<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML><HEAD>
<META http-equiv=Content-Type content="text/html; charset=us-ascii">
<META content="MSHTML 6.00.2900.2769" name=GENERATOR></HEAD>
<BODY>
<DIV dir=ltr align=left><SPAN class=954231818-29112005><FONT face=Arial
color=#0000ff size=2>Tim,</FONT></SPAN></DIV>
<DIV dir=ltr align=left><SPAN class=954231818-29112005><FONT face=Arial
color=#0000ff size=2>I am sure many Registrars will show the expiration date,
that is not my concern, I believe it is truly logical to show. It is those
registrars that don't show it which I have cause for concern with.
They are on the record saying they will not show it. Instead of making this
an optional field, I strongly believe it should be mandatory and also at the
Registry level. To get this started I would like talk about the cause for
wanting to remove it. If we can isolate that objective then perhaps we can craft
a more efficient system. Once we have a problem defined it is easier to
fix.</FONT></SPAN></DIV>
<DIV dir=ltr align=left><SPAN class=954231818-29112005><FONT face=Arial
color=#0000ff size=2></FONT></SPAN> </DIV>
<DIV dir=ltr align=left><SPAN class=954231818-29112005><FONT face=Arial
color=#0000ff size=2>1) Make it harder for Scammers to contact
registrants.</FONT></SPAN></DIV>
<DIV dir=ltr align=left><SPAN class=954231818-29112005><FONT face=Arial
color=#0000ff size=2>2) Don't allow Scammers to place the expiration date in a
notice.</FONT></SPAN></DIV>
<DIV dir=ltr align=left><SPAN class=954231818-29112005><FONT face=Arial
color=#0000ff size=2></FONT></SPAN> </DIV>
<DIV dir=ltr align=left><SPAN class=954231818-29112005><FONT face=Arial
color=#0000ff size=2>We can discuss this more on a seperate list, if anyone else
is interested then please contact me.</FONT></SPAN></DIV>
<DIV dir=ltr align=left><SPAN class=954231818-29112005><FONT face=Arial
color=#0000ff size=2></FONT></SPAN> </DIV>
<DIV dir=ltr align=left><SPAN class=954231818-29112005><FONT face=Arial
color=#0000ff size=2>Jay</FONT></SPAN></DIV><BR>
<DIV class=OutlookMessageHeader lang=en-us dir=ltr align=left>
<HR tabIndex=-1>
<FONT face=Tahoma size=2><B>From:</B> owner-registrars@gnso.icann.org
[mailto:owner-registrars@gnso.icann.org] <B>On Behalf Of </B>Tim
Ruiz<BR><B>Sent:</B> Tuesday, November 29, 2005 7:42 AM<BR><B>To:</B>
ross@tucows.com<BR><B>Cc:</B> registrars@gnso.icann.org;
gnso-dow123@gnso.icann.org; Jay Westerdal<BR><B>Subject:</B> RE: [gnso-dow123]
Re: [registrars] Whois Operational Point of Contact<BR></FONT><BR></DIV>
<DIV></DIV>
<DIV>Jay,</DIV>
<DIV> </DIV>
<DIV>I believe the intent of the proposal is that Registrars are
allowed to publically show the expiry date (but are not required to). So
if Registrars' customers overwhelmingly express the concerns you raise it
would seem that those Registrars would comply with the demand.<BR><BR>Tim
Ruiz<BR>VP, Domain Services<BR>The Go Daddy Group, Inc.<BR>Office:
319-294-3940<BR>Fax: 480-247-4516<BR><A
href="mailto:tim@godaddy.com">tim@godaddy.com</A><BR><BR><BR></DIV>
<BLOCKQUOTE
style="PADDING-LEFT: 8px; MARGIN-LEFT: 8px; BORDER-LEFT: blue 2px solid"><BR>--------
Original Message --------<BR>Subject: [gnso-dow123] Re: [registrars] Whois
Operational Point of<BR>Contact<BR>From: Ross Rader
<ross@tucows.com><BR>Date: Tue, November 29, 2005 9:22 am<BR>To: Jay
