Re: [NA-Discuss] Domain-name abuse proliferates; rogue registrars turn a blind eye
Ross, I have to concur with Danny. This is a significant part of the overall problem and has been pushed to the side over and over, even when true solutions have been offered, solutions that wont increase the cost of domains or the cost of doing business. Your reasoning on this also fails the logic test as if you are suggesting it is pointless also to verify credit card numbers. I can understand why Registrars would not want to verify their customer information because it presents an obstacle to criminals who buy thousands of domains anonymously. Verification complicates their current business model and income flow. However, by dismissing discussion of solution we are catering people who abuse the system. -Garth ------------------------------------- Collect, analyze, enforce, repeat... Garth Bruen gbruen@knujon.com http://www.knujon.com http://www.linkedin.com/pub/4/149/724 Tentative Presentations: Global Cyber Security Expo http://cyberexpo.memphis.edu/
-------- Original Message -------- Subject: Re: [NA-Discuss] Domain-name abuse proliferates; rogue registrars turn a blind eye From: Danny Younger <dannyyounger@yahoo.com> Date: Mon, September 14, 2009 10:55 am To: Ross Rader <ross@tucows.com> Cc: NA Discuss <na-discuss@atlarge-lists.icann.org> Hi Ross, I view time-of-registration contact data verification as a matter that is in the public interest. I tend to place the public interest ahead of registrar self-interest. As a community we have to ask ourselves if ICANN is doing enough to make sure that contact data is reasonably accurate. At the moment such data isn't as accurate as it could be, and clearly more could be done. This is not an unreasonable step to take, and will certainly result in some degree of improved accuracy. What harm to the public interest do you believe would accrue if such a policy was put in place? regards, Danny --- On Mon, 9/14/09, Ross Rader <ross@tucows.com> wrote:
From: Ross Rader <ross@tucows.com> Subject: Re: [NA-Discuss] Domain-name abuse proliferates; rogue registrars turn a blind eye To: "Danny Younger" <dannyyounger@yahoo.com> Cc: "NA Discuss" <na-discuss@atlarge-lists.icann.org> Date: Monday, September 14, 2009, 9:44 AM
On Sep 14, 2009, at 9:11 AM, Danny Younger wrote:
Time-of-registration-whois-verification is a policy that is long overdue. Is the at-large prepared to bring this issue forward?
I encourage you to be thoughtful about the issues as you bring this forward.
What I mean is, try and take some time to think about the actual issue vs. a prescription. Whois data verification pre-registration will be exactly as useful as credit card billing information verification at the time of registration (which is, in my opinion, not very - the bad guys have all the data they need to pass most verification schemes).
Framing up the issue in terms of the problem (as opposed to the solution) will help focus the discussion on a range of outcomes, rather than focusing it on an already overloaded and contentious framework (whois).
/r
------ NA-Discuss mailing list NA-Discuss@atlarge-lists.icann.org http://atlarge-lists.icann.org/mailman/listinfo/na-discuss_atlarge-lists.ica... Visit the NARALO online at http://www.naralo.org ------
I wasn't taking a position with my note. Not sure why you are making such an assumption. Plainly, this is good old fashioned procedural advice from someone who has been there. I'm simply saying that if you are worried about preventing criminals from registering tons of domains as the article describes, then the policy discussion will have to be broader than what Danny's prescription allows. If you are interested in more accurate whois, then Danny's prescription will be just fine. My assumption is that the public interest will be better served by dealing more broadly with the issue and is rooted in the observation that many times Visa has a hard time verifying whether or not it is a cardholder presenting data or if its a criminal posing as the cardholder. On Sep 14, 2009, at 11:02 AM, Garth Bruen at KnujOn wrote:
Ross,
I have to concur with Danny. This is a significant part of the overall problem and has been pushed to the side over and over, even when true solutions have been offered, solutions that wont increase the cost of domains or the cost of doing business.
Your reasoning on this also fails the logic test as if you are suggesting it is pointless also to verify credit card numbers.
