Re: [gnso-rds-pdp-wg] Krebs On Security article RE whois and GDRP
On 2/18/2018 9:14 AM, consult@cgomes.com wrote:
Patrick,
Let me first call attention to the fact that I cc’d the leadership team so that they can judge whether my suggestion was ridiculous or not.
Let me call attention to the fact that I cc'd the entire list so the community can be involved in the conversation as well. (as you say "we all have to work collaboratively in this WG")
I am not in a position to determine what the truth is in this situation,
Well, I AM in such a position because IT HAPPENED TO ME.
but, even if you are correct in your assessment, giving Sara a chance to respond to your strong accusation privately
Big companies like GoDaddy will not respond privately - it's beneath them. Believe me, I've tried. If Sara was interested in responding to my claims, she has had every opportunity to do so, either privately or publicly. I have not heard a peep from her.
would be much more respectful than making your accusation publicly.
It's not an accusation - it's a statement of facts. I welcome Sara and/or GoDaddy to present any evidence to the contrary.
Email communications are very easily misunderstood and/or poorly expressed. I do not know whether that is the case here or not; I am sure you do not believe that is the case, but giving her the benefit of the doubt and asking her to explain further privately would have been a much better approach in my opinion.
As I said, I have no reason to believe she would respond to a private discussion of this matter. I have tried several time to discuss GoDaddy's port 43 restrictions with them and they would not respond to me. GoDaddy is too big to care about the opinions of a single anti-phishing anti-spam anti-abuse advocate that disagrees with GoDaddy's illegal restrictions on port 43 WHOIS.
The fact is that we all have to work collaboratively in this WG.
Which is why this should be discussed on the list as well. I know I'm not the only person on the list that feels this way. Patrick Klos Phishcop Admin
Chuck
*From:*pkngrds@klos.net [mailto:pkngrds@klos.net] *Sent:* Saturday, February 17, 2018 1:20 PM *To:* consult@cgomes.com *Subject:* Re: [gnso-rds-pdp-wg] Krebs On Security article RE whois and GDRP
On 2/17/2018 2:11 PM, consult@cgomes.com <mailto:consult@cgomes.com> wrote:
Patrick,
If you are going to specifically criticize a company by name, please do that directly with that company and not on this list.
Chuck
That's ridiculous.
Sara Bockey, representing GoDaddy, made statements on the list that do not reflect the truth. It is my obligation to refute her claims publicly on the same forum her original statements were made.
Patrick Klos Klos Technologies, Inc. and Phishcop Admin
*From:*gnso-rds-pdp-wg [mailto:gnso-rds-pdp-wg-bounces@icann.org] *On Behalf Of *pkngrds@klos.net <mailto:pkngrds@klos.net> *Sent:* Friday, February 16, 2018 3:35 PM *To:* gnso-rds-pdp-wg@icann.org <mailto:gnso-rds-pdp-wg@icann.org> *Subject:* Re: [gnso-rds-pdp-wg] Krebs On Security article RE whois and GDRP
On 2/16/2018 5:22 PM, Sara Bockey wrote:
Not only is our decision to mask customer information in Port43 completely unrelated to GDPR, but it results directly from attacks by third parties who harvest and sell our customers’ personal information.
I don't know what precipitated this conversation, but I will jump in here based on my actual experience.
To say "it results directly from attacks by third parties who harvest and sell our customers’ personal information" is a complete lie!
GoDaddy has blocked MANY IP addresses I've attempted to use port 43 WHOIS on with absolutely no due process! And I can say with absolute certainty that I and my IP addresses were not involved in any form of "attack(s) by third parties".
But if I wanted to continue fighting phishing, spammers and other abuses without being forced to use GoDaddy's cumbersome web interface (with their stupid "I'm not a robot" and "Choose all the pictures that have a goldfish in them" games) to process each WHOIS request, I would have to give in to GoDaddy's illegal blocking (restricted WHOIS output) and sign their "whitelist request" to get myself back to business!!!
Given the onslaught of spam and robo-calls our customers have been receiving – often within minutes of registering a domain name—we felt that action was required, if not overdue.
I'm not sure I can see how port 43 WHOIS requests can be used to determine new domain registrations in the way you imply? Maybe you can share how that works??
WHOIS information is still very much available for any & all domain names via our web-based WHOIS tool,
It may be available, but it's quite cumbersome and a waste of good peoples' time!!
However, bulk access by anonymous users is no longer supported.
I didn't know "bulk access by anonymous users" was ever a thing?!? If you were intent on blocking "bulk access", why should that have impacted port 43 WHOIS requests for single domains???
I also note that during this entire process, we have kept ICANN informed of both the attacks on our Port43 systems
Please provide the evidence of my "attacks" that you've provided to ICANN to justify your restricting WHOIS data to any of my IP addresses.
as well as our efforts to mitigate them. Our actions are justified and to imply otherwise is not only inaccurate but does nothing to move this PDP forward.
Your actions were unilateral and (in my opinion) violated your registrar agreement(s) with ICANN. You're allowed to block ABUSIVE behavior, but you blocked many many requests with absolutely no evidence of abuse! How can you justify that???
Patrick Klos Phishcop Admin
Patrick's voice on this needs to be heard. Regardless of whether or not Godaddy's block was related to GDPR or not, it's a perfect example of what we're looking forward to when the exact same block is applied to all registrars and all queriers. The web based portal is already a huge degradation in service quality. Many of us in the anti-abuse and network operator world rely heavily on "WHOWAS" and as it stands, that is ONLY available through resellers who make use of bulk queries to do it. If you don't like that, then give us a better alternative so we can keep doing our jobs and keep the Internet functioning. Why is the blanket assumption that bulk queriers, and queriers of new domains are abusive? Maybe a security system wondered "Why is a never-before-seen-domain sending me an email with an executable attachment?" Do you think that could ever possibly happen on the Internet? How many SOC and NOC IP addresses are blocked by Godaddy? One of my IP addresses are blocked. Why is our activity deemed abusive? Due to this change I am hearing complaints from people responsible for keeping tier-1 and tier-2 networks working. Not just blocklist maintainers. Take this seriously. On Sun, Feb 18, 2018 at 10:09 AM, <pkngrds@klos.net> wrote:
On 2/18/2018 9:14 AM, consult@cgomes.com wrote:
Patrick,
Let me first call attention to the fact that I cc’d the leadership team so that they can judge whether my suggestion was ridiculous or not.
Let me call attention to the fact that I cc'd the entire list so the community can be involved in the conversation as well. (as you say "we all have to work collaboratively in this WG")
I am not in a position to determine what the truth is in this situation,
Well, I AM in such a position because IT HAPPENED TO ME.
but, even if you are correct in your assessment, giving Sara a chance to respond to your strong accusation privately
Big companies like GoDaddy will not respond privately - it's beneath them. Believe me, I've tried.
If Sara was interested in responding to my claims, she has had every opportunity to do so, either privately or publicly. I have not heard a peep from her.
would be much more respectful than making your accusation publicly.
It's not an accusation - it's a statement of facts. I welcome Sara and/or GoDaddy to present any evidence to the contrary.
Email communications are very easily misunderstood and/or poorly expressed. I do not know whether that is the case here or not; I am sure you do not believe that is the case, but giving her the benefit of the doubt and asking her to explain further privately would have been a much better approach in my opinion.
As I said, I have no reason to believe she would respond to a private discussion of this matter. I have tried several time to discuss GoDaddy's port 43 restrictions with them and they would not respond to me. GoDaddy is too big to care about the opinions of a single anti-phishing anti-spam anti-abuse advocate that disagrees with GoDaddy's illegal restrictions on port 43 WHOIS.
The fact is that we all have to work collaboratively in this WG.
Which is why this should be discussed on the list as well. I know I'm not the only person on the list that feels this way.
Patrick Klos Phishcop Admin
Chuck
*From:* pkngrds@klos.net [mailto:pkngrds@klos.net <pkngrds@klos.net>] *Sent:* Saturday, February 17, 2018 1:20 PM *To:* consult@cgomes.com *Subject:* Re: [gnso-rds-pdp-wg] Krebs On Security article RE whois and GDRP
On 2/17/2018 2:11 PM, consult@cgomes.com wrote:
Patrick,
If you are going to specifically criticize a company by name, please do that directly with that company and not on this list.
Chuck
That's ridiculous.
Sara Bockey, representing GoDaddy, made statements on the list that do not reflect the truth. It is my obligation to refute her claims publicly on the same forum her original statements were made.
Patrick Klos Klos Technologies, Inc. and Phishcop Admin
*From:* gnso-rds-pdp-wg [mailto:gnso-rds-pdp-wg-bounces@icann.org <gnso-rds-pdp-wg-bounces@icann.org>] *On Behalf Of *pkngrds@klos.net *Sent:* Friday, February 16, 2018 3:35 PM *To:* gnso-rds-pdp-wg@icann.org *Subject:* Re: [gnso-rds-pdp-wg] Krebs On Security article RE whois and GDRP
On 2/16/2018 5:22 PM, Sara Bockey wrote:
Not only is our decision to mask customer information in Port43 completely unrelated to GDPR, but it results directly from attacks by third parties who harvest and sell our customers’ personal information.
I don't know what precipitated this conversation, but I will jump in here based on my actual experience.
To say "it results directly from attacks by third parties who harvest and sell our customers’ personal information" is a complete lie!
GoDaddy has blocked MANY IP addresses I've attempted to use port 43 WHOIS on with absolutely no due process! And I can say with absolute certainty that I and my IP addresses were not involved in any form of "attack(s) by third parties".
But if I wanted to continue fighting phishing, spammers and other abuses without being forced to use GoDaddy's cumbersome web interface (with their stupid "I'm not a robot" and "Choose all the pictures that have a goldfish in them" games) to process each WHOIS request, I would have to give in to GoDaddy's illegal blocking (restricted WHOIS output) and sign their "whitelist request" to get myself back to business!!!
Given the onslaught of spam and robo-calls our customers have been receiving – often within minutes of registering a domain name—we felt that action was required, if not overdue.
I'm not sure I can see how port 43 WHOIS requests can be used to determine new domain registrations in the way you imply? Maybe you can share how that works??
WHOIS information is still very much available for any & all domain names via our web-based WHOIS tool,
It may be available, but it's quite cumbersome and a waste of good peoples' time!!
However, bulk access by anonymous users is no longer supported.
I didn't know "bulk access by anonymous users" was ever a thing?!? If you were intent on blocking "bulk access", why should that have impacted port 43 WHOIS requests for single domains???
I also note that during this entire process, we have kept ICANN informed of both the attacks on our Port43 systems
Please provide the evidence of my "attacks" that you've provided to ICANN to justify your restricting WHOIS data to any of my IP addresses.
as well as our efforts to mitigate them. Our actions are justified and to imply otherwise is not only inaccurate but does nothing to move this PDP forward.
Your actions were unilateral and (in my opinion) violated your registrar agreement(s) with ICANN. You're allowed to block ABUSIVE behavior, but you blocked many many requests with absolutely no evidence of abuse! How can you justify that???
Patrick Klos Phishcop Admin
_______________________________________________ gnso-rds-pdp-wg mailing list gnso-rds-pdp-wg@icann.org https://mm.icann.org/mailman/listinfo/gnso-rds-pdp-wg
-- _________________________________ Note to self: Pillage BEFORE burning.
Who’s is even worse than whois from a data protection standpoint. Those services really need to go… Volker
On 18. Feb 2018, at 18:17, allison nixon <elsakoo@gmail.com> wrote:
Patrick's voice on this needs to be heard. Regardless of whether or not Godaddy's block was related to GDPR or not, it's a perfect example of what we're looking forward to when the exact same block is applied to all registrars and all queriers.
The web based portal is already a huge degradation in service quality. Many of us in the anti-abuse and network operator world rely heavily on "WHOWAS" and as it stands, that is ONLY available through resellers who make use of bulk queries to do it. If you don't like that, then give us a better alternative so we can keep doing our jobs and keep the Internet functioning.
Why is the blanket assumption that bulk queriers, and queriers of new domains are abusive? Maybe a security system wondered "Why is a never-before-seen-domain sending me an email with an executable attachment?" Do you think that could ever possibly happen on the Internet? How many SOC and NOC IP addresses are blocked by Godaddy? One of my IP addresses are blocked. Why is our activity deemed abusive?
Due to this change I am hearing complaints from people responsible for keeping tier-1 and tier-2 networks working. Not just blocklist maintainers. Take this seriously.
On Sun, Feb 18, 2018 at 10:09 AM, <pkngrds@klos.net <mailto:pkngrds@klos.net>> wrote: On 2/18/2018 9:14 AM, consult@cgomes.com <mailto:consult@cgomes.com> wrote:
Patrick,
Let me first call attention to the fact that I cc’d the leadership team so that they can judge whether my suggestion was ridiculous or not.
Let me call attention to the fact that I cc'd the entire list so the community can be involved in the conversation as well. (as you say "we all have to work collaboratively in this WG")
I am not in a position to determine what the truth is in this situation,
Well, I AM in such a position because IT HAPPENED TO ME.
but, even if you are correct in your assessment, giving Sara a chance to respond to your strong accusation privately
Big companies like GoDaddy will not respond privately - it's beneath them. Believe me, I've tried.
If Sara was interested in responding to my claims, she has had every opportunity to do so, either privately or publicly. I have not heard a peep from her.
would be much more respectful than making your accusation publicly.
It's not an accusation - it's a statement of facts. I welcome Sara and/or GoDaddy to present any evidence to the contrary.
