ICANN/GNSO GNSO Email List Archives

[council]


<<< Chronological Index >>>    <<< Thread Index >>>

Re: [council] A secret email address between registrar and registrant, please (WAS: RE: [gnso-dow123] RE: [council] RE: WHOIS combined task force call 1 March 2005)

  • To: Marc Schneiders <marc@xxxxxxxxxxxxxx>
  • Subject: Re: [council] A secret email address between registrar and registrant, please (WAS: RE: [gnso-dow123] RE: [council] RE: WHOIS combined task force call 1 March 2005)
  • From: Carlos Afonso <ca@xxxxxxxxxxx>
  • Date: Wed, 02 Mar 2005 17:22:51 -0300
  • Cc: Tim Ruiz <tim@xxxxxxxxxxx>, "'Neuman, Jeff'" <Jeff.Neuman@xxxxxxxxxx>, "'Marilyn Cade'" <marilynscade@xxxxxxxxxxx>, "'Bruce Tonkin'" <Bruce.Tonkin@xxxxxxxxxxxxxxxxxx>, "'Chris Disspain'" <ceo@xxxxxxxxxxx>, gnso-dow123@xxxxxxxxxxxxxx, council@xxxxxxxxxxxxxx, "'Maria Farrell'" <maria.farrell@xxxxxxxxx>
  • In-reply-to: <20050302183234.K62183-100000@voo.doo.net>
  • References: <20050302183234.K62183-100000@voo.doo.net>
  • Sender: owner-council@xxxxxxxxxxxxxx
  • User-agent: Mozilla Thunderbird 1.0 (X11/20041206)

Marc, I agree. Publishing the main contact addresses is the main reason their holders never reply to a message -- a probable symptom they are not being able to handle the spam overflow.

So, definitely, the "secret" registry/tar - registrant email should be implemented. However, there remains the problem of not being able to contact an Internet provider once a serious phishing schema, for example, is detected as coming from its network, since they are seemingly ignoring all messages coming to their published email addresses.

--c.a.

Marc Schneiders wrote:

I was pretty sympathetic to the proposal (if I understoord it right)
of Tim, vid. that only the registrar would have the authoritative
email address of the registrant, which would NOT be displayed in
whois. As we all know all email addresses displayed in whois are
spammed to death. As a result email to this address will in due course
be impossible to read or monitor. Consequently the poor registrant
will not see the reminder to renew. Nor the message that her domain
will be transferred to a hijacker through another registrar.

IN SHORT: I strongly urge us all to create a method, where the
authoritative email for transfers and the like is NOT in whois.  Not
for .com nor for the thick registries. This is essential in this age
of spam.

I have some domains and I am forced to accept some 300 spam messages a
day and to go through them each day. One of these may be a reminder to
renew...

This can so easily be changed: A 'secret' email address for
communication between registrar and registrant. As an option this
should be introduced soon.

On Mon, 28 Feb 2005, at 11:53 [=GMT-0600], Tim Ruiz wrote:

Jeff,

You're right. We do not have any problems with thick registry TLDs in this
regard. But don't take this as an endorsement, or non-endorsement, of the
thick registry model in any way :)

Tim


-----Original Message-----
From: Neuman, Jeff [mailto:Jeff.Neuman@xxxxxxxxxx]
Sent: Monday, February 28, 2005 11:50 AM
To: Marilyn Cade; Tim Ruiz; Bruce Tonkin
Cc: Chris Disspain; gnso-dow123@xxxxxxxxxxxxxx; council@xxxxxxxxxxxxxx;
Maria Farrell
Subject: RE: [gnso-dow123] RE: [council] RE: WHOIS combined task force call
1 March 2005

For the record, each of the "thick registries" are required to display the
e-mail of the registrant even though registrars are not required.  For the
thick registries, the solution may be a simple reliance on the registries
whois database rather than the registrars.  I believe the transfer policy
does mention that.   Of course that does not solve the problems with respect
to .com and currently .net (although several bidders for .net did propose a
thick registry).

Jeff

-----Original Message-----
From: owner-gnso-dow123@xxxxxxxxx [mailto:owner-gnso-dow123@xxxxxxxxx]On
Behalf Of Marilyn Cade
Sent: Monday, February 28, 2005 12:34 PM
To: 'Tim Ruiz'; 'Bruce Tonkin'
Cc: 'Chris Disspain'; gnso-dow123@xxxxxxxxxxxxxx;
council@xxxxxxxxxxxxxx; 'Maria Farrell'
Subject: RE: [gnso-dow123] RE: [council] RE: WHOIS combined task force
call 1 March 2005


Thanks, both Bruce and Tim.

