Yes I am aware of that but status on the domain per today indicates that it’s validated already, thats why I asked. -- Med vänliga hälsningar / Kind Regards / Med vennlig hilsen Benny Samuelsen Registry Manager - Domainexpert Nordreg AB - ICANN accredited registrar IANA-ID: 638 Phone: +46.42197080 Direct: +47.32260201 Mobile: +47.40410200 From: Susan Kawaguchi <susank@fb.com> Date: Monday 1 August 2016 at 19:04 To: Benny Samuelsen <benny@nordreg.se>, "gnso-rds-pdp-wg@icann.org" <gnso-rds-pdp-wg@icann.org> Subject: Re: [gnso-rds-pdp-wg] Use Case - False registration data to appear as Facebook owned domain name The registrar sent an email to Domain@fb.com which I received but I immediately responded it was not a valid registration and asked for transfer. No word yet. All phishers need is a few days to use the domain name. Susan Kawaguchi Domain Name Manager Facebook Legal Dept. From: "benny@nordreg.se<mailto:benny@nordreg.se>" <benny@nordreg.se<mailto:benny@nordreg.se>> Date: Monday, August 1, 2016 at 10:01 AM To: Susan kawaguchi <susank@fb.com<mailto:susank@fb.com>>, "gnso-rds-pdp-wg@icann.org<mailto:gnso-rds-pdp-wg@icann.org>" <gnso-rds-pdp-wg@icann.org<mailto:gnso-rds-pdp-wg@icann.org>> Subject: Re: [gnso-rds-pdp-wg] Use Case - False registration data to appear as Facebook owned domain name Curious, how did it get validated? -- Med vänliga hälsningar / Kind Regards / Med vennlig hilsen Benny Samuelsen Registry Manager - Domainexpert Nordreg AB - ICANN accredited registrar IANA-ID: 638 Phone: +46.42197080 Direct: +47.32260201 Mobile: +47.40410200 From: <gnso-rds-pdp-wg-bounces@icann.org<mailto:gnso-rds-pdp-wg-bounces@icann.org>> on behalf of Susan Kawaguchi <susank@fb.com<mailto:susank@fb.com>> Date: Monday 1 August 2016 at 17:17 To: "gnso-rds-pdp-wg@icann.org<mailto:gnso-rds-pdp-wg@icann.org>" <gnso-rds-pdp-wg@icann.org<mailto:gnso-rds-pdp-wg@icann.org>> Subject: [gnso-rds-pdp-wg] Use Case - False registration data to appear as Facebook owned domain name Hello All, Attached is a use case we run into frequently, bad actors will use valid Facebook information in the registration data to make the registration to appear authentic. Best regards, Susan Kawaguchi Domain Name Manager Facebook Legal Dept.

No auto response on Domain@fb.com. Not validated. Susan Kawaguchi Domain Name Manager Facebook Legal Dept. From: <gnso-rds-pdp-wg-bounces@icann.org<mailto:gnso-rds-pdp-wg-bounces@icann.org>> on behalf of Volker Greimann <vgreimann@key-systems.net<mailto:vgreimann@key-systems.net>> Date: Monday, August 1, 2016 at 10:13 AM To: "gnso-rds-pdp-wg@icann.org<mailto:gnso-rds-pdp-wg@icann.org>" <gnso-rds-pdp-wg@icann.org<mailto:gnso-rds-pdp-wg@icann.org>> Subject: Re: [gnso-rds-pdp-wg] Use Case - False registration data to appear as Facebook owned domain name Possibly the response was received, automatically noted as a valid response from that email address and presto: validated! Volker Am 01.08.2016 um 19:07 schrieb benny@nordreg.se<mailto:benny@nordreg.se>: Yes I am aware of that but status on the domain per today indicates that it’s validated already, thats why I asked. -- Med vänliga hälsningar / Kind Regards / Med vennlig hilsen Benny Samuelsen Registry Manager - Domainexpert Nordreg AB - ICANN accredited registrar IANA-ID: 638 Phone: +46.42197080 Direct: +47.32260201 Mobile: +47.40410200 From: Susan Kawaguchi <susank@fb.com><mailto:susank@fb.com> Date: Monday 1 August 2016 at 19:04 To: Benny Samuelsen <benny@nordreg.se><mailto:benny@nordreg.se>, "gnso-rds-pdp-wg@icann.org"<mailto:gnso-rds-pdp-wg@icann.org> <gnso-rds-pdp-wg@icann.org><mailto:gnso-rds-pdp-wg@icann.org> Subject: Re: [gnso-rds-pdp-wg] Use Case - False registration data to appear as Facebook owned domain name The registrar sent an email to Domain@fb.com<mailto:Domain@fb.com> which I received but I immediately responded it was not a valid registration and asked for transfer. No word yet. All phishers need is a few days to use the domain name. Susan Kawaguchi Domain Name Manager Facebook Legal Dept. From: "benny@nordreg.se<mailto:benny@nordreg.se>" <benny@nordreg.se<mailto:benny@nordreg.se>> Date: Monday, August 1, 2016 at 10:01 AM To: Susan kawaguchi <susank@fb.com<mailto:susank@fb.com>>, "gnso-rds-pdp-wg@icann.org<mailto:gnso-rds-pdp-wg@icann.org>" <gnso-rds-pdp-wg@icann.org<mailto:gnso-rds-pdp-wg@icann.org>> Subject: Re: [gnso-rds-pdp-wg] Use Case - False registration data to appear as Facebook owned domain name Curious, how did it get validated? -- Med vänliga hälsningar / Kind Regards / Med vennlig hilsen Benny Samuelsen Registry Manager - Domainexpert Nordreg AB - ICANN accredited registrar IANA-ID: 638 Phone: +46.42197080 Direct: +47.32260201 Mobile: +47.40410200 From: <gnso-rds-pdp-wg-bounces@icann.org<mailto:gnso-rds-pdp-wg-bounces@icann.org>> on behalf of Susan Kawaguchi <susank@fb.com<mailto:susank@fb.com>> Date: Monday 1 August 2016 at 17:17 To: "gnso-rds-pdp-wg@icann.org<mailto:gnso-rds-pdp-wg@icann.org>" <gnso-rds-pdp-wg@icann.org<mailto:gnso-rds-pdp-wg@icann.org>> Subject: [gnso-rds-pdp-wg] Use Case - False registration data to appear as Facebook owned domain name Hello All, Attached is a use case we run into frequently, bad actors will use valid Facebook information in the registration data to make the registration to appear authentic. Best regards, Susan Kawaguchi Domain Name Manager Facebook Legal Dept. _______________________________________________ gnso-rds-pdp-wg mailing list gnso-rds-pdp-wg@icann.org<mailto:gnso-rds-pdp-wg@icann.org>https://mm.icann.org/mailman/listinfo/gnso-rds-pdp-wg<https://urldefense.proofpoint.com/v2/url?u=https-3A__mm.icann.org_mailman_listinfo_gnso-2Drds-2Dpdp-2Dwg&d=CwMD-g&c=5VD0RTtNlTh3ycd41b3MUw&r=gvEx8xF7ynrYQ7wShqEr-w&m=41Z58OxY4ZOFNMyXHWIv025wYlmxm_xDbGNXhie8zUU&s=YxkJV-idBtALQz_ZgfavlPRi5QtGZnV80ciwPShLw94&e=> -- Bei weiteren Fragen stehen wir Ihnen gerne zur Verfügung. Mit freundlichen Grüßen, Volker A. Greimann - Rechtsabteilung - Key-Systems GmbH Im Oberen Werk 1 66386 St. Ingbert Tel.: +49 (0) 6894 - 9396 901 Fax.: +49 (0) 6894 - 9396 851 Email: vgreimann@key-systems.net<mailto:vgreimann@key-systems.net> Web: www.key-systems.net<https://urldefense.proofpoint.com/v2/url?u=http-3A__www.key-2Dsystems.net&d=...> / www.RRPproxy.net<https://urldefense.proofpoint.com/v2/url?u=http-3A__www.RRPproxy.net&d=CwMD-g&c=5VD0RTtNlTh3ycd41b3MUw&r=gvEx8xF7ynrYQ7wShqEr-w&m=41Z58OxY4ZOFNMyXHWIv025wYlmxm_xDbGNXhie8zUU&s=sknhFvOfbL8P_y1ROcvqO-IgGdP25lI2NVzk-s86FK0&e=>www.domaindiscount24.com<https://urldefense.proofpoint.com/v2/url?u=http-3A__www.domaindiscount24.com&d=CwMD-g&c=5VD0RTtNlTh3ycd41b3MUw&r=gvEx8xF7ynrYQ7wShqEr-w&m=41Z58OxY4ZOFNMyXHWIv025wYlmxm_xDbGNXhie8zUU&s=-kmRVZPoWec5uKf_tpYeFdwA47wemXy4IcjVdkyi6ng&e=> / www.BrandShelter.com<https://urldefense.proofpoint.com/v2/url?u=http-3A__www.BrandShelter.com&d=C...> Folgen Sie uns bei Twitter oder werden Sie unser Fan bei Facebook: www.facebook.com/KeySystems<http://www.facebook.com/KeySystems>www.twitter.com/key_systems<https://urldefense.proofpoint.com/v2/url?u=http-3A__www.twitter.com_key-5Fsystems&d=CwMD-g&c=5VD0RTtNlTh3ycd41b3MUw&r=gvEx8xF7ynrYQ7wShqEr-w&m=41Z58OxY4ZOFNMyXHWIv025wYlmxm_xDbGNXhie8zUU&s=QoOoQD7CfKHDxv5XtG9uy-FuOrv2t9-PtGljQ0IZ69s&e=> Geschäftsführer: Alexander Siffrin Handelsregister Nr.: HR B 18835 - Saarbruecken Umsatzsteuer ID.: DE211006534 Member of the KEYDRIVE GROUP www.keydrive.lu<https://urldefense.proofpoint.com/v2/url?u=http-3A__www.keydrive.lu&d=CwMD-g...> Der Inhalt dieser Nachricht ist vertraulich und nur für den angegebenen Empfänger bestimmt. Jede Form der Kenntnisgabe, Veröffentlichung oder Weitergabe an Dritte durch den Empfänger ist unzulässig. Sollte diese Nachricht nicht für Sie bestimmt sein, so bitten wir Sie, sich mit uns per E-Mail oder telefonisch in Verbindung zu setzen. -------------------------------------------- Should you have any further questions, please do not hesitate to contact us. Best regards, Volker A. Greimann - legal department - Key-Systems GmbH Im Oberen Werk 1 66386 St. Ingbert Tel.: +49 (0) 6894 - 9396 901 Fax.: +49 (0) 6894 - 9396 851 Email: vgreimann@key-systems.net<mailto:vgreimann@key-systems.net> Web: www.key-systems.net<https://urldefense.proofpoint.com/v2/url?u=http-3A__www.key-2Dsystems.net&d=...> / www.RRPproxy.net<https://urldefense.proofpoint.com/v2/url?u=http-3A__www.RRPproxy.net&d=CwMD-g&c=5VD0RTtNlTh3ycd41b3MUw&r=gvEx8xF7ynrYQ7wShqEr-w&m=41Z58OxY4ZOFNMyXHWIv025wYlmxm_xDbGNXhie8zUU&s=sknhFvOfbL8P_y1ROcvqO-IgGdP25lI2NVzk-s86FK0&e=>www.domaindiscount24.com<https://urldefense.proofpoint.com/v2/url?u=http-3A__www.domaindiscount24.com&d=CwMD-g&c=5VD0RTtNlTh3ycd41b3MUw&r=gvEx8xF7ynrYQ7wShqEr-w&m=41Z58OxY4ZOFNMyXHWIv025wYlmxm_xDbGNXhie8zUU&s=-kmRVZPoWec5uKf_tpYeFdwA47wemXy4IcjVdkyi6ng&e=> / www.BrandShelter.com<https://urldefense.proofpoint.com/v2/url?u=http-3A__www.BrandShelter.com&d=C...> Follow us on Twitter or join our fan community on Facebook and stay updated: www.facebook.com/KeySystems<http://www.facebook.com/KeySystems>www.twitter.com/key_systems<https://urldefense.proofpoint.com/v2/url?u=http-3A__www.twitter.com_key-5Fsystems&d=CwMD-g&c=5VD0RTtNlTh3ycd41b3MUw&r=gvEx8xF7ynrYQ7wShqEr-w&m=41Z58OxY4ZOFNMyXHWIv025wYlmxm_xDbGNXhie8zUU&s=QoOoQD7CfKHDxv5XtG9uy-FuOrv2t9-PtGljQ0IZ69s&e=> CEO: Alexander Siffrin Registration No.: HR B 18835 - Saarbruecken V.A.T. ID.: DE211006534 Member of the KEYDRIVE GROUP www.keydrive.lu<https://urldefense.proofpoint.com/v2/url?u=http-3A__www.keydrive.lu&d=CwMD-g...> This e-mail and its attachments is intended only for the person to whom it is addressed. Furthermore it is not permitted to publish any content of this email. You must not use, disclose, copy, print or rely on this e-mail. If an addressing or transmission error has misdirected this e-mail, kindly notify the author by replying to this e-mail or contacting us by telephone.

