[gnso-rds-pdp-wg] Purpose in accordance with Registry Agreement section 2.18

jonathan matkowsky jonathan.matkowsky at riskiq.net
Tue Jun 6 17:47:00 UTC 2017 

Yes, but less likely as long as we keep the registrant email account
address public.

On Tue, Jun 6, 2017 at 6:59 PM, benny at nordreg.se <benny at nordreg.se> wrote:

> You state that Public whois are important so people can check if there
> personal info are used for registration of domains, but can’t the same
> public data be the source for the data being abused for registrations?
> --
> Med vänliga hälsningar / Kind Regards / Med vennlig hilsen
>
> Benny Samuelsen
> Registry Manager - Domainexpert
>
> Nordreg AB - ICANN accredited registrar
> IANA-ID: 638
> Phone: +46.42197000
> Direct: +47.32260201
> Mobile: +47.40410200
>
> > On 6 Jun 2017, at 17:53, jonathan matkowsky <
> jonathan.matkowsky at riskiq.net> wrote:
> >
> > What do you mean?
> >
> > Jonathan Matkowsky
> >
> > On Tue, Jun 6, 2017 at 6:39 PM, benny at nordreg.se <benny at nordreg.se>
> wrote:
> > And you can by that say with a 100 % certainty that those abused data
> was not originating from whois it self?
> >
> > --
> > Med vänliga hälsningar / Kind Regards / Med vennlig hilsen
> >
> > Benny Samuelsen
> > Registry Manager - Domainexpert
> >
> > Nordreg AB - ICANN accredited registrar
> > IANA-ID: 638
> > Phone: +46.42197000
> > Direct: +47.32260201
> > Mobile: +47.40410200
> >
> > > On 6 Jun 2017, at 16:54, jonathan matkowsky <
> jonathan.matkowsky at riskiq.net> wrote:
> > >
> > > Abusive domains are also seriously problematic from a privacy
> standpoint because apart from fake credentials as Natale mentions below, I
> can't begin to tell you how many cases I've seen in the last several years
> where innocent peoples' identities are compromised and then used in the
> Whois as part of the abuse. Without access to the public Whois, they never
> would have known their identity had been stolen. Access to Whois for
> abusive domains actually serves to protect privacy interests.
> > >
> > > Jonathan Matkowsky
> > >
> > > On Tue, Jun 6, 2017 at 4:58 PM, Natale Maria Bianchi <nmb at spamhaus.org>
> wrote:
> > > Besides private and business domains, there is also the large category
> of
> > > abusive domains - domains registered (or acquired from a previous
> owner)
> > > for the only purpose of abusing the Internet.  One may perhaps
> categorize
> > > them as "business", but it does not make much sense to put them
> together
> > > with domains used legitimately, or worry much about privacy issues -
> > > those are typically registered giving fake credentials, or the
> > > credentials are hidden from the public through an anonymous
> registration,
> > > and no one will every file a privacy complaint about those.
> > >
> > > There are operations out there that do this on a massive, industrial
> scale,
> > > registering hundreds or thousands of domains per day that are going to
> be
> > > used for a very short time, even a few minutes in the most extreme
> cases
> > > (hailstorm spammers).  In these cases, literally every second after
> > > registration matters, and whois is therefore a very critical resource
> for
> > > abuse researchers.  This is why I and others are here.
> > >
> > > Due to the automated methods used for these registrations and the
> > > consequent correlations between them, it is quite common to be able to
> > > indeed distinguish this category of domains with "sufficient accuracy"
> > > once whois data have been retrieved.
> > >
> > > So please think in terms of three de facto categories rather than two:
> > >
> > >         *  legitimate, private
> > >         *  legitimate, business
> > >         *  abusive
> > >
> > > I am not suggesting that one puts the third category in ICANN
> > > agreements :)  I am merely reminding that looking for abusive domains
> > > is a very important operational aspect of thin and thick whois, and
> > > care should be taken not to throw this other baby away with
> > > the baby water.
> > >
> > > Natale Maria Bianchi
> > > Spamhaus Project
> > >
> > >
> > >
> > > On Tue, Jun 06, 2017 at 11:24:10AM +0200, Volker Greimann wrote:
> > > > If you can differentiate the use that a domain isgoing to be put to
> > > > at the time of registration with sufficient accuracy, you are due
> > > > for an an award ;-)
> > > >
> > > >
> > > > Am 02.06.2017 um 22:15 schrieb Dotzero:
> > > > >The overwhelming majority of domains registered would be
> > > > >considered for commercial purposes. The fact that a small
> > > > >percentage of domains are registered by individuals for personal
> > > > >use should not be the determining factor as to what is appropriate
> > > > >for ICANN to do. In fact, many of what people assert are personal
> > > > >domains have advertising on them and would therefor be considered
> > > > >by almost any jurisdiction to be engaged in a commercial activity.
> > > > >This includes many (most?) parked domains.
> > > > [...]
> > >
> > > _______________________________________________
> > > gnso-rds-pdp-wg mailing list
> > > gnso-rds-pdp-wg at icann.org
> > > https://mm.icann.org/mailman/listinfo/gnso-rds-pdp-wg
> > >
> > > _______________________________________________
> > > gnso-rds-pdp-wg mailing list
> > > gnso-rds-pdp-wg at icann.org
> > > https://mm.icann.org/mailman/listinfo/gnso-rds-pdp-wg
> >
> >
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mm.icann.org/pipermail/gnso-rds-pdp-wg/attachments/20170606/0c5ad884/attachment.html>

More information about the gnso-rds-pdp-wg mailing list