RE: [ccnso-council] LAST CHANCE!!!: Survey on Phishing Issues

All,

Please do reply to the survey. It doesn't look great if even the council doesn’t respond to a survey that we initiated.

Cheers,

Chris Disspain
CEO - auDA
Australia's Domain Name Administrator
ceo@auda.org.au
www.auda.org.au

Important Notice - This email may contain information which is confidential and/or subject to legal privilege, and is intended for the use of the named addressee only. If you are not the intended recipient, you must not use, disclose or copy any part of this email. If you have received this email by mistake, please notify the sender and delete this message immediately. Please consider the environment before printing this email.

> -----Original Message-----
> From: owner-ccnso-council@icann.org [mailto:owner-ccnso-council@icann.org] On Behalf Of Gabriella Schittek
> Sent: Monday, 9 June 2008 21:53
> To: ccnso-council@icann.org
> Subject: [ccnso-council] LAST CHANCE!!!: Survey on Phishing Issues
>
>
> Dear Councillors,
>
> This is the last chance for you to reply to the Phishing survey - I will start with the evaluations by the end of this
> week, so please, can I have the replies by Wednesday, 11th June. The results of the survey will be presented at the
> Paris meeting. As the response-rate has been very poor, every reply would help improving the statistics. The survey
> was initiated by the council at the New Delhi meeting (see http://www.ccnso.icann.org/meetings/newdelhi/newdelhi-
> council-minutes-13feb08.pdf) - i.e. - it would look odd not having more councillors replying to it!
>
> The Council ccTLDs which have already replied to this survey are:
> .au, .cl, .eg, .jp, .mx, .pr, .tt
>
> Please, find the survey below.
>
> Thanks,
>
> Gabi
>
>
> --
>
> Anti-Phishing Survey
>
> 1) Are you aware of any phishing activity using domain names under your
> ccTLD?
>
> YES/NO
>
> 1.1) If YES - Do you consider the phishing activity under your domain
> large-scale?
>
> YES/NO
>
> 2) Who informs you about a phishing incident?
>
> Specially dedicated anti-phishing agents
> Government agents
> Internet engineering bodies
> CERTS
> Affected companies
> Registry
> Registrar
> Registrants
> Other (please, specify)
>
> 3) Do you have policies in place to suspend domain names used for phishing
> purposes?
>
> YES/NO
>
> 3.1) If YES: Are they published?
>
> 3.2) If you have policies in place: What documentation/proof of abuse is
> required?
>
> 3.3) If you have policies in place: Under what circumstances will your
> registry suspend a domain name?
>
> 3.4) If you don't have policies in place: Why?
>
> Haven't thought about it
> There is no phishing problem under our ccTLD
> There are government agencies responsible for that
> The Registry decided not to, as it has to do with content and use of the
> domain name
> We are unable to implement such policies because of the terms of our
> agreement with the sponsoring organisation for the ccTLD.
> Other (please, specify)
>
> 4) Who decides that a domain has been used for phishing?
>
> Registry
> External Committee
> Registrar
> Court
> Other (please, specify)
> 5) Do you notify the registrant of the pending suspension?
>
> YES/NO
>
> 5.1) If YES: How do you notify the registrant?
>
> Per email
> Per post
> Per telephone
> Other (please specify)
>
> 5.2) Do you provide a grace period to resolve the issue?
>
> YES/NO
>
> 5.3) How much time does it take, on average, to notify the registrant?
>
> 1 day or less
> 1 - 3 days
> 3 days - 1 week
> 1 - 3 weeks
> 3 weeks or more
>
> 6) How much time does it take from when a complainant starts the procedure,
> until final elimination/suspension of the domain name? (If foreseen by the
> procedure)
>
> 1 day or less
> 1 - 3 days
> 3 days - 1 week
> 1 - 3 weeks
> 3 weeks or more
>
> 7) Please, describe the full procedure the complainant has to follow when
> dealing with a phishing domain complaint:
>
> 8) What is the most efficient way to solve the phishing incidents in your
> opinion?
>
> Deletion of the domain name
> Suspension of the domain name
> Shutting down the web site (through the hosting provider)
> Send a warning to the phisher
> Criminal prosecution
> Other (please, specify)
>
> 9) Would you like the ccNSO to continue to undertake initiatives regarding
> anti-phishing?
>
> YES/NO
>
>
> 9.1. If YES, which of the following activities should the ccNSO undertake in
> your view:
>
> - Providing exchange of information on Phishing issues
> - Develop Best Practices on Phishing issues
> - Develop global policies on Phishing issues
> - Other (please, specify)
>