ICANN's "Money Grab"
Yet more evidence that ICANN is simply serving their masters, the registrars, while shafting the rest of us: http://www.theregister.co.uk/2015/10/27/verisign_warns_new_gtlds_could_desta... Taken together, the new gTLD program, and ICANN's lame and half-hearted "negotiation" of a new (2013) Registrar Accreditation Agreement... an agreement which fully supports business-as-usual, i.e. -ZERO- requirements for registrars to perform any meaningful validation of WHOIS information, ever... should make it clear to anybody who has any lingering doubts that the unregulated monopoly known as ICANN is basically an organization that... if it did not have a lot of powerful friends... would probably be investigated (in the U.S. at least) under the Racketeer Influenced and Corrupt Organizations (RICO) statute. What has this all got to do with network "abuse"? Simple. ICANN has bent itself to the will of its real constituents (the registrars) and made sure that none of them will ever be contractually obligated to ever do anything other than send an e-mail to the contact e-mail address in a disputed domain WHOIS record... e.g. <Mr.Phony.Baloney@hotmail.com>... and then get an affirmative reply back. The registrars are NEVER even required to find fault with even the most ridiculously bogus physical address information (e.g. "123 Planetary Way, Mars, Milky Way, 999999") nor are they ever contractually required to take any action at all if one of their registered domain names has a contact phone number of +9.999999999. Don't believe me? Look it up. It's in the contract (2013 RAA)... plain as day. Why is there so much crime, phishing, hacking, and spamming on the net? Well, you can't catch the criminals and the spammers if you can't find them. And ICANN... or rather the registrars who make ICANN policy on these things... have made sure that NOBODY will ever be able to find any spammer or criminal who doesn't want to be found. OF COURSE they will all swear up and down that they have done this for the benefit of, or at the request of "privacy advocates". It's just a complete coincidence that it also helps them to line their own pockets. And if you believe that, then I have a bridge that I'd like to have you take a look at. Regards, rfg
Ronald There’s little point in pointing out the flaws in your “argument”, as you seem to view any facts that do not fit with your view as being invalid. As has been pointed out to you in the past, the 2013 RAA was NOT welcomed by registrars. Also, you are confusing registries and registrars. If, as a registrar, I sell a domain for EUR10 the bulk of that money goes to the registry NOT my company. Regards Michele -- Mr Michele Neylon Blacknight Solutions Hosting, Colocation & Domains http://www.blacknight.host/ http://blog.blacknight.com/ http://ceo.hosting/ Intl. +353 (0) 59 9183072 Direct Dial: +353 (0)59 9183090 ------------------------------- Blacknight Internet Solutions Ltd, Unit 12A,Barrowside Business Park,Sleaty Road,Graiguecullen,Carlow,Ireland Company No.: 370845 On 28/10/2015, 1:58 a.m., "anti-abuse-wg on behalf of Ronald F. Guilmette" <anti-abuse-wg-bounces@ripe.net on behalf of rfg@tristatelogic.com> wrote:
Yet more evidence that ICANN is simply serving their masters, the registrars, while shafting the rest of us:
http://www.theregister.co.uk/2015/10/27/verisign_warns_new_gtlds_could_desta...
Taken together, the new gTLD program, and ICANN's lame and half-hearted "negotiation" of a new (2013) Registrar Accreditation Agreement... an agreement which fully supports business-as-usual, i.e. -ZERO- requirements for registrars to perform any meaningful validation of WHOIS information, ever... should make it clear to anybody who has any lingering doubts that the unregulated monopoly known as ICANN is basically an organization that... if it did not have a lot of powerful friends... would probably be investigated (in the U.S. at least) under the Racketeer Influenced and Corrupt Organizations (RICO) statute.
What has this all got to do with network "abuse"? Simple. ICANN has bent itself to the will of its real constituents (the registrars) and made sure that none of them will ever be contractually obligated to ever do anything other than send an e-mail to the contact e-mail address in a disputed domain WHOIS record... e.g. <Mr.Phony.Baloney@hotmail.com>... and then get an affirmative reply back. The registrars are NEVER even required to find fault with even the most ridiculously bogus physical address information (e.g. "123 Planetary Way, Mars, Milky Way, 999999") nor are they ever contractually required to take any action at all if one of their registered domain names has a contact phone number of +9.999999999.
