[gnso-rds-pdp-wg] Dangers of public whois

allison nixon elsakoo at gmail.com
Wed Feb 15 16:00:30 UTC 2017 

How did you determine the address was fake?  Was it tied to a larger
pattern of abuse, or was the address nonexistant in your country's postal
database? Or did you factually know that it was a real address but not
owned by the registrant?

On Wed, Feb 15, 2017 at 10:59 AM, benny at nordreg.se <benny at nordreg.se> wrote:

> Yes I have a case like that now where the validation was rejected by the
> contact, they want to change to another fake adress and the answer to that
> request are no that are not ok
>
>
> --
> Med vänliga hälsningar / Kind Regards / Med vennlig hilsen
>
> Benny Samuelsen
> Registry Manager - Domainexpert
>
> Nordreg AB - ICANN accredited registrar
> IANA-ID: 638
> Phone: +46.42197080
> Direct: +47.32260201
> Mobile: +47.40410200
>
> > On 15 Feb 2017, at 16:57, allison nixon <elsakoo at gmail.com> wrote:
> >
> > Would any other registrar have responded to my address change with a
> "no, that is not your correct address"?
> >
> > On Wed, Feb 15, 2017 at 10:46 AM, Gomes, Chuck <cgomes at verisign.com>
> wrote:
> > Allison,
> >
> >
> >
> > I think it would be helpful if you didn’t lump all registrars into the
> same bucket just because you have had some bad experiences.  That would
> make it easier for all of us to work collaboratively to find solutions
> going forward.
> >
> >
> >
> > Chuck
> >
> >
> >
> > From: gnso-rds-pdp-wg-bounces at icann.org [mailto:gnso-rds-pdp-wg-
> bounces at icann.org] On Behalf Of allison nixon
> > Sent: Wednesday, February 15, 2017 10:30 AM
> > To: Volker Greimann <vgreimann at key-systems.net>
> > Cc: RDS PDP WG <gnso-rds-pdp-wg at icann.org>
> >
> >
> > Subject: [EXTERNAL] Re: [gnso-rds-pdp-wg] Dangers of public whois
> >
> >
> >
> >
> >
> >
> >
> > >>That would be providing incorrect whois data and can trigger an
> investigation by ICANN and the registrar, if noticed. Not a good idea.
> Let's not make the option to violate registration policy an argument
> against protection of private data.
> >
> >
> >
> > Really? because I saw firsthand exactly how serious such an
> investigation is and it's a joke.
> >
> >
> >
> > >>I am sorry you had that experience. Normally, if evidence is provided
> by the complainant that the whois is incorrect, most registrars will
> require that the registrant provides evidence that the updated data is
> correct, if only to avoid a follow-on complaint. If evidence suggests that
> the address is obviously and intentionally fake and the domain likely used
> in abuse, we may not even wait for the feedback of the customer before
> deactivating.
> >
> >
> >
> > While my domain was not involved in abuse, making a single address
> change, and saying "I assure you, this is where people should send mail" is
> more than enough to satisfy my registrar. Nothing stops someone from making
> a second complaint against a domain, especially if the goal is for takedown
> or harassment (which it almost always would be). And that second complaint
> would be as equally valid as the first one, and equally valid as my
> subsequent response.
> >
> >
> >
> > Cue yakety sax.
> >
> >
> >
> > The emperor wears no clothes.
> >
> >
> >
> > >>Ah, you misunderstood me. I meant that when I, a customer, get ripped
> off by an Amazon marketplace seller, Amazon will in all likelyhood not
> provide me with all data they have on the culprit. Even the police may need
> a subpoena.
> >
> >
> >
> > And the registrar doesn't publish payment info when the customer pays