No never received a request to verify the domain name. I am very familiar with the process that is similar with many different registrars. The language of the request may differ a bit but the process is very similar with all the registrars I do business with. I would also always check the registration details as this type of registration happens more often than you would think. Didn't verify by accident Onlinenic didn't send a verification request. But the real issue with this use case is that anyone can steal an identity and use it in a Whois record. In this case their intent was harmful to FB users. A responsible registrar will immediately either suspend the domain name or transfer the domain name to FB. Sent from my iPhone On Aug 2, 2016, at 1:18 AM, Volker Greimann <vgreimann@key-systems.net<mailto:vgreimann@key-systems.net>> wrote: Hi Susan, depending on how that registrars validation system is set up, it may merely need a response to the verification request from any email, provided certain triggers are included. I do not know the details, but is it conceivable you accidentally verified the address in your response? Just trying to guess what happened. Volker Am 01.08.2016 um 19:28 schrieb Susan Kawaguchi: No auto response on Domain@fb.com<mailto:Domain@fb.com>. Not validated. Susan Kawaguchi Domain Name Manager Facebook Legal Dept. From: <gnso-rds-pdp-wg-bounces@icann.org<mailto:gnso-rds-pdp-wg-bounces@icann.org>> on behalf of Volker Greimann <vgreimann@key-systems.net<mailto:vgreimann@key-systems.net>> Date: Monday, August 1, 2016 at 10:13 AM To: "gnso-rds-pdp-wg@icann.org<mailto:gnso-rds-pdp-wg@icann.org>" <gnso-rds-pdp-wg@icann.org<mailto:gnso-rds-pdp-wg@icann.org>> Subject: Re: [gnso-rds-pdp-wg] Use Case - False registration data to appear as Facebook owned domain name Possibly the response was received, automatically noted as a valid response from that email address and presto: validated! Volker Am 01.08.2016 um 19:07 schrieb benny@nordreg.se<mailto:benny@nordreg.se>: Yes I am aware of that but status on the domain per today indicates that it’s validated already, thats why I asked. -- Med vänliga hälsningar / Kind Regards / Med vennlig hilsen Benny Samuelsen Registry Manager - Domainexpert Nordreg AB - ICANN accredited registrar IANA-ID: 638 Phone: +46.42197080 Direct: +47.32260201 Mobile: +47.40410200 From: Susan Kawaguchi <susank@fb.com><mailto:susank@fb.com> Date: Monday 1 August 2016 at 19:04 To: Benny Samuelsen <benny@nordreg.se><mailto:benny@nordreg.se>, "gnso-rds-pdp-wg@icann.org"<mailto:gnso-rds-pdp-wg@icann.org> <gnso-rds-pdp-wg@icann.org><mailto:gnso-rds-pdp-wg@icann.org> Subject: Re: [gnso-rds-pdp-wg] Use Case - False registration data to appear as Facebook owned domain name The registrar sent an email to Domain@fb.com<mailto:Domain@fb.com> which I received but I immediately responded it was not a valid registration and asked for transfer. No word yet. All phishers need is a few days to use the domain name. Susan Kawaguchi Domain Name Manager Facebook Legal Dept. From: "benny@nordreg.se<mailto:benny@nordreg.se>" <benny@nordreg.se<mailto:benny@nordreg.se>> Date: Monday, August 1, 2016 at 10:01 AM To: Susan kawaguchi <susank@fb.com<mailto:susank@fb.com>>, "gnso-rds-pdp-wg@icann.org<mailto:gnso-rds-pdp-wg@icann.org>" <gnso-rds-pdp-wg@icann.org<mailto:gnso-rds-pdp-wg@icann.org>> Subject: Re: [gnso-rds-pdp-wg] Use Case - False registration data to appear as Facebook owned domain name Curious, how did it get validated? -- Med vänliga hälsningar / Kind Regards / Med vennlig hilsen Benny Samuelsen Registry Manager - Domainexpert Nordreg AB - ICANN accredited registrar IANA-ID: 638 Phone: +46.42197080 Direct: +47.32260201 Mobile: +47.40410200 From: <gnso-rds-pdp-wg-bounces@icann.org<mailto:gnso-rds-pdp-wg-bounces@icann.org>> on behalf of Susan Kawaguchi <susank@fb.com<mailto:susank@fb.com>> Date: Monday 1 August 2016 at 17:17 To: "gnso-rds-pdp-wg@icann.org<mailto:gnso-rds-pdp-wg@icann.org>" <gnso-rds-pdp-wg@icann.org<mailto:gnso-rds-pdp-wg@icann.org>> Subject: [gnso-rds-pdp-wg] Use Case - False registration data to appear as Facebook owned domain name Hello All, Attached is a use case we run into frequently, bad actors will use valid Facebook information in the registration data to make the registration to appear authentic. Best regards, Susan Kawaguchi Domain Name Manager Facebook Legal Dept. _______________________________________________ gnso-rds-pdp-wg mailing list gnso-rds-pdp-wg@icann.org<mailto:gnso-rds-pdp-wg@icann.org>https://mm.icann.org/mailman/listinfo/gnso-rds-pdp-wg<https://urldefense.proofpoint.com/v2/url?u=https-3A__mm.icann.org_mailman_listinfo_gnso-2Drds-2Dpdp-2Dwg&d=CwMD-g&c=5VD0RTtNlTh3ycd41b3MUw&r=gvEx8xF7ynrYQ7wShqEr-w&m=41Z58OxY4ZOFNMyXHWIv025wYlmxm_xDbGNXhie8zUU&s=YxkJV-idBtALQz_ZgfavlPRi5QtGZnV80ciwPShLw94&e=> -- Bei weiteren Fragen stehen wir Ihnen gerne zur Verfügung. Mit freundlichen Grüßen, Volker A. Greimann - Rechtsabteilung - Key-Systems GmbH Im Oberen Werk 1 66386 St. Ingbert Tel.: +49 (0) 6894 - 9396 901 Fax.: +49 (0) 6894 - 9396 851 Email: vgreimann@key-systems.net<mailto:vgreimann@key-systems.net> Web: www.key-systems.net<https://urldefense.proofpoint.com/v2/url?u=http-3A__www.key-2Dsystems.net&d=...> / www.RRPproxy.net<https://urldefense.proofpoint.com/v2/url?u=http-3A__www.RRPproxy.net&d=CwMD-g&c=5VD0RTtNlTh3ycd41b3MUw&r=gvEx8xF7ynrYQ7wShqEr-w&m=41Z58OxY4ZOFNMyXHWIv025wYlmxm_xDbGNXhie8zUU&s=sknhFvOfbL8P_y1ROcvqO-IgGdP25lI2NVzk-s86FK0&e=>www.domaindiscount24.com<https://urldefense.proofpoint.com/v2/url?u=http-3A__www.domaindiscount24.com&d=CwMD-g&c=5VD0RTtNlTh3ycd41b3MUw&r=gvEx8xF7ynrYQ7wShqEr-w&m=41Z58OxY4ZOFNMyXHWIv025wYlmxm_xDbGNXhie8zUU&s=-kmRVZPoWec5uKf_tpYeFdwA47wemXy4IcjVdkyi6ng&e=> / www.BrandShelter.com<https://urldefense.proofpoint.com/v2/url?u=http-3A__www.BrandShelter.com&d=C...> Folgen Sie uns bei Twitter oder werden Sie unser Fan bei Facebook: www.facebook.com/KeySystems<http://www.facebook.com/KeySystems>www.twitter.com/key_systems<https://urldefense.proofpoint.com/v2/url?u=http-3A__www.twitter.com_key-5Fsystems&d=CwMD-g&c=5VD0RTtNlTh3ycd41b3MUw&r=gvEx8xF7ynrYQ7wShqEr-w&m=41Z58OxY4ZOFNMyXHWIv025wYlmxm_xDbGNXhie8zUU&s=QoOoQD7CfKHDxv5XtG9uy-FuOrv2t9-PtGljQ0IZ69s&e=> Geschäftsführer: Alexander Siffrin Handelsregister Nr.: HR B 18835 - Saarbruecken Umsatzsteuer ID.: DE211006534 Member of the KEYDRIVE GROUP www.keydrive.lu<https://urldefense.proofpoint.com/v2/url?u=http-3A__www.keydrive.lu&d=CwMD-g...> Der Inhalt dieser Nachricht ist vertraulich und nur für den angegebenen Empfänger bestimmt. Jede Form der Kenntnisgabe, Veröffentlichung oder Weitergabe an Dritte durch den Empfänger ist unzulässig. Sollte diese Nachricht nicht für Sie bestimmt sein, so bitten wir Sie, sich mit uns per E-Mail oder telefonisch in Verbindung zu setzen. -------------------------------------------- Should you have any further questions, please do not hesitate to contact us. Best regards, Volker A. Greimann - legal department - Key-Systems GmbH Im Oberen Werk 1 66386 St. Ingbert Tel.: +49 (0) 6894 - 9396 901 Fax.: +49 (0) 6894 - 9396 851 Email: vgreimann@key-systems.net<mailto:vgreimann@key-systems.net> Web: www.key-systems.net<https://urldefense.proofpoint.com/v2/url?u=http-3A__www.key-2Dsystems.net&d=...> / www.RRPproxy.net<https://urldefense.proofpoint.com/v2/url?u=http-3A__www.RRPproxy.net&d=CwMD-g&c=5VD0RTtNlTh3ycd41b3MUw&r=gvEx8xF7ynrYQ7wShqEr-w&m=41Z58OxY4ZOFNMyXHWIv025wYlmxm_xDbGNXhie8zUU&s=sknhFvOfbL8P_y1ROcvqO-IgGdP25lI2NVzk-s86FK0&e=>www.domaindiscount24.com<https://urldefense.proofpoint.com/v2/url?u=http-3A__www.domaindiscount24.com&d=CwMD-g&c=5VD0RTtNlTh3ycd41b3MUw&r=gvEx8xF7ynrYQ7wShqEr-w&m=41Z58OxY4ZOFNMyXHWIv025wYlmxm_xDbGNXhie8zUU&s=-kmRVZPoWec5uKf_tpYeFdwA47wemXy4IcjVdkyi6ng&e=> / www.BrandShelter.com<https://urldefense.proofpoint.com/v2/url?u=http-3A__www.BrandShelter.com&d=C...> Follow us on Twitter or join our fan community on Facebook and stay updated: www.facebook.com/KeySystems<http://www.facebook.com/KeySystems>www.twitter.com/key_systems<https://urldefense.proofpoint.com/v2/url?u=http-3A__www.twitter.com_key-5Fsystems&d=CwMD-g&c=5VD0RTtNlTh3ycd41b3MUw&r=gvEx8xF7ynrYQ7wShqEr-w&m=41Z58OxY4ZOFNMyXHWIv025wYlmxm_xDbGNXhie8zUU&s=QoOoQD7CfKHDxv5XtG9uy-FuOrv2t9-PtGljQ0IZ69s&e=> CEO: Alexander Siffrin Registration No.: HR B 18835 - Saarbruecken V.A.T. ID.: DE211006534 Member of the KEYDRIVE GROUP www.keydrive.lu<https://urldefense.proofpoint.com/v2/url?u=http-3A__www.keydrive.lu&d=CwMD-g...> This e-mail and its attachments is intended only for the person to whom it is addressed. Furthermore it is not permitted to publish any content of this email. You must not use, disclose, copy, print or rely on this e-mail. If an addressing or transmission error has misdirected this e-mail, kindly notify the author by replying to this e-mail or contacting us by telephone. -- Bei weiteren Fragen stehen wir Ihnen gerne zur Verfügung. Mit freundlichen Grüßen, Volker A. Greimann - Rechtsabteilung - Key-Systems GmbH Im Oberen Werk 1 66386 St. Ingbert Tel.: +49 (0) 6894 - 9396 901 Fax.: +49 (0) 6894 - 9396 851 Email: vgreimann@key-systems.net<mailto:vgreimann@key-systems.net> Web: www.key-systems.net<https://urldefense.proofpoint.com/v2/url?u=http-3A__www.key-2Dsystems.net&d=...> / www.RRPproxy.net<https://urldefense.proofpoint.com/v2/url?u=http-3A__www.RRPproxy.net&d=CwMG-...> www.domaindiscount24.com<https://urldefense.proofpoint.com/v2/url?u=http-3A__www.domaindiscount24.com...> / www.BrandShelter.com<https://urldefense.proofpoint.com/v2/url?u=http-3A__www.BrandShelter.com&d=C...> Folgen Sie uns bei Twitter oder werden Sie unser Fan bei Facebook: www.facebook.com/KeySystems<http://www.facebook.com/KeySystems> www.twitter.com/key_systems<https://urldefense.proofpoint.com/v2/url?u=http-3A__www.twitter.com_key-5Fsy...> Geschäftsführer: Alexander Siffrin Handelsregister Nr.: HR B 18835 - Saarbruecken Umsatzsteuer ID.: DE211006534 Member of the KEYDRIVE GROUP www.keydrive.lu<https://urldefense.proofpoint.com/v2/url?u=http-3A__www.keydrive.lu&d=CwMG-g...> Der Inhalt dieser Nachricht ist vertraulich und nur für den angegebenen Empfänger bestimmt. Jede Form der Kenntnisgabe, Veröffentlichung oder Weitergabe an Dritte durch den Empfänger ist unzulässig. Sollte diese Nachricht nicht für Sie bestimmt sein, so bitten wir Sie, sich mit uns per E-Mail oder telefonisch in Verbindung zu setzen. -------------------------------------------- Should you have any further questions, please do not hesitate to contact us. Best regards, Volker A. Greimann - legal department - Key-Systems GmbH Im Oberen Werk 1 66386 St. Ingbert Tel.: +49 (0) 6894 - 9396 901 Fax.: +49 (0) 6894 - 9396 851 Email: vgreimann@key-systems.net<mailto:vgreimann@key-systems.net> Web: www.key-systems.net<https://urldefense.proofpoint.com/v2/url?u=http-3A__www.key-2Dsystems.net&d=...> / www.RRPproxy.net<https://urldefense.proofpoint.com/v2/url?u=http-3A__www.RRPproxy.net&d=CwMG-...> www.domaindiscount24.com<https://urldefense.proofpoint.com/v2/url?u=http-3A__www.domaindiscount24.com...> / www.BrandShelter.com<https://urldefense.proofpoint.com/v2/url?u=http-3A__www.BrandShelter.com&d=C...> Follow us on Twitter or join our fan community on Facebook and stay updated: www.facebook.com/KeySystems<http://www.facebook.com/KeySystems> www.twitter.com/key_systems<https://urldefense.proofpoint.com/v2/url?u=http-3A__www.twitter.com_key-5Fsy...> CEO: Alexander Siffrin Registration No.: HR B 18835 - Saarbruecken V.A.T. ID.: DE211006534 Member of the KEYDRIVE GROUP www.keydrive.lu<https://urldefense.proofpoint.com/v2/url?u=http-3A__www.keydrive.lu&d=CwMG-g...> This e-mail and its attachments is intended only for the person to whom it is addressed. Furthermore it is not permitted to publish any content of this email. You must not use, disclose, copy, print or rely on this e-mail. If an addressing or transmission error has misdirected this e-mail, kindly notify the author by replying to this e-mail or contacting us by telephone.

