hi George,

Whether that domain has active MX records was not really germane to my larger point. 

Let's use another example of a domain I just researched on the NAF site:

<XXXXXXXXXXXX.top>  (I redacted the second level domain); if you want to research the specific domain on the NAF website, it is Case Number: 1621938

This domain: 1) was registered on May 23, 2015; 2) was suspended on June 21, 2015; 3) had its Whois updated on March 28, 2017; 4) is still registered, and not set to expire until May 23, 2018; 
5) is still sponsored by the same registrar (that appears in the URS decision); 6) is still registered to the same registrant (that appears in the URS decision); 7) the registrant has control over the Name Servers, i.e. the Name Servers are a well known 3rd party, and not associated the NAF's servers; 8) the Whois reflects the domain status is: "Domain Status: ok https://icann.org/epp#OK"; 9) the domain is offered for sale online for $1000.

Going back to Jon's original question (which I agree with), I think we need to make an assessment on 1) to what extent does the URS permit renewal and/or continued use of a previously suspended domain, and 2) to what extent is renewal and/or continued use of a previously suspended domain consistent with the intended purpose of the URS; and 3) to the extent it is inconsistent, whether any policy recommendations should be implemented to address the inconsistency.

Best regards,
Claudio


On Tue, Dec 5, 2017 at 6:30 PM, George Kirikos <icann@leap.com> wrote:
Hi Claudio,

On Tue, Dec 5, 2017 at 6:17 PM, claudio di gangi <ipcdigangi@gmail.com> wrote:
> I referred to the Chrome browser display as evidence that it was in fact
> renewed (you are correct though, there doesn't appear to be another phishing
> site back up and running at the moment, with that said I didn't check the MX
> records to see if email was being exploited)...although there is nothing in
> the URS policy that prevents that from happening as far I as understand.

The Chrome browser "evidence" is not proof of anything, except that
Chrome is intercepting the domain name before it attempts to  resolve
a site. WHOIS is better evidence. There'd be no MX records at present
given the name appears to not even be in the zone file, i.e. do a "dig
EXAMPLE.COM NS" but change "EXAMPLE.COM to the relevant domain name
--- no nameservers at present. Also, even if the name was in the zone
file, it would have adrforum.com (NAF) namesevers, i.e. from WHOIS:

>> Name Server: ursns1.adrforum.com
>> Name Server: ursns2.adrforum.com

So it would presumably have the same URS Suspension webpage, had it
been resolving, and presumably NAF isn't exploiting incoming emails to
suspended domains.

Sincerely,

George Kirikos
416-588-0269
http://www.leap.com/
_______________________________________________
gnso-rpm-wg mailing list
gnso-rpm-wg@icann.org
https://mm.icann.org/mailman/listinfo/gnso-rpm-wg