Westerdal <jwesterdal@nameintel.com><BR>Cc: registrars@gnso.icann.org,
gnso-dow123@gnso.icann.org<BR><BR>As a general point, I think it would be
helpful if we could discuss this <BR>proposal in practical, candid terms. You
correctly point out that this <BR>proposal isn't a general consensus. It is
simply to early for that. This <BR>isn't simply the views of large registrars
though. I have discussed this <BR>proposal with many different parties -
registrars large and small, <BR>resellers, registrants, registries and general
internet users - all with <BR>many different interests. This document
represents the consensus and <BR>interests of those that we have talked
to.<BR><BR>One of the interesting aspects of those conversations was the
discovery <BR>that those that tend to support this proposal are interested in
helping <BR>prevent abuse of personal contact data and the whois system and to
bring <BR>new utility to related applications. Those that don't support it
fall in <BR>one of two camps - they either aren't completely informed about
the <BR>subtler merits of the proposal or they are abusing the system in some
way.<BR><BR>One of the aspects of this proposal will see the actual expiry
date <BR>information (which aids data miners and renewal scammers) replaced
with <BR>enhanced status information. i.e. instead of saying "This domain was
<BR>registered on August 12, 2001", it will simply say "ACTIVE", "PENDING
<BR>EXPIRY", "EXPIRED", and so on.<BR><BR>By enhancing the context of the
status messaging, registrants, <BR>resellers, etc. we preserve the publicly
accessible trouble-shooting and <BR>renewal tools but take some key assets
away from the data miners, <BR>renewal scammers and other
abusers.<BR><BR>Rather than using your valuable time to create a competing
proposal, it <BR>would be more useful if you would work with us in making this
one <BR>better. While there are some current points of misunderstanding, I am
<BR>sure that there are ways that we can work together to bridge those gaps
<BR>and work together on building a consensus proposal that we can take
<BR>forward together.<BR><BR>Thanks for your input,<BR><BR>-ross<BR><BR>Jay
Westerdal wrote:<BR>> Ross,<BR>> I think the proposal looks good, except
I would stress that the expiration<BR>> date at the registry level should
NOT be phased out or removed as your<BR>> current proposal calls
for.<BR>> <BR>> Your proposal of eliminating that expiration date field
should be discussed<BR>> with domain registrants that have large
portfolios. Further outreach is<BR>> needed to achieve a larger consensus
driven approach to changing this data<BR>> element as it effects domain
owners more then it does domain registrars.<BR>> Last time I publicly
objected I had 6 or 7 registrars second my proposal to<BR>> keep the field.
I heard nothing from you until this posting but I have not<BR>> seen any
change in position or heard from you to discuss the issue since<BR>> then.
So I am not sure your current proposal is consensus driven. I welcome<BR>>
the opportunity to discuss with you the expiration date field later
this<BR>> week.<BR>> <BR>> Since the first mentioned of this idea on
the list I have been discussing<BR>> the scenario of removing the
expiration date with domain holders for the<BR>> last two months and I have
found that domain holders are generally against<BR>> such an action.