Benny, If the information provided ticks the boxes then it's validated. Most checks are retrospective as this takes time and time is money... On Mon, Aug 1, 2016 at 10:11 AM, Ade Cheek <ade.cheek@legitscript.com> wrote:

As Susan mentions, all they need is a few days. At least the registrar actually conducted validation checks, many don't.

On Mon, Aug 1, 2016 at 10:04 AM, Susan Kawaguchi <susank@fb.com> wrote:

...

The registrar sent an email to Domain@fb.com which I received but I immediately responded it was not a valid registration and asked for transfer. No word yet.

All phishers need is a few days to use the domain name. Susan Kawaguchi Domain Name Manager Facebook Legal Dept.

From: "benny@nordreg.se" <benny@nordreg.se> Date: Monday, August 1, 2016 at 10:01 AM To: Susan kawaguchi <susank@fb.com>, "gnso-rds-pdp-wg@icann.org" < gnso-rds-pdp-wg@icann.org> Subject: Re: [gnso-rds-pdp-wg] Use Case - False registration data to appear as Facebook owned domain name

Curious, how did it get validated?

--

Med vänliga hälsningar / Kind Regards / Med vennlig hilsen

Benny Samuelsen Registry Manager - Domainexpert

Nordreg AB - ICANN accredited registrar

IANA-ID: 638

Phone: +46.42197080 Direct: +47.32260201 Mobile: +47.40410200

*From: *<gnso-rds-pdp-wg-bounces@icann.org> on behalf of Susan Kawaguchi <susank@fb.com> *Date: *Monday 1 August 2016 at 17:17 *To: *"gnso-rds-pdp-wg@icann.org" <gnso-rds-pdp-wg@icann.org> *Subject: *[gnso-rds-pdp-wg] Use Case - False registration data to appear as Facebook owned domain name

Hello All,

Attached is a use case we run into frequently, bad actors will use valid Facebook information in the registration data to make the registration to appear authentic.

Best regards,

Susan Kawaguchi

Domain Name Manager

Facebook Legal Dept.

