LAST CHANCE!!!: Survey on Phishing Issues
Dear Councillors, This is the last chance for you to reply to the Phishing survey - I will start with the evaluations by the end of this week, so please, can I have the replies by Wednesday, 11th June. The results of the survey will be presented at the Paris meeting. As the response-rate has been very poor, every reply would help improving the statistics. The survey was initiated by the council at the New Delhi meeting (see http://www.ccnso.icann.org/meetings/newdelhi/newdelhi-council-minutes-13feb0...) - i.e. - it would look odd not having more councillors replying to it! The Council ccTLDs which have already replied to this survey are: .au, .cl, .eg, .jp, .mx, .pr, .tt Please, find the survey below. Thanks, Gabi -- Anti-Phishing Survey 1) Are you aware of any phishing activity using domain names under your ccTLD? YES/NO 1.1) If YES - Do you consider the phishing activity under your domain large-scale? YES/NO 2) Who informs you about a phishing incident? Specially dedicated anti-phishing agents Government agents Internet engineering bodies CERTS Affected companies Registry Registrar Registrants Other (please, specify) 3) Do you have policies in place to suspend domain names used for phishing purposes? YES/NO 3.1) If YES: Are they published? 3.2) If you have policies in place: What documentation/proof of abuse is required? 3.3) If you have policies in place: Under what circumstances will your registry suspend a domain name? 3.4) If you don't have policies in place: Why? Haven't thought about it There is no phishing problem under our ccTLD There are government agencies responsible for that The Registry decided not to, as it has to do with content and use of the domain name We are unable to implement such policies because of the terms of our agreement with the sponsoring organisation for the ccTLD. Other (please, specify) 4) Who decides that a domain has been used for phishing? Registry External Committee Registrar Court Other (please, specify) 5) Do you notify the registrant of the pending suspension? YES/NO 5.1) If YES: How do you notify the registrant? Per email Per post Per telephone Other (please specify) 5.2) Do you provide a grace period to resolve the issue? YES/NO 5.3) How much time does it take, on average, to notify the registrant? 1 day or less 1 - 3 days 3 days - 1 week 1 - 3 weeks 3 weeks or more 6) How much time does it take from when a complainant starts the procedure, until final elimination/suspension of the domain name? (If foreseen by the procedure) 1 day or less 1 - 3 days 3 days - 1 week 1 - 3 weeks 3 weeks or more 7) Please, describe the full procedure the complainant has to follow when dealing with a phishing domain complaint: 8) What is the most efficient way to solve the phishing incidents in your opinion? Deletion of the domain name Suspension of the domain name Shutting down the web site (through the hosting provider) Send a warning to the phisher Criminal prosecution Other (please, specify) 9) Would you like the ccNSO to continue to undertake initiatives regarding anti-phishing? YES/NO 9.1. If YES, which of the following activities should the ccNSO undertake in your view: - Providing exchange of information on Phishing issues - Develop Best Practices on Phishing issues - Develop global policies on Phishing issues - Other (please, specify)
All, Please do reply to the survey. It doesn't look great if even the council doesn't respond to a survey that we initiated. Cheers, Chris Disspain CEO - auDA Australia's Domain Name Administrator ceo@auda.org.au www.auda.org.au Important Notice - This email may contain information which is confidential and/or subject to legal privilege, and is intended for the use of the named addressee only. If you are not the intended recipient, you must not use, disclose or copy any part of this email. If you have received this email by mistake, please notify the sender and delete this message immediately. Please consider the environment before printing this email.
-----Original Message----- From: owner-ccnso-council@icann.org [mailto:owner-ccnso-council@icann.org] On Behalf Of Gabriella Schittek Sent: Monday, 9 June 2008 21:53 To: ccnso-council@icann.org Subject: [ccnso-council] LAST CHANCE!!!: Survey on Phishing Issues
Dear Councillors,
This is the last chance for you to reply to the Phishing survey - I will start with the evaluations by the end of this week, so please, can I have the replies by Wednesday, 11th June. The results of the survey will be presented at the Paris meeting. As the response-rate has been very poor, every reply would help improving the statistics. The survey was initiated by the council at the New Delhi meeting (see http://www.ccnso.icann.org/meetings/newdelhi/newdelhi- council-minutes-13feb08.pdf) - i.e. - it would look odd not having more councillors replying to it!
The Council ccTLDs which have already replied to this survey are: .au, .cl, .eg, .jp, .mx, .pr, .tt
Please, find the survey below.
Thanks,
Gabi
--
Anti-Phishing Survey
1) Are you aware of any phishing activity using domain names under your ccTLD?
YES/NO
1.1) If YES - Do you consider the phishing activity under your domain large-scale?
YES/NO
2) Who informs you about a phishing incident?
Specially dedicated anti-phishing agents Government agents Internet engineering bodies CERTS Affected companies Registry Registrar Registrants Other (please, specify)
3) Do you have policies in place to suspend domain names used for phishing purposes?
YES/NO
3.1) If YES: Are they published?
3.2) If you have policies in place: What documentation/proof of abuse is required?
3.3) If you have policies in place: Under what circumstances will your registry suspend a domain name?
3.4) If you don't have policies in place: Why?
Haven't thought about it There is no phishing problem under our ccTLD There are government agencies responsible for that The Registry decided not to, as it has to do with content and use of the domain name We are unable to implement such policies because of the terms of our agreement with the sponsoring organisation for the ccTLD. Other (please, specify)
4) Who decides that a domain has been used for phishing?