Meanwhile large registrars are for it and small registrars<BR>> are against
it. It would seem registrants and small registrars disagree with<BR>> large
registrars on this critical field. I would ask that input be sought<BR>>
from owners of domains before this proposal goes further as well as
the<BR>> smaller registrars, some of which are not so small
actually.<BR>> <BR>> Registrants could not stress enough that they use
the expiration date field<BR>> daily. Domain Registrants rely on this date
field to be uniform and the<BR>> registry output is the only place it can
be found that is uniformly the<BR>> same. If this proposal got ratified as
it stands registrars such as Schlund<BR>> and Melbourne IT are on the
record for saying they would stop showing the<BR>> expiration date field
altogether in their own registrar output!<BR>> <BR>> This would leave
registrants with no PUBLIC way to determine when to renew<BR>> their domain
or when it expired. The impact on Registrants would be huge. No<BR>>
hosting company, tech support, or advisor to the domain owner without
direct<BR>> username and password of a particular domain could check the
expiration<BR>> date. Even then it would not be as efficient because a
person may have<BR>> domains are several registrars. I realize the problems
Registrars face with<BR>> this field currently is that the Registry logic
confuses registrants. If the<BR>> registries' 45 day grace expiration date
confusion was cleared up there is<BR>> no sufficient grounds to remove the
expiration date from the registry<BR>> output.<BR>> <BR>> The
additional argument that I have heard is that DROA or other like
minded<BR>> organizations use this field to trick domain owners into
transferring<BR>> registrars. With the quote, "It makes their scam look
more real to have an<BR>> expiration date listed". This theory is not a
well thought out, if a domain<BR>> owner is so easily tricked into
switching and if DROA no longer had access<BR>> to the expiration date
field then why would DROA not take the creation date<BR>> field and add the
current year. Now the end user has no way to validate<BR>> expiration date
publicly and the expiration guess would be right 85% of the<BR>> time,
would the owner not be more likely to believe the scam now? Clearly it<BR>>
is easier to trick customers if you take away information from them.
The<BR>> registrant is more likely to believe this is their current
registrar if you<BR>> have information they believed is to be private. I
reject this whole<BR>> argument of hiding expiration date as a means to
avoiding scams. Scams will<BR>> increase not decrease by the removal of
this field. You can quote me on<BR>> that. The only solid argument for
change is the 45 day issue with registry<BR>> display being off by a year
after expiration.<BR>> <BR>> I plan to submit a proposal to solve the
expiration date confusion at the<BR>> registry output and leave the date
there, if anyone would like to be<BR>> included in helping define such a
proposal please email me and I will setup<BR>> a separate mailing list to
discuss the issue. Perhaps we can informally meet<BR>> this week to discuss
the issue offline as well. I welcome all to<BR>> collaborate, big
registrars, small registrars, and domain owners.<BR>> <BR>> Jay
Westerdal<BR>> Name Intelligence, Inc.<BR>>
http://www.nameintelligence.com <BR>> <BR>> -----Original
Message-----<BR>> From: owner-registrars@gnso.icann.org<BR>>
[mailto:owner-registrars@gnso.icann.org] On Behalf Of Ross Rader<BR>> Sent:
Monday, November 28, 2005 10:47 PM<BR>> To:
registrars@gnso.icann.org<BR>> Cc: gnso-dow123@gnso.icann.org<BR>>
Subject: [registrars] Whois Operational Point of Contact<BR>> <BR>>
Registrars,<BR>> <BR>> In Mar del Plata, a small group of like-minded
registrars got together <BR>> to discuss possible solutions to the vexing
problem of whois. The basic <BR>> issue that the amount of data that ICANN
requires registrars to display <BR>> in the whois is facilitating all sorts
of undesirable behaviors like <BR>> renewal scams, data-mining, phishing,
identity theft, and so on.<BR>> <BR>> The result of this discussion is a
proposal to rationalize the whois <BR>> data output and implement a new
contact type called the "Operational <BR>> Point of Contact" or "oPOC".
Complete details can be found in the <BR>> proposal itself which I've
posted to my weblog - <BR>>
http://code.byte.org/blog/_archives/2005/11/28/1426464.html<BR>> <BR>>
We are currently seeking feedback and support for this document. If you
<BR>> have any comments, please drop one of the contributors a note. If you
<BR>> would like to formally support this proposal as a signatory, please
drop <BR>> me a note saying so.<BR>> <BR>> Thanks in advance, please
let me know if you have any questions.<BR>> <BR>> -ross<BR>>
</BLOCKQUOTE></BODY></HTML>