<html><head><meta http-equiv="content-type" content="text/html; charset=utf-8"></head><body dir="auto">+100<br><br><div id="AppleMailSignature">Sincerely,<div>Paul Keating, Esq.</div></div><div><br>On Dec 8, 2017, at 5:57 PM, Greg Shatan <<a href="mailto:gregshatanipc@gmail.com">gregshatanipc@gmail.com</a>> wrote:<br><br></div><blockquote type="cite"><div><div dir="ltr"><div class="gmail_default" style="font-family:verdana,sans-serif">Sam,</div><div class="gmail_default" style="font-family:verdana,sans-serif"><br></div><div class="gmail_default" style="font-family:verdana,sans-serif">From my experience in doing or supervising a number of domain name portfolio audits and due diligence on domain name acquisitions (often, in the context of larger corporate acquisitions), I would say that Whois is the centerpiece of the project -- not a "tiny part," as you conjecture. </div><div class="gmail_default" style="font-family:verdana,sans-serif"><br></div><div class="gmail_default" style="font-family:verdana,sans-serif">Generically, a critical and essential phase of any due diligence or audit project is checking the company's own records and the records of their known providers against public databases. Audits (or other forms of internal or consultant double-checking) are a typical part of domain name management</div><div class="gmail_default" style="font-family:verdana,sans-serif"><br></div><div class="gmail_default" style="font-family:verdana,sans-serif">In such audits and due diligence projects, even where one has access to the records of the domain name owner and/or their registrar(s), Whois is an absolutely necessary check against those records. Internal records can (and almost always do) have mistakes or omissions, and even where you have access to all of the registrar(s) information, there are often stray domains that are owned outside of the registrars the company think have all their domains.</div><div class="gmail_default" style="font-family:verdana,sans-serif"><br></div><div class="gmail_default" style="font-family:verdana,sans-serif">Failure of Whois or RDS to provide this component of due diligence would cripple due diligence, and most likely have knock-on effects, such as lower confidence (and lower prices) in corporate domain name acquisitions and trust in the DNS. There would also be an increase in post-acquisition clean-up, since the acquiror's pre-acquisition due diligence would be far less likely to uncover inaccuracies.</div><div class="gmail_default" style="font-family:verdana,sans-serif"><br></div><div class="gmail_default" style="font-family:verdana,sans-serif">The business community has been accustomed to thinking of domains as being the type of asset where one has a third party doublecheck (akin to real property title search and IP registrations, among other things). Putting domains into the category of independently uncheckable assets would be highly detrimental.</div><div class="gmail_default" style="font-family:verdana,sans-serif"><br></div><div class="gmail_default" style="font-family:verdana,sans-serif">Greg</div><div class="gmail_default" style="font-family:verdana,sans-serif"><br></div><div class="gmail_default" style="font-family:verdana,sans-serif"><br></div></div><div class="gmail_extra"><br><div class="gmail_quote">On Fri, Dec 8, 2017 at 11:36 AM, Volker Greimann <span dir="ltr"><<a href="mailto:vgreimann@key-systems.net" target="_blank">vgreimann@key-systems.net</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<div text="#000000" bgcolor="#FFFFFF">
<p>Some registrars offer ownership certification services. That
would be an alternate third party verification, possibly even
better than someone looking at a whois record.</p>
<p>Best,</p>
<p>Volker<br>
</p><div><div class="h5">
<br>
<div class="m_2394540446110586529moz-cite-prefix">Am 08.12.2017 um 17:33 schrieb allison
nixon:<br>
</div>
<blockquote type="cite">
<div dir="ltr">Even from the point of view of the person
controlling the domain, the outside verification is extremely
valuable. Incidents of account takeover don't always end well
for the original account holder, and companies in general (not
just registrars, but telcos, social media companies, etc), are
NOT forthcoming about details about what the bad actor did while
signed into the victim's account. Sometimes this is due to bad
customer service, or bad internal recordkeeping. Many instances
of failure to return the account to the owner is actually
because historical account data is NOT saved by the company.
<div><br>
</div>
<div>For the domain takeover incidents I have seen, the current
and historical WHOIS record is not just evidence, but it is
sometimes the only evidence available as to when the activity
started, what was affected, and what was attempted. Not only
that, but it serves as outside verifiable evidence that the
original registrant *really was* the original registrant.