_______________________________________________ gnso-rds-pdp-wg mailing list gnso-rds-pdp-wg@icann.org https://mm.icann.org/mailman/listinfo/gnso-rds-pdp-wg

-- Adrian Cheek Director of Global Partnerships

-- Adrian Cheek Director of Global Partnerships

Please point me to the section where that are in compliance with RAA 2013 The only occurance occurrance of getting a domain as OK without validation are if the Registrant ID are validated from before and no changes are done. In that case it indicates FB have validated the info -- Med vänliga hälsningar / Kind Regards / Med vennlig hilsen Benny Samuelsen Registry Manager - Domainexpert Nordreg AB - ICANN accredited registrar IANA-ID: 638 Phone: +46.42197080 Direct: +47.32260201 Mobile: +47.40410200 From: Ade Cheek <ade.cheek@legitscript.com> Date: Monday 1 August 2016 at 19:13 To: Susan Kawaguchi <susank@fb.com> Cc: Benny Samuelsen <benny@nordreg.se>, "gnso-rds-pdp-wg@icann.org" <gnso-rds-pdp-wg@icann.org> Subject: Re: [gnso-rds-pdp-wg] Use Case - False registration data to appear as Facebook owned domain name Benny, If the information provided ticks the boxes then it's validated. Most checks are retrospective as this takes time and time is money... On Mon, Aug 1, 2016 at 10:11 AM, Ade Cheek <ade.cheek@legitscript.com<mailto:ade.cheek@legitscript.com>> wrote: As Susan mentions, all they need is a few days. At least the registrar actually conducted validation checks, many don't. On Mon, Aug 1, 2016 at 10:04 AM, Susan Kawaguchi <susank@fb.com<mailto:susank@fb.com>> wrote: The registrar sent an email to Domain@fb.com<mailto:Domain@fb.com> which I received but I immediately responded it was not a valid registration and asked for transfer. No word yet. All phishers need is a few days to use the domain name. Susan Kawaguchi Domain Name Manager Facebook Legal Dept. From: "benny@nordreg.se<mailto:benny@nordreg.se>" <benny@nordreg.se<mailto:benny@nordreg.se>> Date: Monday, August 1, 2016 at 10:01 AM To: Susan kawaguchi <susank@fb.com<mailto:susank@fb.com>>, "gnso-rds-pdp-wg@icann.org<mailto:gnso-rds-pdp-wg@icann.org>" <gnso-rds-pdp-wg@icann.org<mailto:gnso-rds-pdp-wg@icann.org>> Subject: Re: [gnso-rds-pdp-wg] Use Case - False registration data to appear as Facebook owned domain name Curious, how did it get validated? -- Med vänliga hälsningar / Kind Regards / Med vennlig hilsen Benny Samuelsen Registry Manager - Domainexpert Nordreg AB - ICANN accredited registrar IANA-ID: 638 Phone: +46.42197080<tel:%2B46.42197080> Direct: +47.32260201<tel:%2B47.32260201> Mobile: +47.40410200<tel:%2B47.40410200> From: <gnso-rds-pdp-wg-bounces@icann.org<mailto:gnso-rds-pdp-wg-bounces@icann.org>> on behalf of Susan Kawaguchi <susank@fb.com<mailto:susank@fb.com>> Date: Monday 1 August 2016 at 17:17 To: "gnso-rds-pdp-wg@icann.org<mailto:gnso-rds-pdp-wg@icann.org>" <gnso-rds-pdp-wg@icann.org<mailto:gnso-rds-pdp-wg@icann.org>> Subject: [gnso-rds-pdp-wg] Use Case - False registration data to appear as Facebook owned domain name Hello All, Attached is a use case we run into frequently, bad actors will use valid Facebook information in the registration data to make the registration to appear authentic. Best regards, Susan Kawaguchi Domain Name Manager Facebook Legal Dept. _______________________________________________ gnso-rds-pdp-wg mailing list gnso-rds-pdp-wg@icann.org<mailto:gnso-rds-pdp-wg@icann.org> https://mm.icann.org/mailman/listinfo/gnso-rds-pdp-wg -- Adrian Cheek Director of Global Partnerships [https://docs.google.com/uc?export=download&id=0B1czF3rFjMNlUlBBQ2RCbmI5bVE&r...] -- Adrian Cheek Director of Global Partnerships [https://docs.google.com/uc?export=download&id=0B1czF3rFjMNlUlBBQ2RCbmI5bVE&r...]

Onlinenic - No comment Anyway, the address is valid, as in actually exists, hence the initial "validation". You don't need me to tell you that a large number of registrars simply automate the address check process and when complaints arise, they can claim that they had conducted validation checks. More often than not (in my experience) the complaint is then dropped by ICANN. As silly as this sounds, if the sender address is not monitored, then the reply that it's not valid will simply not be read. I also see that they ask you to "contact your domain name Service Provider for direct assistance" if you need to correct any information. Again, don't contact us, it's not our problem. On Mon, Aug 1, 2016 at 11:24 AM, Susan Kawaguchi <susank@fb.com> wrote:

We received a WDRP notice as you can see below. No way to validate the information and I responded that it is NOT valid… Completely out of compliance in my opinion.

From: "No-Reply@onlinenic.com" <No-Reply@onlinenic.com> Date: Thursday, July 28, 2016 at 9:43 PM To: domain <domain@fb.com> Subject: [domain] Whois Data Reminder - login-account.net

Dear Domain Registrant,

This e-mail is a reminder for you to review and correct any inaccurate Whois information associated with your domain registration on login-account.net. Our records include the following information.

[whois info]

Domain: login-account.net Registrar Name: ONLINENIC, INC.

Registrant: Name: Domain Administrator Address: 1601 Willow Road, City: Menlo Park State/Province: CA Country: US Postal Code: 94025

Administrative Contact: Name: Domain Administrator Address: 1601 Willow Road, City: Menlo Park State/Province: CA Country: US Postal Code: 94025 Phone: +1.6505434800 Fax: +1.6505434800 Email: domain@fb.com

Technical Contact: Name: Domain Administrator Address: 1601 Willow Road, City: Menlo Park State/Province: CA Country: US Postal Code: 94025 Phone: +1.6505434800 Fax: +1.6505434800 Email: domain@fb.com

Original Creation Date: 07/24/2016 Expiration Date: 07/24/2017

Nameserver Information: Nameserver: ns1.dns-diy.net Nameserver: ns2.dns-diy.net

Under ICANN rules at http://www.icann.org/whois/wdrp-registrant-faq.htm <https://urldefense.proofpoint.com/v2/url?u=http-3A__www.icann.org_whois_wdrp...>, domain name registrants are obligated to review the contact information associated with their domain names and make corrections whenever necessary. The provision of false Whois information can be grounds for cancellation of your domain name registration.

If you confirm the current whois information is full and accurate, you could simply ignore this notification.

If you need to update whois information, please contact your domain name Service Provider for direct assistance.

Regards. Susan Kawaguchi Domain Name Manager Facebook Legal Dept.

From: "benny@nordreg.se" <benny@nordreg.se> Date: Monday, August 1, 2016 at 10:30 AM To: Ade Cheek <ade.cheek@legitscript.com>, Susan kawaguchi <susank@fb.com> Cc: "gnso-rds-pdp-wg@icann.org" <gnso-rds-pdp-wg@icann.org> Subject: Re: [gnso-rds-pdp-wg] Use Case - False registration data to appear as Facebook owned domain name

Please point me to the section where that are in compliance with RAA 2013

The only occurance occurrance of getting a domain as OK without validation are if the Registrant ID are validated from before and no changes are done. In that case it indicates FB have validated the info

--

Med vänliga hälsningar / Kind Regards / Med vennlig hilsen

Benny Samuelsen Registry Manager - Domainexpert

Nordreg AB - ICANN accredited registrar

IANA-ID: 638

Phone: +46.42197080 Direct: +47.32260201 Mobile: +47.40410200

*From: *Ade Cheek <ade.cheek@legitscript.com> *Date: *Monday 1 August 2016 at 19:13 *To: *Susan Kawaguchi <susank@fb.com> *Cc: *Benny Samuelsen <benny@nordreg.se>, "gnso-rds-pdp-wg@icann.org" < gnso-rds-pdp-wg@icann.org> *Subject: *Re: [gnso-rds-pdp-wg] Use Case - False registration data to appear as Facebook owned domain name

Benny,

If the information provided ticks the boxes then it's validated. Most checks are retrospective as this takes time and time is money...

On Mon, Aug 1, 2016 at 10:11 AM, Ade Cheek <ade.cheek@legitscript.com> wrote:

As Susan mentions, all they need is a few days. At least the registrar actually conducted validation checks, many don't.

On Mon, Aug 1, 2016 at 10:04 AM, Susan Kawaguchi <susank@fb.com> wrote:

The registrar sent an email to Domain@fb.com which I received but I immediately responded it was not a valid registration and asked for transfer. No word yet.

All phishers need is a few days to use the domain name.

Susan Kawaguchi

Domain Name Manager

Facebook Legal Dept.

*From: *"benny@nordreg.se" <benny@nordreg.se> *Date: *Monday, August 1, 2016 at 10:01 AM *To: *Susan kawaguchi <susank@fb.com>, "gnso-rds-pdp-wg@icann.org" < gnso-rds-pdp-wg@icann.org> *Subject: *Re: [gnso-rds-pdp-wg] Use Case - False registration data to appear as Facebook owned domain name

Curious, how did it get validated?

--

Med vänliga hälsningar / Kind Regards / Med vennlig hilsen

Benny Samuelsen Registry Manager - Domainexpert

Nordreg AB - ICANN accredited registrar

IANA-ID: 638

Phone: +46.42197080 Direct: +47.32260201 Mobile: +47.40410200

*From: *<gnso-rds-pdp-wg-bounces@icann.org> on behalf of Susan Kawaguchi < susank@fb.com> *Date: *Monday 1 August 2016 at 17:17 *To: *"gnso-rds-pdp-wg@icann.org" <gnso-rds-pdp-wg@icann.org> *Subject: *[gnso-rds-pdp-wg] Use Case - False registration data to appear as Facebook owned domain name

Hello All,

Attached is a use case we run into frequently, bad actors will use valid Facebook information in the registration data to make the registration to appear authentic.

Best regards,

Susan Kawaguchi

Domain Name Manager

Facebook Legal Dept.