Email communications are very easily misunderstood and/or poorly expressed. I do not know whether that is the case here or not; I am sure you do not believe that is the case, but giving her the benefit of the doubt and asking her to explain further privately would have been a much better approach in my opinion.
As I said, I have no reason to believe she would respond to a private discussion of this matter. I have tried several time to discuss GoDaddy's port 43 restrictions with them and they would not respond to me. GoDaddy is too big to care about the opinions of a single anti-phishing anti-spam anti-abuse advocate that disagrees with GoDaddy's illegal restrictions on port 43 WHOIS.
The fact is that we all have to work collaboratively in this WG.
Which is why this should be discussed on the list as well. I know I'm not the only person on the list that feels this way.
Patrick Klos Phishcop Admin
Chuck
From: pkngrds@klos.net <mailto:pkngrds@klos.net> [mailto:pkngrds@klos.net <mailto:pkngrds@klos.net>] Sent: Saturday, February 17, 2018 1:20 PM To: consult@cgomes.com <mailto:consult@cgomes.com> Subject: Re: [gnso-rds-pdp-wg] Krebs On Security article RE whois and GDRP
On 2/17/2018 2:11 PM, consult@cgomes.com <mailto:consult@cgomes.com> wrote:
Patrick,
If you are going to specifically criticize a company by name, please do that directly with that company and not on this list.
Chuck
That's ridiculous.
Sara Bockey, representing GoDaddy, made statements on the list that do not reflect the truth. It is my obligation to refute her claims publicly on the same forum her original statements were made.
Patrick Klos Klos Technologies, Inc. and Phishcop Admin
From: gnso-rds-pdp-wg [mailto:gnso-rds-pdp-wg-bounces@icann.org <mailto:gnso-rds-pdp-wg-bounces@icann.org>] On Behalf Of pkngrds@klos.net <mailto:pkngrds@klos.net> Sent: Friday, February 16, 2018 3:35 PM To: gnso-rds-pdp-wg@icann.org <mailto:gnso-rds-pdp-wg@icann.org> Subject: Re: [gnso-rds-pdp-wg] Krebs On Security article RE whois and GDRP
On 2/16/2018 5:22 PM, Sara Bockey wrote:
Not only is our decision to mask customer information in Port43 completely unrelated to GDPR, but it results directly from attacks by third parties who harvest and sell our customers’ personal information.
I don't know what precipitated this conversation, but I will jump in here based on my actual experience.
To say "it results directly from attacks by third parties who harvest and sell our customers’ personal information" is a complete lie!
GoDaddy has blocked MANY IP addresses I've attempted to use port 43 WHOIS on with absolutely no due process! And I can say with absolute certainty that I and my IP addresses were not involved in any form of "attack(s) by third parties".
But if I wanted to continue fighting phishing, spammers and other abuses without being forced to use GoDaddy's cumbersome web interface (with their stupid "I'm not a robot" and "Choose all the pictures that have a goldfish in them" games) to process each WHOIS request, I would have to give in to GoDaddy's illegal blocking (restricted WHOIS output) and sign their "whitelist request" to get myself back to business!!!
Given the onslaught of spam and robo-calls our customers have been receiving – often within minutes of registering a domain name—we felt that action was required, if not overdue.
I'm not sure I can see how port 43 WHOIS requests can be used to determine new domain registrations in the way you imply? Maybe you can share how that works??
WHOIS information is still very much available for any & all domain names via our web-based WHOIS tool,
It may be available, but it's quite cumbersome and a waste of good peoples' time!!
However, bulk access by anonymous users is no longer supported.
I didn't know "bulk access by anonymous users" was ever a thing?!? If you were intent on blocking "bulk access", why should that have impacted port 43 WHOIS requests for single domains???
I also note that during this entire process, we have kept ICANN informed of both the attacks on our Port43 systems
Please provide the evidence of my "attacks" that you've provided to ICANN to justify your restricting WHOIS data to any of my IP addresses.
as well as our efforts to mitigate them. Our actions are justified and to imply otherwise is not only inaccurate but does nothing to move this PDP forward.
Your actions were unilateral and (in my opinion) violated your registrar agreement(s) with ICANN. You're allowed to block ABUSIVE behavior, but you blocked many many requests with absolutely no evidence of abuse! How can you justify that???
Patrick Klos Phishcop Admin
_______________________________________________ gnso-rds-pdp-wg mailing list gnso-rds-pdp-wg@icann.org <mailto:gnso-rds-pdp-wg@icann.org> https://mm.icann.org/mailman/listinfo/gnso-rds-pdp-wg <https://mm.icann.org/mailman/listinfo/gnso-rds-pdp-wg>
-- _________________________________ Note to self: Pillage BEFORE burning. _______________________________________________ gnso-rds-pdp-wg mailing list gnso-rds-pdp-wg@icann.org https://mm.icann.org/mailman/listinfo/gnso-rds-pdp-wg
-- Bei weiteren Fragen stehen wir Ihnen gerne zur Verfügung. Mit freundlichen Grüßen, Volker A. Greimann - Rechtsabteilung - Key-Systems GmbH Im Oberen Werk 1 66386 St. Ingbert Tel.: +49 (0) 6894 - 9396 901 Fax.: +49 (0) 6894 - 9396 851 Email: vgreimann@key-systems.net Web: www.key-systems.net / www.RRPproxy.net www.domaindiscount24.com / www.BrandShelter.com Folgen Sie uns bei Twitter oder werden Sie unser Fan bei Facebook: www.facebook.com/KeySystems www.twitter.com/key_systems Geschäftsführer: Alexander Siffrin Handelsregister Nr.: HR B 18835 - Saarbruecken Umsatzsteuer ID.: DE211006534 Member of the KEYDRIVE GROUP www.keydrive.lu Der Inhalt dieser Nachricht ist vertraulich und nur für den angegebenen Empfänger bestimmt. Jede Form der Kenntnisgabe, Veröffentlichung oder Weitergabe an Dritte durch den Empfänger ist unzulässig. Sollte diese Nachricht nicht für Sie bestimmt sein, so bitten wir Sie, sich mit uns per E-Mail oder telefonisch in Verbindung zu setzen. -------------------------------------------- Should you have any further questions, please do not hesitate to contact us. Best regards, Volker A. Greimann - legal department - Key-Systems GmbH Im Oberen Werk 1 66386 St. Ingbert Tel.: +49 (0) 6894 - 9396 901 Fax.: +49 (0) 6894 - 9396 851 Email: vgreimann@key-systems.net Web: www.key-systems.net / www.RRPproxy.net www.domaindiscount24.com / www.BrandShelter.com Follow us on Twitter or join our fan community on Facebook and stay updated: www.facebook.com/KeySystems www.twitter.com/key_systems CEO: Alexander Siffrin Registration No.: HR B 18835 - Saarbruecken V.A.T. ID.: DE211006534 Member of the KEYDRIVE GROUP www.keydrive.lu This e-mail and its attachments is intended only for the person to whom it is addressed. Furthermore it is not permitted to publish any content of this email. You must not use, disclose, copy, print or rely on this e-mail. If an addressing or transmission error has misdirected this e-mail, kindly notify the author by replying to this e-mail or contacting us by telephone.
I mean what possible justification could someone have in trying to figure out what has communicated with their network? -- John Bambenek
On Feb 20, 2018, at 11:52, Volker Greimann <vgreimann@key-systems.net> wrote:
Who’s is even worse than whois from a data protection standpoint. Those services really need to go…
Volker
On 18. Feb 2018, at 18:17, allison nixon <elsakoo@gmail.com> wrote:
Patrick's voice on this needs to be heard. Regardless of whether or not Godaddy's block was related to GDPR or not, it's a perfect example of what we're looking forward to when the exact same block is applied to all registrars and all queriers.
The web based portal is already a huge degradation in service quality. Many of us in the anti-abuse and network operator world rely heavily on "WHOWAS" and as it stands, that is ONLY available through resellers who make use of bulk queries to do it. If you don't like that, then give us a better alternative so we can keep doing our jobs and keep the Internet functioning.
Why is the blanket assumption that bulk queriers, and queriers of new domains are abusive? Maybe a security system wondered "Why is a never-before-seen-domain sending me an email with an executable attachment?" Do you think that could ever possibly happen on the Internet? How many SOC and NOC IP addresses are blocked by Godaddy? One of my IP addresses are blocked. Why is our activity deemed abusive?
Due to this change I am hearing complaints from people responsible for keeping tier-1 and tier-2 networks working. Not just blocklist maintainers. Take this seriously.
On Sun, Feb 18, 2018 at 10:09 AM, <pkngrds@klos.net> wrote:
On 2/18/2018 9:14 AM, consult@cgomes.com wrote:
Patrick,
Let me first call attention to the fact that I cc’d the leadership team so that they can judge whether my suggestion was ridiculous or not.
Let me call attention to the fact that I cc'd the entire list so the community can be involved in the conversation as well. (as you say "we all have to work collaboratively in this WG")
I am not in a position to determine what the truth is in this situation,
Well, I AM in such a position because IT HAPPENED TO ME.
but, even if you are correct in your assessment, giving Sara a chance to respond to your strong accusation privately
Big companies like GoDaddy will not respond privately - it's beneath them. Believe me, I've tried.
If Sara was interested in responding to my claims, she has had every opportunity to do so, either privately or publicly. I have not heard a peep from her.
would be much more respectful than making your accusation publicly.
It's not an accusation - it's a statement of facts. I welcome Sara and/or GoDaddy to present any evidence to the contrary.
Email communications are very easily misunderstood and/or poorly expressed. I do not know whether that is the case here or not; I am sure you do not believe that is the case, but giving her the benefit of the doubt and asking her to explain further privately would have been a much better approach in my opinion.
As I said, I have no reason to believe she would respond to a private discussion of this matter. I have tried several time to discuss GoDaddy's port 43 restrictions with them and they would not respond to me. GoDaddy is too big to care about the opinions of a single anti-phishing anti-spam anti-abuse advocate that disagrees with GoDaddy's illegal restrictions on port 43 WHOIS.
The fact is that we all have to work collaboratively in this WG.
Which is why this should be discussed on the list as well. I know I'm not the only person on the list that feels this way.
Patrick Klos Phishcop Admin
Chuck
From: pkngrds@klos.net [mailto:pkngrds@klos.net] Sent: Saturday, February 17, 2018 1:20 PM To: consult@cgomes.com Subject: Re: [gnso-rds-pdp-wg] Krebs On Security article RE whois and GDRP
On 2/17/2018 2:11 PM, consult@cgomes.com wrote:
Patrick,
If you are going to specifically criticize a company by name, please do that directly with that company and not on this list.
Chuck
That's ridiculous.
Sara Bockey, representing GoDaddy, made statements on the list that do not reflect the truth. It is my obligation to refute her claims publicly on the same forum her original statements were made.
Patrick Klos Klos Technologies, Inc. and Phishcop Admin
From: gnso-rds-pdp-wg [mailto:gnso-rds-pdp-wg-bounces@icann.org] On Behalf Of pkngrds@klos.net Sent: Friday, February 16, 2018 3:35 PM To: gnso-rds-pdp-wg@icann.org Subject: Re: [gnso-rds-pdp-wg] Krebs On Security article RE whois and GDRP
On 2/16/2018 5:22 PM, Sara Bockey wrote:
Not only is our decision to mask customer information in Port43 completely unrelated to GDPR, but it results directly from attacks by third parties who harvest and sell our customers’ personal information.
I don't know what precipitated this conversation, but I will jump in here based on my actual experience.
To say "it results directly from attacks by third parties who harvest and sell our customers’ personal information" is a complete lie!
GoDaddy has blocked MANY IP addresses I've attempted to use port 43 WHOIS on with absolutely no due process! And I can say with absolute certainty that I and my IP addresses were not involved in any form of "attack(s) by third parties".
But if I wanted to continue fighting phishing, spammers and other abuses without being forced to use GoDaddy's cumbersome web interface (with their stupid "I'm not a robot" and "Choose all the pictures that have a goldfish in them" games) to process each WHOIS request, I would have to give in to GoDaddy's illegal blocking (restricted WHOIS output) and sign their "whitelist request" to get myself back to business!!!
Given the onslaught of spam and robo-calls our customers have been receiving – often within minutes of registering a domain name—we felt that action was required, if not overdue.
I'm not sure I can see how port 43 WHOIS requests can be used to determine new domain registrations in the way you imply? Maybe you can share how that works??
WHOIS information is still very much available for any & all domain names via our web-based WHOIS tool,
It may be available, but it's quite cumbersome and a waste of good peoples' time!!
However, bulk access by anonymous users is no longer supported.
I didn't know "bulk access by anonymous users" was ever a thing?!? If you were intent on blocking "bulk access", why should that have impacted port 43 WHOIS requests for single domains???
I also note that during this entire process, we have kept ICANN informed of both the attacks on our Port43 systems
Please provide the evidence of my "attacks" that you've provided to ICANN to justify your restricting WHOIS data to any of my IP addresses.
as well as our efforts to mitigate them. Our actions are justified and to imply otherwise is not only inaccurate but does nothing to move this PDP forward.
Your actions were unilateral and (in my opinion) violated your registrar agreement(s) with ICANN. You're allowed to block ABUSIVE behavior, but you blocked many many requests with absolutely no evidence of abuse! How can you justify that???
