On Mon, 20 Jan 2014, Volker Greimann wrote: Hi Volker, inline, bob
Hi Bob,
Not sure, what to say here, because I know you know better. Spam email makes up about 75% to 85% of all email traffic. That is a lot more than a few bad apples.
I am sure you agree with me, that while the volume of spam may be high, this is usually sent by a small percentage of registrants. Actually, spammers do not even need a domain, they need a botnet.
Actually I do not agree with you. There may be a small number of bad actors, compared to all registrants, but they register millions of domain names (yes, I can verify that). Yes, they use botnets for sending, but they need their own sites for landing/transaction sites, which are they ones to be shutdown.
So when looking at all registrants, the number of "bad registrants" is more likely to be in the thousands of a percent.
Not if you count the number of domain names.
It is also true that abuse reports can be delivered at a 40,000 to 50,000 per day level, if ICANN and the Registrars would take them.
If you want to clog up abuse channels with duplicate reports and therefore extend reaction times to nearly infinite, then do that. I am sure the real criminals will love that.
You know that, for example. KnujOn eliminates all the duplicates. That 40k-50k are real, non-duplicated sites. If your abuse channels are unable to handle that volume, perhaps you could consider not offering bulk, automated registrations. I am also sure, that there are places that could you help with your problem.
That said, we take and review _all_ complaints we get.
Verification would make a huge difference and this has been shown on several occasions by KnujOn and others. Currently, many registrations have total nonsense in the fields and do not even meet format requirements (such as email format). These are almost always done by criminals (spammers, etc). The same guys who want p/p. Convince me then (but off-list, since verification is not currently what we are looking at).
However, please also explain then how verification will not simply lead to an increase of identity theft and harassment of innocents who just happen to have their private details abused by a criminal in order to have verifyable data.
This is merely speculation on your part. The current situation is that they put nonsense in the registration forms.
They register domains in bulk, so looking each one up to get a real set of public data would put a burden on them.
Not if they automate it. There are enough online databases and if they are sophisticated enough to create bbotnets and online storefronts, they will most likely also be able to parse a database in their bulk registration engines...
Verification to me is a red herring.
Volker
On Mon, 20 Jan 2014, Volker Greimann wrote:
I do not believe in making all our customers pay more just to exclude a few bad apples that can also be weeded out by making an abuse report.
Verification will also not help against crime, at least not as long as there are public data register like phone books or public whois as any criminal can simply duplicate verifyable data.
Volker
Hi James, ===================================================================== As Don has just said that this discussion is premature, I will stop answering these emails, unless something happens to change that. If you wish to continue the discussion with me, please contact me off list. ==================================================================
Please don't be silly. Criminal whatever. And of course they lie.
If Registrars actually verified registrations, this would not be an issue.
--bob
On Mon, 20 Jan 2014, James M. Bladel wrote:
Criminal individuals, or criminal commercial organizations?
And is it your contention that criminals provide valid identification/contact details to the P/P service?
Thanks‹
J.
On 1/20/14, 10:20 , "Bob Bruen" <bruen@coldrain.net> wrote:
Hi Tim,
The harm is protecting the identities of criminnals. And I consider undermining whois a harm, as well
--bob
On Mon, 20 Jan 2014, Tim Ruiz wrote:
What are the problems commercial entities that use p/p have caused?
On Jan 20, 2014, at 8:11 AM, "Bob Bruen" <bruen@coldrain.net> wrote:
Hi Volker,
I was merely responding to Stephanie's comments about the difficulties, not advocating a position.
However, as you are aware, I do advocate barring commercial entities from using p/p, because the use has already caused harm and we should fix that. The providers created the problem in the first place, so allowing them to continue to control it simply continues the problem.
The discussion of all this is the point of this group (and other groups).
--bob
On Mon, 20 Jan 2014, Volker Greimann wrote:
I agree that it would be possible to bar commercial entities from using p/p services, however I am not sure it is the sensible thing to do. Certainly, there is abuse, but by creating a blanket prohibition, i fear more damage will be done to legitimate interests than good is done to illegitimate ones. In the end it should be up to the provider which categories of clients it accepts. Volker Am 20.01.2014 02:08, schrieb Bob Bruen:
Hi Stephanie,
It is entirely possible to decide to bar commercial entities, create a definition of "comercial entities" and then deal with those which appear to problematical.
The fraudsters probably will not be a set up as a legitimate bussiness, but their sites can be identified as spam, malware, etc types and thus taking money, therefore a business. I am sure there are other methods to deal with problem domain names.
In general, exceptions or problems should not derail a process.
