[gnso-rds-pdp-wg] Dangers of public whois

Tue Feb 14 19:44:54 UTC 2017

Why isn't it? I've been doing it for years. It's a great way to avoid
having my PII abused. Please demonstrate these consequences to me.

On Tue, Feb 14, 2017 at 2:34 PM, Hollenbeck, Scott <shollenbeck at verisign.com
> wrote:

> Greg, I used the email address example only to address this statement
> originally sent by Allison (with emphasis added in bold italics for people
> with HTML-capable mail readers):
>
>
>
> “So put your contact address as "123 fake st" and your phone number as
> "555-555-5555". Make a *fake email*”
>
>
>
> All I’m trying to do is note that this kind of advice can cause real
> unintended operational consequences for well-meaning registrants who might
> think it’s a great way to avoid having their PII published via services
> like WHOIS. It isn’t.
>
>
>
> Scott
>
>
>
> *From:* Greg Aaron [mailto:gca at icginc.com]
> *Sent:* Tuesday, February 14, 2017 2:20 PM
> *To:* Hollenbeck, Scott <shollenbeck at verisign.com>; 'elsakoo at gmail.com' <
> elsakoo at gmail.com>
> *Cc:* 'gnso-rds-pdp-wg at icann.org' <gnso-rds-pdp-wg at icann.org>
> *Subject:* [EXTERNAL] RE: [gnso-rds-pdp-wg] Dangers of public whois
>
>
>
> No, the RAA validation steps are trivially easy to get around.  You use
> the example of a fake email address.  Criminals know not to use fake email
> addresses, and they don’t need to because they can get email addresses for
> free.  One can sign up for free email accounts anonymously.  There are even
> underground services that will generate freemail accounts in bulk.  These
> services cater to criminals such as spammers who need to register lots of
> domain names.
>
>
>
> All best,
>
> --Greg
>
>
>
>
>
>
>
> *From:* gnso-rds-pdp-wg-bounces at icann.org [mailto:gnso-rds-pdp-wg-
> bounces at icann.org <gnso-rds-pdp-wg-bounces at icann.org>] *On Behalf Of *Hollenbeck,
> Scott
> *Sent:* Tuesday, February 14, 2017 1:57 PM
> *To:* 'elsakoo at gmail.com' <elsakoo at gmail.com>
> *Cc:* 'gnso-rds-pdp-wg at icann.org' <gnso-rds-pdp-wg at icann.org>
> *Subject:* Re: [gnso-rds-pdp-wg] Dangers of public whois
>
>
>
> *From:* allison nixon [mailto:elsakoo at gmail.com <elsakoo at gmail.com>]
> *Sent:* Tuesday, February 14, 2017 1:35 PM
> *To:* Hollenbeck, Scott <shollenbeck at verisign.com>
> *Cc:* vgreimann at key-systems.net; gnso-rds-pdp-wg at icann.org
> *Subject:* [EXTERNAL] Re: [gnso-rds-pdp-wg] Dangers of public whois
>
>
>
> >>[SAH] Actually, there *are* requirements to provide valid data and for
> registrars to perform validation processing:
>
>
>
> How do you expect toothless policy to work *on the Internet*? Seriously?
>
>
>
> Yes, seriously. Registrars who do not implement the policy are subject to
> having their accreditation revoked. ICANN has, in fact, revoked or
> suspended accreditations. Here are two examples:
>
>
>
> https://www.icann.org/news/announcement-2-2007-03-16-en
>
>
>
> https://www.icann.org/en/system/files/correspondence/
> serad-to-patel-2-18jul14-en.pdf
>
>
>
> worst that can happen when you put in fake whois data is that your domain
> gets reported, you change "123 fake st" to "124 fake st", and your
> registrar is satisfied because what more can they possibly do. I know this
> because I went through this with an old sinkhole domain. It's a total joke.
> Let's not pretend it's anything more than that.
>
>
>
> Not true. A fake email address, for example, can be detected easily when
> email sent to it (one of the registrar’s validation requirements) gets
> bounced back. The worst that can happen is that your domain gets put into
> some non-operational state (“suspend the registration” per the RAA).
>
>
>
> Scott
>

-- 
_________________________________
Note to self: Pillage BEFORE burning.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mm.icann.org/pipermail/gnso-rds-pdp-wg/attachments/20170214/c8e835cd/attachment.html>