I am sure the TF would be happy to invite Chris. We are also interested in
inviting cc's from Latin America, so we can ask Chris for possible
circulation of a request to the cc's from Latin America as well. That way,
we will hear from several countries. I'll put this on the TF agenda tomorrow
as another possible guest speaker for the next set of calls, which will have
to probably be after Mar de Plata, given all that is on our plates. We also
need to hear from governmental agencies about their uses and views, and we
haven't gotten around to identifying that set of invitees yet. In the past,
in WHOIS panels, etc., we have invites a range of consumer protection;
privacy, law enforcement, etc.

Tim, your point about transfers and its reliance on the email of the
registrant is interesting.  Does this show up in the report of the ICANN
staff as one of the problem areas that is emerging/internally disputed
transfers... sounds like perhaps the technical contact might be the ISP, for
instance, and they do a transfer, and the actual registrant isn't informed,
or doesn't agree, and then disputes? What a nightmare for the registrar!

Maria, would you ask Tim Cole/Kurt Pritz when the report that Kurt discussed
on the last Council call will be actually published? I know it wasn't quite
final when he reported on it, but I assume is forthcoming... just useful to
know of when to expect it.
Thanks, MC

-----Original Message-----
From: owner-gnso-dow123@xxxxxxxxx [mailto:owner-gnso-dow123@xxxxxxxxx] On
Behalf Of Tim Ruiz
Sent: Monday, February 28, 2005 5:21 AM
To: Bruce Tonkin
Cc: Chris Disspain; gnso-dow123@xxxxxxxxxxxxxx; council@xxxxxxxxxxxxxx
Subject: RE: [gnso-dow123] RE: [council] RE: WHOIS combined task force call
1 March 2005

I'd like to point out an issue with the current (new) transfer process
that needs to be considered here.

Right now, there is no requirement to display the email address of the
Registrant in the Whois of gTLDs. So most gaining registrars use the
email address of the Administrative Contact to confirm transfer
requests. The problem we have seen, and I am sure others as well to one
degree or another, is that even after a "good" transfer is completed
(confirmed by the Administrative Contact), the Registrant sometimes
comes forward and says they did not authorize it. Under the current
policy, we have to reverse the transfer or risk going into a dispute
that the gaining registrar will lose and pay for.

Since the Registrant has ultimate authority over a transfer, and that
makes sense, then their email address should at least be available to
Registrars in any tiered access model. At least as long as the transfer
policy is what it is.

Tim


-------- Original Message --------
Subject: [gnso-dow123] RE: [council] RE: WHOIS combined task force call
1 March 2005
From: "Bruce Tonkin" <Bruce.Tonkin@xxxxxxxxxxxxxxxxxx>
Date: Sun, February 27, 2005 10:48 pm
To: council@xxxxxxxxxxxxxx
Cc: "Chris Disspain" <ceo@xxxxxxxxxxx>, gnso-dow123@xxxxxxxxxxxxxx

Hello Marilyn,

We are also still looking for cc's who use a form of tiered access.
The WHOIS task force may wish to invite Chris Disspain, the CEO of .au
Domain Administration (auDA) which is the policy body for .au, to
explain the mechanism used in Australia.

au uses a tiered access structure.

There are three tiers.

(1) public access (see http://whois.ausregistry.com.au/ ), which
provides the following information:

Domain Name:
Last Modified:
Registrar ID:
Registrar Name:
Status:
Registrant name:
Registrant ID:
Registrant ROID:
Registrant Contact Name:
Registrant Email:
Tech ID:
Tech Name:
Tech Email:
Name Server:
Name Server IP:
Name Server:
Name Server IP:

(2) Registrar access.  A registrar can access the full records for the
names under their management, and can also access other registry
records, if the registrant provides them with an access password
(auth_info).  The access password is typically provided by a registrant
that wishes to transfer to the registrar.  The registrar is able to
retrieve the full record as part of the process of authenticating the
transfer request.

(3) Law enforcement access.  An Australian law enforcement agency may
make a request to auDA for access to particular records in writing.
auDA has full access to all records for this purpose.


Regards,
Bruce Tonkin
Registrars representative on the GNSO Council







--
++++++++++++++++++++++++++++++++++++++++++++++++
Carlos Afonso
diretor de planejamento
Rede de Informações para o Terceiro Setor - Rits
Rua Guilhermina Guinle, 272, 6º andar - Botafogo
Rio de Janeiro RJ - Brasil         CEP 22270-060
tel +55-21-2527-5494        fax +55-21-2527-5460
ca@xxxxxxxxxxx            http://www.rits.org.br
++++++++++++++++++++++++++++++++++++++++++++++++






<<< Chronological Index >>>    <<< Thread Index >>>