Derek, These are great points. If you want to get a response to "how do we counter the IP constituency," it might be useful to hear the perspective of registrars. It may be easy to see what a registrar should do to solve any particular evil. But the question is, what can a registrar do to deal with a particular evil AND ALSO provide services that consumers want AND ALSO not do things to piss off the consumers. Asking a registrar to remove popular services or do things that cause a hue and cry with its customers is not realistic. Of course the IP people don't care about that, because they only care about their livelihood. You might want to forward this to the registrar list and see what they say. Registrars, as you point out, are a big part of the solution, so they need to be engaged. Antony On May 7, 2011, at 7:41 AM, Derek Smythe wrote:
Hi Folks
Here is a more than excellent example of why domain abuse issues belongs at the registrar and why true privacy will not be possible until abusers are taken care of.
It all started off with a report of a phishing site. Doing a reverse lookup on the IP the domain was hosted on, we get the list included below.
Spending a bit of time on the search engines quickly shows numerous frauds related to the relevant domains. Digging a bit deeper keeps on leading to a specific "hosting provider" with a track record of these type of domains and even SSL certificate abuse.
Now, looking a bit closer at them in terms of whois details, we find gross privacy abuse for the domains used in fraud and fraud attempts.
For those that know how, looking very closely at them leads to victims to this fraud and details showing them all to be of the same origin as regards certain design elements.
Now, considering the background of the hosting provider, he specializes in these.
How do we counter the the IP constituency if they throw these examples at us?
How do we deal with this form of domain abuse? The authorities are in the know for a more than a while know. The SSL certificate providers are in the know as well. The domain registrars are in the know.
Doing a bit of backtracking leads to this post: http://www.jaguarpc.com/forums/showthread.php?t=24529
Now here is the sad part; Since that post, the hosting was terminated and simply moved to another IP at the same hoster, later we have two more more victims in Australia after this move.
http://www.rbol-uk.com/INT-UK/ (as I said, those that know how ...)
In fact the Nigerian hosting provider is simply moving hosting once caught out. In the meantime the "free one year privacy" is abused to for anonymity and to make tracking more difficult. Without finding, stopping and disabling these domains, the misery they create at the hands of the abusers continues.
As you will see, there is no easy way to do a 1-to-1 mapping of domain name against the spoofed domain, so more TLDs will just compound the issue.
It also does not help if we claim that domain names have no special meaning, in the eyes of the "ordinary user", how can http://www.barclaysonlineservice.com not be part of Barclays Bank PLC?
Just one such IP - 209.217.237.134: adamscolechambers.com airfrcdcuk.com Download your scam kit at https://airfrcdcuk.com/images/intcourier.zip ... or use the online pages: https://airfrcdcuk.com/intcourier/contactus.htm
if you search a bit on the contact details, you will see it's a continuation of http://www.complaintsboard.com/?search=Air%20Freight%20Courier%20Delivery%20...
albmb-my.com (http://www.albmb-my.com/INT-BANKING/ - initial report) albmb-my.net babaplc.com banquefinamauk.com barbplcuk.com barcba-uk.com barcbplcuk.com barclaysonlineservice.com barristermayallemersonstuart.com bdl-eu.com boabn.com boaplc-online.com cahootbplc.com capitalcrownbplc.com cbplconline.net chelseabuk.com chevronoilcompany-uk.com chmbchina.com ctmfirm.com davidhunterpartnerschambers.com daviesandpartnerschambers.com ddicourier.com dhlhome-uk.com dib-ae.com dislamiconline-ae.net e-alliancetrustsonline.com e-clydesdalebauk.com e-clydesdalebauk.net e-creditalliance.com eu-finciu.com eurolacbn.com expressparceldelivery-ng.com fbi-govs.com fbi-uk.com fbidirect.org fcmbdirect.com fcmbhome.com frontierforwardings.com fsaofficeonline.com fwcdsonline.com g-maildirect.com gainvestmentlimited.com gcc-as.com globalinvestltd.net halimicrofinance.com hlisbs.com ibarclaydirect.com iraqreconstructionjobs.net irsukonline.com katiemarchart.com kayenterprisesinsurance.com kmiexpresscourier.com leighdaysolicitors.com ltsb-official.com macsreview.com milestonemonetaryfirm.com monitoringcommission.org nbgroupplc.com nokiastaff.com norwichcitybn.com ntwstbnplc.com nwsttbplc.com planfslimited.com rbimb.com rbnsplc.net rbosmy.com responsecs.com rrs-asociados.com thehotmailupdate.com thestudenteventhost.com tpcapitallimited.com uknl-office.com ukpdac.com ukworldlinkcourier.com un-worldwide.org upds-ng.com wapblogin.com yahoo-maildirectonline.com zenithb-ng.com zenithoffices.com
Note the impunity with which even the FBI, IRS, United Nations is being impersonated, never mind Yahoo, Hotmail and the rest. And this party has been doing it for years now.
Now ask yourself: what number of legitimate domain owners are targeted by lack of domain privacy vs what number of the public are victimized by domain "anonymity"? Which is the lesser of the two evils?
Just some real world food for thought.
Derek Smythe Artists Against 419 http://www.aa419.org
_______________________________________________ At-Large mailing list At-Large@atlarge-lists.icann.org https://atlarge-lists.icann.org/mailman/listinfo/at-large
At-Large Official Site: http://atlarge.icann.org