_______________________________________________ gnso-rds-pdp-wg mailing list gnso-rds-pdp-wg@icann.org https://mm.icann.org/mailman/listinfo/gnso-rds-pdp-wg <https://urldefense.proofpoint.com/v2/url?u=https-3A__mm.icann.org_mailman_li...>

--

Adrian Cheek Director of Global Partnerships

--

Adrian Cheek Director of Global Partnerships

-- Adrian Cheek Director of Global Partnerships

Hi Susan, As mentioned to Ade, 15 days aren't up yet. Once 15 days are up and no positive confirmation, then the domain should be suspended. At this time apart from not responding to you, OnlineNic have not done anything wrong on this. Certainly on the 16th day - jump on them for not suspending the domain name. Kind regards, Chris From: "Susan Kawaguchi" <susank@fb.com> To: "Ade Cheek" <ade.cheek@legitscript.com> Cc: "gnso-rds-pdp-wg" <gnso-rds-pdp-wg@icann.org> Sent: Monday, 1 August, 2016 19:58:58 Subject: Re: [gnso-rds-pdp-wg] Use Case - False registration data to appear as Facebook owned domain name I should have used the term verify as used in the 2013 RAA the following was not done by Onlinenic.com the email address of the Registered Name Holder (and, if different, the Account Holder) by sending an email requiring an affirmative response through a tool-based authentication method such as providing a unique code that must be returned in a manner designated by the Registrar, Susan Kawaguchi Domain Name Manager Facebook Legal Dept. From: Ade Cheek < ade.cheek@legitscript.com > Date: Monday, August 1, 2016 at 11:36 AM To: Susan kawaguchi < susank@fb.com > Cc: " benny@nordreg.se " < benny@nordreg.se >, " gnso-rds-pdp-wg@icann.org " < gnso-rds-pdp-wg@icann.org > Subject: Re: [gnso-rds-pdp-wg] Use Case - False registration data to appear as Facebook owned domain name Onlinenic - No comment Anyway, the address is valid, as in actually exists, hence the initial "validation". You don't need me to tell you that a large number of registrars simply automate the address check process and when complaints arise, they can claim that they had conducted validation checks. More often than not (in my experience) the complaint is then dropped by ICANN. As silly as this sounds, if the sender address is not monitored, then the reply that it's not valid will simply not be read. I also see that they ask you to " contact your domain name Service Provider for direct assistance" if you need to correct any information. Again, don't contact us, it's not our problem. On Mon, Aug 1, 2016 at 11:24 AM, Susan Kawaguchi < susank@fb.com > wrote: We received a WDRP notice as you can see below. No way to validate the information and I responded that it is NOT valid… Completely out of compliance in my opinion. From: " No-Reply@onlinenic.com " < No-Reply@onlinenic.com > Date: Thursday, July 28, 2016 at 9:43 PM To: domain < domain@fb.com > Subject: [domain] Whois Data Reminder - login-account.net Dear Domain Registrant, This e-mail is a reminder for you to review and correct any inaccurate Whois information associated with your domain registration on login-account.net . Our records include the following information. [whois info] Domain: login-account.net Registrar Name: ONLINENIC, INC. Registrant: Name: Domain Administrator Address: 1601 Willow Road, City: Menlo Park State/Province: CA Country: US Postal Code: 94025 Administrative Contact: Name: Domain Administrator Address: 1601 Willow Road, City: Menlo Park State/Province: CA Country: US Postal Code: 94025 Phone: +1.6505434800 Fax: +1.6505434800 Email: domain@fb.com Technical Contact: Name: Domain Administrator Address: 1601 Willow Road, City: Menlo Park State/Province: CA Country: US Postal Code: 94025 Phone: +1.6505434800 Fax: +1.6505434800 Email: domain@fb.com Original Creation Date: 07/24/2016 Expiration Date: 07/24/2017 Nameserver Information: Nameserver: ns1.dns-diy.net Nameserver: ns2.dns-diy.net Under ICANN rules at http://www.icann.org/whois/wdrp-registrant-faq.htm , domain name registrants are obligated to review the contact information associated with their domain names and make corrections whenever necessary. The provision of false Whois information can be grounds for cancellation of your domain name registration. If you confirm the current whois information is full and accurate, you could simply ignore this notification. If you need to update whois information, please contact your domain name Service Provider for direct assistance. Regards. Susan Kawaguchi Domain Name Manager Facebook Legal Dept. From: " benny@nordreg.se " < benny@nordreg.se > Date: Monday, August 1, 2016 at 10:30 AM To: Ade Cheek < ade.cheek@legitscript.com >, Susan kawaguchi < susank@fb.com > Cc: " gnso-rds-pdp-wg@icann.org " < gnso-rds-pdp-wg@icann.org > Subject: Re: [gnso-rds-pdp-wg] Use Case - False registration data to appear as Facebook owned domain name Please point me to the section where that are in compliance with RAA 2 013 The only occurance occurrance of getting a domain as OK without validation are if the Registrant ID are validated from before and no changes are done. In that case it indicates FB have validated the info -- Med vänliga hälsningar / Kind Regards / Med vennlig hilsen Benny Samuelsen Registry Manager - Domainexpert Nordreg AB - ICANN accredited registrar IANA-ID: 638 Phone: +46.42197080 Direct: +47.32260201 Mobile: +47.40410200 From: Ade Cheek < ade.cheek@legitscript.com > Date: Monday 1 August 2016 at 19:13 To: Susan Kawaguchi < susank@fb.com > Cc: Benny Samuelsen < benny@nordreg.se >, " gnso-rds-pdp-wg@icann.org " < gnso-rds-pdp-wg@icann.org > Subject: Re: [gnso-rds-pdp-wg] Use Case - False registration data to appear as Facebook owned domain name Benny, If the information provided ticks the boxes then it's validated. Most checks are retrospective as this takes time and time is money... On Mon, Aug 1, 2016 at 10:11 AM, Ade Cheek < ade.cheek@legitscript.com > wrote: BQ_BEGIN As Susan mentions, all they need is a few days. At least the registrar actually conducted validation checks, many don't. On Mon, Aug 1, 2016 at 10:04 AM, Susan Kawaguchi < susank@fb.com > wrote: BQ_BEGIN The registrar sent an email to Domain@fb.com which I received but I immediately responded it was not a valid registration and asked for transfer. No word yet. All phishers need is a few days to use the domain name. Susan Kawaguchi Domain Name Manager Facebook Legal Dept. From: " benny@nordreg.se " < benny@nordreg.se > Date: Monday, August 1, 2016 at 10:01 AM To: Susan kawaguchi < susank@fb.com >, " gnso-rds-pdp-wg@icann.org " < gnso-rds-pdp-wg@icann.org > Subject: Re: [gnso-rds-pdp-wg] Use Case - False registration data to appear as Facebook owned domain name Curious, how did it get validated? -- Med vänliga hälsningar / Kind Regards / Med vennlig hilsen Benny Samuelsen Registry Manager - Domainexpert Nordreg AB - ICANN accredited registrar IANA-ID: 638 Phone: +46.42197080 Direct: +47.32260201 Mobile: +47.40410200 From: < gnso-rds-pdp-wg-bounces@icann.org > on behalf of Susan Kawaguchi < susank@fb.com > Date: Monday 1 August 2016 at 17:17 To: " gnso-rds-pdp-wg@icann.org " < gnso-rds-pdp-wg@icann.org > Subject: [gnso-rds-pdp-wg] Use Case - False registration data to appear as Facebook owned domain name Hello All, Attached is a use case we run into frequently, bad actors will use valid Facebook information in the registration data to make the registration to appear authentic. Best regards, Susan Kawaguchi Domain Name Manager Facebook Legal Dept. _______________________________________________ gnso-rds-pdp-wg mailing list gnso-rds-pdp-wg@icann.org https://mm.icann.org/mailman/listinfo/gnso-rds-pdp-wg -- Adrian Cheek Director of Global Partnerships BQ_END -- Adrian Cheek Director of Global Partnerships BQ_END -- Adrian Cheek Director of Global Partnerships _______________________________________________ gnso-rds-pdp-wg mailing list gnso-rds-pdp-wg@icann.org https://mm.icann.org/mailman/listinfo/gnso-rds-pdp-wg

Hi Ade, I am super picky, but how is the telephone number incorrect ?, I just want to see this from an outside pov. This is a proper whois of the domain : [Querying whois.verisign-grs.com] [Redirected to whois.onlinenic.com] [Querying whois.onlinenic.com] [whois.onlinenic.com] Domain Name: login-account.net Registry Domain ID: 5696800_DOMAIN_COM-VRSN Registrar WHOIS Server: whois.onlinenic.com Registrar URL: http://www.onlinenic.com Updated Date: 2016-07-24T04:00:00Z Creation Date: 2016-07-24T04:00:00Z Registrar Registration Expiration Date: 2017-07-24T04:00:00Z Registrar: Onlinenic Inc Registrar IANA ID: 82 Registrar Abuse Contact Email: onlinenic-enduser@onlinenic.com Registrar Abuse Contact Phone: +1.5107698492 Domain Status: clientTransferProhibited https://icann.org/epp#clientTransferProhibited Registry Registrant ID: Registrant Name: Domain Administrator Registrant Organization: Facebook, Inc. Registrant Street: 1601 Willow Road, Registrant City: Menlo Park Registrant State/Province: CA Registrant Postal Code: 94025 Registrant Country: US Registrant Phone: +1.6505434800 Registrant Phone Ext: Registrant Fax: +1.6505434800 Registrant Fax Ext: Registrant Email: domain@fb.com Registry Admin ID: Admin Name: Domain Administrator Admin Organization: Facebook, Inc. Admin Street: 1601 Willow Road, Admin City: Menlo Park Admin State/Province: CA Admin Postal Code: 94025 Admin Country: US Admin Phone: +1.6505434800 Admin Phone Ext: Admin Fax: +1.6505434800 Admin Fax Ext: Admin Email: domain@fb.com Registry Tech ID: Tech Name: Domain Administrator Tech Organization: Facebook, Inc. Tech Street: 1601 Willow Road, Tech City: Menlo Park Tech State/Province: CA Tech Postal Code: 94025 Tech Country: US Tech Phone: +1.6505434800 Tech Phone Ext: Tech Fax: +1.6505434800 Tech Fax Ext: Tech Email: domain@fb.com Name Server: ns1.dns-diy.net Name Server: ns2.dns-diy.net DNSSEC: unsigned URL of the ICANN WHOIS Data Problem Reporting System: http://wdprs.internic.net/

...

...

