ICANNs role [was: Re: On-going ...]

> The one concrete suggestion I've seen is to induce a delay in zone
> creation and publish a list of newly created names within the zone.
> The problem with this is that is sort of assumes:

What are your thoughts on basic suggestions such as:
1. Allowing registrars to terminate domains based on abuse, rather than
just fake contact details.

This is very, very dangerous. Registrars such as GoDaddy who have tried
this could be well-meaning, but are not in the correct position to be able
to reliably determine what is going on.

What constitutes abuse? You received a spam message with our domain
forged in the headers? You received a spam message with one of our IP's
and domain names forged in the headers (this is becoming common)? You
received one actual spam because some customer installed their own web-to-
mail script on the web server and it got 0wn3d? Someone got their web
server here 0wn3d and it is acting as a controller for pr0n/etc spam
spewing bots?

What constitutes a fraudulent registration? No phone number? An old
phone number? A current phone number where the SIP registration has
failed because the VoIP provider made some changes? A current phone
number that isn't answered? No address? An old address? And so on...

I'll remind you that in all of these cases, removing a domain name is
not going to be mitigation. It might *feel* good but it has the potential
to do lots of damage for little result.

Is there a difference between a decade-old domain with contact information
where a web server got hacked, and a 1-day old domain with garbage for
contact information that was set up explicitly for Bad Stuff? How do you

5. Enforcing that registrars act in say, not a whitehat fashion, but a
not blackhat fashion?

"Whitehat" does not mean what many seem to think. A whitehat would have
the philosophy of trying to take the course of action that was the most
equitable and did the least amount of harm possible. Many people have
equated "whitehat" to mean "we nuke things when problems are reported,"
and that isn't whitehat - that's simply stupidly malicious.

I would go so far as to call the reported behaviour of registrars such as
GoDaddy to be virtually blackhat. Look at this crud:


So, *knowing* that the contact e-mail wasn't working, they sent requests
for current contact info *to* the broken contact e-mail. When they didn't
get a response, they then didn't bother calling or writing via snail mail,
which were apparently valid, but instead cancelled the domain and then
sold it to someone who had paid for backorder, so they've collected twice
for the domain *and* then also for the backorder.

Profitable for them. As far as I'm concerned, also highly unethical.

A whitehat would have called. A whitehat would have written a letter. A
whitehat would have even gone to the web site to look for further contact
info. A whitehat that felt action was mandatory would have suspended the
domain (not redirected, merely suspended) as a way to try to get the
domain holder to contact.

This is essentially a big loophole in GoDaddy can probably make
a reasonably valid claim that they followed the ICANN policy, and yet it
is obvious that they didn't really do anything sensible in this case.

So to get back to Gadi's point #1, if they can't even do a reasonable job
of terminating for incorrect information in domain registrations, do we
really want registrars trying to handle abuse? (Note that GoDaddy has
some bad history here too, see seclists.org for example).

... JG

Yup! One was registered a day ago and is now sending out loads of spaff.

Best people to know which domains are involved in sending out spaff? Hotmail?
Yahoo? AOL? Google? You know, those people who run millions and millions of
email accounts and can do rather scary statistical analysis on email..

I wonder if any of the above would be interested in reporting spam-sending
hosts, URLs involved in spam/phish/scam/etc/ to a public group (or semi-public
group - open to join, but not publicly published) who could start working
on feeding these domains back to registrars?