Patrick Klos Phishcop Admin
_______________________________________________ gnso-rds-pdp-wg mailing list gnso-rds-pdp-wg@icann.org https://mm.icann.org/mailman/listinfo/gnso-rds-pdp-wg
-- _________________________________ Note to self: Pillage BEFORE burning. _______________________________________________ gnso-rds-pdp-wg mailing list gnso-rds-pdp-wg@icann.org https://mm.icann.org/mailman/listinfo/gnso-rds-pdp-wg
-- Bei weiteren Fragen stehen wir Ihnen gerne zur Verfügung.
Mit freundlichen Grüßen,
Volker A. Greimann - Rechtsabteilung -
Key-Systems GmbH Im Oberen Werk 1 66386 St. Ingbert Tel.: +49 (0) 6894 - 9396 901 Fax.: +49 (0) 6894 - 9396 851 Email: vgreimann@key-systems.net
Web: www.key-systems.net / www.RRPproxy.net www.domaindiscount24.com / www.BrandShelter.com
Folgen Sie uns bei Twitter oder werden Sie unser Fan bei Facebook: www.facebook.com/KeySystems www.twitter.com/key_systems
Geschäftsführer: Alexander Siffrin Handelsregister Nr.: HR B 18835 - Saarbruecken Umsatzsteuer ID.: DE211006534
Member of the KEYDRIVE GROUP www.keydrive.lu
Der Inhalt dieser Nachricht ist vertraulich und nur für den angegebenen Empfänger bestimmt. Jede Form der Kenntnisgabe, Veröffentlichung oder Weitergabe an Dritte durch den Empfänger ist unzulässig. Sollte diese Nachricht nicht für Sie bestimmt sein, so bitten wir Sie, sich mit uns per E-Mail oder telefonisch in Verbindung zu setzen.
--------------------------------------------
Should you have any further questions, please do not hesitate to contact us.
Best regards,
Volker A. Greimann - legal department -
Key-Systems GmbH Im Oberen Werk 1 66386 St. Ingbert Tel.: +49 (0) 6894 - 9396 901 Fax.: +49 (0) 6894 - 9396 851 Email: vgreimann@key-systems.net
Web: www.key-systems.net / www.RRPproxy.net www.domaindiscount24.com / www.BrandShelter.com
Follow us on Twitter or join our fan community on Facebook and stay updated: www.facebook.com/KeySystems www.twitter.com/key_systems
CEO: Alexander Siffrin Registration No.: HR B 18835 - Saarbruecken V.A.T. ID.: DE211006534
Member of the KEYDRIVE GROUP www.keydrive.lu
This e-mail and its attachments is intended only for the person to whom it is addressed. Furthermore it is not permitted to publish any content of this email. You must not use, disclose, copy, print or rely on this e-mail. If an addressing or transmission error has misdirected this e-mail, kindly notify the author by replying to this e-mail or contacting us by telephone.
_______________________________________________ gnso-rds-pdp-wg mailing list gnso-rds-pdp-wg@icann.org https://mm.icann.org/mailman/listinfo/gnso-rds-pdp-wg
How exactly? None of the WHOWAS services that I know of are at the price point spammers could ever afford to consume. They are used by financial institutions, large mail server operators, security companies, etc. They need it to keep things running. It's a vital service that should not be forgotten in this debate. On Tue, Feb 20, 2018 at 12:52 PM, Volker Greimann <vgreimann@key-systems.net
wrote:
Who’s is even worse than whois from a data protection standpoint. Those services really need to go…
Volker
On 18. Feb 2018, at 18:17, allison nixon <elsakoo@gmail.com> wrote:
Patrick's voice on this needs to be heard. Regardless of whether or not Godaddy's block was related to GDPR or not, it's a perfect example of what we're looking forward to when the exact same block is applied to all registrars and all queriers.
The web based portal is already a huge degradation in service quality. Many of us in the anti-abuse and network operator world rely heavily on "WHOWAS" and as it stands, that is ONLY available through resellers who make use of bulk queries to do it. If you don't like that, then give us a better alternative so we can keep doing our jobs and keep the Internet functioning.
Why is the blanket assumption that bulk queriers, and queriers of new domains are abusive? Maybe a security system wondered "Why is a never-before-seen-domain sending me an email with an executable attachment?" Do you think that could ever possibly happen on the Internet? How many SOC and NOC IP addresses are blocked by Godaddy? One of my IP addresses are blocked. Why is our activity deemed abusive?
Due to this change I am hearing complaints from people responsible for keeping tier-1 and tier-2 networks working. Not just blocklist maintainers. Take this seriously.
On Sun, Feb 18, 2018 at 10:09 AM, <pkngrds@klos.net> wrote:
On 2/18/2018 9:14 AM, consult@cgomes.com wrote:
Patrick,
Let me first call attention to the fact that I cc’d the leadership team so that they can judge whether my suggestion was ridiculous or not.
Let me call attention to the fact that I cc'd the entire list so the community can be involved in the conversation as well. (as you say "we all have to work collaboratively in this WG")
I am not in a position to determine what the truth is in this situation,
Well, I AM in such a position because IT HAPPENED TO ME.
but, even if you are correct in your assessment, giving Sara a chance to respond to your strong accusation privately
Big companies like GoDaddy will not respond privately - it's beneath them. Believe me, I've tried.
If Sara was interested in responding to my claims, she has had every opportunity to do so, either privately or publicly. I have not heard a peep from her.
would be much more respectful than making your accusation publicly.
It's not an accusation - it's a statement of facts. I welcome Sara and/or GoDaddy to present any evidence to the contrary.
Email communications are very easily misunderstood and/or poorly expressed. I do not know whether that is the case here or not; I am sure you do not believe that is the case, but giving her the benefit of the doubt and asking her to explain further privately would have been a much better approach in my opinion.
As I said, I have no reason to believe she would respond to a private discussion of this matter. I have tried several time to discuss GoDaddy's port 43 restrictions with them and they would not respond to me. GoDaddy is too big to care about the opinions of a single anti-phishing anti-spam anti-abuse advocate that disagrees with GoDaddy's illegal restrictions on port 43 WHOIS.
The fact is that we all have to work collaboratively in this WG.
Which is why this should be discussed on the list as well. I know I'm not the only person on the list that feels this way.
Patrick Klos Phishcop Admin
Chuck
*From:* pkngrds@klos.net [mailto:pkngrds@klos.net <pkngrds@klos.net>] *Sent:* Saturday, February 17, 2018 1:20 PM *To:* consult@cgomes.com *Subject:* Re: [gnso-rds-pdp-wg] Krebs On Security article RE whois and GDRP
On 2/17/2018 2:11 PM, consult@cgomes.com wrote:
Patrick,
If you are going to specifically criticize a company by name, please do that directly with that company and not on this list.
Chuck
That's ridiculous.
Sara Bockey, representing GoDaddy, made statements on the list that do not reflect the truth. It is my obligation to refute her claims publicly on the same forum her original statements were made.
Patrick Klos Klos Technologies, Inc. and Phishcop Admin
*From:* gnso-rds-pdp-wg [mailto:gnso-rds-pdp-wg-bounces@icann.org <gnso-rds-pdp-wg-bounces@icann.org>] *On Behalf Of *pkngrds@klos.net *Sent:* Friday, February 16, 2018 3:35 PM *To:* gnso-rds-pdp-wg@icann.org *Subject:* Re: [gnso-rds-pdp-wg] Krebs On Security article RE whois and GDRP
On 2/16/2018 5:22 PM, Sara Bockey wrote:
Not only is our decision to mask customer information in Port43 completely unrelated to GDPR, but it results directly from attacks by third parties who harvest and sell our customers’ personal information.
I don't know what precipitated this conversation, but I will jump in here based on my actual experience.
To say "it results directly from attacks by third parties who harvest and sell our customers’ personal information" is a complete lie!
GoDaddy has blocked MANY IP addresses I've attempted to use port 43 WHOIS on with absolutely no due process! And I can say with absolute certainty that I and my IP addresses were not involved in any form of "attack(s) by third parties".
But if I wanted to continue fighting phishing, spammers and other abuses without being forced to use GoDaddy's cumbersome web interface (with their stupid "I'm not a robot" and "Choose all the pictures that have a goldfish in them" games) to process each WHOIS request, I would have to give in to GoDaddy's illegal blocking (restricted WHOIS output) and sign their "whitelist request" to get myself back to business!!!
Given the onslaught of spam and robo-calls our customers have been receiving – often within minutes of registering a domain name—we felt that action was required, if not overdue.
I'm not sure I can see how port 43 WHOIS requests can be used to determine new domain registrations in the way you imply? Maybe you can share how that works??
WHOIS information is still very much available for any & all domain names via our web-based WHOIS tool,
It may be available, but it's quite cumbersome and a waste of good peoples' time!!
However, bulk access by anonymous users is no longer supported.
I didn't know "bulk access by anonymous users" was ever a thing?!? If you were intent on blocking "bulk access", why should that have impacted port 43 WHOIS requests for single domains???
I also note that during this entire process, we have kept ICANN informed of both the attacks on our Port43 systems
Please provide the evidence of my "attacks" that you've provided to ICANN to justify your restricting WHOIS data to any of my IP addresses.
as well as our efforts to mitigate them. Our actions are justified and to imply otherwise is not only inaccurate but does nothing to move this PDP forward.
Your actions were unilateral and (in my opinion) violated your registrar agreement(s) with ICANN. You're allowed to block ABUSIVE behavior, but you blocked many many requests with absolutely no evidence of abuse! How can you justify that???
Patrick Klos Phishcop Admin
_______________________________________________ gnso-rds-pdp-wg mailing list gnso-rds-pdp-wg@icann.org https://mm.icann.org/mailman/listinfo/gnso-rds-pdp-wg
-- _________________________________ Note to self: Pillage BEFORE burning. _______________________________________________ gnso-rds-pdp-wg mailing list gnso-rds-pdp-wg@icann.org https://mm.icann.org/mailman/listinfo/gnso-rds-pdp-wg
--
Bei weiteren Fragen stehen wir Ihnen gerne zur Verfügung.
Mit freundlichen Grüßen,
Volker A. Greimann - Rechtsabteilung -
Key-Systems GmbH Im Oberen Werk 1 <https://maps.google.com/?q=Im+Oberen+Werk+1+66386+St.+Ingbert&entry=gmail&so...> 66386 St. Ingbert <https://maps.google.com/?q=Im+Oberen+Werk+1+66386+St.+Ingbert&entry=gmail&so...> Tel.: +49 (0) 6894 - 9396 901 <+49%206894%209396901> Fax.: +49 (0) 6894 - 9396 851 <+49%206894%209396851> Email: vgreimann@key-systems.net <vgreimann@key-systems.net>
Web: www.key-systems.net / www.RRPproxy.net www.domaindiscount24.com / www.BrandShelter.com
Folgen Sie uns bei Twitter oder werden Sie unser Fan bei Facebook: www.facebook.com/KeySystems www.twitter.com/key_systems
Geschäftsführer: Alexander Siffrin Handelsregister Nr.: HR B 18835 - Saarbruecken Umsatzsteuer ID.: DE211006534
Member of the KEYDRIVE GROUP www.keydrive.lu
Der Inhalt dieser Nachricht ist vertraulich und nur für den angegebenen Empfänger bestimmt. Jede Form der Kenntnisgabe, Veröffentlichung oder Weitergabe an Dritte durch den Empfänger ist unzulässig. Sollte diese Nachricht nicht für Sie bestimmt sein, so bitten wir Sie, sich mit uns per E-Mail oder telefonisch in Verbindung zu setzen.
--------------------------------------------
Should you have any further questions, please do not hesitate to contact us.
Best regards,
Volker A. Greimann - legal department -
Key-Systems GmbH Im Oberen Werk 1 <https://maps.google.com/?q=Im+Oberen+Werk+1+66386+St.+Ingbert&entry=gmail&so...> 66386 St. Ingbert <https://maps.google.com/?q=Im+Oberen+Werk+1+66386+St.+Ingbert&entry=gmail&so...> Tel.: +49 (0) 6894 - 9396 901 <+49%206894%209396901> Fax.: +49 (0) 6894 - 9396 851 <+49%206894%209396851> Email: vgreimann@key-systems.net
Web: www.key-systems.net / www.RRPproxy.net www.domaindiscount24.com / www.BrandShelter.com
Follow us on Twitter or join our fan community on Facebook and stay updated: www.facebook.com/KeySystems www.twitter.com/key_systems
CEO: Alexander Siffrin Registration No.: HR B 18835 - Saarbruecken V.A.T. ID.: DE211006534
Member of the KEYDRIVE GROUP www.keydrive.lu
This e-mail and its attachments is intended only for the person to whom it is addressed. Furthermore it is not permitted to publish any content of this email. You must not use, disclose, copy, print or rely on this e-mail. If an addressing or transmission error has misdirected this e-mail, kindly notify the author by replying to this e-mail or contacting us by telephone.
-- _________________________________ Note to self: Pillage BEFORE burning.