Last update of WHOIS database: 2016-07-24T04:00:00Z <<<

For more information on Whois status codes, please visit https://icann.org/epp One quick grab of the facebook.com domain from MM servers : [whois.markmonitor.com] Domain Name: facebook.com Registry Domain ID: 2320948_DOMAIN_COM-VRSN Registrant Name: Domain Administrator Registrant Organization: Facebook, Inc. Registrant Street: 1601 Willow Road, Registrant City: Menlo Park Registrant State/Province: CA Registrant Postal Code: 94025 Registrant Country: US Registrant Phone: +1.6505434800 Registrant Phone Ext: Registrant Fax: +1.6505434800 Registrant Fax Ext: Registrant Email: domain@fb.com So the telephone numbers between the 2 domains are the same. Kind regards, Chris From: "Ade Cheek" <ade.cheek@legitscript.com> To: "Pelling, Chris" <chris@netearth.net> Cc: "Susan Kawaguchi" <susank@fb.com>, "gnso-rds-pdp-wg" <gnso-rds-pdp-wg@icann.org> Sent: Monday, 1 August, 2016 21:15:52 Subject: Re: [gnso-rds-pdp-wg] Use Case - False registration data to appear as Facebook owned domain name Chris, The original question was "How was this validated to begin with" I simply explained that part, from my point of view. If I want to be picky, the WHOIS information is invalid as the phone numbers are incorrect so therefore it should never have been registered (but I'm being picky) On Mon, Aug 1, 2016 at 1:09 PM, Chris Pelling < chris@netearth.net > wrote: Hi Susan, As mentioned to Ade, 15 days aren't up yet. Once 15 days are up and no positive confirmation, then the domain should be suspended. At this time apart from not responding to you, OnlineNic have not done anything wrong on this. Certainly on the 16th day - jump on them for not suspending the domain name. Kind regards, Chris From: "Susan Kawaguchi" < susank@fb.com > To: "Ade Cheek" < ade.cheek@legitscript.com > Cc: "gnso-rds-pdp-wg" < gnso-rds-pdp-wg@icann.org > Sent: Monday, 1 August, 2016 19:58:58 Subject: Re: [gnso-rds-pdp-wg] Use Case - False registration data to appear as Facebook owned domain name I should have used the term verify as used in the 2013 RAA the following was not done by Onlinenic.com the email address of the Registered Name Holder (and, if different, the Account Holder) by sending an email requiring an affirmative response through a tool-based authentication method such as providing a unique code that must be returned in a manner designated by the Registrar, Susan Kawaguchi Domain Name Manager Facebook Legal Dept. From: Ade Cheek < ade.cheek@legitscript.com > Date: Monday, August 1, 2016 at 11:36 AM To: Susan kawaguchi < susank@fb.com > Cc: " benny@nordreg.se " < benny@nordreg.se >, " gnso-rds-pdp-wg@icann.org " < gnso-rds-pdp-wg@icann.org > Subject: Re: [gnso-rds-pdp-wg] Use Case - False registration data to appear as Facebook owned domain name Onlinenic - No comment Anyway, the address is valid, as in actually exists, hence the initial "validation". You don't need me to tell you that a large number of registrars simply automate the address check process and when complaints arise, they can claim that they had conducted validation checks. More often than not (in my experience) the complaint is then dropped by ICANN. As silly as this sounds, if the sender address is not monitored, then the reply that it's not valid will simply not be read. I also see that they ask you to " contact your domain name Service Provider for direct assistance" if you need to correct any information. Again, don't contact us, it's not our problem. On Mon, Aug 1, 2016 at 11:24 AM, Susan Kawaguchi < susank@fb.com > wrote: BQ_BEGIN We received a WDRP notice as you can see below. No way to validate the information and I responded that it is NOT valid… Completely out of compliance in my opinion. From: " No-Reply@onlinenic.com " < No-Reply@onlinenic.com > Date: Thursday, July 28, 2016 at 9:43 PM To: domain < domain@fb.com > Subject: [domain] Whois Data Reminder - login-account.net Dear Domain Registrant, This e-mail is a reminder for you to review and correct any inaccurate Whois information associated with your domain registration on login-account.net . Our records include the following information. [whois info] Domain: login-account.net Registrar Name: ONLINENIC, INC. Registrant: Name: Domain Administrator Address: 1601 Willow Road, City: Menlo Park State/Province: CA Country: US Postal Code: 94025 Administrative Contact: Name: Domain Administrator Address: 1601 Willow Road, City: Menlo Park State/Province: CA Country: US Postal Code: 94025 Phone: +1.6505434800 Fax: +1.6505434800 Email: domain@fb.com Technical Contact: Name: Domain Administrator Address: 1601 Willow Road, City: Menlo Park State/Province: CA Country: US Postal Code: 94025 Phone: +1.6505434800 Fax: +1.6505434800 Email: domain@fb.com Original Creation Date: 07/24/2016 Expiration Date: 07/24/2017 Nameserver Information: Nameserver: ns1.dns-diy.net Nameserver: ns2.dns-diy.net Under ICANN rules at http://www.icann.org/whois/wdrp-registrant-faq.htm , domain name registrants are obligated to review the contact information associated with their domain names and make corrections whenever necessary. The provision of false Whois information can be grounds for cancellation of your domain name registration. If you confirm the current whois information is full and accurate, you could simply ignore this notification. If you need to update whois information, please contact your domain name Service Provider for direct assistance. Regards. Susan Kawaguchi Domain Name Manager Facebook Legal Dept. From: " benny@nordreg.se " < benny@nordreg.se > Date: Monday, August 1, 2016 at 10:30 AM To: Ade Cheek < ade.cheek@legitscript.com >, Susan kawaguchi < susank@fb.com > Cc: " gnso-rds-pdp-wg@icann.org " < gnso-rds-pdp-wg@icann.org > Subject: Re: [gnso-rds-pdp-wg] Use Case - False registration data to appear as Facebook owned domain name Please point me to the section where that are in compliance with RAA 2 013 The only occurance occurrance of getting a domain as OK without validation are if the Registrant ID are validated from before and no changes are done. In that case it indicates FB have validated the info -- Med vänliga hälsningar / Kind Regards / Med vennlig hilsen Benny Samuelsen Registry Manager - Domainexpert Nordreg AB - ICANN accredited registrar IANA-ID: 638 Phone: +46.42197080 Direct: +47.32260201 Mobile: +47.40410200 From: Ade Cheek < ade.cheek@legitscript.com > Date: Monday 1 August 2016 at 19:13 To: Susan Kawaguchi < susank@fb.com > Cc: Benny Samuelsen < benny@nordreg.se >, " gnso-rds-pdp-wg@icann.org " < gnso-rds-pdp-wg@icann.org > Subject: Re: [gnso-rds-pdp-wg] Use Case - False registration data to appear as Facebook owned domain name Benny, If the information provided ticks the boxes then it's validated. Most checks are retrospective as this takes time and time is money... On Mon, Aug 1, 2016 at 10:11 AM, Ade Cheek < ade.cheek@legitscript.com > wrote: BQ_BEGIN As Susan mentions, all they need is a few days. At least the registrar actually conducted validation checks, many don't. On Mon, Aug 1, 2016 at 10:04 AM, Susan Kawaguchi < susank@fb.com > wrote: BQ_BEGIN The registrar sent an email to Domain@fb.com which I received but I immediately responded it was not a valid registration and asked for transfer. No word yet. All phishers need is a few days to use the domain name. Susan Kawaguchi Domain Name Manager Facebook Legal Dept. From: " benny@nordreg.se " < benny@nordreg.se > Date: Monday, August 1, 2016 at 10:01 AM To: Susan kawaguchi < susank@fb.com >, " gnso-rds-pdp-wg@icann.org " < gnso-rds-pdp-wg@icann.org > Subject: Re: [gnso-rds-pdp-wg] Use Case - False registration data to appear as Facebook owned domain name Curious, how did it get validated? -- Med vänliga hälsningar / Kind Regards / Med vennlig hilsen Benny Samuelsen Registry Manager - Domainexpert Nordreg AB - ICANN accredited registrar IANA-ID: 638 Phone: +46.42197080 Direct: +47.32260201 Mobile: +47.40410200 From: < gnso-rds-pdp-wg-bounces@icann.org > on behalf of Susan Kawaguchi < susank@fb.com > Date: Monday 1 August 2016 at 17:17 To: " gnso-rds-pdp-wg@icann.org " < gnso-rds-pdp-wg@icann.org > Subject: [gnso-rds-pdp-wg] Use Case - False registration data to appear as Facebook owned domain name Hello All, Attached is a use case we run into frequently, bad actors will use valid Facebook information in the registration data to make the registration to appear authentic. Best regards, Susan Kawaguchi Domain Name Manager Facebook Legal Dept. _______________________________________________ gnso-rds-pdp-wg mailing list gnso-rds-pdp-wg@icann.org https://mm.icann.org/mailman/listinfo/gnso-rds-pdp-wg -- Adrian Cheek Director of Global Partnerships BQ_END -- Adrian Cheek Director of Global Partnerships BQ_END -- Adrian Cheek Director of Global Partnerships _______________________________________________ gnso-rds-pdp-wg mailing list gnso-rds-pdp-wg@icann.org https://mm.icann.org/mailman/listinfo/gnso-rds-pdp-wg _______________________________________________ gnso-rds-pdp-wg mailing list gnso-rds-pdp-wg@icann.org https://mm.icann.org/mailman/listinfo/gnso-rds-pdp-wg BQ_END -- Adrian Cheek Director of Global Partnerships

The domain in the example was another domain. and that went into CLIENTHOLD today as the 15 days passed -- Med vänliga hälsningar / Kind Regards / Med vennlig hilsen Benny Samuelsen Registry Manager - Domainexpert Nordreg AB - ICANN accredited registrar IANA-ID: 638 Phone: +46.852529100 Direct: +47.32260201 Mobile: +47.40410200

On 02 Aug 2016, at 10:26, Volker Greimann <vgreimann@key-systems.net> wrote:

Hmm, the domain was only registered on July 24th, so it is possible it is still in the verification stage? The registrant has 15 days to complete the verification, according to the RAA. The way this works (for those not as much into this as others) is that the domain is registered and if the email address is not previously verified, the verification method is triggered and the domain suspended if the verification is not successful after 15 days.

Or potentially, in this case, the email was not verified, but the telephone number was?

Best,

Volker

Am 01.08.2016 um 20:58 schrieb Susan Kawaguchi:

...