I can understand why Registrars would not want to verify their customer information because it presents an obstacle to criminals who buy thousands of domains anonymously. Verification complicates their current business model and income flow. However, by dismissing discussion of solution we are catering people who abuse the system.
-Garth
------------------------------------- Collect, analyze, enforce, repeat...
Garth Bruen gbruen@knujon.com http://www.knujon.com http://www.linkedin.com/pub/4/149/724
Tentative Presentations: Global Cyber Security Expo http://cyberexpo.memphis.edu/
-------- Original Message -------- Subject: Re: [NA-Discuss] Domain-name abuse proliferates; rogue registrars turn a blind eye From: Danny Younger <dannyyounger@yahoo.com> Date: Mon, September 14, 2009 10:55 am To: Ross Rader <ross@tucows.com> Cc: NA Discuss <na-discuss@atlarge-lists.icann.org> Hi Ross, I view time-of-registration contact data verification as a matter that is in the public interest. I tend to place the public interest ahead of registrar self-interest. As a community we have to ask ourselves if ICANN is doing enough to make sure that contact data is reasonably accurate. At the moment such data isn't as accurate as it could be, and clearly more could be done. This is not an unreasonable step to take, and will certainly result in some degree of improved accuracy. What harm to the public interest do you believe would accrue if such a policy was put in place? regards, Danny --- On Mon, 9/14/09, Ross Rader <ross@tucows.com> wrote:
From: Ross Rader <ross@tucows.com> Subject: Re: [NA-Discuss] Domain-name abuse proliferates; rogue registrars turn a blind eye To: "Danny Younger" <dannyyounger@yahoo.com> Cc: "NA Discuss" <na-discuss@atlarge-lists.icann.org> Date: Monday, September 14, 2009, 9:44 AM
On Sep 14, 2009, at 9:11 AM, Danny Younger wrote:
Time-of-registration-whois-verification is a policy that is long overdue. Is the at-large prepared to bring this issue forward?
I encourage you to be thoughtful about the issues as you bring this forward.
What I mean is, try and take some time to think about the actual issue vs. a prescription. Whois data verification pre-registration will be exactly as useful as credit card billing information verification at the time of registration (which is, in my opinion, not very - the bad guys have all the data they need to pass most verification schemes).
Framing up the issue in terms of the problem (as opposed to the solution) will help focus the discussion on a range of outcomes, rather than focusing it on an already overloaded and contentious framework (whois).
/r
------ NA-Discuss mailing list NA-Discuss@atlarge-lists.icann.org http://atlarge-lists.icann.org/mailman/listinfo/na-discuss_atlarge-lists.ica... Visit the NARALO online at http://www.naralo.org ------
best, Ross Rader General Manager, Hover t. (408) 538-0441 The Easiest Way To Buy and Use Your Domain Names http://www.hover.com Check out our blog at: http://stuff.hover.com Hover on Twitter: http://about.hover.com/twitter Check my availability at: http://rossrader.com/available ..sent from my phone
Ross Rader wrote:
I wasn't taking a position with my note. Not sure why you are making such an assumption.
Plainly, this is good old fashioned procedural advice from someone who has been there.
I'm simply saying that if you are worried about preventing criminals from registering tons of domains as the article describes, then the policy discussion will have to be broader than what Danny's prescription allows. If you are interested in more accurate whois, then Danny's prescription will be just fine. My assumption is that the public interest will be better served by dealing more broadly with the issue and is rooted in the observation that many times Visa has a hard time verifying whether or not it is a cardholder presenting data or if its a criminal posing as the cardholder.
