Re: [council] A secret email address between registrar and registrant, please (WAS: RE: [gnso-dow123] RE: [council] RE: WHOIS combined task force call 1 March 2005)
Marc, I agree. Publishing the main contact addresses is the main reason their holders never reply to a message -- a probable symptom they are not being able to handle the spam overflow. So, definitely, the "secret" registry/tar - registrant email should be implemented. However, there remains the problem of not being able to contact an Internet provider once a serious phishing schema, for example, is detected as coming from its network, since they are seemingly ignoring all messages coming to their published email addresses. --c.a. Marc Schneiders wrote: I was pretty sympathetic to the proposal (if I understoord it right) of Tim, vid. that only the registrar would have the authoritative email address of the registrant, which would NOT be displayed in whois. As we all know all email addresses displayed in whois are spammed to death. As a result email to this address will in due course be impossible to read or monitor. Consequently the poor registrant will not see the reminder to renew. Nor the message that her domain will be transferred to a hijacker through another registrar. IN SHORT: I strongly urge us all to create a method, where the authoritative email for transfers and the like is NOT in whois. Not for .com nor for the thick registries. This is essential in this age of spam. I have some domains and I am forced to accept some 300 spam messages a day and to go through them each day. One of these may be a reminder to renew... This can so easily be changed: A 'secret' email address for communication between registrar and registrant. As an option this should be introduced soon. On Mon, 28 Feb 2005, at 11:53 [=GMT-0600], Tim Ruiz wrote:Jeff, You're right. We do not have any problems with thick registry TLDs in this regard. But don't take this as an endorsement, or non-endorsement, of the thick registry model in any way :) Tim -----Original Message----- From: Neuman, Jeff [mailto:Jeff.Neuman@xxxxxxxxxx] Sent: Monday, February 28, 2005 11:50 AM To: Marilyn Cade; Tim Ruiz; Bruce Tonkin Cc: Chris Disspain; gnso-dow123@xxxxxxxxxxxxxx; council@xxxxxxxxxxxxxx; Maria Farrell Subject: RE: [gnso-dow123] RE: [council] RE: WHOIS combined task force call 1 March 2005 For the record, each of the "thick registries" are required to display the e-mail of the registrant even though registrars are not required. For the thick registries, the solution may be a simple reliance on the registries whois database rather than the registrars. I believe the transfer policy does mention that. Of course that does not solve the problems with respect to .com and currently .net (although several bidders for .net did propose a thick registry). Jeff -----Original Message----- From: owner-gnso-dow123@xxxxxxxxx [mailto:owner-gnso-dow123@xxxxxxxxx]On Behalf Of Marilyn Cade Sent: Monday, February 28, 2005 12:34 PM To: 'Tim Ruiz'; 'Bruce Tonkin' Cc: 'Chris Disspain'; gnso-dow123@xxxxxxxxxxxxxx; council@xxxxxxxxxxxxxx; 'Maria Farrell' Subject: RE: [gnso-dow123] RE: [council] RE: WHOIS combined task force call 1 March 2005 Thanks, both Bruce and Tim. I am sure the TF would be happy to invite Chris. We are also interested in inviting cc's from Latin America, so we can ask Chris for possible circulation of a request to the cc's from Latin America as well. That way, we will hear from several countries. I'll put this on the TF agenda tomorrow as another possible guest speaker for the next set of calls, which will have to probably be after Mar de Plata, given all that is on our plates. We also need to hear from governmental agencies about their uses and views, and we haven't gotten around to identifying that set of invitees yet. In the past, in WHOIS panels, etc., we have invites a range of consumer protection; privacy, law enforcement, etc. Tim, your point about transfers and its reliance on the email of the registrant is interesting. Does this show up in the report of the ICANN staff as one of the problem areas that is emerging/internally disputed transfers... sounds like perhaps the technical contact might be the ISP, for instance, and they do a transfer, and the actual registrant isn't informed, or doesn't agree, and then disputes? What a nightmare for the registrar! Maria, would you ask Tim Cole/Kurt Pritz when the report that Kurt discussed on the last Council call will be actually published? I know it wasn't quite final when he reported on it, but I assume is forthcoming... just useful to know of when to expect it. Thanks, MC -----Original Message----- From: owner-gnso-dow123@xxxxxxxxx [mailto:owner-gnso-dow123@xxxxxxxxx] On Behalf Of Tim Ruiz Sent: Monday, February 28, 2005 5:21 AM To: Bruce Tonkin Cc: Chris Disspain; gnso-dow123@xxxxxxxxxxxxxx; council@xxxxxxxxxxxxxx Subject: RE: [gnso-dow123] RE: [council] RE: WHOIS combined task force call 1 March 2005 I'd like to point out an issue with the current (new) transfer process that needs to be considered here. Right now, there is no requirement to display the email address of the Registrant in the Whois of gTLDs. So most gaining registrars use the email address of the Administrative Contact to confirm transfer requests. The problem we have seen, and I am sure others as well to one degree or another, is that even after a "good" transfer is completed (confirmed by the Administrative Contact), the Registrant sometimes comes forward and says they did not authorize it. Under the current policy, we have to reverse the transfer or risk going into a dispute that the gaining registrar will lose and pay for. Since the Registrant has ultimate authority over a transfer, and that makes sense, then their email address should at least be available to Registrars in any tiered access model. At least as long as the transfer policy is what it is. Tim -------- Original Message -------- Subject: [gnso-dow123] RE: [council] RE: WHOIS combined task force call 1 March 2005 From: "Bruce Tonkin" <Bruce.Tonkin@xxxxxxxxxxxxxxxxxx> Date: Sun, February 27, 2005 10:48 pm To: council@xxxxxxxxxxxxxx Cc: "Chris Disspain" <ceo@xxxxxxxxxxx>, gnso-dow123@xxxxxxxxxxxxxx Hello Marilyn,We are also still looking for cc's who use a form of tiered access.The WHOIS task force may wish to invite Chris Disspain, the CEO of .au Domain Administration (auDA) which is the policy body for .au, to explain the mechanism used in Australia. au uses a tiered access structure. There are three tiers. (1) public access (see http://whois.ausregistry.com.au/ ), which provides the following information: Domain Name: Last Modified: Registrar ID: Registrar Name: Status: Registrant name: Registrant ID: Registrant ROID: Registrant Contact Name: Registrant Email: Tech ID: Tech Name: Tech Email: Name Server: Name Server IP: Name Server: Name Server IP: (2) Registrar access. A registrar can access the full records for the names under their management, and can also access other registry records, if the registrant provides them with an access password (auth_info). The access password is typically provided by a registrant that wishes to transfer to the registrar. The registrar is able to retrieve the full record as part of the process of authenticating the transfer request. (3) Law enforcement access. An Australian law enforcement agency may make a request to auDA for access to particular records in writing. auDA has full access to all records for this purpose. Regards, Bruce Tonkin Registrars representative on the GNSO Council -- ++++++++++++++++++++++++++++++++++++++++++++++++ Carlos Afonso diretor de planejamento Rede de Informações para o Terceiro Setor - Rits Rua Guilhermina Guinle, 272, 6º andar - Botafogo Rio de Janeiro RJ - Brasil CEP 22270-060 tel +55-21-2527-5494 fax +55-21-2527-5460 ca@xxxxxxxxxxx http://www.rits.org.br ++++++++++++++++++++++++++++++++++++++++++++++++
|