I should have used the term verify as used in the 2013 RAA the following was not done by Onlinenic.com

the email address of the Registered Name Holder (and, if different, the Account Holder) by sending an email requiring an affirmative response through a tool-based authentication method such as providing a unique code that must be returned in a manner designated by the Registrar, Susan Kawaguchi Domain Name Manager Facebook Legal Dept.

From: Ade Cheek <ade.cheek@legitscript.com> Date: Monday, August 1, 2016 at 11:36 AM To: Susan kawaguchi <susank@fb.com> Cc: "benny@nordreg.se" <benny@nordreg.se>, "gnso-rds-pdp-wg@icann.org" <gnso-rds-pdp-wg@icann.org> Subject: Re: [gnso-rds-pdp-wg] Use Case - False registration data to appear as Facebook owned domain name

Onlinenic - No comment

Anyway, the address is valid, as in actually exists, hence the initial "validation". You don't need me to tell you that a large number of registrars simply automate the address check process and when complaints arise, they can claim that they had conducted validation checks. More often than not (in my experience) the complaint is then dropped by ICANN.

As silly as this sounds, if the sender address is not monitored, then the reply that it's not valid will simply not be read. I also see that they ask you to "contact your domain name Service Provider for direct assistance" if you need to correct any information. Again, don't contact us, it's not our problem.

On Mon, Aug 1, 2016 at 11:24 AM, Susan Kawaguchi <susank@fb.com> wrote: We received a WDRP notice as you can see below. No way to validate the information and I responded that it is NOT valid… Completely out of compliance in my opinion.

From: "No-Reply@onlinenic.com" <No-Reply@onlinenic.com> Date: Thursday, July 28, 2016 at 9:43 PM To: domain <domain@fb.com> Subject: [domain] Whois Data Reminder - login-account.net

Dear Domain Registrant,

This e-mail is a reminder for you to review and correct any inaccurate Whois information associated with your domain registration on login-account.net. Our records include the following information.

[whois info]

Domain: login-account.net Registrar Name: ONLINENIC, INC.

Registrant: Name: Domain Administrator Address: 1601 Willow Road, City: Menlo Park State/Province: CA Country: US Postal Code: 94025

Administrative Contact: Name: Domain Administrator Address: 1601 Willow Road, City: Menlo Park State/Province: CA Country: US Postal Code: 94025 Phone: +1.6505434800 Fax: +1.6505434800 Email: domain@fb.com

Technical Contact: Name: Domain Administrator Address: 1601 Willow Road, City: Menlo Park State/Province: CA Country: US Postal Code: 94025 Phone: +1.6505434800 Fax: +1.6505434800 Email: domain@fb.com

Original Creation Date: 07/24/2016 Expiration Date: 07/24/2017

Nameserver Information: Nameserver: ns1.dns-diy.net Nameserver: ns2.dns-diy.net Under ICANN rules at http://www.icann.org/whois/wdrp-registrant-faq.htm, domain name registrants are obligated to review the contact information associated with their domain names and make corrections whenever necessary. The provision of false Whois information can be grounds for cancellation of your domain name registration.

If you confirm the current whois information is full and accurate, you could simply ignore this notification.

If you need to update whois information, please contact your domain name Service Provider for direct assistance.

Regards.

Susan Kawaguchi Domain Name Manager Facebook Legal Dept.

From: "benny@nordreg.se" <benny@nordreg.se> Date: Monday, August 1, 2016 at 10:30 AM To: Ade Cheek <ade.cheek@legitscript.com>, Susan kawaguchi <susank@fb.com> Cc: "gnso-rds-pdp-wg@icann.org" <gnso-rds-pdp-wg@icann.org> Subject: Re: [gnso-rds-pdp-wg] Use Case - False registration data to appear as Facebook owned domain name

Please point me to the section where that are in compliance with RAA 2013

The only occurance occurrance of getting a domain as OK without validation are if the Registrant ID are validated from before and no changes are done. In that case it indicates FB have validated the info

--

Med vänliga hälsningar / Kind Regards / Med vennlig hilsen

Benny Samuelsen Registry Manager - Domainexpert

Nordreg AB - ICANN accredited registrar

IANA-ID: 638

Phone: +46.42197080 Direct: +47.32260201 Mobile: +47.40410200

From: Ade Cheek <ade.cheek@legitscript.com> Date: Monday 1 August 2016 at 19:13 To: Susan Kawaguchi <susank@fb.com> Cc: Benny Samuelsen <benny@nordreg.se>, "gnso-rds-pdp-wg@icann.org" <gnso-rds-pdp-wg@icann.org> Subject: Re: [gnso-rds-pdp-wg] Use Case - False registration data to appear as Facebook owned domain name

Benny,

If the information provided ticks the boxes then it's validated. Most checks are retrospective as this takes time and time is money...

On Mon, Aug 1, 2016 at 10:11 AM, Ade Cheek <ade.cheek@legitscript.com> wrote:

As Susan mentions, all they need is a few days. At least the registrar actually conducted validation checks, many don't.

On Mon, Aug 1, 2016 at 10:04 AM, Susan Kawaguchi <susank@fb.com> wrote:

The registrar sent an email to Domain@fb.com which I received but I immediately responded it was not a valid registration and asked for transfer. No word yet.

All phishers need is a few days to use the domain name.

Susan Kawaguchi

Domain Name Manager

Facebook Legal Dept.

From: "benny@nordreg.se" <benny@nordreg.se> Date: Monday, August 1, 2016 at 10:01 AM To: Susan kawaguchi <susank@fb.com>, "gnso-rds-pdp-wg@icann.org" <gnso-rds-pdp-wg@icann.org> Subject: Re: [gnso-rds-pdp-wg] Use Case - False registration data to appear as Facebook owned domain name

Curious, how did it get validated?

--

Med vänliga hälsningar / Kind Regards / Med vennlig hilsen

Benny Samuelsen Registry Manager - Domainexpert

Nordreg AB - ICANN accredited registrar

IANA-ID: 638

Phone: +46.42197080 Direct: +47.32260201 Mobile: +47.40410200

From: <gnso-rds-pdp-wg-bounces@icann.org> on behalf of Susan Kawaguchi <susank@fb.com> Date: Monday 1 August 2016 at 17:17 To: "gnso-rds-pdp-wg@icann.org" <gnso-rds-pdp-wg@icann.org> Subject: [gnso-rds-pdp-wg] Use Case - False registration data to appear as Facebook owned domain name

Hello All,

Attached is a use case we run into frequently, bad actors will use valid Facebook information in the registration data to make the registration to appear authentic.

Best regards,

Susan Kawaguchi

Domain Name Manager

Facebook Legal Dept.

_______________________________________________ gnso-rds-pdp-wg mailing list gnso-rds-pdp-wg@icann.org https://mm.icann.org/mailman/listinfo/gnso-rds-pdp-wg

--

Adrian Cheek Director of Global Partnerships

--

Adrian Cheek Director of Global Partnerships

-- Adrian Cheek Director of Global Partnerships

_______________________________________________ gnso-rds-pdp-wg mailing list

gnso-rds-pdp-wg@icann.org https://mm.icann.org/mailman/listinfo/gnso-rds-pdp-wg

-- Bei weiteren Fragen stehen wir Ihnen gerne zur Verfügung.

Mit freundlichen Grüßen,

Volker A. Greimann - Rechtsabteilung -

Key-Systems GmbH Im Oberen Werk 1 66386 St. Ingbert Tel.: +49 (0) 6894 - 9396 901 Fax.: +49 (0) 6894 - 9396 851 Email: vgreimann@key-systems.net

Web: www.key-systems.net / www.RRPproxy.net www.domaindiscount24.com / www.BrandShelter.com

Folgen Sie uns bei Twitter oder werden Sie unser Fan bei Facebook:

www.facebook.com/KeySystems www.twitter.com/key_systems

Geschäftsführer: Alexander Siffrin Handelsregister Nr.: HR B 18835 - Saarbruecken Umsatzsteuer ID.: DE211006534

Member of the KEYDRIVE GROUP

www.keydrive.lu

Der Inhalt dieser Nachricht ist vertraulich und nur für den angegebenen Empfänger bestimmt. Jede Form der Kenntnisgabe, Veröffentlichung oder Weitergabe an Dritte durch den Empfänger ist unzulässig. Sollte diese Nachricht nicht für Sie bestimmt sein, so bitten wir Sie, sich mit uns per E-Mail oder telefonisch in Verbindung zu setzen.

--------------------------------------------

Should you have any further questions, please do not hesitate to contact us.

Best regards,

Volker A. Greimann - legal department -

Key-Systems GmbH Im Oberen Werk 1 66386 St. Ingbert Tel.: +49 (0) 6894 - 9396 901 Fax.: +49 (0) 6894 - 9396 851 Email: vgreimann@key-systems.net

Web: www.key-systems.net / www.RRPproxy.net www.domaindiscount24.com / www.BrandShelter.com

Follow us on Twitter or join our fan community on Facebook and stay updated:

www.facebook.com/KeySystems www.twitter.com/key_systems

CEO: Alexander Siffrin Registration No.: HR B 18835 - Saarbruecken V.A.T. ID.: DE211006534

Member of the KEYDRIVE GROUP

www.keydrive.lu

This e-mail and its attachments is intended only for the person to whom it is addressed. Furthermore it is not permitted to publish any content of this email. You must not use, disclose, copy, print or rely on this e-mail. If an addressing or transmission error has misdirected this e-mail, kindly notify the author by replying to this e-mail or contacting us by telephone.