You're mixing two distinct issues -- the accuracy of data and the legitimacy of its ownership. At least the credit card companies know whether it's an accurate card, by making sure than the name, number, expiry and CVV match. They can verify accuracy of the data, their problem is whether the presenter is the legitimate owner of the data. There are two parts to this -- accuracy and legitimate ownership. Both are necessary. But there's no point in establishing legitimacy if the data isn't accurate. So it's reasonable to tackle the accuracy issue first. Sure, someone could put the exact address of Wrigley Field as their WHOIS contact information and that would pass the accuracy test; but there are ways to ensure that the data entered belongs to its presenter. Even automated mailing lists can send verification emails for subscription requests, and don't validate the request until the mail is answered. Google uses a more elaborate method, that involves postal mail, to verify the legitimacy of businesses wanting to be located on Google Map requests. It's not enough to give a proper address; you actually have to be able to receive mail there. And I'm sure there are even more elaborate methods... but the fact exists that we're not doing ANY of this now. I believe that we have a really good idea of what needs to be done. If I'm wrong that's fine, but please make your case if otherwise. - Evan
Last message on this from me - On Sep 14, 2009, at 11:55 AM, Evan Leibovitch wrote:
I believe that we have a really good idea of what needs to be done. If I'm wrong that's fine, but please make your case if otherwise
This is sort of my point. An exchange of two or three emails doesn't lead to "a really good idea of what needs to be done". I'm just saying a policy development exercise predicated on the notion of reducing criminal use of domains is going to get a lot more traction and lead to better results than one predicated on the notion of making whois data more accurate. If you go into this telling everyone how things ought to be done before even having a discussion about what the problem is, then I don't think you are going to get what you want from the process, at least not in any long-term sense. /ross
Ross Rader wrote:
An exchange of two or three emails doesn't lead to "a really good idea of what needs to be done".
And At-Large has been at this for a very long time. I believe that it has already identified WHOIS accuracy as a necessary -- if not complete -- part of the solution. Danny's original question was on tactics, not strategy. If we stay in the theoretical forever we get nothing done -- which is what's been happening. Eventually we need to define specific fixes. - Evan
I certainly agree with Danny, Garth and Evan that the Whois issue needs to be addressed, but I also agree with Ross that we need to address the larger policy issues as well. Gareth On 14-Sep-09, at 9:10 AM, Evan Leibovitch wrote:
Ross Rader wrote:
An exchange of two or three emails doesn't lead to "a really good idea of what needs to be done".
And At-Large has been at this for a very long time.
I believe that it has already identified WHOIS accuracy as a necessary -- if not complete -- part of the solution. Danny's original question was on tactics, not strategy.
If we stay in the theoretical forever we get nothing done -- which is what's been happening. Eventually we need to define specific fixes.
- Evan
------ NA-Discuss mailing list NA-Discuss@atlarge-lists.icann.org http://atlarge-lists.icann.org/mailman/listinfo/na-discuss_atlarge-lists.ica...
Visit the NARALO online at http://www.naralo.org ------
I support this. No one (among us in any case) is likely to advocate WHOIS inaccuracy, but putting efforts on addressing or at least identifying the real targets is crucially important. As I get deeper into the Post Expiration Domain Name Recovery issue, it is becoming apparent that earlier attempts to address the problem not only did not fix the problem, but may have in fact worsened it. I attribute this to some degree because they were trying to fix a symptom and not address the long-term needs. Alan At 14/09/2009 02:10 PM, Gareth Shearman wrote:
I certainly agree with Danny, Garth and Evan that the Whois issue needs to be addressed, but I also agree with Ross that we need to address the larger policy issues as well.
Gareth
On 14-Sep-09, at 9:10 AM, Evan Leibovitch wrote:
Ross Rader wrote:
An exchange of two or three emails doesn't lead to "a really good idea of what needs to be done".
And At-Large has been at this for a very long time.
I believe that it has already identified WHOIS accuracy as a necessary -- if not complete -- part of the solution. Danny's original question was on tactics, not strategy.
If we stay in the theoretical forever we get nothing done -- which is what's been happening. Eventually we need to define specific fixes.
- Evan
------ NA-Discuss mailing list NA-Discuss@atlarge-lists.icann.org
http://atlarge-lists.icann.org/mailman/listinfo/na-discuss_atlarge-lists.ica...
Visit the NARALO online at http://www.naralo.org ------
------ NA-Discuss mailing list NA-Discuss@atlarge-lists.icann.org http://atlarge-lists.icann.org/mailman/listinfo/na-discuss_atlarge-lists.ica...