Without that, we take the registrar's word for everything,
which may or may not be accurate or complete.</div>
<div><br>
</div>
</div>
<div class="gmail_extra"><br>
<div class="gmail_quote">On Fri, Dec 8, 2017 at 11:27 AM, Andrew
Sullivan <span dir="ltr"><<a href="mailto:ajs@anvilwalrusden.com" target="_blank">ajs@anvilwalrusden.com</a>></span>
wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><span>On Fri, Dec 08, 2017 at 11:13:53AM -0500, allison
nixon wrote:<br>
> >>Whois can be an indicator of ownership but it
is not evidence.<br>
><br>
> No, it is evidence and it has been used as evidence
in the past. For<br>
> example one case years ago when some Army domains
were hijacked and the<br>
> WHOIS data was changed to the name of a hacker gang.
the historical whois<br>
> data, the date of the change, and other factors were
used as evidence for<br>
> the timeline of events. And the people constructing
that timeline were not<br>
> working for the Army and didn't own the registrar
account.<br>
<br>
</span>Well, ok, but that doesn't mean this is domain name
management,<br>
either. It might be some other use case (I think it
probably is --<br>
abuse prevention or something). The management case does
seem to me<br>
to be only those who are directly interested in the normal
operation<br>
of the domain from the point of view of controlling it, and
the only<br>
question is whether the interested parties are necessarily
somehow<br>
involved in the contractual relationship with the registry
and<br>
involved registrars. I think Volker is saying, "Yes," and
I'm saying,<br>
"Maybe not."<br>
<span class="m_2394540446110586529im m_2394540446110586529HOEnZb"><br>
Best regards,<br>
<br>
A<br>
<br>
--<br>
Andrew Sullivan<br>
<a href="mailto:ajs@anvilwalrusden.com" target="_blank">ajs@anvilwalrusden.com</a><br>
</span>
<div class="m_2394540446110586529HOEnZb">
<div class="m_2394540446110586529h5">______________________________<wbr>_________________<br>
gnso-rds-pdp-wg mailing list<br>
<a href="mailto:gnso-rds-pdp-wg@icann.org" target="_blank">gnso-rds-pdp-wg@icann.org</a><br>
<a href="https://mm.icann.org/mailman/listinfo/gnso-rds-pdp-wg" rel="noreferrer" target="_blank">https://mm.icann.org/mailman/l<wbr>istinfo/gnso-rds-pdp-wg</a><br>
</div>
</div>
</blockquote>
</div>
<br>
<br clear="all">
<div><br>
</div>
-- <br>
<div class="m_2394540446110586529gmail_signature" data-smartmail="gmail_signature">______________________________<wbr>___<br>
Note to self: Pillage BEFORE burning.</div>
</div>
<br>
<fieldset class="m_2394540446110586529mimeAttachmentHeader"></fieldset>
<br>
<pre>______________________________<wbr>_________________
gnso-rds-pdp-wg mailing list
<a class="m_2394540446110586529moz-txt-link-abbreviated" href="mailto:gnso-rds-pdp-wg@icann.org" target="_blank">gnso-rds-pdp-wg@icann.org</a>
<a class="m_2394540446110586529moz-txt-link-freetext" href="https://mm.icann.org/mailman/listinfo/gnso-rds-pdp-wg" target="_blank">https://mm.icann.org/mailman/<wbr>listinfo/gnso-rds-pdp-wg</a></pre>
</blockquote>
<br>
</div></div><pre class="m_2394540446110586529moz-signature" cols="72"><span class="HOEnZb"><font color="#888888">--
Bei weiteren Fragen stehen wir Ihnen gerne zur Verfügung.
Mit freundlichen Grüßen,
Volker A. Greimann
- Rechtsabteilung -
Key-Systems GmbH
Im Oberen Werk 1
66386 St. Ingbert
Tel.: <a href="tel:+49%206894%209396901" value="+4968949396901" target="_blank">+49 (0) 6894 - 9396 901</a></font></span><div><div class="h5">
Fax.: <a href="tel:+49%206894%209396851" value="+4968949396851" target="_blank">+49 (0) 6894 - 9396 851</a>
Email: <a class="m_2394540446110586529moz-txt-link-abbreviated" href="mailto:vgreimann@key-systems.net" target="_blank">vgreimann@key-systems.net</a>
Web: <a class="m_2394540446110586529moz-txt-link-abbreviated" href="http://www.key-systems.net" target="_blank">www.key-systems.net</a> / <a class="m_2394540446110586529moz-txt-link-abbreviated" href="http://www.RRPproxy.net" target="_blank">www.RRPproxy.net</a>
<a class="m_2394540446110586529moz-txt-link-abbreviated" href="http://www.domaindiscount24.com" target="_blank">www.domaindiscount24.com</a> / <a class="m_2394540446110586529moz-txt-link-abbreviated" href="http://www.BrandShelter.com" target="_blank">www.BrandShelter.com</a>
Folgen Sie uns bei Twitter oder werden Sie unser Fan bei Facebook:
<a class="m_2394540446110586529moz-txt-link-abbreviated" href="http://www.facebook.com/KeySystems" target="_blank">www.facebook.com/KeySystems</a>
<a class="m_2394540446110586529moz-txt-link-abbreviated" href="http://www.twitter.com/key_systems" target="_blank">www.twitter.com/key_systems</a>
Geschäftsführer: Alexander Siffrin
Handelsregister Nr.: HR B 18835 - Saarbruecken
Umsatzsteuer ID.: DE211006534
Member of the KEYDRIVE GROUP
<a class="m_2394540446110586529moz-txt-link-abbreviated" href="http://www.keydrive.lu" target="_blank">www.keydrive.lu</a>
Der Inhalt dieser Nachricht ist vertraulich und nur für den angegebenen Empfänger bestimmt. Jede Form der Kenntnisgabe, Veröffentlichung oder Weitergabe an Dritte durch den Empfänger ist unzulässig. Sollte diese Nachricht nicht für Sie bestimmt sein, so bitten wir Sie, sich mit uns per E-Mail oder telefonisch in Verbindung zu setzen.
