[gnso-rds-pdp-wg] Dangers of public whois

Mon Feb 20 22:39:04 UTC 2017

As someone who does a fair amount of infringement/takedown work, Chris's
chain is pretty much like what I was going to type in before I saw his
email, at least for the usual IP infringement matters.  When it comes to
phishing/spam/fraud domains and sites (often siteless domains being used to
support a typosquatted email account), there's not much point in contacting
the registrant (but there I will often contact LEA).  The registrar is
rarely, if ever, the first call or even the second (if the registrant is
not, e.g., Donald Duck at 123 Fake Street) (maybe for a siteless typosquat
supporting phishing/fraud emails, and even there one needs to get to the
email provider first (although I've had one case where the sender and the
email provider were both buried behind various anonymizing methods, beyond
my ability to penetrate)).  A reasonably well-documented complaint is a
must, of course.  I think this is true of the colleagues I know (attorney
and non-attorneys) and have worked with, as well.

Unfortunately, there are plenty of non-specialists (attorneys and others)
who will take care of these kinds of matters and they will go to the bright
shiny object of the registrar with the abuse contact number.  It looks
easy, and why give away work you think you can do yourself.  Training and
education could come out of the IP or other relevant communities, or out of
non-ICANN cooperative measures akin to the Healthy Domains Initiative.  Of
course, there's already a fair amount of education out there for anyone who
wants to know how to pursue these matters appropriately, but the problem is
there's no one place that all of us on both sides of the
complainant/recipient dyad can point to and say "read this and do what it
says before you send another [adjective] complaint to a [adjective]
registrar."  (Of course, there are plenty of nuances, exceptions and tricks
of the trade, but the basics are pretty ... basic.)

Greg Shatan

*Greg Shatan *C: 917-816-6428
S: gsshatan
Phone-to-Skype: 646-845-9428
gregshatanipc at gmail.com

On Mon, Feb 20, 2017 at 2:59 PM, theo geurts <gtheo at xs4all.nl> wrote:

