This spammer - spcr-0.sosaude.net - Jefferson Fernandes da Cunha – is the owner of several websites – http:// nerdmail.com.br, http:// clubedoemail.com.br, http://importarprodutos. com. br, with an army of affiliates firing indiscriminately emails. But the PRIVACYPROTECT.ORG is providing privacy protection services to this domain name to protect the owner from spam and phishing attacks. Unbelievable!!! The owner is a fckng damn spammer, that torments the lives of millions of Brazilians, and has his identity hidden to avoid being attacked by spam and phishing. ISP, go tell lie in hell! Shame on you! According to the rules, PrivacyProtect.org is not responsible for any of the activities associated with this domain name. Who would then be? We, of course! Us who dare saying to the sociopaths that our email is ours. Marilson HEADER Delivered-To: marilson.mapa@gmail.com Received: by 10.103.43.68 with SMTP id r65csp649720vsr; Sat, 26 Sep 2015 13:49:58 -0700 (PDT) X-Received: by 10.50.176.225 with SMTP id cl1mr8155056igc.80.1443300598622; Sat, 26 Sep 2015 13:49:58 -0700 (PDT) Return-Path: <return@sosaude.net> Received: from spcr-0.sosaude.net (spcr-0.sosaude.net. [184.154.150.78]) by mx.google.com with ESMTP id s9si6211404ige.51.2015.09.26.13.49.58 for <marilson.mapa@gmail.com>; Sat, 26 Sep 2015 13:49:58 -0700 (PDT) Received-SPF: pass (google.com: domain of return@sosaude.net designates 184.154.150.78 as permitted sender) client-ip=184.154.150.78; Authentication-Results: mx.google.com; spf=pass (google.com: domain of return@sosaude.net designates 184.154.150.78 as permitted sender) smtp.mailfrom=return@sosaude.net; dkim=pass header.i=@sosaude.net; dmarc=pass (p=NONE dis=NONE) header.from=sosaude.net DKIM-Signature: v=1; a=rsa-sha1; c=relaxed/relaxed; s=default; d=sosaude.net; h=To:Subject:Message-ID:Date:From:Reply-To:MIME-Version:List-Unsubscribe:Content-Type:Content-Transfer-Encoding; i=abuse@sosaude.net; bh=hTlXwg0PFyFWoGhKJQdIkrhWmLg=; b=vzgIORQcjWM9vTobw6msK7iCoMjD1WdlzCW1a9I3B+W0pP0YzGQjuQQKTHgrN7InyOwnj6eX95JX p/4U5oGTBlZhPqa/sJKuQy8eX5BD35tvLpkYAiecBNf9tVFUs3tW5PiVr8RgWmCvQrjFKWNOKEU+ XquKjAO8EkHPr3qRxtA= To: marilson.mapa@gmail.com Subject: =?UTF-8?B?VW5pbWVkIFBhdWxpc3RhbmEgQWNhYm91ID8gQW1pbCBhcHJvdmVpdGEgYSBzdWEgQ2Fyw6puY2lhICE=?= Message-ID: <3e8a644dbba85d69b1ff152562f77200@sosaude.net> Return-Path: return@sosaude.net Date: Sat, 26 Sep 2015 17:33:03 -0300 From: "Atendimento" <contato@sosaude.net> Reply-To: contato@sosaude.net MIME-Version: 1.0 X-Mailer-LID: 9,13 List-Unsubscribe: <http://sosaude.net/unsubscribe.php?M=1059140&C=a195eb5d5ed306ab49ea5911f8021ff9&L=13&N=40> X-Mailer-RecptId: 1059140 X-Mailer-SID: 40 X-Mailer-Sent-By: 1 Content-Type: multipart/alternative; charset="UTF-8"; boundary="b1_499d37089f59fb94dc6905d0d50c8874" Content-Transfer-Encoding: 8bit TEXT – hiperlink removed – URL: http:// sosaude.net/ link.php?M=1059140&N=40&L=17&F=H From: Atendimento Sent: Saturday, September 26, 2015 5:33 PM To: marilson.mapa@gmail.com Subject: Unimed Paulistana Acabou ? Amil aproveita a sua Carência ! A Amil aproveita a sua carência da Unimed ! Você que tem o PLANO DE SAÚDE UNIMED PAULISTANA, nós da AMIL aproveitamos a sua CARÊNCIA e lhe ofereceremos ótimas condições. Temos diversos PLANOS para satisfazer todas as suas necessidades. Tenha cobertura para CONSULTAS, EXAMES, CIRURGIAS e INTERNAÇÕES. Faça agora mesmo sua cotação utilizando o Cupom Promocional: UNI2015 para lhe passarmos sua cotação com CONDIÇÕES ESPECIAIS. Faça Aqui Sua Cotação PLANOS INDIVIDUAIS | PLANOS FAMILIARES | PLANOS EPRESARIAIS Amil Saúde - Sua melhor opção em Planos de Saúde.
On 9/27/2015 2:47 PM, Marilson wrote:
This spammer - */spcr-0.sosaude.net - /**/Jefferson Fernandes da Cunha/* – is the owner of several websites – */http:// nerdmail.com.br/*, */http:// clubedoemail.com.br,/* */http://importarprodutos. com. br/*, with an army of affiliates firing indiscriminately emails. His domain name may be protected, but the IP address can be found and then you can chase the ISP or escalate your complaint up the line as needed.
Again, my spam reporter provides a built-in IP look up which gives me, in part: RAbuseHandle: ABUSE2492-ARIN RAbuseName: Abuse Department RAbusePhone: +1-866-817-2811 RAbuseEmail: abuse@singlehop.com RAbuseRef: http://whois.arin.net/rest/poc/ABUSE2492-ARIN Let us know if the ISP will act or not :-) Arnold
But the */PRIVACYPROTECT.ORG/* is providing privacy protection services to this domain name *to**protect the owner from spam and phishing attacks. Unbelievable!!!*The owner is a fckng damn spammer, that torments the lives of millions of Brazilians, and has his identity hidden to avoid being attacked by spam and phishing. ISP, go tell lie in hell! Shame on you! According to the rules, */PrivacyProtect.org/* is notresponsible for any of the activities associated with this domain name. Who would then be? We, of course! Us who dare saying to the sociopaths that our email is ours. Marilson *HEADER* Delivered-To: marilson.mapa@gmail.com Received: by 10.103.43.68 with SMTP id r65csp649720vsr; Sat, 26 Sep 2015 13:49:58 -0700 (PDT) X-Received: by 10.50.176.225 with SMTP id cl1mr8155056igc.80.1443300598622; Sat, 26 Sep 2015 13:49:58 -0700 (PDT) Return-Path: <return@sosaude.net> Received: from spcr-0.sosaude.net (spcr-0.sosaude.net. [184.154.150.78]) by mx.google.com with ESMTP id s9si6211404ige.51.2015.09.26.13.49.58 for <marilson.mapa@gmail.com>; Sat, 26 Sep 2015 13:49:58 -0700 (PDT) Received-SPF: pass (google.com: domain of return@sosaude.net designates 184.154.150.78 as permitted sender) client-ip=184.154.150.78; Authentication-Results: mx.google.com; spf=pass (google.com: domain of return@sosaude.net designates 184.154.150.78 as permitted sender) smtp.mailfrom=return@sosaude.net; dkim=pass header.i=@sosaude.net; dmarc=pass (p=NONE dis=NONE) header.from=sosaude.net DKIM-Signature: v=1; a=rsa-sha1; c=relaxed/relaxed; s=default; d=sosaude.net; h=To:Subject:Message-ID:Date:From:Reply-To:MIME-Version:List-Unsubscribe:Content-Type:Content-Transfer-Encoding; i=abuse@sosaude.net; bh=hTlXwg0PFyFWoGhKJQdIkrhWmLg=; b=vzgIORQcjWM9vTobw6msK7iCoMjD1WdlzCW1a9I3B+W0pP0YzGQjuQQKTHgrN7InyOwnj6eX95JX p/4U5oGTBlZhPqa/sJKuQy8eX5BD35tvLpkYAiecBNf9tVFUs3tW5PiVr8RgWmCvQrjFKWNOKEU+ XquKjAO8EkHPr3qRxtA= To: marilson.mapa@gmail.com Subject: =?UTF-8?B?VW5pbWVkIFBhdWxpc3RhbmEgQWNhYm91ID8gQW1pbCBhcHJvdmVpdGEgYSBzdWEgQ2Fyw6puY2lhICE=?= Message-ID: <3e8a644dbba85d69b1ff152562f77200@sosaude.net> Return-Path: return@sosaude.net Date: Sat, 26 Sep 2015 17:33:03 -0300 From: "Atendimento" <contato@sosaude.net> Reply-To: contato@sosaude.net MIME-Version: 1.0 X-Mailer-LID: 9,13 List-Unsubscribe: <http://sosaude.net/unsubscribe.php?M=1059140&C=a195eb5d5ed306ab49ea5911f8021ff9&L=13&N=40> X-Mailer-RecptId: 1059140 X-Mailer-SID: 40 X-Mailer-Sent-By: 1 Content-Type: multipart/alternative; charset="UTF-8"; boundary="b1_499d37089f59fb94dc6905d0d50c8874" Content-Transfer-Encoding: 8bit *TEXT – hiperlink removed – URL: http:// sosaude.net/ link.php?M=1059140&N=40&L=17&F=H* *From:*Atendimento *Sent:*Saturday, September 26, 2015 5:33 PM *To:*marilson.mapa@gmail.com *Subject:*Unimed Paulistana Acabou ? Amil aproveita a sua Carência ! A Amil aproveita a sua carência da Unimed !
