Danny and all, Danny is quite correct here regarding the inaccuracies in Whois. This has long been a problem and a good policy was devised to address it. However due to what can only reasonably be a lack of oversight by ICANN staff, their accuracy requirement has not been enforced adaquately, if at all. I cannot say with any certainty as to why ICANN's policy on Whois accuracy has not been enforced, but my guess is that there are likely two reasons: 1.) Not enough staff and/or other resources within ICANN to do so. 2.) An unwillingness to terminate Accreditation of Registries for not doing their oversight of their respective Whois maintenance as an incentive for being irresponsible stewards. What's bad about all this for users is that if a user gets an Email containing questionable content that he/she did not solicit for or has no earthly idea why they are receiving such questionable content [ kiddy porn, scam emails, other objectionable content ], and the admin. or postmaster Email address is not listed in the Whois, or is inaccurately listed, he/she user has no way of addressing this themselves without resorting to more serious means such as blocking software, reporting such emails to spam@uce.gov or US-Cert, Oct., Oct... I cannot tell you how many thousands of these Emails I have received many of which contained illegal content that I at one span in time had no known place to report them and when I contacted the admin. or postmaster Email ID it bounced back as non-diliverable. This still occurs today but with a bit less frequency. However most of this sort of spam and phishing attempts I get come from Yahoo Email addresses. Some of these that I have received though I have tracked back to mis-configured DNS's of web sites that I have visited, been sent, or from other Emails I have received whos ISP's are not adaquately secured. However instead of just complaining, let me make a suggestion as to how to actually fix this inaccurate Whois problem. First, give those Registries and Registrars running their own Whois for their Domain Names in whatever namespace/TLD 3 months to get it squeeky clean, or suspend their Accreditation until they are clean and accurate. Second, have a clearing house Email address for users to send whatever data they have or their providers have for them to use, at an ICANN email address so that ICANN staff members can address each complaint and fully investigate such to actually get the inaccuracy addressed fully. Bare in mind, NO domain name is to be put on hold or temporarly suspended because their Whois data is not accurate without significant just cause. -----Original Message-----

From: Danny Younger <dannyyounger@yahoo.com> Sent: Mar 27, 2008 6:00 AM To: At-Large Worldwide <alac@atlarge-lists.icann.org> Subject: [At-Large] Empowering the Users

First, I would like to thank Kieren for his efforts that have resulted in ICANN's Compliance Director having a look at the current WDPRS system problems. Ms. Burnette has stated: "We were not aware that follow-up notices were not being transmitted to reporters. I have asked the site administrator to address this problem right away." http://public.icann.org/node/657#comment-22

Next, I'd like to discuss the topic of user empowerment.

The Whois Data Problem Reporting System is a tool used by consumers to flag inaccurate WHOIS data. On a daily basis, users are beseiged by junk mail associated with domains that have been registered with false data. In response, individuals and networks have acted to utilize the WDPRS to bring down these offending domains.

The problem, of course, is that a very high percentage of registrations have inaccurate data (owing to [1] ICANN's failure to deal with privacy concerns; [2] owing to ICANN's lousy policy for dealing with inaccurate data that places way too much discretion in the hands of the registrars; and [3] owing to the worldwide failure to effectively deal with SPAM and the criminal element).

This means that we need to have either a very robust, scalable WDPRS that can handle this high percentage or a set of policies designed to properly vet registrations prior to activation.

As most in the registrar community have thus far chosen not to scrutinize any registration fields other than the data associated with billing contacts, we need to act to force them to change their modus operandi.

As I sincerely doubt that we will see any positive changes in the upcoming RAA revisions on this topic, I am of the view that we need to bolster the WDPRS system so that registrars are forced to manually respond to thousands of requests daily -- I am sure that in response to such a deluge they might reconsider their current stance on data verification efforts -- manual efforts will in the long run cost them alot more than the cost of implementing automated data verification processes.

Currently, the system can handle only a few thousand complaints daily, but we have firms waiting in the wings that could put through 10,000 valid complaints a day. We need to talk about improving the WDPRS capabilities so that those that want to clean up the mess that ICANN has helped to create through its lax policies can better get on with their efforts to protect and serve the public.

Improving sytem capabilities is one consideration; another consideration to look at is the registrar use of WHOIS rate limiters that make it difficult for the WDPRS to process large volumes of complaints. Beyond that we need to look at ICANN's manpower situation and determine how much more personnel will be required to properly manage the WDPRS process (in terms of regular oversight activities, periodic audits and system management needs). Current processing and staffing levels are just not designed to meet the size and scope of today’s problems.

All of the above call for either budgetary decisions to be reached, or new policy to be drafted.

While we can certainly attack on both fronts, what we cannot do is fail to properly empower the users by allowing this Reporting System to continue on its faltering path without improvements being made.

I would like to see ALAC comments on the budget address this important user issue.

Regards, Jeffrey A. Williams Spokesman for INEGroup LLA. - (Over 277k members/stakeholders strong!) "Obedience of the law is the greatest freedom" - Abraham Lincoln "Credit should go with the performance of duty and not with what is very often the accident of glory" - Theodore Roosevelt "If the probability be called P; the injury, L; and the burden, B; liability depends upon whether B is less than L multiplied by P: i.e., whether B is less than PL." United States v. Carroll Towing (159 F.2d 169 [2d Cir. 1947] =============================================================== Updated 1/26/04 CSO/DIR. Internet Network Eng. SR. Eng. Network data security IDNS. div. of Information Network Eng. INEG. INC. ABA member in good standing member ID 01257402 E-Mail jwkckid1@ix.netcom.com Phone: 214-244-4827