[comments-whois] WHOIS accuracy, and name deletions

[George Kirikos <gkirikos@yahoo.com>]

Am I the only one who is concerned that a legitimately held name might
be deleted due to a simple failure to respond within 15 days? Given the
amount of spam out there (it's easy to accidentally skip over an email,
thinking it was spam), and lack of guaranteed delivery of email, I
think that this is a very dangerous and poorly thought-out proposal for
legitimate domain holders, especially those with small staffs (or
self-employed). I am all for WHOIS accuracy (it helps to promote
responsible internet usage, and reduce abuse behaviour), but there
needs to be some balance in that proposal. If someone goes on holidays
for 3 weeks, or misses an email, conceivably they could find all their
valuable domains are no longer held by them!

I would hope that OpenSRS and other leading registrars would implement
a "white-list" (where domain WHOIS is permanently marked as "accurate",
or if not permanent than for long intervals of months, not days) of
protected names, or other mechanisms to ensure that legitimate and
correct domains are not hijacked through misuse of this policy, and
that domains are protected. "Rogue" domain holders, with obviously fake
WHOIS should be pursued, but legitimate holders should be protected.

If AT&T, AOL, Google or another elite company moves its offices, and
happens to not update their WHOIS records for a few weeks, should they
lose *all* of their domains? Obviously not...they have the lawyers (and
trademarks) to ensure that they'd get back any domain name that their
registrar deletes, but smaller companies do not! 

Every summer, a lot of people move to new homes or apartments -- should
they all be rushing to change their WHOIS the exact moment they move,
or fear losing all their domain names?

Consider that when "serving" a legal process internationally, one
typically has 40+ days to respond to such service. That should provide
a better time period, rather than 15 days, to guide the WHOIS task
force as to an appropriate alternative.

In addition, another way to protect domain holders is to allow the
creation of a "legal contact", for which legal notices can be sent, to
augment the existing admin/technical/billing contacts. This "legal"
contact can be optional. If specified, it would allow the more security
conscious domain holders (such as myself) an additional layer of
protection from WHOIS accuracy challenges. 

Basically, this whole 15 day accuracy proposal is a desire for the IP
and legal community to be able to easily and *quickly* get rid of rogue
registrations. I agree with the basic intent. But, one needs to be able
to protect *legitimate* domain holders, who might take 3 week
vacations, heaven forbid! (or be in the hospital, or have numerous
other reasons not to be able to respond within 15 days) Allowing them
to have an accurate WHOIS for a law firm or a relative, as a
supplementary legal contact (separate and distinct from the admin
contact), to augment their existing WHOIS should be a good compromise,
as it would guarantee 100% protection of the domain (as law firms don't
move around much). As long as the *address* of the legal contact is
fine, they can be deemed to be served, and the normal legal proceedings
can take place. Having multiple legal contacts should also be an option
(e.g. a domain holder can specify their sibling, a law firm, and a
spouse as 3 additional "legal" contacts, ensuring that someone can
*always* be reached regarding legal affairs relating to a domain name).


I've seen examples in the UDRP cases, where after 18 days (into the 20
day period for a response), the respondent asks for more time, as they
only got notice of the matter at that time. This even happens after 20
days on occasion. 

How often do folks pay their bills late, as they were on holiday, or
they didn't receive a piece of physical mail? When the USPTO starts
invalidating trademarks or patents after 15 days of "no response",
that's when I'll agree that 15 days is an appropriate time period. 

To give you an example of how folks will abuse this, eventually there
will be a "standard" notification email. What prevents a malevolent
individual from mailbombing a legitimate domain holder with thousands
of forged copies of these "notices", contemporaneously as the WHOIS
accuracy challenge is taking place? The legitimate domain holder,
seeing thousands of identical looking "junk mail" will tend to delete
ALL of them, and not be able to separate the TRUE NOTICE (that they
must respond to), and the fake ones. If you don't think this WILL
happen, you're very naive -- a lot of domain names are worth tens of
thousands of dollars, or more, and worth stealing. Folks will become
desensitized to the email notices and tend to disregard them as "junk
mail", and then there will be huge problems trying to recover the
names.

In conclusion, requiring a 15 day response period is simply going to
cause too many problems for legitimate domain holders (especially those
with valuable domain names, e.g. generic one-word domain names with
high traffic, who are already subject to hijacking attempts on a
regular basis), if there aren't additional safeguards added to the
current proposal. The redemption grace period isn't in effect yet, and
even then, it's UNTESTED!

Sincerely,

George Kirikos
http://www.kirikos.com/