Planos de Saúde Amil
Você que tem o PLANO DE SAÚDE UNIMED PAULISTANA, nós da AMIL aproveitamos a sua CARÊNCIA e lhe ofereceremos ótimas condições.
Temos diversos PLANOS para satisfazer todas as suas necessidades. Tenha cobertura para CONSULTAS, EXAMES, CIRURGIAS e INTERNAÇÕES. Faça agora mesmo sua cotação utilizando o Cupom Promocional: UNI2015 para lhe passarmos sua cotação com CONDIÇÕES ESPECIAIS.
Faça Aqui Sua Cotação
PLANOS INDIVIDUAIS| PLANOS FAMILIARES | PLANOS EPRESARIAIS
Amil Saúde - Sua melhor opção em Planos de Saúde.
-- Fight Spam - report it with wxSR 0.7 Vista & Win7 compatible http://www.columbinehoney.net/wxSR.shtml
In message <DE5625ACFDDA45B4B1BDEA8B90AF1859@SuperPC>, "Marilson" <marilson.mapa@gmail.com> wrote:
But the PRIVACYPROTECT.ORG is providing privacy protection services to = this domain name to protect the owner from spam and phishing attacks. = Unbelievable!!! The owner is a fckng damn spammer...
I don't know why you are surprised. This happens all of the time. Most spammers these days have most of their domains registered with "privacy protection" type services. It has become common practice. In fact, the various registrars who offer this dubious service knowingly make lots of money from spammers. You could complain about that to ICANN, if you wanted to, but you would be wasting your time. It would be like complaining to the U.S. Federal Reserve about the behavior of U.S. banks. Here is a hint... The U.S. federal Reserve *is* the banks. Likewise, ICANN *is* the domain registrars. Thus, ICANN will never lift a finger to either stop or even regulate something like this... a "feature" which makes their members LOTS of money. (Several years ago, ICANN itself gave approval for exactly this category of criminal-protection service.)
According to the rules, PrivacyProtect.org is not responsible for any of = the activities associated with this domain name.
That is absolutely NOT correct. In the United States, at least, the legal rules are 100% clear. If someone using a given domain name is doing something which is either criminal or civilly actionable (as in a private lawsuit) and if the domain name is registered by one of these privacy protection services, and if that service is informed of the issue, and if they then do nothing within a reasonably short period of time (e.g. a few days) then any legal responsibility that belonged to the registrant of the domain name is effectively transferred to the owner/operator of the relevant privacy protection service. Thus, if spamming is illegal (i.e. either criminal or actionable) where you are located, and if the registrant of a given domain is spamming you, in violation of law, and if you inform/notify the operator of the relevant privacy protection service that this is happening, and if they they do not reveal the true identity of the party who is the real registrant of teh domain name(s) in question, then you may be able to sue them AS IF they were the spammer himself. I know a guy who has actually done exactly this... multiple times, i.e. sued the operators of the privacy protection services (which are generally also domain registrars). Why did he do this? Because it is quite typical for these registrars to go out of their way to protect the identities of their criminal customers. (They like the money they get from spammers and other Internet miscreants.) In most cases, if you notify them of what is happening, they will do absolutely noting, and normally, they often do not even respond. In at least a few cases, their anti-social stubborn intransigence and their protection of their criminal customers HAS caused them to be sued for their responsibility for the bad actions of their customers. I seem to recall that this is even part of the standard ICANN registrar agreement. If the registrar offers a "front man" or "cut out" registrant anonymity service, then they agree that THEY will be legally responsible if they are informed of the issue and if they do nothing.... which is exactly what they usually do. Regards, rfg
Ronald Privacy is a right in many jurisdictions, but ICANN policy forces publication of full whois data. Referring to whois privacy / proxy services as “dubious services” is highly offensive to the thousands, if not millions, of legitimate users of whois privacy / proxy services who use them to avoid harassment, doxing, physical abuse etc., If ICANN policy actually respected privacy then there would be no need for these services. Also under the 2013 contract there are obligations on companies that offer proxy / privacy services: https://www.icann.org/resources/pages/approved-with-specs-2013-09-17-en#priv... ICANN receives its funding from several sources, including registrars, but to claim that ICANN is run by registrars is both misinformed and very misleading. A LOT of ICANN policy is driven by IP lawyers. Also, ICANN doesn’t have any members. Regards Michele -- Mr Michele Neylon Blacknight Solutions Hosting, Colocation & Domains http://www.blacknight.host/ http://blog.blacknight.com/ http://www.blacknight.press - get our latest news & media coverage http://www.technology.ie Intl. +353 (0) 59 9183072 Direct Dial: +353 (0)59 9183090 Social: http://mneylon.social Random Stuff: http://michele.irish ------------------------------- Blacknight Internet Solutions Ltd, Unit 12A,Barrowside Business Park,Sleaty Road,Graiguecullen,Carlow,Ireland Company No.: 370845
In message <66357380-F3DF-40DD-98C5-A351D9E4E753@blacknight.com>, Michele Neylon - Blacknight <michele@blacknight.com> wrote:
Privacy is a right in many jurisdictions, but ICANN policy forces publication of full whois data.
It has been quite a long time since I have had the opportunity to read even one such blatantly false bullshit statement, let alone two in a row back-to-back as it were! "Privacy is a right in many jurisdictions". Bullshit. Try renting a car in _any_ jurisdiction without giving the people you are renting from your credit card number AND a whole lot of personal information. So NOW where is your alleged "right to privacy"? It is nothing more than a bullshit illusion, occupying only the space between your ears. Yes, you have a right to privacy... just as long as you either live in a cave or else stay indoors and never transact any business with anybody, ever. But if you ask for responsibility... e.g. for a loan or for a rental car... then you MUST give over a whole lot of information about yourself. It should be no different when you register a domain name. Do you think that publishers of newspapers are all hiding in anonymity? Do you think that having a domain name is anything other than a means to publish things? "...but ICANN policy forces publication of full whois data." Not for the ACTUAL domain registrant they don't! Instead they allow phony baloney "front men" to stand in for the real guy... sort of like the mafia uses. It's the same principal at work. Criminals everywhere are very greatful to ICANN.