Don't believe me? Look it up. It's in the contract (2013 RAA)... plain as day.
Why is there so much crime, phishing, hacking, and spamming on the net? Well, you can't catch the criminals and the spammers if you can't find them. And ICANN... or rather the registrars who make ICANN policy on these things... have made sure that NOBODY will ever be able to find any spammer or criminal who doesn't want to be found. OF COURSE they will all swear up and down that they have done this for the benefit of, or at the request of "privacy advocates". It's just a complete coincidence that it also helps them to line their own pockets.
And if you believe that, then I have a bridge that I'd like to have you take a look at.
Regards, rfg
In message <3469D4B3-C08D-4DFF-A271-587C8EE818DC@blacknight.com>, Michele Neylon - Blacknight <michele@blacknight.com> wrote:
There's little point in pointing out the flaws in your argument, as you seem to view any facts that do not fit with your view as being invalid.
As has been pointed out to you in the past, the 2013 RAA was NOT welcomed by registrars.
Please correct me if I'm wrong, but you, Mr. Neylon, *are* the head of one of the registrar companies that has a direct financial interest in this matter, right? Is that correct is it not? Also, while researching this topic (2013 RAA) I came upon the following document which describes you as having been the "chair of the Registrars Stakeholder Group", which "negotiated" against ICANN the terms of the 2013 RAA contract. Is that true also? http://domainnamewire.com/tag/michele-neylon/ Your opinions on this matter may perhaps have some validity, but you are not exactly a totally uninterested and unbiased observer, are you? In fact, prior to the finalization of the 2013 RAA, you personally were doing all you could to make your views known to the widest possible audience, in particular your view that the responsibilities assigned to registrars, in particular, for insuring the accuracy of WHOIS data should be minimized. You _did_ write the following, didn't you? http://blog.blacknight.com/dont-make-us-treat-our-customers-like-criminals.h... To be clear, in case I wasn't already, I take exception to the extremely weak terms and conditions of the 2013 Registrar Accreditaion Agreement... terms and conditions which, it appears, you yourself negotiated against ICANN to weaken and minimize on behalf of the Registrars Stakeholder Group, of which you were Chairman. Specifically, and in particular, I take exception to the wording of sub-section 1.e of what is humorously called the "WHOIS ACCURACY PROGRAM SPECIFICATION" portion of the 2013 RAA terms and conditions which requires registrars to do the following: e. Validate that all postal address fields are consistent across fields (for example: street exists in city, city exists in state/province, city matches postal code) where such information is technically and commercially feasible for the applicable country or territory. Is this is a joke? Who decides what is or isn't "commercially feasible"? Obviously, the registrars themselves... the foxes guarding the henhouse. So all any registrar has to do in order to opt-out completely from this phony baloney "requirement" is simply to assert the CLAIM that FOR THEM, individually, the above requirement is not "commercially feasible". Is that not correct? How many registrars are actually checking EVEN and ONLY that the postal addresses in WHOIS records are even just valid postal addresses? I am *not* asking how many registrars check that the postal addresses in WHOIS records are actually CORRECT ones for the specific domain registrants who are using them. I am only asking you, Michele Neylon, in your capacity as Chairman of the Registrars Stakeholder Group, to tell me how many of the members of your group are even just checking that the postal addresses in WHOIS records are real, and not entirely bogus? Would that number be zero ? I also take profound exception to the following ridiculous "requirement", which is also present in the 2013 RAA, and which requires registrars to: f. Verify: i. the email address of the Registered Name Holder (and, if different, the Account Holder) by sending an email requiring an affirmative response through a tool-based authentication method such as providing a unique code that must be returned in a manner designated by the Registrar, or ii. the telephone number of the Registered Name Holder (and, if different, the Account Holder) by either (A) calling or sending an SMS to the Registered Name Holder's telephone number providing a unique code that must be returned in a manner designated by the Registrar, or (B) calling the Registered Name Holder's telephone number and requiring the Registered Name Holder to provide a unique code that was sent to the Registered Name Holder via web, email or postal mail. Simple question: Why is this an either/or? Why aren't registrars required make at least some effort to validate BOTH the WHOIS contact e-mail address AND also the WHOIS contact phone number? You yourself, Mr. Neylon, negotiated against ICANN for the inclusion of this language into the 2013 RAA, so