Patrick and WG members: It is indeed true that our Port43 service is being attacked and our customer data is being harvested and abused. This is corroborated by numerous industry news reports and stories shared by our customers. Our first responsibility is to our customers, and to safeguard their personal information. This is impossible in an environment where Port 43 access is unregulated, and we can’t distinguish legitimate users from bad guys. Therefore, we encourage folks to contact us about getting their IPs added to our whitelist. Our position on this has been clear and consistent. This will be my last communication on this topic since it does not further our work in this PDP. Sara sara bockey sr. policy manager | GoDaddy™ sbockey@godaddy.com<mailto:sbockey@godaddy.com> 480-366-3616 skype: sbockey This email message and any attachments hereto is intended for use only by the addressee(s) named herein and may contain confidential information. If you have received this email in error, please immediately notify the sender and permanently delete the original and any copy of this message and its attachments. From: gnso-rds-pdp-wg <gnso-rds-pdp-wg-bounces@icann.org> on behalf of "pkngrds@klos.net" <pkngrds@klos.net> Date: Sunday, February 18, 2018 at 8:09 AM To: "consult@cgomes.com" <consult@cgomes.com>, "pkngrds@klos.net" <pkngrds@klos.net> Cc: RDS-Leaders-List <gnso-next-gen-rds-lead@icann.org>, "gnso-rds-pdp-wg@icann.org" <gnso-rds-pdp-wg@icann.org> Subject: Re: [gnso-rds-pdp-wg] Krebs On Security article RE whois and GDRP On 2/18/2018 9:14 AM, consult@cgomes.com<mailto:consult@cgomes.com> wrote: Patrick, Let me first call attention to the fact that I cc’d the leadership team so that they can judge whether my suggestion was ridiculous or not. Let me call attention to the fact that I cc'd the entire list so the community can be involved in the conversation as well. (as you say "we all have to work collaboratively in this WG") I am not in a position to determine what the truth is in this situation, Well, I AM in such a position because IT HAPPENED TO ME. but, even if you are correct in your assessment, giving Sara a chance to respond to your strong accusation privately Big companies like GoDaddy will not respond privately - it's beneath them. Believe me, I've tried. If Sara was interested in responding to my claims, she has had every opportunity to do so, either privately or publicly. I have not heard a peep from her. would be much more respectful than making your accusation publicly. It's not an accusation - it's a statement of facts. I welcome Sara and/or GoDaddy to present any evidence to the contrary. Email communications are very easily misunderstood and/or poorly expressed. I do not know whether that is the case here or not; I am sure you do not believe that is the case, but giving her the benefit of the doubt and asking her to explain further privately would have been a much better approach in my opinion. As I said, I have no reason to believe she would respond to a private discussion of this matter. I have tried several time to discuss GoDaddy's port 43 restrictions with them and they would not respond to me. GoDaddy is too big to care about the opinions of a single anti-phishing anti-spam anti-abuse advocate that disagrees with GoDaddy's illegal restrictions on port 43 WHOIS. The fact is that we all have to work collaboratively in this WG. Which is why this should be discussed on the list as well. I know I'm not the only person on the list that feels this way. Patrick Klos Phishcop Admin Chuck From: pkngrds@klos.net<mailto:pkngrds@klos.net> [mailto:pkngrds@klos.net] Sent: Saturday, February 17, 2018 1:20 PM To: consult@cgomes.com<mailto:consult@cgomes.com> Subject: Re: [gnso-rds-pdp-wg] Krebs On Security article RE whois and GDRP On 2/17/2018 2:11 PM, consult@cgomes.com<mailto:consult@cgomes.com> wrote: Patrick, If you are going to specifically criticize a company by name, please do that directly with that company and not on this list. Chuck That's ridiculous. Sara Bockey, representing GoDaddy, made statements on the list that do not reflect the truth. It is my obligation to refute her claims publicly on the same forum her original statements were made. Patrick Klos Klos Technologies, Inc. and Phishcop Admin From: gnso-rds-pdp-wg [mailto:gnso-rds-pdp-wg-bounces@icann.org] On Behalf Of pkngrds@klos.net<mailto:pkngrds@klos.net> Sent: Friday, February 16, 2018 3:35 PM To: gnso-rds-pdp-wg@icann.org<mailto:gnso-rds-pdp-wg@icann.org> Subject: Re: [gnso-rds-pdp-wg] Krebs On Security article RE whois and GDRP On 2/16/2018 5:22 PM, Sara Bockey wrote: Not only is our decision to mask customer information in Port43 completely unrelated to GDPR, but it results directly from attacks by third parties who harvest and sell our customers’ personal information. I don't know what precipitated this conversation, but I will jump in here based on my actual experience. To say "it results directly from attacks by third parties who harvest and sell our customers’ personal information" is a complete lie! GoDaddy has blocked MANY IP addresses I've attempted to use port 43 WHOIS on with absolutely no due process! And I can say with absolute certainty that I and my IP addresses were not involved in any form of "attack(s) by third parties". But if I wanted to continue fighting phishing, spammers and other abuses without being forced to use GoDaddy's cumbersome web interface (with their stupid "I'm not a robot" and "Choose all the pictures that have a goldfish in them" games) to process each WHOIS request, I would have to give in to GoDaddy's illegal blocking (restricted WHOIS output) and sign their "whitelist request" to get myself back to business!!! Given the onslaught of spam and robo-calls our customers have been receiving – often within minutes of registering a domain name—we felt that action was required, if not overdue. I'm not sure I can see how port 43 WHOIS requests can be used to determine new domain registrations in the way you imply? Maybe you can share how that works?? WHOIS information is still very much available for any & all domain names via our web-based WHOIS tool, It may be available, but it's quite cumbersome and a waste of good peoples' time!! However, bulk access by anonymous users is no longer supported. I didn't know "bulk access by anonymous users" was ever a thing?!? If you were intent on blocking "bulk access", why should that have impacted port 43 WHOIS requests for single domains??? I also note that during this entire process, we have kept ICANN informed of both the attacks on our Port43 systems Please provide the evidence of my "attacks" that you've provided to ICANN to justify your restricting WHOIS data to any of my IP addresses. as well as our efforts to mitigate them. Our actions are justified and to imply otherwise is not only inaccurate but does nothing to move this PDP forward. Your actions were unilateral and (in my opinion) violated your registrar agreement(s) with ICANN. You're allowed to block ABUSIVE behavior, but you blocked many many requests with absolutely no evidence of abuse! How can you justify that??? Patrick Klos Phishcop Admin
Sara, You say: " This is impossible in an environment where Port 43 access is unregulated, and we can¹t distinguish legitimate users from bad guys. Therefore, we encourage folks to contact us about getting their IPs added to our whitelist." I find this difficult to swallow. With a white list program you can easily see the source of the traffic. As for the white list project the nature of the continued limitations show that there is no real intent to allow even the good guys to have access. Why are the Whitelist limitations so low? You are very clearly detracting from the ability of the security industry to do its work. I see no real reason for GD doing so other than (a) spite, or (b) wanting to create scarcity for economic reasons. Paul From: gnso-rds-pdp-wg <gnso-rds-pdp-wg-bounces@icann.org> on behalf of Sara Bockey <sbockey@godaddy.com> Date: Monday, February 19, 2018 at 9:03 PM To: "pkngrds@klos.net" <pkngrds@klos.net>, "consult@cgomes.com" <consult@cgomes.com> Cc: RDS-Leaders-List <gnso-next-gen-rds-lead@icann.org>, "gnso-rds-pdp-wg@icann.org" <gnso-rds-pdp-wg@icann.org> Subject: Re: [gnso-rds-pdp-wg] Krebs On Security article RE whois and GDRP
Patrick and WG members:
It is indeed true that our Port43 service is being attacked and our customer data is being harvested and abused. This is corroborated by numerous industry news reports and stories shared by our customers. Our first responsibility is to our customers, and to safeguard their personal information. This is impossible in an environment where Port 43 access is unregulated, and we can¹t distinguish legitimate users from bad guys. Therefore, we encourage folks to contact us about getting their IPs added to our whitelist.
Our position on this has been clear and consistent. This will be my last communication on this topic since it does not further our work in this PDP.
Sara
sara bockey sr. policy manager | GoDaddy sbockey@godaddy.com <mailto:sbockey@godaddy.com> 480-366-3616 skype: sbockey
This email message and any attachments hereto is intended for use only by the addressee(s) named herein and may contain confidential information. If you have received this email in error, please immediately notify the sender and permanently delete the original and any copy of this message and its attachments.
From: gnso-rds-pdp-wg <gnso-rds-pdp-wg-bounces@icann.org> on behalf of "pkngrds@klos.net" <pkngrds@klos.net> Date: Sunday, February 18, 2018 at 8:09 AM To: "consult@cgomes.com" <consult@cgomes.com>, "pkngrds@klos.net" <pkngrds@klos.net> Cc: RDS-Leaders-List <gnso-next-gen-rds-lead@icann.org>, "gnso-rds-pdp-wg@icann.org" <gnso-rds-pdp-wg@icann.org> Subject: Re: [gnso-rds-pdp-wg] Krebs On Security article RE whois and GDRP
On 2/18/2018 9:14 AM, consult@cgomes.com <mailto:consult@cgomes.com> wrote:
Patrick,
Let me first call attention to the fact that I cc¹d the leadership team so that they can judge whether my suggestion was ridiculous or not.
Let me call attention to the fact that I cc'd the entire list so the community can be involved in the conversation as well. (as you say "we all have to work collaboratively in this WG")
I am not in a position to determine what the truth is in this situation,
Well, I AM in such a position because IT HAPPENED TO ME.
but, even if you are correct in your assessment, giving Sara a chance to respond to your strong accusation privately
Big companies like GoDaddy will not respond privately - it's beneath them. Believe me, I've tried.
If Sara was interested in responding to my claims, she has had every opportunity to do so, either privately or publicly. I have not heard a peep from her.
would be much more respectful than making your accusation publicly.
It's not an accusation - it's a statement of facts. I welcome Sara and/or GoDaddy to present any evidence to the contrary.
Email communications are very easily misunderstood and/or poorly expressed. I do not know whether that is the case here or not; I am sure you do not believe that is the case, but giving her the benefit of the doubt and asking her to explain further privately would have been a much better approach in my opinion.
As I said, I have no reason to believe she would respond to a private discussion of this matter. I have tried several time to discuss GoDaddy's port 43 restrictions with them and they would not respond to me. GoDaddy is too big to care about the opinions of a single anti-phishing anti-spam anti-abuse advocate that disagrees with GoDaddy's illegal restrictions on port 43 WHOIS.
The fact is that we all have to work collaboratively in this WG.
Which is why this should be discussed on the list as well. I know I'm not the only person on the list that feels this way.
Patrick Klos Phishcop Admin
Chuck
From:pkngrds@klos.net <mailto:pkngrds@klos.net> [mailto:pkngrds@klos.net <mailto:pkngrds@klos.net> ] Sent: Saturday, February 17, 2018 1:20 PM To: consult@cgomes.com <mailto:consult@cgomes.com> Subject: Re: [gnso-rds-pdp-wg] Krebs On Security article RE whois and GDRP
On 2/17/2018 2:11 PM, consult@cgomes.com <mailto:consult@cgomes.com> wrote:
Patrick,
If you are going to specifically criticize a company by name, please do that directly with that company and not on this list.
Chuck
That's ridiculous.
Sara Bockey, representing GoDaddy, made statements on the list that do not reflect the truth. It is my obligation to refute her claims publicly on the same forum her original statements were made.
Patrick Klos Klos Technologies, Inc. and Phishcop Admin
From: gnso-rds-pdp-wg [mailto:gnso-rds-pdp-wg-bounces@icann.org <mailto:gnso-rds-pdp-wg-bounces@icann.org> ] On Behalf Of pkngrds@klos.net <mailto:pkngrds@klos.net> Sent: Friday, February 16, 2018 3:35 PM To: gnso-rds-pdp-wg@icann.org <mailto:gnso-rds-pdp-wg@icann.org> Subject: Re: [gnso-rds-pdp-wg] Krebs On Security article RE whois and GDRP
On 2/16/2018 5:22 PM, Sara Bockey wrote:
Not only is our decision to mask customer information in Port43 completely unrelated to GDPR, but it results directly from attacks by third parties who harvest and sell our customers¹ personal information.
I don't know what precipitated this conversation, but I will jump in here based on my actual experience.
To say "it results directly from attacks by third parties who harvest and sell our customers¹ personal information" is a complete lie!
GoDaddy has blocked MANY IP addresses I've attempted to use port 43 WHOIS on with absolutely no due process! And I can say with absolute certainty that I and my IP addresses were not involved in any form of "attack(s) by third parties".
But if I wanted to continue fighting phishing, spammers and other abuses without being forced to use GoDaddy's cumbersome web interface (with their stupid "I'm not a robot" and "Choose all the pictures that have a goldfish in them" games) to process each WHOIS request, I would have to give in to GoDaddy's illegal blocking (restricted WHOIS output) and sign their "whitelist request" to get myself back to business!!!
Given the onslaught of spam and robo-calls our customers have been receiving often within minutes of registering a domain namewe felt that action was required, if not overdue.
I'm not sure I can see how port 43 WHOIS requests can be used to determine new domain registrations in the way you imply? Maybe you can share how that works??
WHOIS information is still very much available for any & all domain names via our web-based WHOIS tool,
It may be available, but it's quite cumbersome and a waste of good peoples' time!!
However, bulk access by anonymous users is no longer supported.
I didn't know "bulk access by anonymous users" was ever a thing?!? If you were intent on blocking "bulk access", why should that have impacted port 43 WHOIS requests for single domains???
I also note that during this entire process, we have kept ICANN informed of both the attacks on our Port43 systems
Please provide the evidence of my "attacks" that you've provided to ICANN to justify your restricting WHOIS data to any of my IP addresses.
as well as our efforts to mitigate them. Our actions are justified and to imply otherwise is not only inaccurate but does nothing to move this PDP forward.
Your actions were unilateral and (in my opinion) violated your registrar agreement(s) with ICANN. You're allowed to block ABUSIVE behavior, but you blocked many many requests with absolutely no evidence of abuse! How can you justify that???