Referring to whois privacy / proxy services as "dubious services" is highly offensive
God! I HOPE SO! It is really well past time that SOMEBODY called this spade a spade.
to the thousands, if not millions, of legitimate users of whois privacy / proxy services who use them to avoid harassment, doxing, physical abuse etc.,
This is the standard "pro forma" excuse / rationale for why we must have these criminal proxy registration services. It is now, just what it always was: Bullshit. Where are these ``millions'' of people who both (a) need their own Internet domain names and also (b) who have such legitimate fears that they must stay in the shadows? Where are they? Can you find me even one of them? I doubt it. Look, this isn't brain surgery. If you are in hiding in fear, either for your personal safety or whatever, then fine. Hide. DO NOT get your own bleedin' Internet domain name. On the other hand, if you have something that absolutely needs to be published AND if it needs to be published on the Internet, then you should have the guts and the commitment and the courage to attach your name to that publication. Otherwise, if you can't stand the heat, then please stay the fuck out of the kitchen. You are not in any sense an asset to public discourse and discussion of serious issues if you hide in the shadows. How could you be, when people don't know who you are, or who is paying you to say what you are saying? If you don't understand what I'm talking about, then please allow me to refer you to an Australian gentleman by the name of Julian Assange. Unlike all of your alleged ``millions'' of publishers who are so timid that they feel compelled to hide behind trees, Mr. Assange at least showed the courage of his convictions, and as a result, he _did_ make a difference in the public discourse and discussion of important issues... unlike all of your alleged millions of timid friends, who will never show themselves and thus will never make any real difference to anything. (They are just engaging in their own public ego masturbation.)
If ICANN policy actually respected privacy then there would be no need for these services.
So, by your logic, I should start up a service where (for a fee) I will go to rental car places and rent cars for people who don't want to give their own true and correct names and/or credit card numbers to the car rental companies, correct? This is just idiocy. There are no such services because we don't need them. We also don't need domain registration phony baloney front men. And when I say "we" I mean the NON-criminal users of the Internet. (The criminals and spammers of the Internet most surely DO need such services... or at least they clearly benefit from them.)
ICANN receives its funding from several sources, including registrars,
More bullshit. More than 95% of ICANN's funding comes, directly or indirectly, from registrars.
but to claim that ICANN is run by registrars is both misinformed and very misleading.
Well, it has the advantage that it just happens to be true.
A LOT of ICANN policy is driven by IP lawyers.
Whose lawyers? The registrars? I rest my case.
Also, ICANN doesn't have any members.
True. They only have revenue streams. And they (ICANN) do what they are told. If you believe otherwise, then you are naive. Regards, rfg
Ronald Using abusive language and misinformation along with hyperbole doesn’t do you or this group any favours If you want to discuss anti-abuse issues and policy I’m more than happy to do so, but I don’t see why you or anyone else needs to use offensive language and ad hominem attacks. We may not agree, but I’m always happy to engage in intelligent and robust debate. It’s unfortunate, because I used to respect you. Regards Michele -- Mr Michele Neylon Blacknight Solutions Hosting, Colocation & Domains http://www.blacknight.host/ http://blog.blacknight.com/ http://www.blacknight.press - get our latest news & media coverage http://www.technology.ie Intl. +353 (0) 59 9183072 Direct Dial: +353 (0)59 9183090 Social: http://mneylon.social Random Stuff: http://michele.irish ------------------------------- Blacknight Internet Solutions Ltd, Unit 12A,Barrowside Business Park,Sleaty Road,Graiguecullen,Carlow,Ireland Company No.: 370845
On Mon, 28 Sep 2015 12:10:55 +0000 Michele Neylon - Blacknight <michele@blacknight.com> wrote:
Ronald Using abusive language and misinformation along with hyperbole doesn’t do you or this group any favours
when you speak cow to a pig, the pig just does not understand or comprehend. to properly communicate with a pig, you have to get muddy and talk pig... so, what I am saying is that frame of reference is very important... and also being mature and tolerant in a multi cultured eu is kinda important as well... another 1c - damn, i'm gonna spend all my lunch money... Andre -- no posts for three(3) (or maybe four/five?) years, and two in five minutes *sigh* life... - done are the days of softly lurking in the shadows
In message <1E574209-1163-488E-92A1-65BB7CA53A30@blacknight.com>, you wrote:
Using abusive language and misinformation along with hyperbole doesn't do you or this group any favours
If anything I've said constitutes "misinformation", please specify what that was, specifically. (I believe that everything I said was completely and 100% accurate, like for example my statement that ICANN is effectively run by the registrars. This is in contrast to your own inaccurate misinformation that it is not.)
If you want to discuss anti-abuse issues and policy I'm more than happy
When it comes to policy matters relating to routing (and, for example bogus route announcement) this mailing list is occasionally helpful. However for most other kinds of "anti-abuse issues" there's almost no point in discussing these, either here or elsewhere, because the game is rigged, and the Powers That Be (e.g. ICANN) have already and long ago decided that they simply don't WANT the problem(s) solved. It is not in their economic interests to have them solved.
I don't see why you or anyone else needs to use offensive language and ad hominem attacks.
I use offensive language because *I* am offended... just as the original poster who started this thread was (and is)... about the fact that so many players (i.e. corporations) that make their daily bread on the Internet are either profiting from network abuse, or else are knowingly turning a blind eye to it. (This is, you may recall, _exactly_ what the original poster was outraged by, i.e. the complicity and duplicity.) As regards to "ad hominem attacks", I haven't made any... but you can be sure that you will know clearly when and if I ever do. (There won't be any ambiguity, I assure you.) I have not attacked the character, motivations, or ancestry of either you or anybody else on this list, and I have no plans to do so. There is neither any need nor any point to that. I have however made some pointed statements about various *corporations* (as did the original poster), and will continue to do so, even though that also should not be necessary. Just as the original poster pointed out, in these kinds of cases, the facts speak for themselves.
We may not agree, but I'm always happy to engage in intelligent and robust debate.