Visit the NARALO online at http://www.naralo.org ------
Alan Greenberg wrote:
I support this. No one (among us in any case) is likely to advocate WHOIS inaccuracy,
You didn't really think I'd let that pass? I do not advocate WHOIS accuracy, as I believe it focuses on the wrong points in the chain of accountability. I support "inaccuracy" as one way among many of maintaining privacy or anonymity in domain registration. --Wendy -- Wendy Seltzer -- wendy@seltzer.org Fellow, Silicon Flatirons Center at University of Colorado Law School Fellow, Berkman Center for Internet & Society at Harvard University http://cyber.law.harvard.edu/seltzer.html http://www.chillingeffects.org/ https://www.torproject.org/
At 14/09/2009 02:42 PM, Wendy Seltzer wrote:
Alan Greenberg wrote:
I support this. No one (among us in any case) is likely to advocate WHOIS inaccuracy,
You didn't really think I'd let that pass? I do not advocate WHOIS accuracy, as I believe it focuses on the wrong points in the chain of accountability. I support "inaccuracy" as one way among many of maintaining privacy or anonymity in domain registration.
I tend to think of that as obfuscation rather than inaccuracy. But with the same result I guess. Alan
Wendy, I note that you have recently joined the NCUC and that quite a few folk from the NCUC have already nominated you to serve on the GNSO. Should this come to pass, I am sure that the GNSO will be well served by your contributions. I do have one concern... if you post to this list in the future could you perhaps tell us which "hat" you are wearing when comments are made? I understand that others in the ALAC wear multiple hats (Sebastien served as the BC's Secretariat at one point), and that we have become accustomed to constituency members acting in multiple venues... but I will admit to being rather uncomfortable with the practice (as it serves to greatly blur the distinction between the at-large community and other ICANN communities). Best wishes, Danny --- On Mon, 9/14/09, Wendy Seltzer <wendy@seltzer.com> wrote:
From: Wendy Seltzer <wendy@seltzer.com> Subject: Re: [NA-Discuss] Domain-name abuse proliferates; rogue registrars turn a blind eye To: "NA Discuss" <na-discuss@atlarge-lists.icann.org> Date: Monday, September 14, 2009, 2:42 PM Alan Greenberg wrote:
I support this. No one (among us in any case) is likely to advocate WHOIS inaccuracy,
You didn't really think I'd let that pass? I do not advocate WHOIS accuracy, as I believe it focuses on the wrong points in the chain of accountability. I support "inaccuracy" as one way among many of maintaining privacy or anonymity in domain registration.
--Wendy
-- Wendy Seltzer -- wendy@seltzer.org Fellow, Silicon Flatirons Center at University of Colorado Law School Fellow, Berkman Center for Internet & Society at Harvard University http://cyber.law.harvard.edu/seltzer.html http://www.chillingeffects.org/ https://www.torproject.org/
------ NA-Discuss mailing list NA-Discuss@atlarge-lists.icann.org http://atlarge-lists.icann.org/mailman/listinfo/na-discuss_atlarge-lists.ica...
Visit the NARALO online at http://www.naralo.org ------
I'm simply saying that if you are worried about preventing criminals from registering tons of domains as the article describes, then the policy discussion will have to be broader than what Danny's prescription allows.
Personally, I think that the registrar should send a verification code to the paper mailing address provided by the registrant, and not activate the domain until the registrant receives the code and shows (probably by web or email response) that he or she has received it. I realize this would make the registration process considerably slower and somewhat more expensive, but I see no public interest reason why that's a bad thing. R's, John
At 14/09/2009 07:46 PM, John R. Levine wrote:
I'm simply saying that if you are worried about preventing criminals from registering tons of domains as the article describes, then the policy discussion will have to be broader than what Danny's prescription allows.
Personally, I think that the registrar should send a verification code to the paper mailing address provided by the registrant, and not activate the domain until the registrant receives the code and shows (probably by web or email response) that he or she has received it.
