Re: [ga] RE: WHOIS Policy?

["todd glassey" <todd.glassey@worldnet.att.net>]

Marilyn -
The real issue is ICANN's gross failure to force its Registrar's to enforce
the existing regulations and by allowing their (both ICANN and the
Registrars) interpretation of the US Law such that a simple disclaimer is
their protection. This could easily be dealt with an official ICANN
Registrar Operations Change Order. What they (both ICANN and the Registrars)
have, to the entity done, is to place up a legal disclaimer which they use
as a shield from being responsible. This is the lie of their process.

Now some Registrars like GoDaddy have taken their responsibilities more to
heart and have implemented an Auth Model using a non-machine interpretable
(to date) token exchanges so that the folks violating WHOIS harvesting rules
cant use their Registrar's Whois as a source. Bravo GoDaddy BTW!. But the
real issue is all the other Registrars that provide bulk whois data either
officially or through Social Engineering to whoever asks for it.

What needs to happen is two fold. That is that it needs to be a crime to
provide fraudulent information for domain registrations, and the Registrars
need to be held accountable for access to Whois Data however its managed. It
also needs to be enforced that the Registrars are responsible for the
integrity of their Whois Database and they should be fined for publishing
contact data that is not accurate.

This will encourage them to have much stronger contracts with their
customers and force them to do stupid stuff like verify through email all of
the email addresses for contacting a domain. Also looking for obviously
phony phone numbers like 123.456.7890 as a US phone number.

Anytime they discover (or have pointed out to them) fraudulent registration
data, they MUST immediately 'disconnect' that domain. This BTW is the best
way there is to fight SPAM since it will be possible to pull any SPAMMER
DOMAIN that was registered for the sole purpose of pushing SPAM with a real
return address on it. We can then worry about other SPAM vectors by setting
up more rigid SENDMAIL filters.

Oh and I wont get into the issues of caching domain names and the like
here..

Anyway - my two cents.


Todd Glassey

----- Original Message -----
From: "Cade,Marilyn S - LGA" <mcade@att.com>
To: <DannyYounger@cs.com>; <ga@dnso.org>
Sent: Tuesday, August 27, 2002 4:25 AM
Subject: [ga] RE: WHOIS Policy?


> Dear Danny,
> I hope that you have chosen to provide your comments, which would be
welcomed,
> to the WHOIS TF via the request for comments -- via the www.dnso.org.
Comments close 8/28, but we would welcome any comments via that avenue. I
can, of course, forward your posting to the WHOIS TF, if you would like. As
a former member of the TF, and someone who has demonstrated a keen  interest
in these issues, I am sure that the TF will be interested in your comments.
>
> Regards, Marilyn Cade
>
> -----Original Message-----
> From: DannyYounger@cs.com [mailto:DannyYounger@cs.com]
> Sent: Tuesday, August 27, 2002 4:28 AM
> To: ga@dnso.org
> Cc: Cade,Marilyn S - LGA
> Subject: WHOIS Policy?
>
>
> Marilyn,
>
> Regarding the accuracy of data contained in the WHOIS database, your Task
> Force has stated:  "The Task Force believes that the approach of actually
> enforcing the existing contractual provisions is the essential first step
> toward improving WHOIS data accuracy in the gTLD environment."  One such
> contractual provision reads:
>
> [3.7.7.2]  A Registered Name Holder's willful provision of inaccurate or
> unreliable information, its willful failure promptly to update information
> provided to Registrar, or its failure to respond for over fifteen calendar
> days to inquiries by Registrar concerning the accuracy of contact details
> associated with the Registered Name Holder's registration shall constitute
a
> material breach of the Registered Name Holder-registrar contract and be a
> basis for cancellation of the Registered Name registration.
>
> So, if I choose to provide inaccurate data in order to protect my privacy
> rights, are you are telling me that it is the current recommendation of
the
> Task Force that registries/registrars be forced to cancel my domain name
> registration and that their failure to cancel my registration will result
in
> sanctions against them?
> --
> This message was passed to you via the ga@dnso.org list.
> Send mail to majordomo@dnso.org to unsubscribe
> ("unsubscribe ga" in the body of the message).
> Archives at http://www.dnso.org/archives.html
>
>

--
This message was passed to you via the ga@dnso.org list.
Send mail to majordomo@dnso.org to unsubscribe
("unsubscribe ga" in the body of the message).
Archives at http://www.dnso.org/archives.html