Please begin, whenever you feel ready. But don't start off with provably silly statements like "ICANN is not controlled by the registrars". Has there ever been a single decision taken by ICANN which they felt they could get away with (i.e. without being sued to hell and back) that WAS NOT in the economic interests of the domain registrars? If so please describe it, because it will be news to me (and to many others also, I'm sure). This whole sordid scheme about anonomous donmain registrations is a case in point. When a few greedy registrars first proposed it, even the villiage idiot could have predicted that it would have been used 100 or 1,000 times as often by crooks, criminals, and spammers as it would ever be used by those few rare individuals who needed a domain name and who nontheless needed to be un-contactable, un-findable, and un-identifiable. And indeed, that's exactly what happened. But the idea sailed through the ICANN approval process. Why? Because the registrars who were behind it saw just as clearly that it would be a big money maker for them. It wasn't a decision based on the safety, health, happiness, or long-term well-being of the BILLIONS of individual Internet end users affected. It was a decison based purely on the economic interests of the registrars. If you want to discuss policy issues then try this: How many more years of this experiment (i.e. anonymized domain registrations) do we need before we can know for certain that, on balance, ICANN's decision to allow these criminal front man services was NOT in the best interests of the majority of the Internet community? More to the point, does there exist *any* "quality control" (for lack of a better term) on ICANN decisions? Are any of them ever reviewed after they have been made and implemented, you know, to see if any of them are failures and should be recinded? If not, why not? And here is another policy question: In order to deter and prevent what might be called "sign up fraud", several companies (e.g. Google, but there are many other examples too) have systems in place where anyone requesting a new account must provide a working valid phone number. That phone number is then called, at the time of account creation, and the person creating the new account is given a several digit "magic code" that they must then enter into a web form in order to complete the new account creation/registration. This kind of system prevents crooks and criminals from signing up for (for example) dozens or hundreds or thousands of Google Voice accounts at a time. This isn't a pie-in-the-sky idea. It is an actual practical WORKING system. Not in the future, but today, as we speak. So, there is a simple question: If this kind of anti-fraud system works, is practical, and is economically viable/sustainable... even for "free" services like Google Voice... then why can't (or why shouldn't) this exact type of anti-fraud system be applied also to domain name registrations? There is an obvious answer, and it coms back to just what I've already said. This simple and straightforward kind of perfectly workable and marvelously inexpensive anti-fraud system will NEVER be applied to domain name registrations for the simple reason that preventing the fraud of multiple/numerous/thousands of domain name registrations, all by a single party, is not in the economic interests of the registrars... because they are currently profiting, hand-over-fist, on the thousands or tens of thousands of provably fradulent domain registrations that currently occur every day of the week. Thus, this kind of idea will surely never even find its way onto the agenda of any ICANN meeting, let alone being seriously discussed at such a meeting, let alone being actually implemented or used to prevent the very common fraud of snowshoe spammers registering hundreds or thousands of domains, all on the same day. As President John F. Kennedy once famously said "Our problems are man-made, and they can be solved by man." That general statement quite certainly applies to all of the problems... hacking, phishing, spamming, DDoSing, or whatever... that have arisen with and within the modern Internet. There exist technical... and often simple... solutions to all of these problems. However as I noted at the outset, a lot of them (e.g. phone verification for domain registrations) won't even be discussed, let alone actually implemented, because the people who control the purse strings (e.g. of ICANN) have already decided that they simply don't WANT the problem(s) solved. As they see it, solving these problems is not in their own economic interests. None of this should really come as news to anybody who has been following these problems for the past few years. ICANN and the registrars who fund it have no more interest in securing the domain registration process than the NSA has in seeing all of those 0-days they have been relying on be exposed and patched. Ummm... well.. I take that back. Actually, all of the domain registrars that I personally know of *have* actually spent a lot of time, money, and bother to fully and effectively "secure" the domain registration process... but only to the extent necessary to insure that they have a valid name, phone number, and credit card number for the registrant... in order to insure that they'll get paid. But also, as far as I know, not a single one of them requires that the name and/or phone number that goes into the WHOIS for a domain name matches the data given by the person (or entity) who actually paid for the registration. The entirely predictable result is massive and ongoing fraud in WHOIS records... which ICANN works overtime to try to dismiss, cover-up, sweep under the rug, and to make extremely tedious and difficult to even report to them. (Hint: They don't want to know.) Regards, rfg P.S. Thirty years ago, if you had tried to invent a world-wide electronic communications system which would perfectly serve the interests (e.g. anonymity, deniability) of crooks, criminals, and spys, you could not, even in your wildest dreams, have come up with a system that either matches or surpases the modern Internet.
Introduction of fees? -jg On 28/09/2015 21:26, "anti-abuse-wg on behalf of Ronald F. Guilmette" <anti-abuse-wg-bounces@ripe.net on behalf of rfg@tristatelogic.com> wrote:
Has there ever been a single decision taken by ICANN which they felt they could get away with (i.e. without being sued to hell and back) that WAS NOT in the economic interests of the domain registrars? If so please describe it, because it will be news to me (and to many others also, I'm sure).
James Or how about most of the 2013 RAA? In particular the obligation to sign the contract before you could offer new TLDs .. Not something ANY registrar asked for .. Regards Michele -- Mr Michele Neylon Blacknight Solutions Hosting, Colocation & Domains http://www.blacknight.host/ http://blog.blacknight.com/ http://www.blacknight.press - get our latest news & media coverage http://www.technology.ie Intl. +353 (0) 59 9183072 Direct Dial: +353 (0)59 9183090 Social: http://mneylon.social Random Stuff: http://www.michele.irish ------------------------------- Blacknight Internet Solutions Ltd, Unit 12A,Barrowside Business Park,Sleaty Road,Graiguecullen,Carlow,Ireland Company No.: 370845
In message <E36A440F-7940-4DDE-9618-767EC16E3ADD@blacknight.com>, Michele Neylon - Blacknight <michele@blacknight.com> wrote:
Or how about most of the 2013 RAA?
In particular the obligation to sign the contract before you could offer new TLDs ..
Not something ANY registrar asked for ..
Are you claiming that there were one or more provisions within the 2013 RAA that any of the economically important registrars actually objected to? If so, what were those provisions? I challenge you to cite any such. Regards, rfg
In message <E23D5B00-6717-496A-BFBB-5BC576D180F8@cyberinvasion.net>, James Gannon <james@cyberinvasion.net> wrote:
Introduction of fees?
Either you misunderstood the question or I misunderstood your answer. How exactly was the introduction of domain name registration fees NOT in the economic interests of the registrars?
Ron, On Sep 28, 2015, at 1:26 PM, Ronald F. Guilmette <rfg@tristatelogic.com> wrote:
If anything I've said constitutes "misinformation", please specify what that was, specifically. (I believe that everything I said was completely and 100% accurate, like for example my statement that ICANN is effectively run by the registrars.
This is not accurate. I can definitively state that ICANN is not "effectively run by the registrars". ICANN has many, many masters, the interests of quite a few of which are directly in conflict. To assert that one stakeholder is running ICANN means you simply don't understand how ICANN works.
the Powers That Be (e.g. ICANN) have already and long ago decided that they simply don't WANT the problem(s) solved.
This is untrue (at least in the case of ICANN, assuming ICANN is a "Power That Be").
Has there ever been a single decision taken by ICANN which they felt they could get away with (i.e. without being sued to hell and back) that WAS NOT in the economic interests of the domain registrars?
I doubt you'll find many registrars that believe the government/law enforcement-requested changes that went into the 2013 RAA were in their economic interests.
This whole sordid scheme about anonomous donmain registrations is a case in point.
You may wish to argue this point with those interested in privacy (e.g., EFF) and other civil society organizations who are on the "we don't need Whois" side of the interminable Whois wars.
But the idea sailed through the ICANN approval process.
Do you know how ICANN works? I can't think of _anything_ that "sails" through the "ICANN approval process."
More to the point, does there exist *any* "quality control" (for lack of a better term) on ICANN decisions? Are any of them ever reviewed after they have been made and implemented, you know, to see if any of them are failures and should be recinded?
ICANN has reviews of pretty much _everything_ we do. We have reviews on accountability, transparency, Whois, security, stability, resiliency, competition, consumer trust, every one of the community structures, the board, major programs including the new gTLD program, etc. ICANN has more reviews than any organization I know of. Really.
why can't (or why shouldn't) this exact type of anti-fraud system be applied also to domain name registrations?
Because it does not work in every country and ICANN gets heavily criticized if it does things that disadvantage a stakeholder group.
this kind of idea will surely never even find its way onto the agenda of any ICANN meeting,
There will be a number of sessions at the Dublin ICANN meeting on approaches to address domain name abuse. For example, on Wednesday October 21 from 10 a.m. to 11:15 a.m. entitled "Role of Voluntary Practices in Combating Abuse and Illegal Activity" with speakers from the anti-abuse community. There is also a session on the ongoing effort to create a framework for Registries to address domain name abuse as is required in specification 11, section 3b of the current Registry Agreement (not sure when that meeting is going to be held).