I realize this would make the registration process considerably slower and somewhat more expensive, but I see no public interest reason why that's a bad thing.
R's, John
I would guess that this would only need to be done for new Registrar:Registrant relationships. Once such a trust relationship is established (perhaps periodically renewable) additional registrations would not need to go through the process, thereby significantly reducing the potential impact. However, it is unclear if this could be effectively implemented in parts of the world with inadequate paper-mail capabilities. Alan
Personally, I think that the registrar should send a verification code to the paper mailing address provided by the registrant, and not activate the domain until the registrant receives the code and shows (probably by web or email response) that he or she has received it.
I realize this would make the registration process considerably slower and somewhat more expensive, but I see no public interest reason why that's a bad thing.
I would guess that this would only need to be done for new Registrar:Registrant relationships. Once such a trust relationship is established (perhaps periodically renewable) additional registrations would not need to go through the process, thereby significantly reducing the potential impact.
So long as you were sure that it was the same person and not just someone borrowing the same contact details, I'd agree.
However, it is unclear if this could be effectively implemented in parts of the world with inadequate paper-mail capabilities.
Are there really places with Internet connectivity where you can't get a letter with one sheet of paper delivered? I realize that parcels get pilfered, but letters? R's, John
Actually, yes. We miss mail regularly owing to mail stealing (they steal the bag of mail from the delivery person to get cheques and so on, then dump the rest - it never gets delivered); and of course sometimes the delivery person just doesn't deliver mail and dumps it, or it gets found months later in a storage room in the post office.... Loads of issues with paper mail. Jacqueline Are there really places with Internet connectivity where you can't get a letter with one sheet of paper delivered? I realize that parcels get pilfered, but letters? R's, John ------ NA-Discuss mailing list NA-Discuss@atlarge-lists.icann.org http://atlarge-lists.icann.org/mailman/listinfo/na-discuss_atlarge-lists.ica nn.org Visit the NARALO online at http://www.naralo.org ------
At 14/09/2009 08:05 PM, John R. Levine wrote:
Personally, I think that the registrar should send a verification code to the paper mailing address provided by the registrant, and not activate the domain until the registrant receives the code and shows (probably by web or email response) that he or she has received it.
I realize this would make the registration process considerably slower and somewhat more expensive, but I see no public interest reason why that's a bad thing.
I would guess that this would only need to be done for new Registrar:Registrant relationships. Once such a trust relationship is established (perhaps periodically renewable) additional registrations would not need to go through the process, thereby significantly reducing the potential impact.
So long as you were sure that it was the same person and not just someone borrowing the same contact details, I'd agree.
My assumption in writing the above was that some sort of ongoing credential (perhaps call it a "password") could be used.
However, it is unclear if this could be effectively implemented in parts of the world with inadequate paper-mail capabilities.
Are there really places with Internet connectivity where you can't get a letter with one sheet of paper delivered? I realize that parcels get pilfered, but letters?
Getting the 1 sheet delivered in a predictable time is a bit harder. But just assuring delivery is a problem also. Hey, at my old university, one of the attractive parts of networks and e-mail was that it by-passed slow, internal paper mail. The same is true in many parts of the world today. But let's not get hung up on the mechanism of increasing the credibility of the identity. Paper will work in some parts of the world, and I am sure there are other mechanisms that would work elsewhere. Alan
R's, John
Alan Greenberg wrote:
Personally, I think that the registrar should send a verification code to the paper mailing address provided by the registrant, and not activate the domain until the registrant receives the code and shows (probably by web or email response) that he or she has received it.
I realize this would make the registration process considerably slower and somewhat more expensive, but I see no public interest reason why that's a bad thing.
I agree completely with John on this. As I've mentioned already, this is what happens when registering in the Google Local Business Centre (if you want your business to show up on Google Maps). So there is precedent for this working.
I would guess that this would only need to be done for new Registrar:Registrant relationships.
Perhaps, but with periodic update checks to ensure the data remains accurate.