Patrick Klos Phishcop Admin
_______________________________________________ gnso-rds-pdp-wg mailing list gnso-rds-pdp-wg@icann.org https://mm.icann.org/mailman/listinfo/gnso-rds-pdp-wg
All, This is an issue involving a third party and its customers. It is NOT a topic that should be discussed on this WG list, so please end this thread. Chuck From: Paul Keating [mailto:Paul@law.es] Sent: Tuesday, February 20, 2018 3:29 AM To: Sara Bockey <sbockey@godaddy.com>; pkngrds@klos.net; consult@cgomes.com Cc: RDS-Leaders-List <gnso-next-gen-rds-lead@icann.org>; gnso-rds-pdp-wg@icann.org Subject: Re: [gnso-rds-pdp-wg] Krebs On Security article RE whois and GDRP Sara, You say: " This is impossible in an environment where Port 43 access is unregulated, and we can't distinguish legitimate users from bad guys. Therefore, we encourage folks to contact us about getting their IPs added to our whitelist." I find this difficult to swallow. With a white list program you can easily see the source of the traffic. As for the white list project - the nature of the continued limitations show that there is no real intent to allow even the good guys to have access. Why are the Whitelist limitations so low? You are very clearly detracting from the ability of the security industry to do its work. I see no real reason for GD doing so other than (a) spite, or (b) wanting to create scarcity for economic reasons. Paul From: gnso-rds-pdp-wg <gnso-rds-pdp-wg-bounces@icann.org <mailto:gnso-rds-pdp-wg-bounces@icann.org> > on behalf of Sara Bockey <sbockey@godaddy.com <mailto:sbockey@godaddy.com> > Date: Monday, February 19, 2018 at 9:03 PM To: "pkngrds@klos.net <mailto:pkngrds@klos.net> " <pkngrds@klos.net <mailto:pkngrds@klos.net> >, "consult@cgomes.com <mailto:consult@cgomes.com> " <consult@cgomes.com <mailto:consult@cgomes.com> > Cc: RDS-Leaders-List <gnso-next-gen-rds-lead@icann.org <mailto:gnso-next-gen-rds-lead@icann.org> >, "gnso-rds-pdp-wg@icann.org <mailto:gnso-rds-pdp-wg@icann.org> " <gnso-rds-pdp-wg@icann.org <mailto:gnso-rds-pdp-wg@icann.org> > Subject: Re: [gnso-rds-pdp-wg] Krebs On Security article RE whois and GDRP Patrick and WG members: It is indeed true that our Port43 service is being attacked and our customer data is being harvested and abused. This is corroborated by numerous industry news reports and stories shared by our customers. Our first responsibility is to our customers, and to safeguard their personal information. This is impossible in an environment where Port 43 access is unregulated, and we can't distinguish legitimate users from bad guys. Therefore, we encourage folks to contact us about getting their IPs added to our whitelist. Our position on this has been clear and consistent. This will be my last communication on this topic since it does not further our work in this PDP. Sara sara bockey sr. policy manager | GoDaddyT <mailto:sbockey@godaddy.com> sbockey@godaddy.com 480-366-3616 skype: sbockey This email message and any attachments hereto is intended for use only by the addressee(s) named herein and may contain confidential information. If you have received this email in error, please immediately notify the sender and permanently delete the original and any copy of this message and its attachments. From: gnso-rds-pdp-wg <gnso-rds-pdp-wg-bounces@icann.org <mailto:gnso-rds-pdp-wg-bounces@icann.org> > on behalf of "pkngrds@klos.net <mailto:pkngrds@klos.net> " <pkngrds@klos.net <mailto:pkngrds@klos.net> > Date: Sunday, February 18, 2018 at 8:09 AM To: "consult@cgomes.com <mailto:consult@cgomes.com> " <consult@cgomes.com <mailto:consult@cgomes.com> >, "pkngrds@klos.net <mailto:pkngrds@klos.net> " <pkngrds@klos.net <mailto:pkngrds@klos.net> > Cc: RDS-Leaders-List <gnso-next-gen-rds-lead@icann.org <mailto:gnso-next-gen-rds-lead@icann.org> >, "gnso-rds-pdp-wg@icann.org <mailto:gnso-rds-pdp-wg@icann.org> " <gnso-rds-pdp-wg@icann.org <mailto:gnso-rds-pdp-wg@icann.org> > Subject: Re: [gnso-rds-pdp-wg] Krebs On Security article RE whois and GDRP On 2/18/2018 9:14 AM, <mailto:consult@cgomes.com> consult@cgomes.com wrote: Patrick, Let me first call attention to the fact that I cc'd the leadership team so that they can judge whether my suggestion was ridiculous or not. Let me call attention to the fact that I cc'd the entire list so the community can be involved in the conversation as well. (as you say "we all have to work collaboratively in this WG") I am not in a position to determine what the truth is in this situation, Well, I AM in such a position because IT HAPPENED TO ME. but, even if you are correct in your assessment, giving Sara a chance to respond to your strong accusation privately Big companies like GoDaddy will not respond privately - it's beneath them. Believe me, I've tried. If Sara was interested in responding to my claims, she has had every opportunity to do so, either privately or publicly. I have not heard a peep from her. would be much more respectful than making your accusation publicly. It's not an accusation - it's a statement of facts. I welcome Sara and/or GoDaddy to present any evidence to the contrary. Email communications are very easily misunderstood and/or poorly expressed. I do not know whether that is the case here or not; I am sure you do not believe that is the case, but giving her the benefit of the doubt and asking her to explain further privately would have been a much better approach in my opinion. As I said, I have no reason to believe she would respond to a private discussion of this matter. I have tried several time to discuss GoDaddy's port 43 restrictions with them and they would not respond to me. GoDaddy is too big to care about the opinions of a single anti-phishing anti-spam anti-abuse advocate that disagrees with GoDaddy's illegal restrictions on port 43 WHOIS. The fact is that we all have to work collaboratively in this WG. Which is why this should be discussed on the list as well. I know I'm not the only person on the list that feels this way. Patrick Klos Phishcop Admin Chuck From: <mailto:pkngrds@klos.net> pkngrds@klos.net [ <mailto:pkngrds@klos.net> mailto:pkngrds@klos.net] Sent: Saturday, February 17, 2018 1:20 PM To: <mailto:consult@cgomes.com> consult@cgomes.com Subject: Re: [gnso-rds-pdp-wg] Krebs On Security article RE whois and GDRP On 2/17/2018 2:11 PM, <mailto:consult@cgomes.com> consult@cgomes.com wrote: Patrick, If you are going to specifically criticize a company by name, please do that directly with that company and not on this list. Chuck That's ridiculous. Sara Bockey, representing GoDaddy, made statements on the list that do not reflect the truth. It is my obligation to refute her claims publicly on the same forum her original statements were made. Patrick Klos Klos Technologies, Inc. and Phishcop Admin From: gnso-rds-pdp-wg [ <mailto:gnso-rds-pdp-wg-bounces@icann.org> mailto:gnso-rds-pdp-wg-bounces@icann.org] On Behalf Of <mailto:pkngrds@klos.net> pkngrds@klos.net Sent: Friday, February 16, 2018 3:35 PM To: <mailto:gnso-rds-pdp-wg@icann.org> gnso-rds-pdp-wg@icann.org Subject: Re: [gnso-rds-pdp-wg] Krebs On Security article RE whois and GDRP On 2/16/2018 5:22 PM, Sara Bockey wrote: Not only is our decision to mask customer information in Port43 completely unrelated to GDPR, but it results directly from attacks by third parties who harvest and sell our customers' personal information. I don't know what precipitated this conversation, but I will jump in here based on my actual experience. To say "it results directly from attacks by third parties who harvest and sell our customers' personal information" is a complete lie! GoDaddy has blocked MANY IP addresses I've attempted to use port 43 WHOIS on with absolutely no due process! And I can say with absolute certainty that I and my IP addresses were not involved in any form of "attack(s) by third parties". But if I wanted to continue fighting phishing, spammers and other abuses without being forced to use GoDaddy's cumbersome web interface (with their stupid "I'm not a robot" and "Choose all the pictures that have a goldfish in them" games) to process each WHOIS request, I would have to give in to GoDaddy's illegal blocking (restricted WHOIS output) and sign their "whitelist request" to get myself back to business!!! Given the onslaught of spam and robo-calls our customers have been receiving - often within minutes of registering a domain name-we felt that action was required, if not overdue. I'm not sure I can see how port 43 WHOIS requests can be used to determine new domain registrations in the way you imply? Maybe you can share how that works?? WHOIS information is still very much available for any & all domain names via our web-based WHOIS tool, It may be available, but it's quite cumbersome and a waste of good peoples' time!! However, bulk access by anonymous users is no longer supported. I didn't know "bulk access by anonymous users" was ever a thing?!? If you were intent on blocking "bulk access", why should that have impacted port 43 WHOIS requests for single domains??? I also note that during this entire process, we have kept ICANN informed of both the attacks on our Port43 systems Please provide the evidence of my "attacks" that you've provided to ICANN to justify your restricting WHOIS data to any of my IP addresses. as well as our efforts to mitigate them. Our actions are justified and to imply otherwise is not only inaccurate but does nothing to move this PDP forward. Your actions were unilateral and (in my opinion) violated your registrar agreement(s) with ICANN. You're allowed to block ABUSIVE behavior, but you blocked many many requests with absolutely no evidence of abuse! How can you justify that??? Patrick Klos Phishcop Admin _______________________________________________ gnso-rds-pdp-wg mailing list gnso-rds-pdp-wg@icann.org <mailto:gnso-rds-pdp-wg@icann.org> https://mm.icann.org/mailman/listinfo/gnso-rds-pdp-wg
Chuck, Am I to understand that the issue of what Registrars actually make available is NOT a subject of this WG? I thought that much of the previous threads were about the issue of GDPR restrictions vs restrictions that are self-imposed by Registrars. I am not trying to beat up upon GD here. I have been clear in making my concerns known that many members who largely are registrar reps have taken a very broad approach to what is and is not prohibited by the GDPR and I have continuously tried to counterbalance those comments. Respectfully, Paul From: <consult@cgomes.com> on behalf of <consult@cgomes.com> Date: Tuesday, February 20, 2018 at 12:34 PM To: Paul Keating <paul@law.es>, <pkngrds@klos.net> Cc: 'RDS-Leaders-List' <gnso-next-gen-rds-lead@icann.org>, <gnso-rds-pdp-wg@icann.org> Subject: RE: [gnso-rds-pdp-wg] Krebs On Security article RE whois and GDRP
All,
This is an issue involving a third party and its customers. It is NOT a topic that should be discussed on this WG list, so please end this thread.
Chuck
From: Paul Keating [mailto:Paul@law.es] Sent: Tuesday, February 20, 2018 3:29 AM To: Sara Bockey <sbockey@godaddy.com>; pkngrds@klos.net; consult@cgomes.com Cc: RDS-Leaders-List <gnso-next-gen-rds-lead@icann.org>; gnso-rds-pdp-wg@icann.org Subject: Re: [gnso-rds-pdp-wg] Krebs On Security article RE whois and GDRP
Sara,
You say:
" This is impossible in an environment where Port 43 access is unregulated, and we can¹t distinguish legitimate users from bad guys. Therefore, we encourage folks to contact us about getting their IPs added to our whitelist."
I find this difficult to swallow. With a white list program you can easily see the source of the traffic.
As for the white list project the nature of the continued limitations show that there is no real intent to allow even the good guys to have access.
Why are the Whitelist limitations so low?
You are very clearly detracting from the ability of the security industry to do its work. I see no real reason for GD doing so other than (a) spite, or (b) wanting to create scarcity for economic reasons.
Paul
From: gnso-rds-pdp-wg <gnso-rds-pdp-wg-bounces@icann.org> on behalf of Sara Bockey <sbockey@godaddy.com> Date: Monday, February 19, 2018 at 9:03 PM To: "pkngrds@klos.net" <pkngrds@klos.net>, "consult@cgomes.com" <consult@cgomes.com> Cc: RDS-Leaders-List <gnso-next-gen-rds-lead@icann.org>, "gnso-rds-pdp-wg@icann.org" <gnso-rds-pdp-wg@icann.org> Subject: Re: [gnso-rds-pdp-wg] Krebs On Security article RE whois and GDRP
Patrick and WG members:
It is indeed true that our Port43 service is being attacked and our customer data is being harvested and abused. This is corroborated by numerous industry news reports and stories shared by our customers. Our first responsibility is to our customers, and to safeguard their personal information. This is impossible in an environment where Port 43 access is unregulated, and we can¹t distinguish legitimate users from bad guys. Therefore, we encourage folks to contact us about getting their IPs added to our whitelist.
Our position on this has been clear and consistent. This will be my last communication on this topic since it does not further our work in this PDP.
Sara
sara bockey sr. policy manager | GoDaddy sbockey@godaddy.com <mailto:sbockey@godaddy.com> 480-366-3616 skype: sbockey
This email message and any attachments hereto is intended for use only by the addressee(s) named herein and may contain confidential information. If you have received this email in error, please immediately notify the sender and permanently delete the original and any copy of this message and its attachments.
