg" rel="noreferrer" target="_blank">https://mm.icann.org/mailman/<wbr>listinfo/gnso-rds-pdp-wg</a><br></blockquote></div><br><br clear="all"><div><br></div>-- <br><div class="gmail_signature" data-smartmail="gmail_signature">_________________________________<br>Note to self: Pillage BEFORE burning.</div>
</div>