Once such a trust relationship is established (perhaps periodically renewable) additional registrations would not need to go through the process, thereby significantly reducing the potential impact.
However, it is unclear if this could be effectively implemented in parts of the world with inadequate paper-mail capabilities.
Perhaps, but there are sufficient parts of the world where there adequate postal service exists to justify the tactic. Just because something can't be implemented everywhere is no reason not to implement it anywhere. - Evan
I would not support any proposal that imposes delay on the ability of an individual to register a domain name. One of the strengths of the Internet is the speed with which users can publish and speak. You see this especially around newsworthy events, where minutes after something important or interesting has happened, people are registering domain names and using the traffic that flows in to say something. A postal verification process would add an incremental accuracy gain while burdening the ability to speak and react in real time to world events -- and the "bad guys" would subvert it anyway. -- Bret
It seems that two important interests for internet users are at odds in domain registration- freedom of expression and protection from criminals. Is this really the case? If so, how could you ever value one more than the other? Is there some sort of matrix that lists possible reforms in relations to their impact on both of these fronts such as a catalog of methods of verification, how each might impact freedom of expression alongside how they might impact cyber criminals? For example, if we could weigh the likelihood that criminal activity would diminish by x percent from a 24 hour delay in getting a domain registration completed versus the harm to a concerned public having to wait a day to get their ProtectFlufferNutterSandwichsNow.com, then we can have a substantive debate on whether that reform is worth the effort. A few cyber- criminals will be able to circumvent anything, just as people with a burning issue will find a way to speak regardless of the consequences. But it's hard to make sense of the trade offs in the abstract. -dharma On Sep 15, 2009, at 12:25 AM, Bret Fausett wrote:
I would not support any proposal that imposes delay on the ability of an individual to register a domain name. One of the strengths of the Internet is the speed with which users can publish and speak. You see this especially around newsworthy events, where minutes after something important or interesting has happened, people are registering domain names and using the traffic that flows in to say something.
A postal verification process would add an incremental accuracy gain while burdening the ability to speak and react in real time to world events -- and the "bad guys" would subvert it anyway.
-- Bret
------ NA-Discuss mailing list NA-Discuss@atlarge-lists.icann.org http://atlarge-lists.icann.org/mailman/listinfo/na-discuss_atlarge-lists.ica...
Visit the NARALO online at http://www.naralo.org ------
I would not support any proposal that imposes delay on the ability of an individual to register a domain name. One of the strengths of the Internet is the speed with which users can publish and speak.
I really wish we could get beyond the myth that a second-level vanity domain name is some sort of magic ticket to publishing. R's, John
I really wish we could get beyond the myth that a second-level vanity domain name is some sort of magic ticket to publishing.
:-) and I wish you could accept the reality than the use of domain names as addresses for content are substantially more accessible and descriptive than a subpage on GeoCities. Ripped from recent news is this example: http:// www.NoMoreJoeWilson.com, registered a few hours after Representative Wilson yelled "You Lie" from the floor of Congress. The ability to descriptively address your content is a great tool to increase readership. -- Bret
At 15/09/2009 09:55 PM, Bret Fausett wrote:
I really wish we could get beyond the myth that a second-level vanity domain name is some sort of magic ticket to publishing.
:-) and I wish you could accept the reality than the use of domain names as addresses for content are substantially more accessible and descriptive than a subpage on GeoCities.
Ripped from recent news is this example: http:// www.NoMoreJoeWilson.com, registered a few hours after Representative Wilson yelled "You Lie" from the floor of Congress. The ability to descriptively address your content is a great tool to increase readership.
-- Bret
But to put this in perspective, someone who registered http://www.NoMoreJoeWilson.com a few hours after Representative Wilson yelled "You Lie" from the floor of Congress probably already has other domain names and an established relationship with a registrar/reseller. And this is in fact the case. It is registered to "canesyrup.com" which is in turn a domain dating back to 1999 (held by the same reseller). So according to the processes we are describing, http://www.NoMoreJoeWilson.com still could have been registered instantaneously... Alan
:-) and I wish you could accept the reality than the use of domain names as addresses for content are substantially more accessible and descriptive than a subpage on GeoCities.
