One topic that I have been raising (with mixed success) within the Registrar Stakeholder Group is the distinction between data "Verification" and data "Validation."
To my thinking, Validation means that the data submitted conforms to an expected (i.e. "Valid") format, while Verification indicates that someone (Registry, Registrar, ICANN, 3rd Party) has actively checked that the data submitted is both Valid and Accurate.
What Garth is suggesting is Validation of a single field, the Admin Contact email address. We would expect this to conform to a few rules, such as eliminating non-existing TLDs, ensuring that only Alpha-Numeric-Hyphens are present, and that an "@" sign and at least one "." separator exist, etc. Since we are already doing this, I'm sure our developers have a more sophisticated format.
Note that this is very different from email Verification, which many of us have experienced when opening a customer account with an online retailer or posting on a blog. A link or code is sent to the target address, and the user must click this to activate his or her account. This is also a method that we employ for a number of other account functions (create new account, forgot password, etc.)
I believe the majority of registrars are, to some extent, supportive of efforts to Validate WHOIS data. It is already a requirement of many g/ccTLD registries and its' just good web development practice in this day and age. Similarly, Verification of -some- data is also relatively simple, like email addresses and simple checks that a given Postal Code matches a city, for example.
Where things get sticky is the Verification of other important data, such as Registrant Name, full mailing addresses, and telephone numbers, and establishing links between these data points. Registrar concerns are focused on:
(1) Verification of these data are not very effective, as criminals will provide forged information that passes these checks.
(2) The systems available or services offered to do so are expensive, and this could translate into an order of magnitude jump in retail domain name prices.
(3) Verification of some fields cannot be done in real-time, so new registrations may need days or weeks before they are activated.
(4) Verification will remove the "flat-ness" of the Internet, and could divide registrants in to "classes," such as those possessing credit cards, or live in countries with a published address structure, or have mobile phones, or speak certain languages.
After spending the last year (plus) on this RT, and the last several months in spirited discussions within the Registrar Stakeholder Group, what I _think_ I'm hearing from Registrars is:
Help us balance these competing interests and needs.
Help us find a method that is effective against bad guys without disenfranchising the next billion Internet users.
Help us find a method that doesn't cost so much that it re-establishes a monopoly industry (not coming from Go Daddy.) :)
Help us establish accountability while our customers are demanding increased privacy (and punishing companies and governments who don't comply with SOPA-style boycotts and protests).
Help us move beyond the pounding of tables at ICANN meetings and towards a cooperative dialogue.
Help us.
This are just my observations and opinions, and I have no special insights as to what will come from the RAA / ICANN Negotiations. But I think this issue in particular has to involve more than just Registrars and Law Enforcement. The long-term solution is that his issue must go through a PDP.
/rant mode: off.
Thanks--
J.
Subject: [Rt4-whois] Interesting article re registrant data
verification [SEC=UNCLASSIFIED]
From: "Nettlefold, Peter" <
Peter.Nettlefold@dbcde.gov.au>
Date: Thu, February 16, 2012 8:47 pm
To: "
rt4-whois@icann.org" <
rt4-whois@icann.org>
Hello all,
For those of you who may not have seen it, I wanted to pass on this article on WHOIS data verification.
This is something we’ve discussed previously, but as I recall we had trouble getting past high level comments, and discussion of implementation problems.
Given the assertions in this article, I wanted to ask if any team members have any comments or views? Does anyone know if what is suggested is technically possible – i.e. basic scripting tests?
Kind regards,
Peter
------------------------------------------------------------------------------- NOTICE: This email message is for the sole use of the intended recipient(s)
and may contain confidential and privileged information. Any unauthorized
review, use, disclosure or distribution is prohibited. If you are not the
intended recipient, please contact the sender by reply email and destroy all
copies of the original message.
This message has been content scanned by the Axway MailGate.
MailGate uses policy enforcement to scan for known viruses, spam, undesirable content and malicious code. For more information on Axway products please visit
www.axway.com.
-------------------------------------------------------------------------------
_______________________________________________
Rt4-whois mailing list
Rt4-whois@icann.org https://mm.icann.org/mailman/listinfo/rt4-whois