Registry External Committee Registrar Court Other (please, specify) 5) Do you notify the registrant of the pending suspension?
YES/NO
5.1) If YES: How do you notify the registrant?
Per email Per post Per telephone Other (please specify)
5.2) Do you provide a grace period to resolve the issue?
YES/NO
5.3) How much time does it take, on average, to notify the registrant?
1 day or less 1 - 3 days 3 days - 1 week 1 - 3 weeks 3 weeks or more
6) How much time does it take from when a complainant starts the procedure, until final elimination/suspension of the domain name? (If foreseen by the procedure)
1 day or less 1 - 3 days 3 days - 1 week 1 - 3 weeks 3 weeks or more
7) Please, describe the full procedure the complainant has to follow when dealing with a phishing domain complaint:
8) What is the most efficient way to solve the phishing incidents in your opinion?
Deletion of the domain name Suspension of the domain name Shutting down the web site (through the hosting provider) Send a warning to the phisher Criminal prosecution Other (please, specify)
9) Would you like the ccNSO to continue to undertake initiatives regarding anti-phishing?
YES/NO
9.1. If YES, which of the following activities should the ccNSO undertake in your view:
- Providing exchange of information on Phishing issues - Develop Best Practices on Phishing issues - Develop global policies on Phishing issues - Other (please, specify)
Done --- Olivier le mardi 10 juin à 09 H 06 , Chris Disspain a ecrit :
All,
Please do reply to the survey. It doesn't look great if even the council doesn't respond to a survey that we initiated.
Cheers,
Chris Disspain CEO - auDA Australia's Domain Name Administrator ceo@auda.org.au www.auda.org.au
Important Notice - This email may contain information which is confidential and/or subject to legal privilege, and is intended for the use of the named addressee only. If you are not the intended recipient, you must not use, disclose or copy any part of this email. If you have received this email by mistake, please notify the sender and delete this message immediately. Please consider the environment before printing this email.
-----Original Message----- From: owner-ccnso-council@icann.org [mailto:owner-ccnso-council@icann.org] On Behalf Of Gabriella Schittek Sent: Monday, 9 June 2008 21:53 To: ccnso-council@icann.org Subject: [ccnso-council] LAST CHANCE!!!: Survey on Phishing Issues
Dear Councillors,
This is the last chance for you to reply to the Phishing survey - I will start with the evaluations by the end of this week, so please, can I have the replies by Wednesday, 11th June. The results of the survey will be presented at the Paris meeting. As the response-rate has been very poor, every reply would help improving the statistics. The survey was initiated by the council at the New Delhi meeting (see http://www.ccnso.icann.org/meetings/newdelhi/newdelhi- council-minutes-13feb08.pdf) - i.e. - it would look odd not having more councillors replying to it!
The Council ccTLDs which have already replied to this survey are: .au, .cl, .eg, .jp, .mx, .pr, .tt
Please, find the survey below.
Thanks,
Gabi
--
Anti-Phishing Survey
1) Are you aware of any phishing activity using domain names under your ccTLD?
YES/NO
1.1) If YES - Do you consider the phishing activity under your domain large-scale?
YES/NO
2) Who informs you about a phishing incident?
Specially dedicated anti-phishing agents Government agents Internet engineering bodies CERTS Affected companies Registry Registrar Registrants Other (please, specify)
3) Do you have policies in place to suspend domain names used for phishing purposes?
YES/NO
3.1) If YES: Are they published?
3.2) If you have policies in place: What documentation/proof of abuse is required?
3.3) If you have policies in place: Under what circumstances will your registry suspend a domain name?
3.4) If you don't have policies in place: Why?
Haven't thought about it There is no phishing problem under our ccTLD There are government agencies responsible for that The Registry decided not to, as it has to do with content and use of the domain name We are unable to implement such policies because of the terms of our agreement with the sponsoring organisation for the ccTLD. Other (please, specify)
4) Who decides that a domain has been used for phishing?
Registry External Committee Registrar Court Other (please, specify) 5) Do you notify the registrant of the pending suspension?
YES/NO
5.1) If YES: How do you notify the registrant?
Per email Per post Per telephone Other (please specify)
5.2) Do you provide a grace period to resolve the issue?
YES/NO
5.3) How much time does it take, on average, to notify the registrant?
1 day or less 1 - 3 days 3 days - 1 week 1 - 3 weeks 3 weeks or more
6) How much time does it take from when a complainant starts the procedure, until final elimination/suspension of the domain name? (If foreseen by the procedure)
1 day or less 1 - 3 days 3 days - 1 week 1 - 3 weeks 3 weeks or more
7) Please, describe the full procedure the complainant has to follow when dealing with a phishing domain complaint:
8) What is the most efficient way to solve the phishing incidents in your opinion?
Deletion of the domain name Suspension of the domain name Shutting down the web site (through the hosting provider) Send a warning to the phisher Criminal prosecution Other (please, specify)
9) Would you like the ccNSO to continue to undertake initiatives regarding anti-phishing?
YES/NO
9.1. If YES, which of the following activities should the ccNSO undertake in your view:
- Providing exchange of information on Phishing issues - Develop Best Practices on Phishing issues - Develop global policies on Phishing issues - Other (please, specify)
-- Olivier
participants (3)
-
Chris Disspain -
Gabriella Schittek -
Olivier Guillard / AFNIC