[gnso-rds-pdp-wg] Krebs On Security article RE whois and GDRP

allison nixon elsakoo at gmail.com
Sun Feb 18 17:17:21 UTC 2018 

Patrick's voice on this needs to be heard. Regardless of whether or not
Godaddy's block was related to GDPR or not, it's a perfect example of what
we're looking forward to when the exact same block is applied to all
registrars and all queriers.

The web based portal is already a huge degradation in service quality. Many
of us in the anti-abuse and network operator world rely heavily on "WHOWAS"
and as it stands, that is ONLY available through resellers who make use of
bulk queries to do it. If you don't like that, then give us a better
alternative so we can keep doing our jobs and keep the Internet functioning.

Why is the blanket assumption that bulk queriers, and queriers of new
domains are abusive?  Maybe a security system wondered "Why is a
never-before-seen-domain sending me an email with an executable
attachment?" Do you think that could ever possibly happen on the Internet?
How many SOC and NOC IP addresses are blocked by Godaddy? One of my IP
addresses are blocked. Why is our activity deemed abusive?

Due to this change I am hearing complaints from people responsible for
keeping tier-1 and tier-2 networks working. Not just blocklist maintainers.
Take this seriously.

On Sun, Feb 18, 2018 at 10:09 AM, <pkngrds at klos.net> wrote:

> On 2/18/2018 9:14 AM, consult at cgomes.com wrote:
>
>
>
> Patrick,
>
>
>
> Let me first call attention to the fact that I cc’d the leadership team so
> that they can judge whether my suggestion was ridiculous or not.
>
>
> Let me call attention to the fact that I cc'd the entire list so the
> community can be involved in the conversation as well. (as you say "we all
> have to work collaboratively in this WG")
>
> I am not in a position to determine what the truth is in this situation,
>
>
> Well, I AM in such a position because IT HAPPENED TO ME.
>
> but, even if you are correct in your assessment, giving Sara a chance to
> respond to your strong accusation privately
>
>
> Big companies like GoDaddy will not respond privately - it's beneath
> them.  Believe me, I've tried.
>
> If Sara was interested in responding to my claims, she has had every
> opportunity to do so, either privately or publicly.  I have not heard a
> peep from her.
>
> would be much more respectful than making your  accusation publicly.
>
>
> It's not an accusation - it's a statement of facts.  I welcome Sara and/or
> GoDaddy to present any evidence to the contrary.
>
> Email communications are very easily misunderstood and/or poorly
> expressed.  I do not know whether that is the case here or not; I am sure
> you do not believe that is the case, but giving her the benefit of the
> doubt and asking her to explain further privately would have been a much
> better approach in my opinion.
>
>
> As I said, I have no reason to believe she would respond to a private
> discussion of this matter.  I have tried several time to discuss GoDaddy's
> port 43 restrictions with them and they would not respond to me.  GoDaddy
> is too big to care about the opinions of a single anti-phishing anti-spam
> anti-abuse advocate that disagrees with GoDaddy's illegal restrictions on
> port 43 WHOIS.
>
> The fact is that we all have to work collaboratively in this WG.
>
>
> Which is why this should be discussed on the list as well.  I know I'm not
> the only person on the list that feels this way.
>
> Patrick Klos
> Phishcop Admin
>
> Chuck
>
>
>
>
>
> *From:* pkngrds at klos.net [mailto:pkngrds at klos.net <pkngrds at klos.net>]
> *Sent:* Saturday, February 17, 2018 1:20 PM
> *To:* consult at cgomes.com
> *Subject:* Re: [gnso-rds-pdp-wg] Krebs On Security article RE whois and
> GDRP
>
>
>
> On 2/17/2018 2:11 PM, consult at cgomes.com wrote:
>
> Patrick,
>
>
>
> If you are going to specifically criticize a company by name, please do
> that directly with that company and not on this list.
>
>
>
> Chuck
>
>
> That's ridiculous.
>
> Sara Bockey, representing GoDaddy, made statements on the list that do not
> reflect the truth.  It is my obligation to refute her claims publicly on
> the same forum her original statements were made.
>
> Patrick Klos
> Klos Technologies, Inc. and Phishcop Admin
>
>
>
>
> *From:* gnso-rds-pdp-wg [mailto:gnso-rds-pdp-wg-bounces at icann.org
> <gnso-rds-pdp-wg-bounces at icann.org>] *On Behalf Of *pkngrds at klos.net
> *Sent:* Friday, February 16, 2018 3:35 PM
> *To:* gnso-rds-pdp-wg at icann.org
> *Subject:* Re: [gnso-rds-pdp-wg] Krebs On Security article RE whois and
> GDRP
>
>
>
> On 2/16/2018 5:22 PM, Sara Bockey wrote:
>
> Not only is our decision to mask customer information in Port43 completely
> unrelated to GDPR, but it results directly from attacks by third parties
> who harvest and sell our customers’ personal information.
>
>
> I don't know what precipitated this conversation, but I will jump in here
> based on my actual experience.
>
> To say "it results directly from attacks by third parties who harvest and
> sell our customers’ personal information" is a complete lie!
>
> GoDaddy has blocked MANY IP addresses I've attempted to use port 43 WHOIS
> on with absolutely no due process!  And I can say with absolute certainty
> that I and my IP addresses were not involved in any form of "attack(s) by
> third parties".
>
> But if I wanted to continue fighting phishing, spammers and other abuses
> without being forced to use GoDaddy's cumbersome web interface (with their
> stupid "I'm not a robot" and "Choose all the pictures that have a goldfish
> in them" games) to process each WHOIS request, I would have to give in to
> GoDaddy's illegal blocking (restricted WHOIS output) and sign their
> "whitelist request" to get myself back to business!!!
>
>
>
> Given the onslaught of spam and robo-calls our customers have been
> receiving – often within minutes of registering a domain name—we felt that
> action was required, if not overdue.
>
>
> I'm not sure I can see how port 43 WHOIS requests can be used to determine
> new domain registrations in the way you imply?  Maybe you can share how
> that works??
>
>
>
> WHOIS information is still very much available for any & all domain
> names via our web-based WHOIS tool,
>
>
> It may be available, but it's quite cumbersome and a waste of good
> peoples' time!!
>
>
>
> However, bulk access by anonymous users is no longer supported.
>
>
> I didn't know "bulk access by anonymous users" was ever a thing?!?  If you
> were intent on blocking "bulk access", why should that have impacted port
> 43 WHOIS requests for single domains???
>
>
>
> I also note that during this entire process, we have kept ICANN informed
> of both the attacks on our Port43 systems
>
>
> Please provide the evidence of my "attacks" that you've provided to ICANN
> to justify your restricting WHOIS data to any of my IP addresses.
>
>
>
> as well as our efforts to mitigate them. Our actions are justified and
> to imply otherwise is not only inaccurate but does nothing to move this PDP
> forward.
>
>
> Your actions were unilateral and (in my opinion) violated your registrar
> agreement(s) with ICANN.  You're allowed to block ABUSIVE behavior, but you
> blocked many many requests with absolutely no evidence of abuse!  How can
> you justify that???
>
> Patrick Klos
> Phishcop Admin
>
>
>
>
>
> _______________________________________________
> gnso-rds-pdp-wg mailing list
> gnso-rds-pdp-wg at icann.org
> https://mm.icann.org/mailman/listinfo/gnso-rds-pdp-wg
>



-- 
_________________________________
Note to self: Pillage BEFORE burning.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mm.icann.org/pipermail/gnso-rds-pdp-wg/attachments/20180218/e8d43ab7/attachment-0001.html>

More information about the gnso-rds-pdp-wg mailing list