--bob
On Sun, 19 Jan 2014, Stephanie Perrin wrote:
I dont want to keep beating a dead horse here....but if there is a resounding response of "yes indeed, bar commercial entities from using P/P services", then how are you going to propose that p/p proxy service providers determine who is a commercial entity, particularly in jurisdictions which have declined to regulate the provision of goods and services over the Internet? I don't like asking questions that walk us into corners we cannot get out of. Do the fraudsters we are worried about actually apply for business numbers and articles of incorporation in the jurisdictions in which they operate? I operate in a jurisdiction where this distinction is often extremely difficult to make. THe determination would depend on the precise use being made of the domain name....which gets ICANN squarely into content analysis, and which can hardly be done for new registrations, even if t were within ICANN's remit. I am honestly not trying to be difficult, but I just have not heard a good answer to this problem. Stephanie Perrin On 2014-01-19, at 4:38 PM, Holly Raiche wrote:
Jin and all I agree with Jim here (and Don earlier). The important task here is agreeing on the questions to be asked of the SO/ACs. So we need to get back to framing the questions - not answering them, however tempting that may be.
So the question of whether 'commercial entities' should be barred is still a useful question to ask. The next question would be whether there are possible distinctions that should be drawn between an entity that can use the service and one that can't and, if so, where is the line drawn. I agree with the discussion on how difficult that will be because many entities that have corporate status also have reasonable grounds for wanting the protection of such a service (human rights organisations or women's refuges come to mind). But that is the sort of response we are seeking from others outside of this group - so let's not prejudge answers. Let's only frame the questions that will help us come to some sensible answers. Otherwise, we'll never get to the next steps.
And my apologies for the next meeting. I have a long day ahead on Wednesday (Sydney time) and taking calls at 2.00am won't help. So Ill read the transcript and be back in a fortnight (2 weeks for those who do not use the term)
Holly
On 16/01/2014, at 5:39 AM, Jim Bikoff wrote:
Don and all,
As we suggested earlier, and discussed in the last Group teleconference, it might be helpful, as a next step, if we reached a consensus on the groups of questions before sending them out to SO/ACs and SG/Cs.
This would involve two steps: First, agreeing on the name of each group; and second, streamlining the questions in each group.
In the first step, we could consider alternative headings (perhaps REGISTRATION instead of MAINTENANCE).
And in the second step, we could remove duplicative or vague questions.
This crystallization would make the questions more approachable, and encourage better responses.
I hope these ideas are helpful.
Best,
Jim
James L. Bikoff Silverberg, Goldman & Bikoff, LLP 1101 30th Street, NW Suite 120 Washington, DC 20007 Tel: 202-944-3303 Fax: 202-944-3306 jbikoff@sgbdc.com
From: Don Blumenthal <dblumenthal@pir.org> Date: January 14, 2014 11:09:23 AM EST To: PPSAI <gnso-ppsai-pdp-wg@icann.org> Subject: [Gnso-ppsai-pdp-wg] Carlton's closing chat question Carlton posted an issue that shouldn¹t wait a week:
³John came up with 4 groups. Do we have a notion that others might be extracted? And where do we include/modify questions to address Stephanie's issue?"
Jim had four groups and an umbrella Main category, which may be instructive in itself in guiding how we proceed organizationally. Regardless, the consensus of commenters has been that his document is a significant improvement over where we were before, and I suggest that we use it as a baseline. However, we still have work to do on it. Feel free to suggest modifications.
Don
_______________________________________________ Gnso-ppsai-pdp-wg mailing list Gnso-ppsai-pdp-wg@icann.org
https://mm.icann.org/mailman/listinfo/gnso-ppsai-pdp-wg
_______________________________________________ Gnso-ppsai-pdp-wg mailing list Gnso-ppsai-pdp-wg@icann.org
https://mm.icann.org/mailman/listinfo/gnso-ppsai-pdp-wg
_______________________________________________ Gnso-ppsai-pdp-wg mailing list Gnso-ppsai-pdp-wg@icann.org
https://mm.icann.org/mailman/listinfo/gnso-ppsai-pdp-wg _______________________________________________ Gnso-ppsai-pdp-wg mailing list Gnso-ppsai-pdp-wg@icann.org https://mm.icann.org/mailman/listinfo/gnso-ppsai-pdp-wg
-- Dr. Robert Bruen Cold Rain Labs http://coldrain.net/bruen +1.802.579.6288 _______________________________________________ Gnso-ppsai-pdp-wg mailing list Gnso-ppsai-pdp-wg@icann.org https://mm.icann.org/mailman/listinfo/gnso-ppsai-pdp-wg _______________________________________________ Gnso-ppsai-pdp-wg mailing list Gnso-ppsai-pdp-wg@icann.org https://mm.icann.org/mailman/listinfo/gnso-ppsai-pdp-wg
-- Dr. Robert Bruen Cold Rain Labs http://coldrain.net/bruen +1.802.579.6288
_______________________________________________ Gnso-ppsai-pdp-wg mailing list Gnso-ppsai-pdp-wg@icann.org https://mm.icann.org/mailman/listinfo/gnso-ppsai-pdp-wg
-- Dr. Robert Bruen Cold Rain Labs http://coldrain.net/bruen +1.802.579.6288