> with a fake credit card. the comparison to WHOIS is nonsensical. WHOIS is
> not involved in private commercial transactions.
> >
> >
> >
> > >>There has to be some form of due process, anything else is anarchy.
> >
> >
> >
> > The Internet is in a state of anarchy.
> >
> >
> >
> > >>Verification may be impossible. Validation on the other hand is
> possible. If you do not like the policy as it stands, propose an
> alternative solution. Ideally also tell us who will pay for it.
> >
> >
> >
> > I do not actually think that physical addresses and phone numbers should
> be verified. I am saying that this dance around the issue of correct WHOIS
> data is a hilarious joke. You seem to have legal obligations to pretend
> otherwise, as a registrar, but I don't and I'm pointing out the nakedness
> of this particular emperor. There is absolutely no compulsion to provide
> correct info. I challenge you to prove me wrong.
> >
> >
> >
> >
> >
> > On Wed, Feb 15, 2017 at 5:00 AM, Volker Greimann <
> vgreimann at key-systems.net> wrote:
> >
> > Hi Greg,
> >
> > that is a totally different issue. Maybe such services need better
> regulation, but as long as the policy requirements are met, taking action
> solely based on the use of such services is impossible.
> >
> > Volker
> >
> >
> >
> >
> >
> > Am 14.02.2017 um 20:19 schrieb Greg Aaron:
> >
> > No, the RAA validation steps are trivially easy to get around.  You use
> the example of a fake email address.  Criminals know not to use fake email
> addresses, and they don’t need to because they can get email addresses for
> free.  One can sign up for free email accounts anonymously.  There are even
> underground services that will generate freemail accounts in bulk.  These
> services cater to criminals such as spammers who need to register lots of
> domain names.
> >
> >
> >
> > All best,
> >
> > --Greg
> >
> >
> >
> >
> >
> >
> >
> > From: gnso-rds-pdp-wg-bounces at icann.org [mailto:gnso-rds-pdp-wg-
> bounces at icann.org] On Behalf Of Hollenbeck, Scott
> > Sent: Tuesday, February 14, 2017 1:57 PM
> > To: 'elsakoo at gmail.com' <elsakoo at gmail.com>
> > Cc: 'gnso-rds-pdp-wg at icann.org' <gnso-rds-pdp-wg at icann.org>
> > Subject: Re: [gnso-rds-pdp-wg] Dangers of public whois
> >
> >
> >
> > From: allison nixon [mailto:elsakoo at gmail.com]
> > Sent: Tuesday, February 14, 2017 1:35 PM
> > To: Hollenbeck, Scott <shollenbeck at verisign.com>
> > Cc: vgreimann at key-systems.net; gnso-rds-pdp-wg at icann.org
> > Subject: [EXTERNAL] Re: [gnso-rds-pdp-wg] Dangers of public whois
> >
> >
> >
> > >>[SAH] Actually, there *are* requirements to provide valid data and for
> registrars to perform validation processing:
> >
> >
> >
> > How do you expect toothless policy to work *on the Internet*? Seriously?
> >
> >
> >
> > Yes, seriously. Registrars who do not implement the policy are subject
> to having their accreditation revoked. ICANN has, in fact, revoked or
> suspended accreditations. Here are two examples:
> >
> >
> >
> > https://www.icann.org/news/announcement-2-2007-03-16-en
> >
> >
> >
> > https://www.icann.org/en/system/files/correspondence/
> serad-to-patel-2-18jul14-en.pdf
> >
> >
> >
> > worst that can happen when you put in fake whois data is that your
> domain gets reported, you change "123 fake st" to "124 fake st", and your
> registrar is satisfied because what more can they possibly do. I know this
> because I went through this with an old sinkhole domain. It's a total joke.
> Let's not pretend it's anything more than that.
> >
> >
> >
> > Not true. A fake email address, for example, can be detected easily when
