hi George, Whether that domain has active MX records was not really germane to my larger point. Let's use another example of a domain I just researched on the NAF site: <XXXXXXXXXXXX.top> (I redacted the second level domain); if you want to research the specific domain on the NAF website, it is Case Number: 1621938 This domain: 1) was registered on May 23, 2015; 2) was suspended on June 21, 2015; 3) had its Whois updated on March 28, 2017; 4) is still registered, and not set to expire until May 23, 2018; 5) is still sponsored by the same registrar (that appears in the URS decision); 6) is still registered to the same registrant (that appears in the URS decision); 7) the registrant has control over the Name Servers, i.e. the Name Servers are a well known 3rd party, and not associated the NAF's servers; 8) the Whois reflects the domain status is: "Domain Status: ok https://icann.org/epp#OK"; 9) the domain is offered for sale online for $1000. Going back to Jon's original question (which I agree with), I think we need to make an assessment on 1) to what extent does the URS permit renewal and/or continued use of a previously suspended domain, and 2) to what extent is renewal and/or continued use of a previously suspended domain consistent with the intended purpose of the URS; and 3) to the extent it is inconsistent, whether any policy recommendations should be implemented to address the inconsistency. Best regards, Claudio On Tue, Dec 5, 2017 at 6:30 PM, George Kirikos <icann@leap.com> wrote:
Hi Claudio,
On Tue, Dec 5, 2017 at 6:17 PM, claudio di gangi <ipcdigangi@gmail.com> wrote:
I referred to the Chrome browser display as evidence that it was in fact renewed (you are correct though, there doesn't appear to be another phishing site back up and running at the moment, with that said I didn't check the MX records to see if email was being exploited)...although there is nothing in the URS policy that prevents that from happening as far I as understand.
The Chrome browser "evidence" is not proof of anything, except that Chrome is intercepting the domain name before it attempts to resolve a site. WHOIS is better evidence. There'd be no MX records at present given the name appears to not even be in the zone file, i.e. do a "dig EXAMPLE.COM NS" but change "EXAMPLE.COM to the relevant domain name --- no nameservers at present. Also, even if the name was in the zone file, it would have adrforum.com (NAF) namesevers, i.e. from WHOIS:
Name Server: ursns1.adrforum.com Name Server: ursns2.adrforum.com
So it would presumably have the same URS Suspension webpage, had it been resolving, and presumably NAF isn't exploiting incoming emails to suspended domains.
Sincerely,
George Kirikos 416-588-0269 http://www.leap.com/ _______________________________________________ gnso-rpm-wg mailing list gnso-rpm-wg@icann.org https://mm.icann.org/mailman/listinfo/gnso-rpm-wg