The entirely predictable result is massive and ongoing fraud in WHOIS records... which ICANN works overtime to try to dismiss, cover-up, sweep under the rug, and to make extremely tedious and difficult to even report to them.
This is, of course, also untrue. Regards, -drc (ICANN CTO, but speaking only for myself)
In message <795BDB4E-C73E-4669-AF8E-644156449479@virtualized.org>, ICANN (David Conrad <drc@virtualized.org>) wrote:
This is not accurate. I can definitively state that ICANN is not "effectively run by the registrars". ICANN has many, many masters, the interests of quite a few of which are directly in conflict. To assert that one stakeholder is running ICANN means you simply don't understand how ICANN works.
In Garth Bruen's detailed 2012 report, he described in detail (page 4) where the funding for ICANN's voracious money appetite actually comes from: http://krebsonsecurity.com/wp-content/uploads/2012/03/rogue_registrars_2012_... It is quite revealing! And if Garth's mountain of exquisitely researched and exquisitely documented research on the dysfunction that is ICANN isn't enough, I can also refer people to Paul Vixie's 2010 comments to the effect that "Every day lots of new names are added to the global DNS, and most of them belong to scammers, spammers, e-criminals, and speculators": http://www.circleid.com/posts/20100728_taking_back_the_dns/ (I see no evidence that anything much has changed since Paul made those comments.)
the Powers That Be (e.g. ICANN) have already and long ago decided that they simply don't WANT the problem(s) solved.
This is untrue (at least in the case of ICANN, assuming ICANN is a "Power That Be").
Swell. Then may I, with all due respect, request that you folks @ ICANN please get off your asses and get on with it? You can start by requiring that the names and phone numbers that appear in domain name WHOIS records match the ones associated with the credit cards that were used to pay for the relevant domain name registrations. It's a simple rule, and simple to enforce. If this were implemented, 90% of all spam and 98% of all crime on the Internet would cease, practically overnight. Oh! But I almost forgot. The people who actually pay your salary... the registrars... wouldn't like it. (They might have to actually start making money the old fashioned way... by actually earning it by providing real products and services that lost of non-criminals actually want.) So I guess that idea is a non-starter, even if it would quite dramatically reduce spamming and most other forms of Internet criminality. (Even a system where every domain WHOIS record contained an irreversable one-way hash of the ACTUAL dmain registrant's ACTUAL name would be a vast improvement over the current status quo... for those of us to spend hundreds of hours each year tracking down snowshoe spammers... but once again, the registrars are sure to block any such idea, because they don't want any of us pesky anti-spam activists to be able to notice what they are doing... i.e. knowingly selling domain names by the gross to crooked snowshoe spammers.)
Has there ever been a single decision taken by ICANN which they felt they could get away with (i.e. without being sued to hell and back) that WAS NOT in the economic interests of the domain registrars?
I doubt you'll find many registrars that believe the government/law enforcement-requested changes that went into the 2013 RAA were in their economic interests.
They may not say so publically, but in private I would bet that the big ICANN "contributors" agreed that they had to swallow these kinds of small changes around the edges in order to forestall even more onerous legislative intrusions into their existing business models in various jurisdictions. (The public at large has really had it. We are all of us fed up to the teeth with all of the crooked and illegal hanky panky that goes on on the Internet, and that continuously hits the headlines and the evening news almost every day now. Citizens are finally demanding action and thus, legislators are starting to ask annoying questions. The only way to make at least some of these go away is for the industry to bite the bullet and accept some minimal concessions to their preferred operating mode of absolute secrecy, but _only_ to law enforcement. This way, at least, they can still avoid having to answer to the vast majority of the actual victims of their greedy daily cooperation with spammers and scammers.)
This whole sordid scheme about anonomous donmain registrations is a case in point.
You may wish to argue this point with those interested in privacy (e.g., EFF) and other civil society organizations who are on the "we don't need Whois" side of the interminable Whois wars.
On most issues, I applaud the EFF. In this case however, they have elected to blindly follow their own internally-generated dogma rather than reason and common sense. You can have all of the privacy and anonymity you want... even on the Internet. And you can SAY anything you want. Just do it on somebody else's blog, BBS, or whatever. (Or do it on Facebook and Twitter, just like millions of participants in the so-called "Arab Spring" have done.) You don't NEED your own bloody personal domain name if you want to denounce crooked politicians, or human traffickers, or abortion provders, or abortion opponents, or Vladimir Putin or whatever. Claiming that the WHOIS info in a domain name registration NEEDS to be anonymous is ludicrous on the face of it. And behind the scenes most of the people who push this idiotic idea are either registrars or your employer (ICANN), or others who have been paid to express their opinions in a particular direction on this topic. Of course, the argument is always disingenuously couched in ridiculous retoric which has been designed and intended to elicit sympathy from the ignorant masses who don't have the first clue about the real issue. That's why the proponents and their paid spokes- models are always droning on about "those poor unfortunate rape victims" who are terrified, but who now... for some inexplicable reason... absolutely cannot find any other way to get their stories out unless they have their own private and anonymously registered domain names. I mean, PLLLEESE! These arguments are so pathetic, repetitive, and disingenuous that I have trouble understanding how even the ignorant unwashed masses are taken in by them. (But you know what they say. There's a sucker born every minute. No wonder we now have 25% of 1/2 of the country ready to vote for a "rodeo clown" as our next President. As Abraham Lincoln said "You can fool all of the people some of the time, and some of the people all of the time...")
But the idea sailed through the ICANN approval process.
Do you know how ICANN works? I can't think of _anything_ that "sails" through the "ICANN approval process."
OK. I agree. "Sailed" was not at all accurate. What I can say however is that with -zero- clear evidence of any serious or legitimate need, and with a completely predictable downside... which us billions of non-criminal Internet users are stuck with having to live with every damn day... the idea of "anonymous" or "anonymized" domain name WHOIS records _did_ make it all of the way through the intestine that is the ICANN consideration process. And why did it? Because it is a money-maker for the registrars, even if it gives the big middle finger to the entire remainder of the inhabitants of this planet. All of this crap about how political activists and rape victims need their own private (and anonymized) domain names in order to get their messages out is just that... crap. It's all a smokescreen.... a made up excuse for what may perhaps be the single most ANTI-social invention since the pay toilet.
More to the point, does there exist *any* "quality control" (for lack of a better term) on ICANN decisions? Are any of them ever reviewed after they have been made and implemented, you know, to see if any of them are failures and should be recinded?
ICANN has reviews of pretty much _everything_ we do.
Great! Then when and how do we arrange for this particular incredibly moronic and ill-considered decision to be revisited (with an eye toward an early repeal)?
why can't (or why shouldn't) this exact type of anti-fraud system be applied also to domain name registrations?
Because it does not work in every country and ICANN gets heavily criticized if it does things that disadvantage a stakeholder group.
So what you are saying is that Google, and numerous other private companies (many of whom also offer services world-wide) *can* make a phone verification work, but ICANN for some reason, can't. Hummm... maybe they (ICANN) need to hire somebody into a high-level technical job who has more of a can-do attitude and/or who has some actual knowledge and/or experience with implementing this kind of (phone verification) system. Solutions are valuable. Lame excuses are worthless. You are trying to suggest that there are people out there... somewhere... perhaps n the back woods of Kazakhstan or some other equally worthless place... where there are people who *do* need to register domain names but who *do not* have access to either phones or Internet-connected computers, as may be needed in order to complete a phone verification. You seem like an intelligent fellow. Do I really need to clarify for you how absurd your contention is in this instance? (Why someone who has neither a phone nor a computer nor an Internet connection would need to register a domain name is left as an exercise for the reader.)
this kind of idea will surely never even find its way onto the agenda of any ICANN meeting,
There will be a number of sessions at the Dublin ICANN meeting on approaches to address domain name abuse. For example, on Wednesday...