From: gnso-rds-pdp-wg <gnso-rds-pdp-wg-bounces@icann.org> on behalf of "pkngrds@klos.net" <pkngrds@klos.net> Date: Sunday, February 18, 2018 at 8:09 AM To: "consult@cgomes.com" <consult@cgomes.com>, "pkngrds@klos.net" <pkngrds@klos.net> Cc: RDS-Leaders-List <gnso-next-gen-rds-lead@icann.org>, "gnso-rds-pdp-wg@icann.org" <gnso-rds-pdp-wg@icann.org> Subject: Re: [gnso-rds-pdp-wg] Krebs On Security article RE whois and GDRP
On 2/18/2018 9:14 AM, consult@cgomes.com <mailto:consult@cgomes.com> wrote:
Patrick,
Let me first call attention to the fact that I cc¹d the leadership team so that they can judge whether my suggestion was ridiculous or not.
Let me call attention to the fact that I cc'd the entire list so the community can be involved in the conversation as well. (as you say "we all have to work collaboratively in this WG")
I am not in a position to determine what the truth is in this situation,
Well, I AM in such a position because IT HAPPENED TO ME.
but, even if you are correct in your assessment, giving Sara a chance to respond to your strong accusation privately
Big companies like GoDaddy will not respond privately - it's beneath them. Believe me, I've tried.
If Sara was interested in responding to my claims, she has had every opportunity to do so, either privately or publicly. I have not heard a peep from her.
would be much more respectful than making your accusation publicly.
It's not an accusation - it's a statement of facts. I welcome Sara and/or GoDaddy to present any evidence to the contrary.
Email communications are very easily misunderstood and/or poorly expressed. I do not know whether that is the case here or not; I am sure you do not believe that is the case, but giving her the benefit of the doubt and asking her to explain further privately would have been a much better approach in my opinion.
As I said, I have no reason to believe she would respond to a private discussion of this matter. I have tried several time to discuss GoDaddy's port 43 restrictions with them and they would not respond to me. GoDaddy is too big to care about the opinions of a single anti-phishing anti-spam anti-abuse advocate that disagrees with GoDaddy's illegal restrictions on port 43 WHOIS.
The fact is that we all have to work collaboratively in this WG.
Which is why this should be discussed on the list as well. I know I'm not the only person on the list that feels this way.
Patrick Klos Phishcop Admin
Chuck
From:pkngrds@klos.net <mailto:pkngrds@klos.net> [mailto:pkngrds@klos.net <mailto:pkngrds@klos.net> ] Sent: Saturday, February 17, 2018 1:20 PM To: consult@cgomes.com <mailto:consult@cgomes.com> Subject: Re: [gnso-rds-pdp-wg] Krebs On Security article RE whois and GDRP
On 2/17/2018 2:11 PM, consult@cgomes.com <mailto:consult@cgomes.com> wrote:
Patrick,
If you are going to specifically criticize a company by name, please do that directly with that company and not on this list.
Chuck
That's ridiculous.
Sara Bockey, representing GoDaddy, made statements on the list that do not reflect the truth. It is my obligation to refute her claims publicly on the same forum her original statements were made.
Patrick Klos Klos Technologies, Inc. and Phishcop Admin
From: gnso-rds-pdp-wg [mailto:gnso-rds-pdp-wg-bounces@icann.org <mailto:gnso-rds-pdp-wg-bounces@icann.org> ] On Behalf Of pkngrds@klos.net <mailto:pkngrds@klos.net> Sent: Friday, February 16, 2018 3:35 PM To: gnso-rds-pdp-wg@icann.org <mailto:gnso-rds-pdp-wg@icann.org> Subject: Re: [gnso-rds-pdp-wg] Krebs On Security article RE whois and GDRP
On 2/16/2018 5:22 PM, Sara Bockey wrote:
Not only is our decision to mask customer information in Port43 completely unrelated to GDPR, but it results directly from attacks by third parties who harvest and sell our customers¹ personal information.
I don't know what precipitated this conversation, but I will jump in here based on my actual experience.
To say "it results directly from attacks by third parties who harvest and sell our customers¹ personal information" is a complete lie!
GoDaddy has blocked MANY IP addresses I've attempted to use port 43 WHOIS on with absolutely no due process! And I can say with absolute certainty that I and my IP addresses were not involved in any form of "attack(s) by third parties".
But if I wanted to continue fighting phishing, spammers and other abuses without being forced to use GoDaddy's cumbersome web interface (with their stupid "I'm not a robot" and "Choose all the pictures that have a goldfish in them" games) to process each WHOIS request, I would have to give in to GoDaddy's illegal blocking (restricted WHOIS output) and sign their "whitelist request" to get myself back to business!!!
Given the onslaught of spam and robo-calls our customers have been receiving often within minutes of registering a domain namewe felt that action was required, if not overdue.
I'm not sure I can see how port 43 WHOIS requests can be used to determine new domain registrations in the way you imply? Maybe you can share how that works??
WHOIS information is still very much available for any & all domain names via our web-based WHOIS tool,
It may be available, but it's quite cumbersome and a waste of good peoples' time!!
However, bulk access by anonymous users is no longer supported.
I didn't know "bulk access by anonymous users" was ever a thing?!? If you were intent on blocking "bulk access", why should that have impacted port 43 WHOIS requests for single domains???
I also note that during this entire process, we have kept ICANN informed of both the attacks on our Port43 systems
Please provide the evidence of my "attacks" that you've provided to ICANN to justify your restricting WHOIS data to any of my IP addresses.
as well as our efforts to mitigate them. Our actions are justified and to imply otherwise is not only inaccurate but does nothing to move this PDP forward.
Your actions were unilateral and (in my opinion) violated your registrar agreement(s) with ICANN. You're allowed to block ABUSIVE behavior, but you blocked many many requests with absolutely no evidence of abuse! How can you justify that???
Patrick Klos Phishcop Admin
_______________________________________________ gnso-rds-pdp-wg mailing list gnso-rds-pdp-wg@icann.org https://mm.icann.org/mailman/listinfo/gnso-rds-pdp-wg
No Paul. What registrars as a whole make available as RDS policy is definitely a subject for this WG. But registrar practices that individual registrars implement are not subjects for this WG; they are either ICANN compliance issues or matters between the applicable registrar and its customers. I appreciate and recognize that you have been very constructive and thank you for that. Chuck From: Paul Keating [mailto:Paul@law.es] Sent: Tuesday, February 20, 2018 3:56 AM To: consult@cgomes.com; pkngrds@klos.net Cc: 'RDS-Leaders-List' <gnso-next-gen-rds-lead@icann.org>; gnso-rds-pdp-wg@icann.org Subject: Re: [gnso-rds-pdp-wg] Krebs On Security article RE whois and GDRP Chuck, Am I to understand that the issue of what Registrars actually make available is NOT a subject of this WG? I thought that much of the previous threads were about the issue of GDPR restrictions vs restrictions that are self-imposed by Registrars. I am not trying to beat up upon GD here. I have been clear in making my concerns known that many members who largely are registrar reps have taken a very broad approach to what is and is not prohibited by the GDPR and I have continuously tried to counterbalance those comments. Respectfully, Paul From: <consult@cgomes.com <mailto:consult@cgomes.com> > on behalf of <consult@cgomes.com <mailto:consult@cgomes.com> > Date: Tuesday, February 20, 2018 at 12:34 PM To: Paul Keating <paul@law.es <mailto:paul@law.es> >, <pkngrds@klos.net <mailto:pkngrds@klos.net> > Cc: 'RDS-Leaders-List' <gnso-next-gen-rds-lead@icann.org <mailto:gnso-next-gen-rds-lead@icann.org> >, <gnso-rds-pdp-wg@icann.org <mailto:gnso-rds-pdp-wg@icann.org> > Subject: RE: [gnso-rds-pdp-wg] Krebs On Security article RE whois and GDRP All, This is an issue involving a third party and its customers. It is NOT a topic that should be discussed on this WG list, so please end this thread. Chuck From: Paul Keating [mailto:Paul@law.es] Sent: Tuesday, February 20, 2018 3:29 AM To: Sara Bockey <sbockey@godaddy.com <mailto:sbockey@godaddy.com> >; pkngrds@klos.net <mailto:pkngrds@klos.net> ; consult@cgomes.com <mailto:consult@cgomes.com> Cc: RDS-Leaders-List <gnso-next-gen-rds-lead@icann.org <mailto:gnso-next-gen-rds-lead@icann.org> >; gnso-rds-pdp-wg@icann.org <mailto:gnso-rds-pdp-wg@icann.org> Subject: Re: [gnso-rds-pdp-wg] Krebs On Security article RE whois and GDRP Sara, You say: " This is impossible in an environment where Port 43 access is unregulated, and we can't distinguish legitimate users from bad guys. Therefore, we encourage folks to contact us about getting their IPs added to our whitelist." I find this difficult to swallow. With a white list program you can easily see the source of the traffic. As for the white list project - the nature of the continued limitations show that there is no real intent to allow even the good guys to have access. Why are the Whitelist limitations so low? You are very clearly detracting from the ability of the security industry to do its work. I see no real reason for GD doing so other than (a) spite, or (b) wanting to create scarcity for economic reasons. Paul From: gnso-rds-pdp-wg <gnso-rds-pdp-wg-bounces@icann.org <mailto:gnso-rds-pdp-wg-bounces@icann.org> > on behalf of Sara Bockey <sbockey@godaddy.com <mailto:sbockey@godaddy.com> > Date: Monday, February 19, 2018 at 9:03 PM To: "pkngrds@klos.net <mailto:pkngrds@klos.net> " <pkngrds@klos.net <mailto:pkngrds@klos.net> >, "consult@cgomes.com <mailto:consult@cgomes.com> " <consult@cgomes.com <mailto:consult@cgomes.com> > Cc: RDS-Leaders-List <gnso-next-gen-rds-lead@icann.org <mailto:gnso-next-gen-rds-lead@icann.org> >, "gnso-rds-pdp-wg@icann.org <mailto:gnso-rds-pdp-wg@icann.org> " <gnso-rds-pdp-wg@icann.org <mailto:gnso-rds-pdp-wg@icann.org> > Subject: Re: [gnso-rds-pdp-wg] Krebs On Security article RE whois and GDRP Patrick and WG members: It is indeed true that our Port43 service is being attacked and our customer data is being harvested and abused. This is corroborated by numerous industry news reports and stories shared by our customers. Our first responsibility is to our customers, and to safeguard their personal information. This is impossible in an environment where Port 43 access is unregulated, and we can't distinguish legitimate users from bad guys. Therefore, we encourage folks to contact us about getting their IPs added to our whitelist. Our position on this has been clear and consistent. This will be my last communication on this topic since it does not further our work in this PDP. Sara sara bockey sr. policy manager | GoDaddyT <mailto:sbockey@godaddy.com> sbockey@godaddy.com 480-366-3616 skype: sbockey This email message and any attachments hereto is intended for use only by the addressee(s) named herein and may contain confidential information. If you have received this email in error, please immediately notify the sender and permanently delete the original and any copy of this message and its attachments. From: gnso-rds-pdp-wg <gnso-rds-pdp-wg-bounces@icann.org <mailto:gnso-rds-pdp-wg-bounces@icann.org> > on behalf of "pkngrds@klos.net <mailto:pkngrds@klos.net> " <pkngrds@klos.net <mailto:pkngrds@klos.net> > Date: Sunday, February 18, 2018 at 8:09 AM To: "consult@cgomes.com <mailto:consult@cgomes.com> " <consult@cgomes.com <mailto:consult@cgomes.com> >, "pkngrds@klos.net <mailto:pkngrds@klos.net> " <pkngrds@klos.net <mailto:pkngrds@klos.net> > Cc: RDS-Leaders-List <gnso-next-gen-rds-lead@icann.org <mailto:gnso-next-gen-rds-lead@icann.org> >, "gnso-rds-pdp-wg@icann.org <mailto:gnso-rds-pdp-wg@icann.org> " <gnso-rds-pdp-wg@icann.org <mailto:gnso-rds-pdp-wg@icann.org> > Subject: Re: [gnso-rds-pdp-wg] Krebs On Security article RE whois and GDRP On 2/18/2018 9:14 AM, <mailto:consult@cgomes.com> consult@cgomes.com wrote: Patrick, Let me first call attention to the fact that I cc'd the leadership team so that they can judge whether my suggestion was ridiculous or not. Let me call attention to the fact that I cc'd the entire list so the community can be involved in the conversation as well. (as you say "we all have to work collaboratively in this WG") I am not in a position to determine what the truth is in this situation, Well, I AM in such a position because IT HAPPENED TO ME. but, even if you are correct in your assessment, giving Sara a chance to respond to your strong accusation privately Big companies like GoDaddy will not respond privately - it's beneath them. Believe me, I've tried. If Sara was interested in responding to my claims, she has had every opportunity to do so, either privately or publicly. I have not heard a peep from her. would be much more respectful than making your accusation publicly. It's not an accusation - it's a statement of facts. I welcome Sara and/or GoDaddy to present any evidence to the contrary. Email communications are very easily misunderstood and/or poorly expressed. I do not know whether that is the case here or not; I am sure you do not believe that is the case, but giving her the benefit of the doubt and asking her to explain further privately would have been a much better approach in my opinion. As I said, I have no reason to believe she would respond to a private discussion of this matter. I have tried several time to discuss GoDaddy's port 43 restrictions with them and they would not respond to me. GoDaddy is too big to care about the opinions of a single anti-phishing anti-spam anti-abuse advocate that disagrees with GoDaddy's illegal restrictions on port 43 WHOIS. The fact is that we all have to work collaboratively in this WG. Which is why this should be discussed on the list as well. I know I'm not the only person on the list that feels this way. Patrick Klos Phishcop