Hi folks, (new to this mailing list, so I'm still catching up) For most online form implementations, they're very simple, and the enquirer is not authenticated before using the form. Thus, if a copy of the email is sent to the "enquirer's email address", the form can be misused to send spam to random email addresses that are submitted as the "enquirer's email address." It's essential that the registrant be able to opt-in to display of their own email address and contact details in the WHOIS, as otherwise the registrar becomes a gatekeeper of all those communications, essentially intercepting it. The registrar's systems become a point of failure (take a look at the history of downtime of their forms or email, compared to your own email), any spam filtering they impose on their form or anonymized email might cause one to lose valuable communications due to false positives, and any CAPTCHA they use for their forms might block various legitimate users (e.g. a CAPTCHA might block inquiries from China, if the registrar uses RECAPTCHA by Google as the CAPTCHA, as China blocks many Google services). Registrars often own domain portfolios of their own, and having them be positioned in a way to see all the inbound inquiries to other people's domain names gives them competitive intelligence that can create a conflict of interest, too (e.g. some registrars might use that intelligence to sell domains to the inquirer from their own portfolio, or register other domain names that are similar to ones that are receiving many inquiries, thereby competing with their own customers). It's kind of a bizarre solution put forth by registrars, that to protect "privacy", they will "help" by standing in the middle of other people's correspondence, and relay it between the 2 parties, thereby being able to fully view and analyze that correspondence! I personally do not mind having my contact details be 100% public in the WHOIS, because I want to preserve the privacy of those communications, and not have the registrars be intercepting them. All registrants should be able to make that choice for themselves (i.e. whether they want to preserve the privacy of their contact info, at the expense of having their communications be intercepted by the registrar; or whether they want to preserve the privacy of their inbound communications, at the "expense" of having their contact info be public; different people will make different choices, depending on their own cost/benefit analysis). From the registrars point of view, their "cost" is extremely low of creating an anonymized email address or form, but their benefit (that competitive intelligence from intercepting all the inbound communications of their clients coming from WHOIS) can be enormous! Sincerely, George Kirikos 416-588-0269 http://www.leap.com/ On Wed, Feb 13, 2019 at 8:01 PM Olivier MJ Crépin-Leblond <ocl@gih.com> wrote:
Dear Alan,
this is like lobbing correspondence over a wall... something which some of us are accustomed to. :-) More seriously though, would it be possible to require that any such correspondence using an online form needs to email a copy of the form to the enquirer's email address as well as the registrant and provide both with a unique case ID? In effect, it's a CRM system. Online businesses use that all the time. I can live with a CRM system that tracks cases even without knowing who owns the domain name. Kindest regards,
Olivier
On 13/02/2019 21:42, Alan Greenberg wrote:
There was bound to be one issue that we forgot today.
This is the fact that all communications with a registrant or tech contact will be via anonymized e-mail r a we form (which then is e-mail sent by the registrar).
Both are what I refer to as "black hole" communications. You tow the message out and unless there is a reply, you never know if it was really forwarded on your behalf, whether it was received. If it bounced, the Registrar may know that it did, but the sender does not.
With a real address, you can at least use a number of tools to try to determine if there is a path to the mail server or if the user exists. Here there is nothing.
Alan
_______________________________________________ CPWG mailing list CPWG@icann.org https://mm.icann.org/mailman/listinfo/cpwg
_______________________________________________ CPWG mailing list CPWG@icann.org https://mm.icann.org/mailman/listinfo/cpwg