Ripped from recent news is this example: http://www.NoMoreJoeWilson.com,
Yes, that would be the myth, that a freshly purchased 2LD is somehow required to put up a useful web site. Surely we don't have to explain to you why that's not true. Just out of curiosity, did you find that web site by typing NoMoreJoeWilson into your browser, or did you find it some other way? R's, John
John R. Levine wrote:
:-) and I wish you could accept the reality than the use of domain names as addresses for content are substantially more accessible and descriptive than a subpage on GeoCities.
Ripped from recent news is this example: http://www.NoMoreJoeWilson.com,
Yes, that would be the myth, that a freshly purchased 2LD is somehow required to put up a useful web site. Surely we don't have to explain to you why that's not true.
It's not *necessarily* true, but it can be. Take this particular case, which strangely enough appears to be a good example.
Just out of curiosity, did you find that web site by typing NoMoreJoeWilson into your browser, or did you find it some other way?
I did Google searches for "Joe Wilson" and "no more Joe Wilson". The above-mentioned website doesn't show up, not in the first page of hits or the first 10 pages -- drowned out by news reports of Mr. Wilson's saying "no more apologies". I held my nose and tried the same searches at Bing -- same result. So I suspect that most people who got to www.NoMoreJoeWilson.com got there by typing it in. And having a catchy name like that would have been easier to remember -- and type in -- than http://www.commiepinkoblogger.com/nomorejoewilson.html Now, having said that, I still mostly agree with John. The speed/ease with which one can get one's own web identity is not a free-speech issue. *Most* sites can be found in the browser bar. But nomorejoewilson.com is a viable counter-example in which a catchy site name can compensate for lousy SEO. I personally believe in an approval process for registrants -- having been registered, with accurate and legitimate contact info, you can then buy as much as you want as fast as you can get it. Those wanting anonymity for second level names can request it, but that facility would be restricted to individuals and certain classes of agencies, handled in much the same way that phone companies handle unlisted phone numbers and blocked caller-ID. You'd still have to have valid contact info -- accessible to the legal system -- but your registrar would be entitled to block it from public access. Of course, this approach has been raised many times before, it's handly original. But it still seems to me to be something worth advocating. - Evan
Hi The idea of providing a ' reverse cooling off period' has merit where the registrar needs to legitimize their intentions. If you volunteer in Ontario with coaching or schools a volunteer must purchase a police check prior to starting a volunteer placement which gives the parents, educators some level of pre-checking on the character of the individual. Glenn On Mon, Sep 14, 2009 at 7:46 PM, John R. Levine <johnl@iecc.com> wrote:
I'm simply saying that if you are worried about preventing criminals from
registering tons of domains as the article describes, then the policy discussion will have to be broader than what Danny's prescription allows.
Personally, I think that the registrar should send a verification code to the paper mailing address provided by the registrant, and not activate the domain until the registrant receives the code and shows (probably by web or email response) that he or she has received it.
I realize this would make the registration process considerably slower and somewhat more expensive, but I see no public interest reason why that's a bad thing.
R's, John
------ NA-Discuss mailing list NA-Discuss@atlarge-lists.icann.org
http://atlarge-lists.icann.org/mailman/listinfo/na-discuss_atlarge-lists.ica...
Visit the NARALO online at http://www.naralo.org ------
-- Glenn McKnight mcknight.glenn@gmail.com skype gmcknight twitter gmcknight Http://www.globalcatalysts.com http://newsocialmedia.wordpress.com
So if I live in the middle of nothing (where I can not receive paper mail) I will not be able to register any domains? That effectively will exclude some people of doing legitimate business through the Internet. -ed On Mon, Sep 14, 2009 at 7:46 PM, John R. Levine <johnl@iecc.com> wrote:
I'm simply saying that if you are worried about preventing criminals from
registering tons of domains as the article describes, then the policy discussion will have to be broader than what Danny's prescription allows.