Somebody cue the crickets. (Yawn.) I'm sorry, but I have exactly -zero- faith that anything which is the least bit useful or positive relating to WHOIS accuracy is going to come out of any ICANN meeting... for the reasons I have already stated. The registrars... who actually control the money, and who thus call the tune... do not want there to be any change to the status quo. They *like* being able to take money from criminals and (even more) from snowshoe spammers. And more to the point, they have become _addicted_ to that revenue stream. If anybody were to come into any sort of ICANN meeting, or ICANN committee meeting, or ICANN sub-committee meeting, or sub-sub-committee meeting and even dare to suggest that (gasp!) the registrars should perhaps give up this existing criminally-funded revenue stream... to which they have all become accustomed... that person would almost certainly get their teeth knocked out... if not physically, then at least verbally. The registrar representatives... which is to say most of the people who will be present in any ICANN meeting... would immediately jump to their feet and denounce the person who suggested that maybe they should stop doing business with anonymous criminals as a "communist" or worse. There are plenty of ways to shut down a discussion in a committee meeting.
October 21 from 10 a.m. to 11:15 a.m. entitled "Role of Voluntary Practices in Combating Abuse and Illegal Activity"
Unilateral disarmament? So basically, the idea here is that the good and socially responsible registrars will Do The Right Thing, all on their own, while the remaining ones will be free to continue making money by helping criminals and spammers to evade identification and capture. Is that about the size of it?
There is also a session on the ongoing effort to create a framework for Registries to address domain name abuse
Yea! Gee! That's what we need! A "framework"!! (Now why didn't *I* think of that? :-) (Hint: I'll see your "framework" and raise you a simple requirement for HONESTY as in "honest inclusion of the actual billing information into the WHOIS records for all domain registrations... or at least the ones that ICANN has some say over... which is about 95% of them.") Regards, rfg
Ron, Just in case you misunderstand: I'm not arguing with you, I'm merely pointing out where you are being inaccurate. You seem to have a fundamental misunderstanding of how ICANN works and what ICANN's role is. ICANN is not the Internet Police. ICANN is probably best seen as a battleground in which a number of angry and hungry elephants fight among themselves. Despite how much I may prefer otherwise, the tools we have to combat domain name abuse are extremely limited and our use of those tools is tightly constrained. The facts are: 1) ICANN is not run by any single stakeholder, regardless of what Garth Bruen might say. 2) ICANN would very much like domain name abuse problem(s) solved, however the tools ICANN has to reach this goal are quite limited. 3) ICANN makes numerous decisions that are not in the financial interests of the registrars, just ask the registrars. 4) There is an ongoing effort exploring the issues associated with privacy and proxy services (see http://gnso.icann.org/en/group-activities/active/ppsa) and, like everything, it is a more complicated matter than it might appear. 5) Unlike normal companies, ICANN doesn't generally have the luxury of ignoring stakeholders, regardless of whether they are in developed or developing countries. 6) Given the way ICANN works, we generally can't dictate solutions however we are trying to work with the various stakeholder groups to come up with compromise solutions that try to improve the situation related to domain name abuse. I could continue, but based on your notes to date I suspect your mind is already made up so I won't bother. All I'll say is that life is rarely as black/white, virtuous/evil, or good guy/criminal as we might like it to be. Regards, -drc
On Sep 28, 2015, at 8:08 PM, Ronald F. Guilmette <rfg@tristatelogic.com> wrote:
In message <795BDB4E-C73E-4669-AF8E-644156449479@virtualized.org>, ICANN (David Conrad <drc@virtualized.org>) wrote:
This is not accurate. I can definitively state that ICANN is not "effectively run by the registrars". ICANN has many, many masters, the interests of quite a few of which are directly in conflict. To assert that one stakeholder is running ICANN means you simply don't understand how ICANN works.
In Garth Bruen's detailed 2012 report, he described in detail (page 4) where the funding for ICANN's voracious money appetite actually comes from:
http://krebsonsecurity.com/wp-content/uploads/2012/03/rogue_registrars_2012_...
It is quite revealing!
And if Garth's mountain of exquisitely researched and exquisitely documented research on the dysfunction that is ICANN isn't enough, I can also refer people to Paul Vixie's 2010 comments to the effect that "Every day lots of new names are added to the global DNS, and most of them belong to scammers, spammers, e-criminals, and speculators":
http://www.circleid.com/posts/20100728_taking_back_the_dns/
(I see no evidence that anything much has changed since Paul made those comments.)
the Powers That Be (e.g. ICANN) have already and long ago decided that they simply don't WANT the problem(s) solved.
This is untrue (at least in the case of ICANN, assuming ICANN is a "Power That Be").
Swell. Then may I, with all due respect, request that you folks @ ICANN please get off your asses and get on with it? You can start by requiring that the names and phone numbers that appear in domain name WHOIS records match the ones associated with the credit cards that were used to pay for the relevant domain name registrations.
It's a simple rule, and simple to enforce. If this were implemented, 90% of all spam and 98% of all crime on the Internet would cease, practically overnight.
Oh! But I almost forgot. The people who actually pay your salary... the registrars... wouldn't like it. (They might have to actually start making money the old fashioned way... by actually earning it by providing real products and services that lost of non-criminals actually want.)
So I guess that idea is a non-starter, even if it would quite dramatically reduce spamming and most other forms of Internet criminality.
(Even a system where every domain WHOIS record contained an irreversable one-way hash of the ACTUAL dmain registrant's ACTUAL name would be a vast improvement over the current status quo... for those of us to spend hundreds of hours each year tracking down snowshoe spammers... but once again, the registrars are sure to block any such idea, because they don't want any of us pesky anti-spam activists to be able to notice what they are doing... i.e. knowingly selling domain names by the gross to crooked snowshoe spammers.)
Has there ever been a single decision taken by ICANN which they felt they could get away with (i.e. without being sued to hell and back) that WAS NOT in the economic interests of the domain registrars?
I doubt you'll find many registrars that believe the government/law enforcement-requested changes that went into the 2013 RAA were in their economic interests.
They may not say so publically, but in private I would bet that the big ICANN "contributors" agreed that they had to swallow these kinds of small changes around the edges in order to forestall even more onerous legislative intrusions into their existing business models in various jurisdictions. (The public at large has really had it. We are all of us fed up to the teeth with all of the crooked and illegal hanky panky that goes on on the Internet, and that continuously hits the headlines and the evening news almost every day now. Citizens are finally demanding action and thus, legislators are starting to ask annoying questions. The only way to make at least some of these go away is for the industry to bite the bullet and accept some minimal concessions to their preferred operating mode of absolute secrecy, but _only_ to law enforcement. This way, at least, they can still avoid having to answer to the vast majority of the actual victims of their greedy daily cooperation with spammers and scammers.)
This whole sordid scheme about anonomous donmain registrations is a case in point.
You may wish to argue this point with those interested in privacy (e.g., EFF) and other civil society organizations who are on the "we don't need Whois" side of the interminable Whois wars.
On most issues, I applaud the EFF. In this case however, they have elected to blindly follow their own internally-generated dogma rather than reason and common sense.
You can have all of the privacy and anonymity you want... even on the Internet. And you can SAY anything you want. Just do it on somebody else's blog, BBS, or whatever. (Or do it on Facebook and Twitter, just like millions of participants in the so-called "Arab Spring" have done.)
