[registration-issues-wg] [CPWG] Speaking of the WHOIS Dataset

Derek Smythe derek at aa419.org
Sat Dec 15 19:54:01 UTC 2018

Thanks for that Carlton

Looking at it, nothing new, nothing mitigated, nothing changed. In
fact things are worse today than ever for the consumer who faces the
effects, just wrapping it up in the temp spec and games.

Just spotted:

> Registrant Organization: Media Parts
> Registrant State/Province: London
> Registrant Country: NG
> Registrant Email: Select Contact Domain Holder link at...
Spoofing a bank, hosted on a Nigerian web hoster. Park this for a
minute ...

The hoster itself sells domains, SSL certificatates and hosting etc.
As such they are part of the domain reseller channel. Who is this
registrar? Whois says:

> Domain Status: clientDeleteProhibited
> http://www.icann.org/epp#clientDeleteProhibited
> Registrant Organization: WhoisGuard, Inc.
> Registrant State/Province: Panama
> Registrant Country: PA
> Registrant Email: Select Contact Domain Holder link at ...

Each port 43 look up is followed by:

> IMPORTANT: Port43 will provide the ICANN-required minimum data set per
> ICANN Temporary Specification, adopted 17 May 2018.
> Visit https://whois.godaddy.com to look up contact data for domains
> not covered by GDPR policy. 

In other words, the eagle eyed would have spotted WhoisGuard (a proxy
service) being further hidden.

The irony is that the link mentioned in WHOIS, just leads to the exact
same without a contact form or any way to contact the registrant.

Just for fun, digging into the WHOIS history of the reseller, we hit
upon a (not so) small problem described here:


Any reason to not expect abuse in the DNS system?

Instead, we find it's a secret if a party is a reseller for a
registrar, the reseller refuses to divulge which registrar they use.
Just pay up. Is that not a violation of the "Registrants' Benefits and
Responsibilities"? Of course, not knowing which reseller officially
uses which registrar is greatly frustrates accountability as per the
ICANN RAA 2013, where the registrar has to take responsibility for
their resellers.  So we find resellers allowing bullet proof hosting
for any malicious usage, sometime even designing scam templates and
spoofs (their only market, a well documented phenomenon), the
sponsoring  registrar distancing themselves from the domain abuse.

One hoster was caught with his hand in the cookie jar, deciding on
which registrar to use based upon the abuse type (which became the
subject of a Compliance complaint where the Registrar refused to act).

The point is we could either spend all our time fighting this abuse by
fighting certain registrars and the ICANN system (and not the abusers)
to only get bogged down in policy arguments and escalations.

https://www.icann.org/complaints-report - tick tock, consumer harm
ongoing ...

Signing off with this most insightful recent post:


Derek Smythe
Artists Against 419

On 2018/12/14 23:03, Carlton Samuels wrote:
> For those of you who might be interested, my ace researcher and
> constant support Dev Anand found the ALAC Statement pertaining  from
> May 2010.  
> As Christopher would - dated and brings memories of my Latin master
> in high school - say  '/mutatis mutandis/'.
> https://bit.ly/2Qu1XrH
> -Carlton
> ==============================
> /Carlton A Samuels/
> /Mobile: 876-818-1799
> Strategy, Process, Governance, Assessment & Turnaround/
> =============================
> _______________________________________________
> CPWG mailing list
> CPWG at icann.org
> https://mm.icann.org/mailman/listinfo/cpwg
> _______________________________________________
> registration-issues-wg mailing list
> registration-issues-wg at atlarge-lists.icann.org
> https://mm.icann.org/mailman/listinfo/registration-issues-wg
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mm.icann.org/pipermail/registration-issues-wg/attachments/20181215/e9c00b6f/attachment.html>

More information about the registration-issues-wg mailing list