Admin Chuck From: <mailto:pkngrds@klos.net> pkngrds@klos.net [ <mailto:pkngrds@klos.net> mailto:pkngrds@klos.net] Sent: Saturday, February 17, 2018 1:20 PM To: <mailto:consult@cgomes.com> consult@cgomes.com Subject: Re: [gnso-rds-pdp-wg] Krebs On Security article RE whois and GDRP On 2/17/2018 2:11 PM, <mailto:consult@cgomes.com> consult@cgomes.com wrote: Patrick, If you are going to specifically criticize a company by name, please do that directly with that company and not on this list. Chuck That's ridiculous. Sara Bockey, representing GoDaddy, made statements on the list that do not reflect the truth. It is my obligation to refute her claims publicly on the same forum her original statements were made. Patrick Klos Klos Technologies, Inc. and Phishcop Admin From: gnso-rds-pdp-wg [ <mailto:gnso-rds-pdp-wg-bounces@icann.org> mailto:gnso-rds-pdp-wg-bounces@icann.org] On Behalf Of <mailto:pkngrds@klos.net> pkngrds@klos.net Sent: Friday, February 16, 2018 3:35 PM To: <mailto:gnso-rds-pdp-wg@icann.org> gnso-rds-pdp-wg@icann.org Subject: Re: [gnso-rds-pdp-wg] Krebs On Security article RE whois and GDRP On 2/16/2018 5:22 PM, Sara Bockey wrote: Not only is our decision to mask customer information in Port43 completely unrelated to GDPR, but it results directly from attacks by third parties who harvest and sell our customers' personal information. I don't know what precipitated this conversation, but I will jump in here based on my actual experience. To say "it results directly from attacks by third parties who harvest and sell our customers' personal information" is a complete lie! GoDaddy has blocked MANY IP addresses I've attempted to use port 43 WHOIS on with absolutely no due process! And I can say with absolute certainty that I and my IP addresses were not involved in any form of "attack(s) by third parties". But if I wanted to continue fighting phishing, spammers and other abuses without being forced to use GoDaddy's cumbersome web interface (with their stupid "I'm not a robot" and "Choose all the pictures that have a goldfish in them" games) to process each WHOIS request, I would have to give in to GoDaddy's illegal blocking (restricted WHOIS output) and sign their "whitelist request" to get myself back to business!!! Given the onslaught of spam and robo-calls our customers have been receiving - often within minutes of registering a domain name-we felt that action was required, if not overdue. I'm not sure I can see how port 43 WHOIS requests can be used to determine new domain registrations in the way you imply? Maybe you can share how that works?? WHOIS information is still very much available for any & all domain names via our web-based WHOIS tool, It may be available, but it's quite cumbersome and a waste of good peoples' time!! However, bulk access by anonymous users is no longer supported. I didn't know "bulk access by anonymous users" was ever a thing?!? If you were intent on blocking "bulk access", why should that have impacted port 43 WHOIS requests for single domains??? I also note that during this entire process, we have kept ICANN informed of both the attacks on our Port43 systems Please provide the evidence of my "attacks" that you've provided to ICANN to justify your restricting WHOIS data to any of my IP addresses. as well as our efforts to mitigate them. Our actions are justified and to imply otherwise is not only inaccurate but does nothing to move this PDP forward. Your actions were unilateral and (in my opinion) violated your registrar agreement(s) with ICANN. You're allowed to block ABUSIVE behavior, but you blocked many many requests with absolutely no evidence of abuse! How can you justify that??? Patrick Klos Phishcop Admin _______________________________________________ gnso-rds-pdp-wg mailing list gnso-rds-pdp-wg@icann.org <mailto:gnso-rds-pdp-wg@icann.org> https://mm.icann.org/mailman/listinfo/gnso-rds-pdp-wg
Ok, thanks. From: <consult@cgomes.com> on behalf of <consult@cgomes.com> Date: Tuesday, February 20, 2018 at 1:06 PM To: Paul Keating <paul@law.es>, <pkngrds@klos.net> Cc: 'RDS-Leaders-List' <gnso-next-gen-rds-lead@icann.org>, <gnso-rds-pdp-wg@icann.org> Subject: RE: [gnso-rds-pdp-wg] Krebs On Security article RE whois and GDRP
No Paul. What registrars as a whole make available as RDS policy is definitely a subject for this WG. But registrar practices that individual registrars implement are not subjects for this WG; they are either ICANN compliance issues or matters between the applicable registrar and its customers.
I appreciate and recognize that you have been very constructive and thank you for that.
Chuck
From: Paul Keating [mailto:Paul@law.es] Sent: Tuesday, February 20, 2018 3:56 AM To: consult@cgomes.com; pkngrds@klos.net Cc: 'RDS-Leaders-List' <gnso-next-gen-rds-lead@icann.org>; gnso-rds-pdp-wg@icann.org Subject: Re: [gnso-rds-pdp-wg] Krebs On Security article RE whois and GDRP
Chuck,
Am I to understand that the issue of what Registrars actually make available is NOT a subject of this WG? I thought that much of the previous threads were about the issue of GDPR restrictions vs restrictions that are self-imposed by Registrars.
I am not trying to beat up upon GD here. I have been clear in making my concerns known that many members who largely are registrar reps have taken a very broad approach to what is and is not prohibited by the GDPR and I have continuously tried to counterbalance those comments.
Respectfully,
Paul
From: <consult@cgomes.com> on behalf of <consult@cgomes.com> Date: Tuesday, February 20, 2018 at 12:34 PM To: Paul Keating <paul@law.es>, <pkngrds@klos.net> Cc: 'RDS-Leaders-List' <gnso-next-gen-rds-lead@icann.org>, <gnso-rds-pdp-wg@icann.org> Subject: RE: [gnso-rds-pdp-wg] Krebs On Security article RE whois and GDRP
All,
This is an issue involving a third party and its customers. It is NOT a topic that should be discussed on this WG list, so please end this thread.
Chuck
From: Paul Keating [mailto:Paul@law.es] Sent: Tuesday, February 20, 2018 3:29 AM To: Sara Bockey <sbockey@godaddy.com>; pkngrds@klos.net; consult@cgomes.com Cc: RDS-Leaders-List <gnso-next-gen-rds-lead@icann.org>; gnso-rds-pdp-wg@icann.org Subject: Re: [gnso-rds-pdp-wg] Krebs On Security article RE whois and GDRP
Sara,
You say:
" This is impossible in an environment where Port 43 access is unregulated, and we can¹t distinguish legitimate users from bad guys. Therefore, we encourage folks to contact us about getting their IPs added to our whitelist."
I find this difficult to swallow. With a white list program you can easily see the source of the traffic.
As for the white list project the nature of the continued limitations show that there is no real intent to allow even the good guys to have access.
Why are the Whitelist limitations so low?
You are very clearly detracting from the ability of the security industry to do its work. I see no real reason for GD doing so other than (a) spite, or (b) wanting to create scarcity for economic reasons.
Paul
From: gnso-rds-pdp-wg <gnso-rds-pdp-wg-bounces@icann.org> on behalf of Sara Bockey <sbockey@godaddy.com> Date: Monday, February 19, 2018 at 9:03 PM To: "pkngrds@klos.net" <pkngrds@klos.net>, "consult@cgomes.com" <consult@cgomes.com> Cc: RDS-Leaders-List <gnso-next-gen-rds-lead@icann.org>, "gnso-rds-pdp-wg@icann.org" <gnso-rds-pdp-wg@icann.org> Subject: Re: [gnso-rds-pdp-wg] Krebs On Security article RE whois and GDRP
Patrick and WG members:
It is indeed true that our Port43 service is being attacked and our customer data is being harvested and abused. This is corroborated by numerous industry news reports and stories shared by our customers. Our first responsibility is to our customers, and to safeguard their personal information. This is impossible in an environment where Port 43 access is unregulated, and we can¹t distinguish legitimate users from bad guys. Therefore, we encourage folks to contact us about getting their IPs added to our whitelist.
Our position on this has been clear and consistent. This will be my last communication on this topic since it does not further our work in this PDP.
Sara
sara bockey sr. policy manager | GoDaddy sbockey@godaddy.com <mailto:sbockey@godaddy.com> 480-366-3616 skype: sbockey
This email message and any attachments hereto is intended for use only by the addressee(s) named herein and may contain confidential information. If you have received this email in error, please immediately notify the sender and permanently delete the original and any copy of this message and its attachments.
From: gnso-rds-pdp-wg <gnso-rds-pdp-wg-bounces@icann.org> on behalf of "pkngrds@klos.net" <pkngrds@klos.net> Date: Sunday, February 18, 2018 at 8:09 AM To: "consult@cgomes.com" <consult@cgomes.com>, "pkngrds@klos.net" <pkngrds@klos.net> Cc: RDS-Leaders-List <gnso-next-gen-rds-lead@icann.org>, "gnso-rds-pdp-wg@icann.org" <gnso-rds-pdp-wg@icann.org> Subject: Re: [gnso-rds-pdp-wg] Krebs On Security article RE whois and GDRP
On 2/18/2018 9:14 AM, consult@cgomes.com <mailto:consult@cgomes.com> wrote:
Patrick,
Let me first call attention to the fact that I cc¹d the leadership team so that they can judge whether my suggestion was ridiculous or not.
Let me call attention to the fact that I cc'd the entire list so the community can be involved in the conversation as well. (as you say "we all have to work collaboratively in this WG")
I am not in a position to determine what the truth is in this situation,
Well, I AM in such a position because IT HAPPENED TO ME.
but, even if you are correct in your assessment, giving Sara a chance to respond to your strong accusation privately
Big companies like GoDaddy will not respond privately - it's beneath them. Believe me, I've tried.
If Sara was interested in responding to my claims, she has had every opportunity to do so, either privately or publicly. I have not heard a peep from her.
would be much more respectful than making your accusation publicly.
It's not an accusation - it's a statement of facts. I welcome Sara and/or GoDaddy to present any evidence to the contrary.
Email communications are very easily misunderstood and/or poorly expressed. I do not know whether that is the case here or not; I am sure you do not believe that is the case, but giving her the benefit of the doubt and asking her to explain further privately would have been a much better approach in my opinion.
As I said, I have no reason to believe she would respond to a private discussion of this matter. I have tried several time to discuss GoDaddy's port 43 restrictions with them and they would not respond to me. GoDaddy is too big to care about the opinions of a single anti-phishing anti-spam anti-abuse advocate that disagrees with GoDaddy's illegal restrictions on port 43 WHOIS.
The fact is that we all have to work collaboratively in this WG.
Which is why this should be discussed on the list as well. I know I'm not the only person on the list that feels this way.
Patrick Klos Phishcop Admin
Chuck
From:pkngrds@klos.net <mailto:pkngrds@klos.net> [mailto:pkngrds@klos.net <mailto:pkngrds@klos.net> ] Sent: Saturday, February 17, 2018 1:20 PM To: consult@cgomes.com <mailto:consult@cgomes.com> Subject: Re: [gnso-rds-pdp-wg] Krebs On Security article RE whois and GDRP
On 2/17/2018 2:11 PM, consult@cgomes.com <mailto:consult@cgomes.com> wrote:
Patrick,
If you are going to specifically criticize a company by name, please do that directly with that company and not on this list.
Chuck
That's ridiculous.
Sara Bockey, representing GoDaddy, made statements on the list that do not reflect the truth. It is my obligation to refute her claims publicly on the same forum her original statements were made.
Patrick Klos Klos Technologies, Inc. and Phishcop Admin
From: gnso-rds-pdp-wg [mailto:gnso-rds-pdp-wg-bounces@icann.org <mailto:gnso-rds-pdp-wg-bounces@icann.org> ] On Behalf Of pkngrds@klos.net <mailto:pkngrds@klos.net> Sent: Friday, February 16, 2018 3:35 PM To: gnso-rds-pdp-wg@icann.org <mailto:gnso-rds-pdp-wg@icann.org> Subject: Re: [gnso-rds-pdp-wg] Krebs On Security article RE whois and GDRP
On 2/16/2018 5:22 PM, Sara Bockey wrote:
Not only is our decision to mask customer information in Port43 completely unrelated to GDPR, but it results directly from attacks by third parties who harvest and sell our customers¹ personal information.
I don't know what precipitated this conversation, but I will jump in here based on my actual experience.
To say "it results directly from attacks by third parties who harvest and sell our customers¹ personal information" is a complete lie!
GoDaddy has blocked MANY IP addresses I've attempted to use port 43 WHOIS on with absolutely no due process! And I can say with absolute certainty that I and my IP addresses were not involved in any form of "attack(s) by third parties".
But if I wanted to continue fighting phishing, spammers and other abuses without being forced to use GoDaddy's cumbersome web interface (with their stupid "I'm not a robot" and "Choose all the pictures that have a goldfish in them" games) to process each WHOIS request, I would have to give in to GoDaddy's illegal blocking (restricted WHOIS output) and sign their "whitelist request" to get myself back to business!!!
Given the onslaught of spam and robo-calls our customers have been receiving often within minutes of registering a domain namewe felt that action was required, if not overdue.
I'm not sure I can see how port 43 WHOIS requests can be used to determine new domain registrations in the way you imply? Maybe you can share how that works??
WHOIS information is still very much available for any & all domain names via our web-based WHOIS tool,
It may be available, but it's quite cumbersome and a waste of good peoples' time!!
However, bulk access by anonymous users is no longer supported.
I didn't know "bulk access by anonymous users" was ever a thing?!? If you were intent on blocking "bulk access", why should that have impacted port 43 WHOIS requests for single domains???