You don't NEED your own bloody personal domain name if you want to denounce crooked politicians, or human traffickers, or abortion provders, or abortion opponents, or Vladimir Putin or whatever. Claiming that the WHOIS info in a domain name registration NEEDS to be anonymous is ludicrous on the face of it. And behind the scenes most of the people who push this idiotic idea are either registrars or your employer (ICANN), or others who have been paid to express their opinions in a particular direction on this topic. Of course, the argument is always disingenuously couched in ridiculous retoric which has been designed and intended to elicit sympathy from the ignorant masses who don't have the first clue about the real issue. That's why the proponents and their paid spokes- models are always droning on about "those poor unfortunate rape victims" who are terrified, but who now... for some inexplicable reason... absolutely cannot find any other way to get their stories out unless they have their own private and anonymously registered domain names. I mean, PLLLEESE! These arguments are so pathetic, repetitive, and disingenuous that I have trouble understanding how even the ignorant unwashed masses are taken in by them. (But you know what they say. There's a sucker born every minute. No wonder we now have 25% of 1/2 of the country ready to vote for a "rodeo clown" as our next President. As Abraham Lincoln said "You can fool all of the people some of the time, and some of the people all of the time...")
But the idea sailed through the ICANN approval process.
Do you know how ICANN works? I can't think of _anything_ that "sails" through the "ICANN approval process."
OK. I agree. "Sailed" was not at all accurate. What I can say however is that with -zero- clear evidence of any serious or legitimate need, and with a completely predictable downside... which us billions of non-criminal Internet users are stuck with having to live with every damn day... the idea of "anonymous" or "anonymized" domain name WHOIS records _did_ make it all of the way through the intestine that is the ICANN consideration process. And why did it? Because it is a money-maker for the registrars, even if it gives the big middle finger to the entire remainder of the inhabitants of this planet. All of this crap about how political activists and rape victims need their own private (and anonymized) domain names in order to get their messages out is just that... crap. It's all a smokescreen.... a made up excuse for what may perhaps be the single most ANTI-social invention since the pay toilet.
More to the point, does there exist *any* "quality control" (for lack of a better term) on ICANN decisions? Are any of them ever reviewed after they have been made and implemented, you know, to see if any of them are failures and should be recinded?
ICANN has reviews of pretty much _everything_ we do.
Great! Then when and how do we arrange for this particular incredibly moronic and ill-considered decision to be revisited (with an eye toward an early repeal)?
why can't (or why shouldn't) this exact type of anti-fraud system be applied also to domain name registrations?
Because it does not work in every country and ICANN gets heavily criticized if it does things that disadvantage a stakeholder group.
So what you are saying is that Google, and numerous other private companies (many of whom also offer services world-wide) *can* make a phone verification work, but ICANN for some reason, can't.
Hummm... maybe they (ICANN) need to hire somebody into a high-level technical job who has more of a can-do attitude and/or who has some actual knowledge and/or experience with implementing this kind of (phone verification) system.
Solutions are valuable. Lame excuses are worthless.
You are trying to suggest that there are people out there... somewhere... perhaps n the back woods of Kazakhstan or some other equally worthless place... where there are people who *do* need to register domain names but who *do not* have access to either phones or Internet-connected computers, as may be needed in order to complete a phone verification.
You seem like an intelligent fellow. Do I really need to clarify for you how absurd your contention is in this instance?
(Why someone who has neither a phone nor a computer nor an Internet connection would need to register a domain name is left as an exercise for the reader.)
this kind of idea will surely never even find its way onto the agenda of any ICANN meeting,
There will be a number of sessions at the Dublin ICANN meeting on approaches to address domain name abuse. For example, on Wednesday...
Somebody cue the crickets.
(Yawn.)
I'm sorry, but I have exactly -zero- faith that anything which is the least bit useful or positive relating to WHOIS accuracy is going to come out of any ICANN meeting... for the reasons I have already stated.
The registrars... who actually control the money, and who thus call the tune... do not want there to be any change to the status quo. They *like* being able to take money from criminals and (even more) from snowshoe spammers. And more to the point, they have become _addicted_ to that revenue stream. If anybody were to come into any sort of ICANN meeting, or ICANN committee meeting, or ICANN sub-committee meeting, or sub-sub-committee meeting and even dare to suggest that (gasp!) the registrars should perhaps give up this existing criminally-funded revenue stream... to which they have all become accustomed... that person would almost certainly get their teeth knocked out... if not physically, then at least verbally. The registrar representatives... which is to say most of the people who will be present in any ICANN meeting... would immediately jump to their feet and denounce the person who suggested that maybe they should stop doing business with anonymous criminals as a "communist" or worse.
There are plenty of ways to shut down a discussion in a committee meeting.
October 21 from 10 a.m. to 11:15 a.m. entitled "Role of Voluntary Practices in Combating Abuse and Illegal Activity"
Unilateral disarmament?
So basically, the idea here is that the good and socially responsible registrars will Do The Right Thing, all on their own, while the remaining ones will be free to continue making money by helping criminals and spammers to evade identification and capture. Is that about the size of it?
There is also a session on the ongoing effort to create a framework for Registries to address domain name abuse
Yea! Gee! That's what we need! A "framework"!! (Now why didn't *I* think of that? :-)
(Hint: I'll see your "framework" and raise you a simple requirement for HONESTY as in "honest inclusion of the actual billing information into the WHOIS records for all domain registrations... or at least the ones that ICANN has some say over... which is about 95% of them.")
Regards, rfg
I confess that I have been seriously remiss in failing to respond to the response to my postings about ICANN which was posted by David Conrad <drc@virtualized.org> back on Tuseday of last week. I may (and in fact do) disagree with his various characterizations of ICANN... although the word "excuses" might be more apropos in this context. But rather than descending into a lengthy debate about who ICANN is really working for / controlled by, or what it has done... or failed to do... to help insure a less crime-prone Internet, I would like now to just reiterate two important questions which I posted here last week and which I have still not received any answer to from any party. Surely, if (as he has asserted) David Conrad <drc@virtualized.org> is the CTO of ICANN, then I think that at the very least, even if nobody else on this list knows the answers to these questions, he at least should be able to answer them. Again, my questions are simple ones: 1) Within a domain WHOIS records, what data fields relating to the registrant are considered manditory and which are considered optional? 2) ICANN has gone to some trouble... not nearly enough, as I have already described... in setting up a "WHOIS data problem reporting" system. But I am forced to ask the obvious question about that yet again... because I still don't have any answer from anyone... If a problem is reported (to ICANN) relating to allegedly bogus (or fradulent) data within a domain WHOIS record, and if, after some period of time has elapsed, the domain registrant has refused to make any change to the bogus WHOIS data (and/or if he just changes it to some DIFFERENT bogus/fraudlent data) then what is SUPPOSED to happen? I would have thought that any CTO of ICANN who is defending his organization's commitment to being part of the solution, rather than part of the problem, would have been anxious and indeed eager to answer this question. But apparently, the answer to this simple question about actual enforcement of the integrity of WHOIS data... which ICANN claims is really and truly carse about... is nowhere to be found. (Why is the answer to this simple question so hard to come by?) Regards, rfg
In message <795BDB4E-C73E-4669-AF8E-644156449479@virtualized.org>, ICANN (David Conrad <drc@virtualized.org>) wrote:
rfg wrote:
The entirely predictable result is massive and ongoing fraud in WHOIS records... which ICANN works overtime to try to dismiss, cover-up, sweep under the rug, and to make extremely tedious and difficult to even report to them.
This is, of course, also untrue.
