Fwd: Cross TLD Registration Scam and Domain Kiting/Tasting

Councillors, Please see the response below from Patrik Fältström, Chair of the SSAC, in response to our request in relation to evaluating and monitoring cross-TLD Registration Scam and Domain Kiting/Tasting by the SSAC. In light of this response, the GNSO Council might want to consider whether there are any alternative approaches to addressing the Registration Abuse Recommendations in this regard, or acknowledge that monitoring of these types of abuses cannot be done at this stage by the GNSO Council or SSAC but that at any point in time, should new data or information arise, these issues can be re-opened for consideration by the GNSO Council. We may want to discuss in further detail at the wrap up meeting. Stéphane Début du message réexpédié :
De : Patrik Fältström <paf@cisco.com> Objet : Rép : Cross TLD Registration Scam and Domain Kiting/Tasting Date : 21 octobre 2011 11:05:14 HAEC À : Stéphane Van Gelder <stephane.vangelder@indom.com> Cc : SSAC SSAC <ssac@icann.org>
Dear Stephane,
Thank you for writing to the SSAC regarding the outcomes of the RAP WG on cross-TLD registration scam and Domain Kiting.
As to the GNSO Council request that SSAC consider evaluating the cross-TLD Registration Scam and Domain Kiting/Tasting issues, upon review of the RAP WG’s outcomes and recommendations, we cannot see how the SSAC might improve upon these findings.
We note that the SSAC does not have an operational role, and is unable to monitor disparate TLDs for ongoing abuse, other than anecdotally. We do care about abuse, and have completed several related reports that you may find useful to your continued efforts. For example:
SAC044: A Registrant’s Guide to Protecting Domain Name Registration Accounts (05 November 2010) SAC040: Measures to Protect Domain Registration Services Against Exploitation or Misuse (19 August 2009) SAC028: SSAC Advisory on Registrar Impersonation Phishing Attacks (26 May 2008) SAC025: Fast Flux Hosting and DNS (SAC025) (28 January 2008) SAC024: Report on Domain Name Front Running (February 2008)
We are, of course, ready to perform rigorous analysis if more data regarding these or other alleged abuses is available. The protection of registrants from abusive practices is of interest and importance to SSAC.
Regards, Patrik Fältström Chair, SSAC
On 17 okt 2011, at 20:23, Stéphane Van Gelder wrote:
Hi Patrik,
At its meeting on 6 October, in follow up to the recommendations of the Registration Abuse Policies Working Group, the GNSO Council tasked me as Chair, with regards to the recommendations on cross-TLD Registration Scam and Domain Kiting/Tasting, to communicate to the Security and Stability Advisory Committee (SSAC) the findings of the RAP WG in this regard and request that the SSAC consider evaluating and/or monitoring these abuses. If the SSAC elects to conduct this work, the GNSO Council requests that the SSAC inform the GNSO Council if it believes that further policy work by the GNSO Council should be undertaken to address these two types of abuse'.
For your information, you will find attached to this message the findings of the RAP Working Group in relation to these issues.
Please let me know if you have any questions. I look forward to discussing this with you in Dakar if required.
<Cross TLD Registration Scam - Domain Kiting - 10 October 2011.doc>

Stephane -- Forgive the delayed reply on this, but I'm sifting through mail post-Dakar. I agree that the council may want to acknowledge there are no authoritative sources of data for these types of abuses and that monitoring is difficult at best. That said, if the council so chooses, I would be happy to work with the SSAC or others to identify where data might be available, if in fact it is. Mason ________________________________ From: owner-council@gnso.icann.org on behalf of Stéphane Van Gelder Sent: Tue 10/25/2011 2:36 AM To: council@gnso.icann.org Subject: [council] Fwd: Cross TLD Registration Scam and Domain Kiting/Tasting Councillors, Please see the response below from Patrik Fältström, Chair of the SSAC, in response to our request in relation to evaluating and monitoring cross-TLD Registration Scam and Domain Kiting/Tasting by the SSAC. In light of this response, the GNSO Council might want to consider whether there are any alternative approaches to addressing the Registration Abuse Recommendations in this regard, or acknowledge that monitoring of these types of abuses cannot be done at this stage by the GNSO Council or SSAC but that at any point in time, should new data or information arise, these issues can be re-opened for consideration by the GNSO Council. We may want to discuss in further detail at the wrap up meeting. Stéphane Début du message réexpédié : De : Patrik Fältström <paf@cisco.com> Objet : Rép : Cross TLD Registration Scam and Domain Kiting/Tasting Date : 21 octobre 2011 11:05:14 HAEC À : Stéphane Van Gelder <stephane.vangelder@indom.com> Cc : SSAC SSAC <ssac@icann.org> Dear Stephane, Thank you for writing to the SSAC regarding the outcomes of the RAP WG on cross-TLD registration scam and Domain Kiting. As to the GNSO Council request that SSAC consider evaluating the cross-TLD Registration Scam and Domain Kiting/Tasting issues, upon review of the RAP WG's outcomes and recommendations, we cannot see how the SSAC might improve upon these findings. We note that the SSAC does not have an operational role, and is unable to monitor disparate TLDs for ongoing abuse, other than anecdotally. We do care about abuse, and have completed several related reports that you may find useful to your continued efforts. For example: SAC044: A Registrant's Guide to Protecting Domain Name Registration Accounts (05 November 2010) SAC040: Measures to Protect Domain Registration Services Against Exploitation or Misuse (19 August 2009) SAC028: SSAC Advisory on Registrar Impersonation Phishing Attacks (26 May 2008) SAC025: Fast Flux Hosting and DNS (SAC025) (28 January 2008) SAC024: Report on Domain Name Front Running (February 2008) We are, of course, ready to perform rigorous analysis if more data regarding these or other alleged abuses is available. The protection of registrants from abusive practices is of interest and importance to SSAC. Regards, Patrik Fältström Chair, SSAC On 17 okt 2011, at 20:23, Stéphane Van Gelder wrote: Hi Patrik, At its meeting on 6 October, in follow up to the recommendations of the Registration Abuse Policies Working Group, the GNSO Council tasked me as Chair, with regards to the recommendations on cross-TLD Registration Scam and Domain Kiting/Tasting, to communicate to the Security and Stability Advisory Committee (SSAC) the findings of the RAP WG in this regard and request that the SSAC consider evaluating and/or monitoring these abuses. If the SSAC elects to conduct this work, the GNSO Council requests that the SSAC inform the GNSO Council if it believes that further policy work by the GNSO Council should be undertaken to address these two types of abuse'. For your information, you will find attached to this message the findings of the RAP Working Group in relation to these issues. Please let me know if you have any questions. I look forward to discussing this with you in Dakar if required. Best, Stéphane <Cross TLD Registration Scam - Domain Kiting - 10 October 2011.doc>
participants (2)
Mason Cole
Stéphane Van Gelder