------------------------------<wbr>--------------
Should you have any further questions, please do not hesitate to contact us.
Best regards,
Volker A. Greimann
- legal department -
Key-Systems GmbH
Im Oberen Werk 1
66386 St. Ingbert
Tel.: <a href="tel:+49%206894%209396901" value="+4968949396901" target="_blank">+49 (0) 6894 - 9396 901</a>
Fax.: <a href="tel:+49%206894%209396851" value="+4968949396851" target="_blank">+49 (0) 6894 - 9396 851</a>
Email: <a class="m_2394540446110586529moz-txt-link-abbreviated" href="mailto:vgreimann@key-systems.net" target="_blank">vgreimann@key-systems.net</a>
Web: <a class="m_2394540446110586529moz-txt-link-abbreviated" href="http://www.key-systems.net" target="_blank">www.key-systems.net</a> / <a class="m_2394540446110586529moz-txt-link-abbreviated" href="http://www.RRPproxy.net" target="_blank">www.RRPproxy.net</a>
<a class="m_2394540446110586529moz-txt-link-abbreviated" href="http://www.domaindiscount24.com" target="_blank">www.domaindiscount24.com</a> / <a class="m_2394540446110586529moz-txt-link-abbreviated" href="http://www.BrandShelter.com" target="_blank">www.BrandShelter.com</a>
Follow us on Twitter or join our fan community on Facebook and stay updated:
<a class="m_2394540446110586529moz-txt-link-abbreviated" href="http://www.facebook.com/KeySystems" target="_blank">www.facebook.com/KeySystems</a>
<a class="m_2394540446110586529moz-txt-link-abbreviated" href="http://www.twitter.com/key_systems" target="_blank">www.twitter.com/key_systems</a>
CEO: Alexander Siffrin
Registration No.: HR B 18835 - Saarbruecken
V.A.T. ID.: DE211006534
Member of the KEYDRIVE GROUP
<a class="m_2394540446110586529moz-txt-link-abbreviated" href="http://www.keydrive.lu" target="_blank">www.keydrive.lu</a>
This e-mail and its attachments is intended only for the person to whom it is addressed. Furthermore it is not permitted to publish any content of this email. You must not use, disclose, copy, print or rely on this e-mail. If an addressing or transmission error has misdirected this e-mail, kindly notify the author by replying to this e-mail or contacting us by telephone.
</div></div></pre>
</div>
<br>______________________________<wbr>_________________<br>
gnso-rds-pdp-wg mailing list<br>
<a href="mailto:gnso-rds-pdp-wg@icann.org">gnso-rds-pdp-wg@icann.org</a><br>
<a href="https://mm.icann.org/mailman/listinfo/gnso-rds-pdp-wg" rel="noreferrer" target="_blank">https://mm.icann.org/mailman/<wbr>listinfo/gnso-rds-pdp-wg</a><br></blockquote></div><br></div>
</div></blockquote><blockquote type="cite"><div><span>_______________________________________________</span><br><span>gnso-rds-pdp-wg mailing list</span><br><span><a href="mailto:gnso-rds-pdp-wg@icann.org">gnso-rds-pdp-wg@icann.org</a></span><br><span><a href="https://mm.icann.org/mailman/listinfo/gnso-rds-pdp-wg">https://mm.icann.org/mailman/listinfo/gnso-rds-pdp-wg</a></span></div></blockquote></body></html>