perhaps you can explain to us all why the registrars aren't required to lift a finger to validate the phone numbers that appear in WHOIS records. I, for one, would really like to hear you try to explain that. I understand that you have a *political* (and financially incentivized) viewpoint that domain registrants should be able to remain secretive and anonymous, regardless of whether or not that is in the best interests of the 2+ billion ordinary (and honest) users of the internet. And it would appear that you and your fellow registrars were able to prevail in this argument, and in this political viewpoint, specifically when you were negotiating the terms and conditions of the 2013 RAA against ICANN. What I don't understand is why there is all of this pretense in the RAA to make it *appear* as if there really are some requirements imposed upon domain registrars to do some work to validate WHOIS information, when in fact, the plain language of the 2013 RAA, as quoted above, makes it abundantly clear that in fact, your group, the registrars, are only required to do the absolute bare minimum, and to look only at the WHOIS contact e-mail addresses... data values that are provably useless for actually identifying the domain registrant. So why all of the pretense? Why didn't the 2013 RAA just simply state the obvious truth, i.e. that "Registrars are only required to make an effort to validate JUST the e-mail address" ? You negotiated the 2013 RAA Mr. Neylon. Please explain. Regards, rfg
On 30/10/2015, 7:37 p.m., "anti-abuse-wg on behalf of Ronald F. Guilmette" <anti-abuse-wg-bounces@ripe.net on behalf of rfg@tristatelogic.com> wrote:
In message <3469D4B3-C08D-4DFF-A271-587C8EE818DC@blacknight.com>, Michele Neylon - Blacknight <michele@blacknight.com> wrote:
There's little point in pointing out the flaws in your argument, as you seem to view any facts that do not fit with your view as being invalid.
As has been pointed out to you in the past, the 2013 RAA was NOT welcomed by registrars.
Please correct me if I'm wrong, but you, Mr. Neylon, *are* the head of one of the registrar companies that has a direct financial interest in this matter, right? Is that correct is it not?
Blacknight is a registrar and hosting provider.
Also, while researching this topic (2013 RAA) I came upon the following document which describes you as having been the "chair of the Registrars Stakeholder Group", which "negotiated" against ICANN the terms of the 2013 RAA contract. Is that true also?
Not really. I am currently the Chair of the Registrar Stakeholder Group. I was not Chair during the negotiations of the 2013 RAA so I was not directly involved in the negotiations with ICANN
http://domainnamewire.com/tag/michele-neylon/
Your opinions on this matter may perhaps have some validity, but you are not exactly a totally uninterested and unbiased observer, are you?
I never said I was.
In fact, prior to the finalization of the 2013 RAA, you personally were doing all you could to make your views known to the widest possible audience, in particular your view that the responsibilities assigned to registrars, in particular, for insuring the accuracy of WHOIS data should be minimized. You _did_ write the following, didn't you?
Yes of course I did
http://blog.blacknight.com/dont-make-us-treat-our-customers-like-criminals.h...
To be clear, in case I wasn't already, I take exception to the extremely weak terms and conditions of the 2013 Registrar Accreditaion Agreement... terms and conditions which, it appears, you yourself negotiated against ICANN to weaken and minimize on behalf of the Registrars Stakeholder Group, of which you were Chairman.
As already stated I wasn’t Chair.
Specifically, and in particular, I take exception to the wording of sub-section 1.e of what is humorously called the "WHOIS ACCURACY PROGRAM SPECIFICATION" portion of the 2013 RAA terms and conditions which requires registrars to do the following:
e. Validate that all postal address fields are consistent across fields (for example: street exists in city, city exists in state/province, city matches postal code) where such information is technically and commercially feasible for the applicable country or territory.
Is this is a joke? Who decides what is or isn't "commercially feasible"? Obviously, the registrars themselves... the foxes guarding the henhouse. So all any registrar has to do in order to opt-out completely from this phony baloney "requirement" is simply to assert the CLAIM that FOR THEM, individually, the above requirement is not "commercially feasible". Is that not correct?
How many registrars are actually checking EVEN and ONLY that the postal addresses in WHOIS records are even just valid postal addresses?
I am *not* asking how many registrars check that the postal addresses in WHOIS records are actually CORRECT ones for the specific domain registrants who are using them. I am only asking you, Michele Neylon, in your capacity as Chairman of the Registrars Stakeholder Group, to tell me how many of the members of your group are even just checking that the postal addresses in WHOIS records are real, and not entirely bogus?