Personally, I think that the registrar should send a verification code to the paper mailing address provided by the registrant, and not activate the domain until the registrant receives the code and shows (probably by web or email response) that he or she has received it.
I realize this would make the registration process considerably slower and somewhat more expensive, but I see no public interest reason why that's a bad thing.
R's, John
------ NA-Discuss mailing list NA-Discuss@atlarge-lists.icann.org
http://atlarge-lists.icann.org/mailman/listinfo/na-discuss_atlarge-lists.ica...
Visit the NARALO online at http://www.naralo.org ------
-- NOTICE: The information contained in this e-mail message is intended only for the personal and confidential use of the recipient(s) named above. If you have received this communication by error, please notify us immediately by e-mail, and delete the original message.
Eduardo Diaz wrote:
So if I live in the middle of nothing (where I can not receive paper mail) I will not be able to register any domains? That effectively will exclude some people of doing legitimate business through the Internet.
I don't think this is sufficient as the *only* tactic possible. However, it is a good one to use in locations where reliable postal service exists. I agree that we need alternatives for the many parts of the world where postal mail is unreliable. - Evan
So if I live in the middle of nothing (where I can not receive paper mail) I will not be able to register any domains? That effectively will exclude some people of doing legitimate business through the Internet.
Could you identify some places where people live that have ISPs but no postal mail? R's, John
Let me see... I have a friend that lives in the middle of a mountain here in Puerto Rico, he does not get postal mail but uses a satellite link to connect to the Internet. I am pretty sure this is the case in other places (like I witness in Peru). -ed On Tue, Sep 15, 2009 at 7:29 PM, John R. Levine <johnl@iecc.com> wrote:
So if I live in the middle of nothing (where I can not receive paper mail)
I will not be able to register any domains? That effectively will exclude some people of doing legitimate business through the Internet.
Could you identify some places where people live that have ISPs but no postal mail?
R's, John
-- NOTICE: The information contained in this e-mail message is intended only for the personal and confidential use of the recipient(s) named above. If you have received this communication by error, please notify us immediately by e-mail, and delete the original message.
These situations are exceptions, rather than the rule. I would venture a guess that these folks are not businesses for the most part. I feel it is wrong that the minority position is the criteria for the majority. Exceptions can be made for those in the exceptional conditions. We are looking at this with no hard data, which makes it difficult to come to an intelligent decision. The best we can really do is decide on a philosophical position (or a policy), then look for problems with it. ===== During this conversation, no mention has been made that whois data accuracy is the rule (contract rule) and to advocate changing the rule is one thing and advocating breaking the rule is quite another. --bob On Wed, 16 Sep 2009, Eduardo Diaz wrote:
Date: Wed, 16 Sep 2009 09:32:44 -0400 From: Eduardo Diaz <eduardodiazrivera@gmail.com> To: John R. Levine <johnl@iecc.com> Cc: NA Discuss <na-discuss@atlarge-lists.icann.org> Subject: Re: [NA-Discuss] Domain-name abuse proliferates
Let me see... I have a friend that lives in the middle of a mountain here in Puerto Rico, he does not get postal mail but uses a satellite link to connect to the Internet. I am pretty sure this is the case in other places (like I witness in Peru).
-ed
On Tue, Sep 15, 2009 at 7:29 PM, John R. Levine <johnl@iecc.com> wrote:
So if I live in the middle of nothing (where I can not receive paper mail)
I will not be able to register any domains? That effectively will exclude some people of doing legitimate business through the Internet.
Could you identify some places where people live that have ISPs but no postal mail?
R's, John
participants (14)
-
Alan Greenberg -
Bob Bruen -
Bret Fausett -
Danny Younger -
Dharma Dailey -
Eduardo Diaz -
Evan Leibovitch -
Gareth Shearman -
Garth Bruen at KnujOn -
Glenn McKnight -
Jacqueline A. Morris -
John R. Levine -
Ross Rader -
Wendy Seltzer