> email sent to it (one of the registrar’s validation requirements) gets
> bounced back. The worst that can happen is that your domain gets put into
> some non-operational state (“suspend the registration” per the RAA).
> >
> >
> >
> > Scott
> >
> >
> >
> > _______________________________________________
> > gnso-rds-pdp-wg mailing list
> > gnso-rds-pdp-wg at icann.org
> > https://mm.icann.org/mailman/listinfo/gnso-rds-pdp-wg
> >
> >
> > --
> > Bei weiteren Fragen stehen wir Ihnen gerne zur Verfügung.
> >
> > Mit freundlichen Grüßen,
> >
> > Volker A. Greimann
> > - Rechtsabteilung -
> >
> > Key-Systems GmbH
> > Im Oberen Werk 1
> > 66386 St. Ingbert
> > Tel.: +49 (0) 6894 - 9396 901
> > Fax.: +49 (0) 6894 - 9396 851
> > Email: vgreimann at key-systems.net
> >
> > Web: www.key-systems.net / www.RRPproxy.net
> > www.domaindiscount24.com / www.BrandShelter.com
> >
> > Folgen Sie uns bei Twitter oder werden Sie unser Fan bei Facebook:
> > www.facebook.com/KeySystems
> > www.twitter.com/key_systems
> >
> > Geschäftsführer: Alexander Siffrin
> > Handelsregister Nr.: HR B 18835 - Saarbruecken
> > Umsatzsteuer ID.: DE211006534
> >
> > Member of the KEYDRIVE GROUP
> > www.keydrive.lu
> >
> > Der Inhalt dieser Nachricht ist vertraulich und nur für den angegebenen
> Empfänger bestimmt. Jede Form der Kenntnisgabe, Veröffentlichung oder
> Weitergabe an Dritte durch den Empfänger ist unzulässig. Sollte diese
> Nachricht nicht für Sie bestimmt sein, so bitten wir Sie, sich mit uns per
> E-Mail oder telefonisch in Verbindung zu setzen.
> >
> > --------------------------------------------
> >
> > Should you have any further questions, please do not hesitate to contact
> us.
> >
> > Best regards,
> >
> > Volker A. Greimann
> > - legal department -
> >
> > Key-Systems GmbH
> > Im Oberen Werk 1
> > 66386 St. Ingbert
> > Tel.: +49 (0) 6894 - 9396 901
> > Fax.: +49 (0) 6894 - 9396 851
> > Email: vgreimann at key-systems.net
> >
> > Web: www.key-systems.net / www.RRPproxy.net
> > www.domaindiscount24.com / www.BrandShelter.com
> >
> > Follow us on Twitter or join our fan community on Facebook and stay
> updated:
> > www.facebook.com/KeySystems
> > www.twitter.com/key_systems
> >
> > CEO: Alexander Siffrin
> > Registration No.: HR B 18835 - Saarbruecken
> > V.A.T. ID.: DE211006534
> >
> > Member of the KEYDRIVE GROUP
> > www.keydrive.lu
> >
> > This e-mail and its attachments is intended only for the person to whom
> it is addressed. Furthermore it is not permitted to publish any content of
> this email. You must not use, disclose, copy, print or rely on this e-mail.
> If an addressing or transmission error has misdirected this e-mail, kindly
> notify the author by replying to this e-mail or contacting us by telephone.
> >
> >
> >
> >
> > _______________________________________________
> > gnso-rds-pdp-wg mailing list
> > gnso-rds-pdp-wg at icann.org
> > https://mm.icann.org/mailman/listinfo/gnso-rds-pdp-wg
> >
> >
> >
> >
> >
> >
> > --
> >
> > _________________________________
> > Note to self: Pillage BEFORE burning.
> >
> >
> >
> >
> > --
> > _________________________________
> > Note to self: Pillage BEFORE burning.
> > _______________________________________________
> > gnso-rds-pdp-wg mailing list
> > gnso-rds-pdp-wg at icann.org
> > https://mm.icann.org/mailman/listinfo/gnso-rds-pdp-wg
>
>


-- 
_________________________________
Note to self: Pillage BEFORE burning.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mm.icann.org/pipermail/gnso-rds-pdp-wg/attachments/20170215/4d43bad7/attachment-0001.html>

More information about the gnso-rds-pdp-wg mailing list