Would that number be zero ?
I also take profound exception to the following ridiculous "requirement", which is also present in the 2013 RAA, and which requires registrars to:
f. Verify:
i. the email address of the Registered Name Holder (and, if different, the Account Holder) by sending an email requiring an affirmative response through a tool-based authentication method such as providing a unique code that must be returned in a manner designated by the Registrar, or
ii. the telephone number of the Registered Name Holder (and, if different, the Account Holder) by either (A) calling or sending an SMS to the Registered Name Holder's telephone number providing a unique code that must be returned in a manner designated by the Registrar, or (B) calling the Registered Name Holder's telephone number and requiring the Registered Name Holder to provide a unique code that was sent to the Registered Name Holder via web, email or postal mail.
Simple question: Why is this an either/or? Why aren't registrars required make at least some effort to validate BOTH the WHOIS contact e-mail address AND also the WHOIS contact phone number?
You yourself, Mr. Neylon, negotiated against ICANN for the inclusion of this language into the 2013 RAA, so perhaps you can explain to us all why the registrars aren't required to lift a finger to validate the phone numbers that appear in WHOIS records.
I, for one, would really like to hear you try to explain that.
I understand that you have a *political* (and financially incentivized) viewpoint that domain registrants should be able to remain secretive and anonymous, regardless of whether or not that is in the best interests of the 2+ billion ordinary (and honest) users of the internet. And it would appear that you and your fellow registrars were able to prevail in this argument, and in this political viewpoint, specifically when you were negotiating the terms and conditions of the 2013 RAA against ICANN. What I don't understand is why there is all of this pretense in the RAA to make it *appear* as if there really are some requirements imposed upon domain registrars to do some work to validate WHOIS information, when in fact, the plain language of the 2013 RAA, as quoted above, makes it abundantly clear that in fact, your group, the registrars, are only required to do the absolute bare minimum, and to look only at the WHOIS contact e-mail addresses... data values that are provably useless for actually identifying the domain registrant.
So why all of the pretense? Why didn't the 2013 RAA just simply state the obvious truth, i.e. that "Registrars are only required to make an effort to validate JUST the e-mail address" ?
You negotiated the 2013 RAA Mr. Neylon. Please explain.
Regards, rfg
In message <1D15A23E-6695-4770-892C-D5FF0197AC82@blacknight.com>, Michele Neylon - Blacknight <michele@blacknight.com> wrote:
I am currently the Chair of the Registrar Stakeholder Group. I was not Chair during the negotiations of the 2013 RAA so I was not directly involved in the negotiations with ICANN
Alright. But were you a _member_ of the Registrar Stakeholder Group during the time leading up to the finalization of the 2013 RAA, no? You would agree, would you not, that the Registrar Stakeholder Group did in fact negotiate against ICANN as it was attempting to finalize the terms and conditions of the 2013 RAA? Given the lack of response, I am forced to reiterate the key questions from my last posting: 1) An un-careful reading of the terms and conditions of the 2013 RAA contract _seems_ to suggests that registrars are expected to make at least _some_ effort to at least verify that the mailing address fields of WHOIS records are real, and that they are not just associated with some address on the planet Pluto. But a careful reading of this same section (1.e) of the 2013 RAA shows that in fact this is false, and that any registrar can easily weasel out of this ``requirement'' by claiming (without proof) financial hardship. You sir, are the current head of the Registrar Stakeholder Group. How many of the registrars who are members of your group ARE actually checking the validity of the mailing address portion of the WHOIS records for the domains they register? Any? Any at all? Even one? If anyone should be able to answer this question, you should. 2) With respect to _both_ section 1.e 1nd 1.f of the 2013 RAA contract, as I previously asked: Why all of the pretense? Why didn't the 2013 RAA just simply state the obvious truth, i.e. that "Registrars are only required to make an effort to validate JUST the e-mail address" ? Have both your group, the Registrar Stakeholder Group, and ICANN simply tried, half-heartedly. to make it _appear_ (to casual observers) that either one of you actually gives a damn about WHOIS accuracy, when in fact, the opposite is closer to the truth? Regards, rfg
participants (2)
-
Michele Neylon - Blacknight -
Ronald F. Guilmette