<div><div dir="auto">The overwhelming majority of phishing is on compromised domains, and the primary course of mitigation is contacting the victim alongside their hosting provider. This is not done by the registrars currently but it could be contractually imposed on them, I suppose. </div><br><div class="gmail_quote"><div>On Tue, Oct 3, 2017 at 3:06 PM Jeremy Malcolm <<a href="mailto:jmalcolm@eff.org">jmalcolm@eff.org</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">So because my comments have generated a bit of blowback from people I<br>
respect, I took the initiative to consult internally with some of my<br>
colleagues who have more expertise in cybersecurity than I do, to make<br>
sure that I'm not missing something. It turns out that they agree with<br>
my take on what EFF's position is here.<br>
<br>
They did not think that we should be designing an RDS that would gather<br>
information about domain registrants beyond what is required for<br>
technical operation of the DNS. Even if such information were only<br>
limited to anti-abuse professionals, that also wouldn't work. There<br>
would be nothing to stop malicious actors from identifying as anti-abuse<br>
professionals - neither would want to have a system to "vet" anti-abuse<br>
professionals, because that would be even more problematic.<br>
<br>
They think that anti-abuse professionals should be able to work with<br>
whatever information they have that we already collect for the narrower<br>
technical purposes of the operation of the DNS. There is no added value<br>
in collecting personal information - after all, criminals are not going<br>
to provide correct information anyway, and if a domain has been<br>
compromised then the personal information of the original registrant<br>
isn't going to help much, and its availability in the wild could cause<br>
significant harm to the registrant.<br>
<br>
So, I stand by what I originally wrote and can confirm that this is<br>
EFF's position, much as the anti-abuse professionals on this list may<br>
disagree with it.<br>
<br>
On 30/9/17 3:07 pm, Greg Aaron wrote:<br>
> I assume that the EFF (or its Internet service provider, Unwired) uses reputation systems to filter the EFF's email and keep malware, phishing, and spam from reaching the EFF staff. Just like every other enterprise out there.<br>
><br>
> Recently the EFF has been worried about malware and phishing attacks against NGOs, and has been a proponent of patching compromised machines that are being used to attack other people. Reputation systems are what people use to protect themselves and their networks against such things.<br>
><br>
> Would the DNS work without reputation systems? That is the wrong question, a reductio ad absurdum. A DNS without any users is worthless. Reputation systems are one of the things that keeps the Internet usable.<br>
><br>
> Domain names exist in order to enable communication. And in the DNS, people can send you whatever packets they want to, whether you want it or not. Users need to decide what traffic they wish to accept, and part of that is understanding what the sender or origin is. And some of those senders want to do us, and the people we wish to protect, great harm.<br>
><br>
> All best,<br>
> --Greg<br>
><br>
><br>
><br>
> -----Original Message-----<br>
> From: <a href="mailto:gnso-rds-pdp-wg-bounces@icann.org" target="_blank">gnso-rds-pdp-wg-bounces@icann.org</a> [mailto:<a href="mailto:gnso-rds-pdp-wg-bounces@icann.org" target="_blank">gnso-rds-pdp-wg-bounces@icann.org</a>] On Behalf Of Jeremy Malcolm<br>
> Sent: Friday, September 29, 2017 2:57 PM<br>
> To: <a href="mailto:gnso-rds-pdp-wg@icann.org" target="_blank">gnso-rds-pdp-wg@icann.org</a><br>
> Subject: Re: [gnso-rds-pdp-wg] Reputation systems are not just nice to have (was Re: What we want redux)<br>
><br>
> On 29/9/17 11:44 am, Andrew Sullivan wrote:<br>
>> Since we are making policy for a system that is used in support of<br>
