[registration-issues-wg] Feedback: RAA Proxy specification?

Derek Smythe derek at aa419.org
Sat Feb 4 22:03:56 UTC 2017

The short answer to a question I asked last year:

Reality is showing the proxy environment is being exploited to launch
attacks to the detriment of all internet users, from ordinary
consumers to even being abused to spoof registrars. ICANN Compliance
also does not see the seriousness of the issues at hand.

The past few months I've been looking at registrars and resellers
where we have known consumer harming issues.

We have registrars and resellers climbing on the privacy mantra,
profiting from it by supplying proxies, some even claiming on their
websites it's allowed by ICANN, yet not meeting the ICANN RAA

Then we have resellers deliberately supplying anonymity, as opposed to
privacy, by not collecting any user details, only the money, then
using their own proxy details. Typically they also shop around at
registrars based upon the contemplated domains usage. As an example,
Offshore Racks in Panama uses Reg.Ru, NameSilo and NameCheap. Much
harm is being done by fraudsters on their services.

In one incident we have registrar OurDomains in Hong Kong that
supplied proxy registrations, either using their own or their parent
company's details.  Only one domain saw over a hundred US based
victims being defrauded. Also over a hundred such domains were found
targeting consumers. This was lodged at ICANN Compliance. Result was:
> Dear Derek Smythe,
> Thank you for submitting a Privacy/Proxy complaint concerning the registrar Ourdomains Limited. ICANN has reviewed and closed your complaint because:
> The registrar of record informed ICANN that neither the registrar nor any of its affiliates offer a privacy/proxy registration service, and indicated any miscommunications from the statement: “As per Cesar Ma: There is no proxy policy on our website so far.” were due to a language issue.
> Accordingly, the registrar demonstrated that it took reasonable steps to investigate the inaccuracy of the Whois data by correcting, suspending, deleting, cancelling or otherwise deactivating the affected domain names. The domain name <atlantispomeranianshome.net> has been suspended.
> ICANN considers this matter now closed. If you require future assistance, please submit a new complaint to ICANN at http://www.icann.org/resources/compliance/complaints .
> Please do not reply to this email (replies to closed complaints are not monitored by ICANN staff).

This was despite evidence given to the contrary and clear domain
history still available showing the exact opposite. In the background
we suddenly saw a spate of clientHolds and then withdrawn, the domains
being made available with patently fake registration details.

Right now we have yohost.org being used for pubdomainregistry.com
redirecting to the legitimate Public Domain Registry. Yet this domain
has it's own bespoke email servers. Emails to  abuse at ... and info at ...

Any irony that both of the last two incidents links to the same
reseller, SwiftSlots?

These issues goes right to the heart of the stability and security of
all internet users and should be of concern to each and every reader.

Derek Smythe
Artists Against 419

On 2016-10-09 09:28 PM, Derek Smythe wrote:
> Maybe somebody here knows the answer:
> Is this actually being monitored and enforced, specifically section 2?

More information about the registration-issues-wg mailing list