Which part? Unlike most people here, I actually read the ICANN CEO's published/public response to just one of Garth Bruen's several very detailed and well- documented reports which detailed ICANN's abject failure to apply any- thing that might be confused with disipline or enforcement to various provably bent registrars who were massively helping either spammers or criminals or both. The ICANN CEO's public response was all obfsucation and denial... it was all stuff like "Bruen got his facts wrong" or else "We already dealt with this". In short, it was all just an exercise in sweeping self-evident problems under the carpet. Not once did the ICANN CEO ever admit that ICANN wasn't doing the job of administering the Internet in every bit as immaculately perfect a way as Jesus Christ himself would have done. As regards to my second contention, quoted above, that ICANN has made the reporting of fradulent domain name WHOIS records exceptionally tedious and difficult ... so as to effectively discourage anybody serious from ever even trying to file such a report... I can attest from first-hand personal knowledge and experience that this is absolutely 100% true. In fact, I'll go further and say that the creation of unnecessary bureaucratic tedium and bullshit is something that the enforcement staff at ICANN has raised up to the level of an art form. Once upon a time, many years ago, I used to diligently report... via the ICANN reporting web form... all of the spammers domains that I came across which had blatantly fradulent information in the associated WHOIS records. But for various reasons, several years ago I began concentrating on so-called "snowshoe" spammers who routinely register dozens or hundreds or thousands of different domain names at a time. (This is not at all a new phenomenon. It has been going on for more than a decade now. I first noticed this spammer tactic myself way back in 2004.) Anyway, it was already bad enough that the exceptionally tedious ICANN WHOIS problem reporting form took longer to fill out, per domain, than it took for the spammer to (fradulently) register his domain. But then I also realized that any time I found a snowshoe spammer who had registered, say, 100 domains, all with fradulent WHOIS data, ICANN gave me no option other than to sit, for hour after hour, filling out their stupid and tedious WHOIS problem reporting form, over and over again, for each individual domain, one at a time. I asked about the possibility of making reports of groups of fradulent/ bogus WHOIS records in batches, and at first I could not even get the favor of even a reply from ICANN. (Obviously, they didn't even want to think about the issue.) Perhaps a year or more later on, I asked about this again. (I guess ICANN may have had some personel changes by that time... another issue that Garth Bruen has reported on, but not in a positive way.) So then I finally got a response, and the response was just that they (ICANN) were "thinking about" the idea of petrhaps accepting reports of batches of fradulent WHOIS reports. I asked multiple times about that and never got a straight answer. So basically, the answer slowly became clear to me... ICANN absolutely did not want to even be dealing with the whole issue of fradulent WHOIS records. (That was already self-evident from the fact that... as Bruen also documented... about half of the time even the reports that ICANN was already getting never resuled in any action on anybody's part whatsoever. The WHOIS data just stayed fradulent and ICANN quietly closed the cases.) So obviously, given that they (ICANN) didn't want to even deal with the fradulent WHOIS data issue AT ALL, the last thing they would want was to start accepting such reports IN BULK. So they hemmed and hawed and delayed and procrastinated. Eventually after a few years I heard tell that they (ICANN) finally had put something into place to allow JUST a few special pre-selected folks to report fradulent WHOIS records in bulk. But there were a LOT of qualifying requirements, or so I heard. You had to give them a blood sample and one of your kidneys before they would accept you into the exclusive club that was now allowed to report batches of fradulent WHOIS records. But even with that, I'm sure that they worked things out so that it would STILL be substantially more tedious and more time consuming for the person who was _reporting_ a fradulent batch of WHOIS records to them than it was for the original spammer to register that same entire batch of domains. Advantage: Spammer. But anyway, by this point in time I wasn't at all interested in partici- pating anymore in ICANN's little WHOIS policing charade. It was obvious to me... just as it was to Garth Bruen... that they (ICANN) were only going through the motions, and even then they were only doing even the minimum that they promised to do only some of the time. Many other times they would just close the cases. It was 100% clear that they just didn't really want to do any of this (WHOIS policing) and that they had only been dragged, kicking and screaming, into lifting a finger at all in this whole area. (Certainly, none of the registrars who pay their salaries wanted to have ICANN hasseling them about the lies told in the WHOIS records by their various criminal and spammer customers.) Also, ICANN did other things to try to disuade people from even filing WHOIS problem reports... I mean above and beyond just making the process as slow, tedious and time consuming as they thought they could get away with, and then also totally ignoring a large percentage of the reports that they ended up receiving anyway, even despite all of the obstacles that they (ICANN) has erected to try to disuade people from even filing them. Whereas ICANN... which is to say the registrars who pay for ICANN's existance... bend over backwards to make it easy for criminals to register domain names with completely fradulent and fictitious identifying information, they were... at least back in 2008... simultaneously INSISTING that anybody who filed a WHOIS problem MUST give them that reporter's true and correct name, e-mail address, etc.... all information which ICANN would then PASS ON to the relevant registrar. The domain registrar would often then, in turn, further pass on the name and e-mail address of the person who had ratted them out to their criminal and spammer customers. I'M NOT MAKING THIS UP! The idea that the spammers who one had just ratted out might turn around and mailbomb you, or DDoS you was not in the least bit far-fetched. In fact, quite the contrary. I'm pretty sure that it actually happened as a direct result of ICANN policies... policies which demanded total honesty from those public-spirited people who were kind enough to report fradulent WHOIS records to ICANN, even as ICANN itself (via its accredited registrars) were busy making sure that the system which allowed crooks and criminals to put any lies they wanted into their WHOIS records would not be materially changed, impacted or disturbed in any meaninful way... except maybe a little bit around the edges... to keep the critics quiet, and to prevent governments from getting involved. I was so outraged at the way that ICANN was setting up its own WHOIS problem reporters for DDoS attacks, that I decided to squawk, loudly, about it at the time... but only after ICANN refused to even acknowledge the problem (in private correspondance to me): http://krebsonsecurity.com/2011/03/whois-problem-reporting-system-to-gain-pr... As you can see, EVEN AFTER this particular bit of ICANN shit had hit the fan (i.e. made it to the press) ICANN still wouldn't even commit to a date by which they would fix the problem. Maybe they eventually did. I never went back to check. By this point in time I had had it, and I had finally and fully realized that ICANN... far from wanting to work to fix the problem... had been actively working and scheming, finding ways to thwart and/or deter anybody from the outside who might want to see WHOIS data become more accurate. That is actually not at all surprising, once one realizes who is actually paying their salaries and who is actually paying to keep the lights on at ICANN, i.e. the registrars, even the best of which are, at best, ambivalent about WHOIS accuracy. Others are knowingly making money from people who they know good and well are filling up the WHOIS data base with complete bullshit. Garth Bruen has seen it. I have seen it. Suresh has seen it. It is silly to try to deny this simple reality anymore. There are just too many witnesses. Regards, rfg
On Mon, 28 Sep 2015 04:52:25 -0700 "Ronald F. Guilmette" <rfg@tristatelogic.com> wrote: <snip so many cool things here>
"Privacy is a right in many jurisdictions". Bullshit.
even when you are having a human shit, there are satellites that can see your thermal ass squatting and squeaking.
Criminals everywhere are very greatful to ICANN.
and to so many ISP's that ignore abuse or that hide behind an image of decency... Spam is not a domain thing, it is an IP thing. So why are we focused on domain names? a name is nothing, it cannot route, a number routes. all this focus on domains are doing is to obfuscate and FUD(dify) the real issue: ISP's should be responsible for their IP ranges (4 and 6) as an African, literally my 1c Andre <snip so many more cool things here>
participants (7)
-
andre@ox.co.za -
Arnold -
David Conrad -
James Gannon -
Marilson -
Michele Neylon - Blacknight -
Ronald F. Guilmette