[gnso-rds-pdp-wg] Dangers of public whois
Greg Aaron
gca at icginc.com
Tue Feb 14 19:19:36 UTC 2017
No, the RAA validation steps are trivially easy to get around. You use the example of a fake email address. Criminals know not to use fake email addresses, and they don’t need to because they can get email addresses for free. One can sign up for free email accounts anonymously. There are even underground services that will generate freemail accounts in bulk. These services cater to criminals such as spammers who need to register lots of domain names.
All best,
--Greg
From: gnso-rds-pdp-wg-bounces at icann.org [mailto:gnso-rds-pdp-wg-bounces at icann.org] On Behalf Of Hollenbeck, Scott
Sent: Tuesday, February 14, 2017 1:57 PM
To: 'elsakoo at gmail.com' <elsakoo at gmail.com>
Cc: 'gnso-rds-pdp-wg at icann.org' <gnso-rds-pdp-wg at icann.org>
Subject: Re: [gnso-rds-pdp-wg] Dangers of public whois
From: allison nixon [mailto:elsakoo at gmail.com]
Sent: Tuesday, February 14, 2017 1:35 PM
To: Hollenbeck, Scott <shollenbeck at verisign.com<mailto:shollenbeck at verisign.com>>
Cc: vgreimann at key-systems.net<mailto:vgreimann at key-systems.net>; gnso-rds-pdp-wg at icann.org<mailto:gnso-rds-pdp-wg at icann.org>
Subject: [EXTERNAL] Re: [gnso-rds-pdp-wg] Dangers of public whois
>>[SAH] Actually, there *are* requirements to provide valid data and for registrars to perform validation processing:
How do you expect toothless policy to work *on the Internet*? Seriously?
Yes, seriously. Registrars who do not implement the policy are subject to having their accreditation revoked. ICANN has, in fact, revoked or suspended accreditations. Here are two examples:
https://www.icann.org/news/announcement-2-2007-03-16-en
https://www.icann.org/en/system/files/correspondence/serad-to-patel-2-18jul14-en.pdf
worst that can happen when you put in fake whois data is that your domain gets reported, you change "123 fake st" to "124 fake st", and your registrar is satisfied because what more can they possibly do. I know this because I went through this with an old sinkhole domain. It's a total joke. Let's not pretend it's anything more than that.
Not true. A fake email address, for example, can be detected easily when email sent to it (one of the registrar’s validation requirements) gets bounced back. The worst that can happen is that your domain gets put into some non-operational state (“suspend the registration” per the RAA).
Scott
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mm.icann.org/pipermail/gnso-rds-pdp-wg/attachments/20170214/5cb7ffcb/attachment.html>
More information about the gnso-rds-pdp-wg
mailing list