I also note that during this entire process, we have kept ICANN informed of both the attacks on our Port43 systems
Please provide the evidence of my "attacks" that you've provided to ICANN to justify your restricting WHOIS data to any of my IP addresses.
as well as our efforts to mitigate them. Our actions are justified and to imply otherwise is not only inaccurate but does nothing to move this PDP forward.
Your actions were unilateral and (in my opinion) violated your registrar agreement(s) with ICANN. You're allowed to block ABUSIVE behavior, but you blocked many many requests with absolutely no evidence of abuse! How can you justify that???
Patrick Klos Phishcop Admin
_______________________________________________ gnso-rds-pdp-wg mailing list gnso-rds-pdp-wg@icann.org https://mm.icann.org/mailman/listinfo/gnso-rds-pdp-wg
Hi Sarah, I apologize for having sent the prior email to you in public, given Chuck¹s comment that it is off-topic. I should have sent it to you directly. Thank you, Sincerely, Paul Raynor Keating, Esq. Law.es <http://law.es/> Tel. +34 93 368 0247 (Spain) Tel. +44.7531.400.177 (UK) Tel. +1.415.937.0846 (US) Fax. (Europe) +34 93 396 0810 Fax. (US)(415) 358.4450 Skype: Prk-Spain email: Paul@law.es THE INFORMATION CONTAINED IN THIS E-MAIL IS CONFIDENTIAL AND MAY CONTAIN INFORMATION SUBJECT TO THE ATTORNEY/CLIENT OR WORK-PRODUCT PRIVILEGE. THE INFORMATION IS INTENDED ONLY FOR THE USE OF THE INDIVIDUAL OR ENTITY TO WHOM IT IS ADDRESSED. IF YOU ARE NOT THE INTENDED RECIPIENT, NO WAIVER OF PRIVILEGE IS MADE OR INTENDED AND YOU ARE REQUESTED TO PLEASE DELETE THE EMAIL AND ANY ATTACHMENTS. Circular 230 Disclosure: To assure compliance with Treasury Department rules governing tax practice, we hereby inform you that any advice contained herein (including in any attachment) (1) was not written or intended to be used, and cannot be used, by you or any taxpayer for the purpose of avoiding any penalties that may be imposed on you or any taxpayer and (2) may not be used or referred to by you or any other person in connection with promoting, marketing or recommending to another person any transaction or matter addressed herein. NOTHING CONTAINED IN THIS EMAIL SHALL CONSTITUTE THE FORMATION OF AN ATTORNEY/CLIENT RELATIONSHIP; SUCH A RELATIONSHIP MAY BE FORMED WITH THIS FIRM AND ATTORNEY ONLY BY SEPARATE FORMAL WRITTEN ENGAGEMENT AGREEMENT, WHICH THIS IS NOT. IN THE ABSENCE OF SUCH AN AGREEMENT, NOTHING CONTAINED HEREIN SHALL CONSTITUTE LEGAL ADVICE From: <consult@cgomes.com> on behalf of <consult@cgomes.com> Date: Tuesday, February 20, 2018 at 1:06 PM To: Paul Keating <paul@law.es>, <pkngrds@klos.net> Cc: 'RDS-Leaders-List' <gnso-next-gen-rds-lead@icann.org>, <gnso-rds-pdp-wg@icann.org> Subject: RE: [gnso-rds-pdp-wg] Krebs On Security article RE whois and GDRP
No Paul. What registrars as a whole make available as RDS policy is definitely a subject for this WG. But registrar practices that individual registrars implement are not subjects for this WG; they are either ICANN compliance issues or matters between the applicable registrar and its customers.
I appreciate and recognize that you have been very constructive and thank you for that.
Chuck
From: Paul Keating [mailto:Paul@law.es] Sent: Tuesday, February 20, 2018 3:56 AM To: consult@cgomes.com; pkngrds@klos.net Cc: 'RDS-Leaders-List' <gnso-next-gen-rds-lead@icann.org>; gnso-rds-pdp-wg@icann.org Subject: Re: [gnso-rds-pdp-wg] Krebs On Security article RE whois and GDRP
Chuck,
Am I to understand that the issue of what Registrars actually make available is NOT a subject of this WG? I thought that much of the previous threads were about the issue of GDPR restrictions vs restrictions that are self-imposed by Registrars.
I am not trying to beat up upon GD here. I have been clear in making my concerns known that many members who largely are registrar reps have taken a very broad approach to what is and is not prohibited by the GDPR and I have continuously tried to counterbalance those comments.
Respectfully,
Paul
From: <consult@cgomes.com> on behalf of <consult@cgomes.com> Date: Tuesday, February 20, 2018 at 12:34 PM To: Paul Keating <paul@law.es>, <pkngrds@klos.net> Cc: 'RDS-Leaders-Subject: RE: [gnso-rds-pdp-wg] Krebs On Security article RE whois and GDRP
All,
This is an issue involving a third party and its customers. It is NOT a topic that should be discussed on this WG list, so please end this thread.
Chuck
From: Paul Keating [mailto:Paul@law.es] Sent: Tuesday, February 20, 2018 3:29 AM To: Sara Bockey <sbockey@godaddy.com>; pkngrds@klos.net; consult@cgomes.com Cc: RDS-Leaders-List <gnso-next-gen-rds-lead@icann.org>; gnso-rds-pdp-wg@icann.org Subject: Re: [gnso-rds-pdp-wg] Krebs On Security article RE whois and GDRP
Sara,
You say:
" This is impossible in an environment where Port 43 access is unregulated, and we can¹t distinguish legitimate users from bad guys. Therefore, we encourage folks to contact us about getting their IPs added to our whitelist."
I find this difficult to swallow. With a white list program you can easily see the source of the traffic.
As for the white list project the nature of the continued limitations show that there is no real intent to allow even the good guys to have access.
Why are the Whitelist limitations so low?
You are very clearly detracting from the ability of the security industry to do its work. I see no real reason for GD doing so other than (a) spite, or (b) wanting to create scarcity for economic reasons.
Paul
From: gnso-rds-pdp-wg <gnso-rds-pdp-wg-bounces@icann.org> on behalf of Sara Bockey <sbockey@godaddy.com> Date: Monday, February 19, 2018 at 9:03 PM To: "pkngrds@klos.net" <pkngrds@klos.net>, "consult@cgomes.com" <consult@cgomes.com> Cc: RDS-Leaders-List <gnso-next-gen-rds-lead@icann.org>, "gnso-rds-pdp-wg@icann.org" <gnso-rds-pdp-wg@icann.org> Subject: Re: [gnso-rds-pdp-wg] Krebs On Security article RE whois and GDRP
Patrick and WG members:
It is indeed true that our Port43 service is being attacked and our customer data is being harvested and abused. This is corroborated by numerous industry news reports and stories shared by our customers. Our first responsibility is to our customers, and to safeguard their personal information. This is impossible in an environment where Port 43 access is unregulated, and we can¹t distinguish legitimate users from bad guys. Therefore, we encourage folks to contact us about getting their IPs added to our whitelist.
Our position on this has been clear and consistent. This will be my last communication on this topic since it does not further our work in this PDP.
Sara
sara bockey sr. policy manager | GoDaddy sbockey@godaddy.com <mailto:sbockey@godaddy.com> 480-366-3616 skype: sbockey
This email message and any attachments hereto is intended for use only by the addressee(s) named herein and may contain confidential information. If you have received this email in error, please immediately notify the sender and permanently delete the original and any copy of this message and its attachments.
From: gnso-rds-pdp-wg <gnso-rds-pdp-wg-bounces@icann.org> on behalf of "pkngrds@klos.net" <pkngrds@klos.net> Date: Sunday, February 18, 2018 at 8:09 AM To: "consult@cgomes.com" <consult@cgomes.com>, "pkngrds@klos.net" <pkngrds@klos.net> Cc: RDS-Leaders-List <gnso-next-gen-rds-lead@icann.org>, "gnso-rds-pdp-wg@icann.org" <gnso-rds-pdp-wg@icann.org> Subject: Re: [gnso-rds-pdp-wg] Krebs On Security article RE whois and GDRP
On 2/18/2018 9:14 AM, consult@cgomes.com <mailto:consult@cgomes.com> wrote:
Patrick,
Let me first call attention to the fact that I cc¹d the leadership team so that they can judge whether my suggestion was ridiculous or not.
Let me call attention to the fact that I cc'd the entire list so the community can be involved in the conversation as well. (as you say "we all have to work collaboratively in this WG")
I am not in a position to determine what the truth is in this situation,
Well, I AM in such a position because IT HAPPENED TO ME.
but, even if you are correct in your assessment, giving Sara a chance to respond to your strong accusation privately
Big companies like GoDaddy will not respond privately - it's beneath them. Believe me, I've tried.
If Sara was interested in responding to my claims, she has had every opportunity to do so, either privately or publicly. I have not heard a peep from her.
would be much more respectful than making your accusation publicly.
It's not an accusation - it's a statement of facts. I welcome Sara and/or GoDaddy to present any evidence to the contrary.
Email communications are very easily misunderstood and/or poorly expressed. I do not know whether that is the case here or not; I am sure you do not believe that is the case, but giving her the benefit of the doubt and asking her to explain further privately would have been a much better approach in my opinion.
As I said, I have no reason to believe she would respond to a private discussion of this matter. I have tried several time to discuss GoDaddy's port 43 restrictions with them and they would not respond to me. GoDaddy is too big to care about the opinions of a single anti-phishing anti-spam anti-abuse advocate that disagrees with GoDaddy's illegal restrictions on port 43 WHOIS.
The fact is that we all have to work collaboratively in this WG.
Which is why this should be discussed on the list as well. I know I'm not the only person on the list that feels this way.
Patrick Klos Phishcop Admin
Chuck
From:pkngrds@klos.net <mailto:pkngrds@klos.net> [mailto:pkngrds@klos.net <mailto:pkngrds@klos.net> ] Sent: Saturday, February 17, 2018 1:20 PM To: consult@cgomes.com <mailto:consult@cgomes.com> Subject: Re: [gnso-rds-pdp-wg] Krebs On Security article RE whois and GDRP
On 2/17/2018 2:11 PM, consult@cgomes.com <mailto:consult@cgomes.com> wrote:
Patrick,
If you are going to specifically criticize a company by name, please do that directly with that company and not on this list.
Chuck
That's ridiculous.
Sara Bockey, representing GoDaddy, made statements on the list that do not reflect the truth. It is my obligation to refute her claims publicly on the same forum her original statements were made.
Patrick Klos Klos Technologies, Inc. and Phishcop Admin
From: gnso-rds-pdp-wg [mailto:gnso-rds-pdp-wg-bounces@icann.org <mailto:gnso-rds-pdp-wg-bounces@icann.org> ] On Behalf Of pkngrds@klos.net <mailto:pkngrds@klos.net> Sent: Friday, February 16, 2018 3:35 PM To: gnso-rds-pdp-wg@icann.org <mailto:gnso-rds-pdp-wg@icann.org> Subject: Re: [gnso-rds-pdp-wg] Krebs On Security article RE whois and GDRP
On 2/16/2018 5:22 PM, Sara Bockey wrote:
Not only is our decision to mask customer information in Port43 completely unrelated to GDPR, but it results directly from attacks by third parties who harvest and sell our customers¹ personal information.
I don't know what precipitated this conversation, but I will jump in here based on my actual experience.
To say "it results directly from attacks by third parties who harvest and sell our customers¹ personal information" is a complete lie!
GoDaddy has blocked MANY IP addresses I've attempted to use port 43 WHOIS on with absolutely no due process! And I can say with absolute certainty that I and my IP addresses were not involved in any form of "attack(s) by third parties".
But if I wanted to continue fighting phishing, spammers and other abuses without being forced to use GoDaddy's cumbersome web interface (with their stupid "I'm not a robot" and "Choose all the pictures that have a goldfish in them" games) to process each WHOIS request, I would have to give in to GoDaddy's illegal blocking (restricted WHOIS output) and sign their "whitelist request" to get myself back to business!!!
Given the onslaught of spam and robo-calls our customers have been receiving often within minutes of registering a domain namewe felt that action was required, if not overdue.
I'm not sure I can see how port 43 WHOIS requests can be used to determine new domain registrations in the way you imply? Maybe you can share how that works??
WHOIS information is still very much available for any & all domain names via our web-based WHOIS tool,
It may be available, but it's quite cumbersome and a waste of good peoples' time!!
However, bulk access by anonymous users is no longer supported.
I didn't know "bulk access by anonymous users" was ever a thing?!? If you were intent on blocking "bulk access", why should that have impacted port 43 WHOIS requests for single domains???
I also note that during this entire process, we have kept ICANN informed of both the attacks on our Port43 systems
Please provide the evidence of my "attacks" that you've provided to ICANN to justify your restricting WHOIS data to any of my IP addresses.
as well as our efforts to mitigate them. Our actions are justified and to imply otherwise is not only inaccurate but does nothing to move this PDP forward.
Your actions were unilateral and (in my opinion) violated your registrar agreement(s) with ICANN. You're allowed to block ABUSIVE behavior, but you blocked many many requests with absolutely no evidence of abuse! How can you justify that???
Patrick Klos Phishcop Admin
_______________________________________________ gnso-rds-pdp-wg mailing list gnso-rds-pdp-wg@icann.org https://mm.icann.org/mailman/listinfo/gnso-rds-pdp-wg
participants (7)
-
allison nixon -
consult@cgomes.com -
John Bambenek -
Paul Keating -
pkngrds@klos.net -
Sara Bockey -
Volker Greimann