> Sounds good Victoria, thanks!
>
> Theo
> On 20-2-2017 20:48, Victoria Sheckler wrote:
>
> If / when this is set up. I'm happy to share with you how we approach
> these issues at RIAA.
>
> Sent from my iPhone
>
> On Feb 20, 2017, at 11:43 AM, theo geurts <gtheo at xs4all.nl> wrote:
>
>
> Lets shoot for Johannesburg.
>
> Theo
>
> On 20-2-2017 17:52, Michele Neylon - Blacknight wrote:
>
> Maybe punt until we’re somewhere a bit more affordable?
>
> Copenhagen is going to be pricey J
>
>
>
>
>
> --
>
> Mr Michele Neylon
>
> Blacknight Solutions
>
> Hosting, Colocation & Domains
>
> https://www.blacknight.com/
>
> http://blacknight.blog/
>
> Intl. +353 (0) 59  9183072 <+353%2059%20918%203072>
>
> Direct Dial: +353 (0)59 9183090 <+353%2059%20918%203090>
>
> Personal blog: https://michele.blog/
>
> Some thoughts: https://ceo.hosting/
>
> -------------------------------
>
> Blacknight Internet Solutions Ltd, Unit 12A,Barrowside Business Park,Sleaty
>
> Road,Graiguecullen,Carlow,R93 X265,Ireland  Company No.: 370845
>
>
>
> *From: *<gnso-rds-pdp-wg-bounces at icann.org>
> <gnso-rds-pdp-wg-bounces at icann.org> on behalf of John Horton
> <john.horton at legitscript.com> <john.horton at legitscript.com>
> *Date: *Monday 20 February 2017 at 16:43
> *To: *Chris Pelling <chris at netearth.net> <chris at netearth.net>
> *Cc: *gnso-rds-pdp-wg <gnso-rds-pdp-wg at icann.org>
> <gnso-rds-pdp-wg at icann.org>
> *Subject: *Re: [gnso-rds-pdp-wg] Dangers of public whois
>
>
>
> That *was* a good event (the Dublin public safety/registrars event).
>
>
> John Horton
> President and CEO, LegitScript
>
>
>
> *Follow* *Legit**Script*: LinkedIn
> <http://www.linkedin.com/company/legitscript-com>  |  Facebook
> <https://www.facebook.com/LegitScript>  |  Twitter
> <https://twitter.com/legitscript>  |  *Blog <http://blog.legitscript.com>*
>  |  Google+ <https://plus.google.com/112436813474708014933/posts>
>
>
>
>
>
> On Mon, Feb 20, 2017 at 8:29 AM, Chris Pelling <chris at netearth.net> wrote:
>
> HI Sam,
>
>
>
> Well, we have ICANN 58 coming up with a very tight schedule looking at the
> draft.  Something the registrars took on was at the Dublin meeting, we
> booked a room above a pub, got some drinks and munchies together, to get
> the "LEA/Public safety" and registrars together - the night was a success.
>
>
>
> IF we could find somewhere, and get something sorted, would there be any
> interest from the group, and if so, how many ?
>
>
>
> I appreciate this is a totally different situation and requirement, but,
> its just a thought :)
>
>
>
> Kind regards,
>
> Chris
>
>
> ------------------------------
>
> *From: *"Sam Lanfranco" <sam at lanfranco.net>
> *To: *"chris" <chris at netearth.net>, "Michele Neylon" <
> michele at blacknight.com>
> *Cc: *"gnso-rds-pdp-wg" <gnso-rds-pdp-wg at icann.org>
> *Sent: *Monday, 20 February, 2017 14:38:40
> *Subject: *Re: [gnso-rds-pdp-wg] Dangers of public whois
>
>
>
> Chris,
>
> Your comment yanked my chain. I agree with you 100% when you say “The
> problem is from the takedown / infringement requests we see, 1, 2 and 3 [*due
> diligence*] are not even thought of, *so part of this is education*.”
> Good idea. How do we get there from here?
>
> As an economist I get pulled into very large project proposals that are
> being clobbered together by well meaning, well educated, people with their
> own personal PICs (Public Interest Commitments) and who just want to do
> good. In the “good works” area there are just as many crooks, frauds, and
> sociopaths as can be found trolling in the DNS system. However, over and
> over again it takes me less than two hours of due diligence to uncover yet
> one more “financier” who is a fraud, a crook, or simply trolling for a big
> hit, and has the financial resources of a raccoon, information the “good
> works” people have managed to overlook.
>
> An effective educational strategy is clearly needed here. That may include
> a *DumbOne’s Guide to DNS Complaints* (avoided a trademark there) and
> maybe even generic semi-standard forms for initiating complaints. To do
> that, it would be useful to know the data on types of complaints by type of
> complainant (e.g. how many and what types come from lawyers, from
> individuals, etc.) as background for better education here.  Access to that
> "How to" guide should at least be flagged in the domain name registration
> process, the web hosting process and in queries about complaining.
>
> Sam L.
>
>
>
> On 2/20/2017 8:32 AM, Chris Pelling wrote:
>
> I'll weigh in here for a registrar who does not host content that is not
> owned by him.
>
>
>
> My views and points on this are, for content based issues, in priority
> order, top being the highest (and first port of call) :
>
>
>
> 1.  Registrant if available or any contact that is identifiable on the
> website in question, if a sub-domain, check the main domain by removing the
> subdomain and adding www or leaving it off.        (some free hosting sites
> give subdomains away free, but the main site is always only 1 click away)
>
>
>
> 2.  Hosting company, look at the nameservers and this sometimes gives the
> hosting company name, put the nameserver name into google and more often
> than not, the hosting company will pop up - contact them alerting them to
> the fact that there is potentially infringing information on a website that
> is hosted on servers under their control.  Good hosting companies are very
> responsive.
>
>
>
> 3.  If you cannot work out 2 above, whois the IP address of the website
> (including any subdomain), this will give you the IP address owner, they
> will surely know whom that have given / rented / leased the IPs too and
> this gives you 2 above.  If you from doing this get the registrar and they
> are not the hosting company, this would lend to it be a forwarding service,
>
>
>
> 4.  If they are a "reseller centric/wholesale"  registrar (eNom, Tucows.
> Realtime, NEO), then WHOIS will often have a "Registration service provided
> by" or "Reseller" in the whois output, this gives you the registering party
> who took the order, if not at the very least the registrar.
>
>
>
> The problem is from the takedown / infringement requests we see, 1, 2 and
> 3 are not even thought of, so part of this is education.
>
>
>
> Kind regards,
>
> Chris
>
>
> ------------------------------
>
>         < rest deleted >
>
>
> _______________________________________________
> gnso-rds-pdp-wg mailing list
> gnso-rds-pdp-wg at icann.org
> https://mm.icann.org/mailman/listinfo/gnso-rds-pdp-wg
>
>
>
>
> _______________________________________________
> gnso-rds-pdp-wg mailing listgnso-rds-pdp-wg at icann.orghttps://mm.icann.org/mailman/listinfo/gnso-rds-pdp-wg
>
>
> _______________________________________________
> gnso-rds-pdp-wg mailing list
> gnso-rds-pdp-wg at icann.org
> https://mm.icann.org/mailman/listinfo/gnso-rds-pdp-wg
>
>
>
> _______________________________________________
> gnso-rds-pdp-wg mailing list
> gnso-rds-pdp-wg at icann.org
> https://mm.icann.org/mailman/listinfo/gnso-rds-pdp-wg
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mm.icann.org/pipermail/gnso-rds-pdp-wg/attachments/20170220/b2f2af5a/attachment-0001.html>