[comments-whois] WHOIS policy report comments
This is a response to
My standing is as a longtime net user (I go back to before the days
when there was "the Internet") and a domain holder under the .ca ccTLD.
In 3.1 I A 3 and 4, I note a bias towards "all you need is Web pages":
3. ICANN should post registrar contact points on its web site
(perhaps on the list of accredited registrars). [...] the page
displayed in response to a query to the registrar's Whois, [...]
For the first, I would much rather see the information made available
by FTP. (Both is, of course, best.) For the second, it is not clear
whether "the page displayed..." refers to a Web page or to the output
generated by port-43 server; I do not consider a Web-based form an
acceptable substitute for a port-43 server.
4. ICANN should continue to maintain an optional and standardized
complaint form on this issue in the internic.net site. [...]
I would much rather see an email address for receiving such complaints;
a Web form is not an acceptable substitute.
In 3.1 I B, it seems to me that a distinction needs to be drawn between
honest mistakes and formerly correct but now outdated data, on the one
hand, and blatantly fradulent data, on the other. For example, I have
seen domains registered with addresses like (name forgotten and hence
and phone numbers like "123 123 1234" or "555 555 5555". I see no need
for a 15-day delay in such cases; while I would hesitate to try to
write any definition of when it is appropriate into any contract
(though the "Dissenting opinion" offers a possible wording in its
characterization of some cases as "overtly fraudulent"), I would like
to see registrars able to repossess such domains with little or no
delay. I would certainly like to see registrars able to effectively
shut down such domains during any delay period that is present; 15 days
is long enough for most of the damage to be done in some cases. (The
cost of creating throwaway domains becomes simply a
cost-of-doing-business for those engaged in certain types of abuse, if
no matter how fraudulent the registration the registrant can count on
having it up for 15 days.)
It may be beyond the scope of this task force, but I also see a need
for a mechanism for dealing with rogue registrars.
In 3.2 I, I would like to add my voice to the "overwhelming majority"
In 3.2 II B 2, I am astonished that this has not yet been done. I
would expect it to be one of the most rudimentary of provisions.
In 3.2 IV B, I agree with the first sentence of the "Dissenting
opinion": if providing bulk access remains an option for registrars, I
see no reason why ICANN should impose any limit - minimum or maximum -
on the fee involved. I cannot see any way in which such limits could
further ICANN's mission.
In 3.2 IV D, I see no need for the provision cited in its current form.
I have never understood it, and while upon reading the rationale in the
second paragraph I can see where it comes from, I think this is a case
of a desirable end being addressed wrongly. If the desire is to
prevent interference with operations, the provision should prohibit
interference with operations, regardless of how caused. I see nothing
wrong with a registrar providing a third party bulk access to allow
that third party to support, for example, something like the geektools
whois proxy, even if this means high-volume queries - provided the
registrar in question is able and willing to support the resulting
query stream, something that is between the registrar and the querent.
In 3.2 IV E (i), the proposed change would have the desired effect, but
it would also have other, presumably undesired, effects; in particular,
it would prevent the third party from, for example, supporting
individual queries from the public at large with the data.
In general, I strongly object to the practice of providing comments in
proprietary formats; many of the links to comments link to
"application/msword" comments, rendering these unreadable without
paying for expensive, otherwise unnecessary, and grossly insecure
software - not to mention expensive, otherwise unnecessary, and grossly
insecure and bloated `operating systems' to run it under.
On the 2002-08-27 comments of Danny Younger: the analogy holds only
partially. The community needs someone to contact when a domain is
used abusively. In the case of abuse emanating form an unlisted
telephone number, the telephone company infrastructure provides that
contact; here, it's not clear who that would be. Perhaps the
registrant itself would have to act as the point of contact; indeed,
it's not clear to me why a registrar couldn't offer such a service
In 6.4 II, re the comment referred to between the msg00014.html and the
msg00016.html links - if the contact info (postal address, in this
case) is sufficiently slow and unreliable that the *registrar* cannot
verify it within 15 days, it is questionable whether it is of any value
as contact info for the domain at all. The point of contact info is to
be able to contact people with it, and if it cannot serve that purpose,
it doesn't much matter how "correct" it may be in some abstract sense.
In 6.4 II, re the comment referred to between the msg00042.html and
msg00043.html links - re "bona fide" registrations with outdated WHOIS
data, I don't see this as a problem. If the registrant can't be
bothered to keep the registration up to date, I have to question
whether the domain is valuable enough to the registrant to be worth
worrying about. (Yes, registrants will make mistakes. Registrars
should have the discretion to attempt to contact registrants by any
available means; it's the rare domain that provides no way whatever to
contact its holder electronically - and few of them are "bona fide".)
In general, I am less concerned about the accuracy of postal and
telephone contacts than of email contacts. When I have occasion to
contact someone responsible for a domain, it is invariably by email; I
cannot think of even one occasion, in all my years on the net, when I
have used the telephone or postal address in a domain registration to
contact the holder. To me, postal and telephone contact info serve
only two purposes: (1) to indicate where, in general terms, the
registrant is (usually identifying a country is enough here), and (2)
as a mild indicator of fraudulent intent (when I see a domain with a
phone number of 123 123 1234 involved in abuse, I usually don't bother
trying to contact its holder directly, as the holder has a very high
chance of being the abuser).
I am inclined to agree with the third paragraph of section 8, as a few
of my comments above indicate.
/~\ The ASCII der Mouse
\ / Ribbon Campaign
X Against HTML firstname.lastname@example.org
/ \ Email! 7D C8 61 52 5D E7 2D 39 4E F1 31 3E E8 B3 27 4B