_______________________________________________ gnso-rds-pdp-wg mailing list gnso-rds-pdp-wg@icann.org https://mm.icann.org/mailman/listinfo/gnso-rds-pdp-wg

The domain in the exampel are now 16 days old and put on hold My use of validated should been verified -- Med vänliga hälsningar / Kind Regards / Med vennlig hilsen Benny Samuelsen Registry Manager - Domainexpert Nordreg AB - ICANN accredited registrar IANA-ID: 638 Phone: +46.42197080 Direct: +47.32260201 Mobile: +47.40410200 From: <gnso-rds-pdp-wg-bounces@icann.org> on behalf of Chris Pelling <chris@netearth.net> Date: Monday 1 August 2016 at 22:06 To: Ade Cheek <ade.cheek@legitscript.com> Cc: "gnso-rds-pdp-wg@icann.org" <gnso-rds-pdp-wg@icann.org> Subject: Re: [gnso-rds-pdp-wg] Use Case - False registration data to appear as Facebook owned domain name Sorry Ade, but you may have missed the main point here, the domain is 9 days (yes nine) old, it is under the 15 day 2013 RAA Verification for email or telephone confirmation, whereby if not confirmed it is suspended. The address could be correct (well it is lets be honest) and the telephone number could be correct (it is per facebook,com). The registrar within the first 15 days has to have a positive feedback only, thus if a link is clicked (by accident) or an SMS at time of registration and the code entered on a webpage later - this is confirmation. If nothing received - on day 16 (so 15 full days) the domain should be suspended. Kind regards, Chris ________________________________ From: "Ade Cheek" <ade.cheek@legitscript.com> To: "Susan Kawaguchi" <susank@fb.com> Cc: gnso-rds-pdp-wg@icann.org Sent: Monday, 1 August, 2016 19:36:44 Subject: Re: [gnso-rds-pdp-wg] Use Case - False registration data to appear as Facebook owned domain name Onlinenic - No comment Anyway, the address is valid, as in actually exists, hence the initial "validation". You don't need me to tell you that a large number of registrars simply automate the address check process and when complaints arise, they can claim that they had conducted validation checks. More often than not (in my experience) the complaint is then dropped by ICANN. As silly as this sounds, if the sender address is not monitored, then the reply that it's not valid will simply not be read. I also see that they ask you to "contact your domain name Service Provider for direct assistance" if you need to correct any information. Again, don't contact us, it's not our problem. On Mon, Aug 1, 2016 at 11:24 AM, Susan Kawaguchi <susank@fb.com<mailto:susank@fb.com>> wrote: We received a WDRP notice as you can see below. No way to validate the information and I responded that it is NOT valid… Completely out of compliance in my opinion. From: "No-Reply@onlinenic.com<mailto:No-Reply@onlinenic.com>" <No-Reply@onlinenic.com<mailto:No-Reply@onlinenic.com>> Date: Thursday, July 28, 2016 at 9:43 PM To: domain <domain@fb.com<mailto:domain@fb.com>> Subject: [domain] Whois Data Reminder - login-account.net<http://login-account.net> Dear Domain Registrant, This e-mail is a reminder for you to review and correct any inaccurate Whois information associated with your domain registration on login-account.net<http://login-account.net>. Our records include the following information. [whois info] Domain: login-account.net<http://login-account.net> Registrar Name: ONLINENIC, INC. Registrant: Name: Domain Administrator Address: 1601 Willow Road, City: Menlo Park State/Province: CA Country: US Postal Code: 94025 Administrative Contact: Name: Domain Administrator Address: 1601 Willow Road, City: Menlo Park State/Province: CA Country: US Postal Code: 94025 Phone: +1.6505434800<tel:%2B1.6505434800> Fax: +1.6505434800<tel:%2B1.6505434800> Email: domain@fb.com<mailto:domain@fb.com> Technical Contact: Name: Domain Administrator Address: 1601 Willow Road, City: Menlo Park State/Province: CA Country: US Postal Code: 94025 Phone: +1.6505434800<tel:%2B1.6505434800> Fax: +1.6505434800<tel:%2B1.6505434800> Email: domain@fb.com<mailto:domain@fb.com> Original Creation Date: 07/24/2016 Expiration Date: 07/24/2017 Nameserver Information: Nameserver: ns1.dns-diy.net<http://ns1.dns-diy.net> Nameserver: ns2.dns-diy.net<http://ns2.dns-diy.net> Under ICANN rules at http://www.icann.org/whois/wdrp-registrant-faq.htm<https://urldefense.proofpoint.com/v2/url?u=http-3A__www.icann.org_whois_wdrp-2Dregistrant-2Dfaq.htm&d=CwMBAg&c=5VD0RTtNlTh3ycd41b3MUw&r=DQBitvw2wt4C9NKwu0gx6g&m=6ZQETFuwFeXy8l_T-xbW3SRW8Gq1DvccW4pYvCG_J9I&s=tkiE78dd1OtI_U8KqYyfLcWi2XRY1S6cNI8nF9ZnUUs&e=>, domain name registrants are obligated to review the contact information associated with their domain names and make corrections whenever necessary. The provision of false Whois information can be grounds for cancellation of your domain name registration. If you confirm the current whois information is full and accurate, you could simply ignore this notification. If you need to update whois information, please contact your domain name Service Provider for direct assistance. Regards. Susan Kawaguchi Domain Name Manager Facebook Legal Dept. From: "benny@nordreg.se<mailto:benny@nordreg.se>" <benny@nordreg.se<mailto:benny@nordreg.se>> Date: Monday, August 1, 2016 at 10:30 AM To: Ade Cheek <ade.cheek@legitscript.com<mailto:ade.cheek@legitscript.com>>, Susan kawaguchi <susank@fb.com<mailto:susank@fb.com>> Cc: "gnso-rds-pdp-wg@icann.org<mailto:gnso-rds-pdp-wg@icann.org>" <gnso-rds-pdp-wg@icann.org<mailto:gnso-rds-pdp-wg@icann.org>> Subject: Re: [gnso-rds-pdp-wg] Use Case - False registration data to appear as Facebook owned domain name Please point me to the section where that are in compliance with RAA 2013 The only occurance occurrance of getting a domain as OK without validation are if the Registrant ID are validated from before and no changes are done. In that case it indicates FB have validated the info -- Med vänliga hälsningar / Kind Regards / Med vennlig hilsen Benny Samuelsen Registry Manager - Domainexpert Nordreg AB - ICANN accredited registrar IANA-ID: 638 Phone: +46.42197080<tel:%2B46.42197080> Direct: +47.32260201<tel:%2B47.32260201> Mobile: +47.40410200<tel:%2B47.40410200> From: Ade Cheek <ade.cheek@legitscript.com<mailto:ade.cheek@legitscript.com>> Date: Monday 1 August 2016 at 19:13 To: Susan Kawaguchi <susank@fb.com<mailto:susank@fb.com>> Cc: Benny Samuelsen <benny@nordreg.se<mailto:benny@nordreg.se>>, "gnso-rds-pdp-wg@icann.org<mailto:gnso-rds-pdp-wg@icann.org>" <gnso-rds-pdp-wg@icann.org<mailto:gnso-rds-pdp-wg@icann.org>> Subject: Re: [gnso-rds-pdp-wg] Use Case - False registration data to appear as Facebook owned domain name Benny, If the information provided ticks the boxes then it's validated. Most checks are retrospective as this takes time and time is money... On Mon, Aug 1, 2016 at 10:11 AM, Ade Cheek <ade.cheek@legitscript.com<mailto:ade.cheek@legitscript.com>> wrote: As Susan mentions, all they need is a few days. At least the registrar actually conducted validation checks, many don't. On Mon, Aug 1, 2016 at 10:04 AM, Susan Kawaguchi <susank@fb.com<mailto:susank@fb.com>> wrote: The registrar sent an email to Domain@fb.com<mailto:Domain@fb.com> which I received but I immediately responded it was not a valid registration and asked for transfer. No word yet. All phishers need is a few days to use the domain name. Susan Kawaguchi Domain Name Manager Facebook Legal Dept. From: "benny@nordreg.se<mailto:benny@nordreg.se>" <benny@nordreg.se<mailto:benny@nordreg.se>> Date: Monday, August 1, 2016 at 10:01 AM To: Susan kawaguchi <susank@fb.com<mailto:susank@fb.com>>, "gnso-rds-pdp-wg@icann.org<mailto:gnso-rds-pdp-wg@icann.org>" <gnso-rds-pdp-wg@icann.org<mailto:gnso-rds-pdp-wg@icann.org>> Subject: Re: [gnso-rds-pdp-wg] Use Case - False registration data to appear as Facebook owned domain name Curious, how did it get validated? -- Med vänliga hälsningar / Kind Regards / Med vennlig hilsen Benny Samuelsen Registry Manager - Domainexpert Nordreg AB - ICANN accredited registrar IANA-ID: 638 Phone: +46.42197080<tel:%2B46.42197080> Direct: +47.32260201<tel:%2B47.32260201> Mobile: +47.40410200<tel:%2B47.40410200> From: <gnso-rds-pdp-wg-bounces@icann.org<mailto:gnso-rds-pdp-wg-bounces@icann.org>> on behalf of Susan Kawaguchi <susank@fb.com<mailto:susank@fb.com>> Date: Monday 1 August 2016 at 17:17 To: "gnso-rds-pdp-wg@icann.org<mailto:gnso-rds-pdp-wg@icann.org>" <gnso-rds-pdp-wg@icann.org<mailto:gnso-rds-pdp-wg@icann.org>> Subject: [gnso-rds-pdp-wg] Use Case - False registration data to appear as Facebook owned domain name Hello All, Attached is a use case we run into frequently, bad actors will use valid Facebook information in the registration data to make the registration to appear authentic. Best regards, Susan Kawaguchi Domain Name Manager Facebook Legal Dept. _______________________________________________ gnso-rds-pdp-wg mailing list gnso-rds-pdp-wg@icann.org<mailto:gnso-rds-pdp-wg@icann.org> https://mm.icann.org/mailman/listinfo/gnso-rds-pdp-wg<https://urldefense.proofpoint.com/v2/url?u=https-3A__mm.icann.org_mailman_listinfo_gnso-2Drds-2Dpdp-2Dwg&d=CwMGaQ&c=5VD0RTtNlTh3ycd41b3MUw&r=gvEx8xF7ynrYQ7wShqEr-w&m=X0PxikbdWYe1qnRLBvj7NpVBwJZ9lefkBvSnTMUav2k&s=y8pKkA5htvW2aMfadVs4cTis3K112j7m5MpRvq2Y8cw&e=> -- Adrian Cheek Director of Global Partnerships [https://docs.google.com/uc?export=download&id=0B1czF3rFjMNlUlBBQ2RCbmI5bVE&r...] -- Adrian Cheek Director of Global Partnerships [https://docs.google.com/uc?export=download&id=0B1czF3rFjMNlUlBBQ2RCbmI5bVE&r...] -- Adrian Cheek Director of Global Partnerships [https://docs.google.com/uc?export=download&id=0B1czF3rFjMNlUlBBQ2RCbmI5bVE&r...] _______________________________________________ gnso-rds-pdp-wg mailing list gnso-rds-pdp-wg@icann.org https://mm.icann.org/mailman/listinfo/gnso-rds-pdp-wg