>> domain name operation, we need to make that support work for all the<br>
>> parts of the operations in question. One of the operations in<br>
>> question is various reputation systems, so I think it is not optional<br>
>> for us to support that functionality.<br>
> I disagree, I think that a case can be made that reputation systems are important, but they're not essential to the operation of the DNS. You might as easily say that because advertising revenue is also used "in support of domain name operation", we need to make sure that the DNS supports that. There are lots of different working parts of the Internet ecosystem that make our online experience better, including voluntary reputation systems, but would the DNS still work without them? Yes.<br>
><br>
> --<br>
> Jeremy Malcolm<br>
> Senior Global Policy Analyst<br>
> Electronic Frontier Foundation<br>
> <a href="https://eff.org" rel="noreferrer" target="_blank">https://eff.org</a><br>
> <a href="mailto:jmalcolm@eff.org" target="_blank">jmalcolm@eff.org</a><br>
><br>
> Tel: 415.436.9333 ext 161<br>
><br>
> :: Defending Your Rights in the Digital World ::<br>
><br>
> Public key: <a href="https://www.eff.org/files/2016/11/27/key_jmalcolm.txt" rel="noreferrer" target="_blank">https://www.eff.org/files/2016/11/27/key_jmalcolm.txt</a><br>
> PGP fingerprint: 75D2 4C0D 35EA EA2F 8CA8 8F79 4911 EC4A EDDF 1122<br>
><br>
><br>
<br>
--<br>
Jeremy Malcolm<br>
Senior Global Policy Analyst<br>
Electronic Frontier Foundation<br>
<a href="https://eff.org" rel="noreferrer" target="_blank">https://eff.org</a><br>
<a href="mailto:jmalcolm@eff.org" target="_blank">jmalcolm@eff.org</a><br>
<br>
Tel: 415.436.9333 ext 161<br>
<br>
:: Defending Your Rights in the Digital World ::<br>
<br>
Public key: <a href="https://www.eff.org/files/2016/11/27/key_jmalcolm.txt" rel="noreferrer" target="_blank">https://www.eff.org/files/2016/11/27/key_jmalcolm.txt</a><br>
PGP fingerprint: 75D2 4C0D 35EA EA2F 8CA8 8F79 4911 EC4A EDDF 1122<br>
<br>
<br>
_______________________________________________<br>
gnso-rds-pdp-wg mailing list<br>
<a href="mailto:gnso-rds-pdp-wg@icann.org" target="_blank">gnso-rds-pdp-wg@icann.org</a><br>
<a href="https://mm.icann.org/mailman/listinfo/gnso-rds-pdp-wg" rel="noreferrer" target="_blank">https://mm.icann.org/mailman/listinfo/gnso-rds-pdp-wg</a></blockquote></div></div><div dir="ltr">-- <br></div><div class="gmail_signature" data-smartmail="gmail_signature">Jonathan Matkowsky</div>
<br>
<span style="color:rgb(34,34,34);font-family:arial,sans-serif;font-size:12.8px;background-color:rgb(255,255,255)">******************************</span><span style="color:rgb(34,34,34);font-family:arial,sans-serif;font-size:12.8px;background-color:rgb(255,255,255)"><wbr>******************************</span><span style="color:rgb(34,34,34);font-family:arial,sans-serif;font-size:12.8px;background-color:rgb(255,255,255)"><wbr>*******<br></span><span style="color:rgb(34,34,34);font-family:arial,sans-serif;font-size:12.8px;background-color:rgb(255,255,255)">This message was sent from RiskIQ, and is intended only for the designated recipient(s). It may contain confidential or proprietary information and may be subject to confidentiality protections. If you are not a designated recipient, you may not review, copy or distribute this message. If you receive this in error, please notify the sender by reply e-mail and delete this message. Thank you.</span><p style="color:rgb(34,34,34);font-family:arial,sans-serif;font-size:12.8px;background-color:rgb(255,255,255)"></p><span style="color:rgb(34,34,34);font-family:arial,sans-serif;font-size:12.8px;background-color:rgb(255,255,255)">******************************</span><span style="color:rgb(34,34,34);font-family:arial,sans-serif;font-size:12.8px;background-color:rgb(255,255,255)"><wbr>******************************</span><span style="color:rgb(34,34,34);font-family:arial,sans-serif;font-size:12.8px;background-color:rgb(255,255,255)"><wbr>*******</span>