[gnso-rds-pdp-wg] Dangers of public whois

allison nixon elsakoo at gmail.com
Tue Feb 14 19:07:56 UTC 2017 

Scott, when I say fake email for WHOIS, most people generally understand it
to mean a junk email address, a "mailinator" or "yopmail" address, or a
newly created email address that will never be used again. The
"verification" process is straightforward and quickly learned by anyone
that doesn't understand, and no part of the process forces people to use an
e-mail address that they actively use. At this point in time most Internet
users understand the concept of a junk email address.

>>Yes, seriously. Registrars who do not implement the policy are subject to
having their accreditation revoked. ICANN has, in fact, revoked or
suspended accreditations. Here are two examples:

The fact that it happened twice, three, and ten years ago does not change
the daily reality that this information is not verified, even when reported
through a registrar's abuse channels. I'm going to continue stating that
this policy is a joke until the reality of the bad state of WHOIS data
changes, and then I will change my mind based on the evidence.



On Tue, Feb 14, 2017 at 1:56 PM, Hollenbeck, Scott <shollenbeck at verisign.com
> wrote:

> *From:* allison nixon [mailto:elsakoo at gmail.com]
> *Sent:* Tuesday, February 14, 2017 1:35 PM
> *To:* Hollenbeck, Scott <shollenbeck at verisign.com>
> *Cc:* vgreimann at key-systems.net; gnso-rds-pdp-wg at icann.org
> *Subject:* [EXTERNAL] Re: [gnso-rds-pdp-wg] Dangers of public whois
>
>
>
> >>[SAH] Actually, there *are* requirements to provide valid data and for
> registrars to perform validation processing:
>
>
>
> How do you expect toothless policy to work *on the Internet*? Seriously?
>
>
>
> Yes, seriously. Registrars who do not implement the policy are subject to
> having their accreditation revoked. ICANN has, in fact, revoked or
> suspended accreditations. Here are two examples:
>
>
>
> https://www.icann.org/news/announcement-2-2007-03-16-en
>
>
>
> https://www.icann.org/en/system/files/correspondence/
> serad-to-patel-2-18jul14-en.pdf
>
>
>
> worst that can happen when you put in fake whois data is that your domain
> gets reported, you change "123 fake st" to "124 fake st", and your
> registrar is satisfied because what more can they possibly do. I know this
> because I went through this with an old sinkhole domain. It's a total joke.
> Let's not pretend it's anything more than that.
>
>
>
> Not true. A fake email address, for example, can be detected easily when
> email sent to it (one of the registrar’s validation requirements) gets
> bounced back. The worst that can happen is that your domain gets put into
> some non-operational state (“suspend the registration” per the RAA).
>
>
>
> Scott
>



-- 
_________________________________
Note to self: Pillage BEFORE burning.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mm.icann.org/pipermail/gnso-rds-pdp-wg/attachments/20170214/c4cb1a57/attachment.html>

More information about the gnso-rds-pdp-wg mailing list