RE: Re[2]: [ga] domain tastinmg comments

[Shane Kinsch <shane.kinsch@xxxxxxxxxxxxx>]

It's sufficient for us.  5 days is all we need to identify someone trying to
register "welsfarg0.com" and get our money back.

Shane

 

From: Dominik Filipp [mailto:dominik.filipp@xxxxxxxx] 
Sent: Thursday, March 27, 2008 5:03 AM
To: Shane Kinsch; chris@xxxxxx
Cc: ga@xxxxxxxxxxxxxx
Subject: RE: Re[2]: [ga] domain tastinmg comments

 

In the current GNSO Issues Report on Domain Tasting at
http://gnso.icann.org/issues/domain-tasting/gnso-domain-tasting-report-14jun
07.pdf page 20, it reads

 

"AGP can also be used by registrars to correct system errors. For example,
if names are erroneously added at the registry, the fees can be refunded to
the registrar if the names are deleted during the AGP. AGP may help
registrars recover some losses from failed payment transactions or fraud
cases, although many of these types of scenarios extend beyond the first
five days of registration."

 

The last sentence clearly states that in general sense the initial 5-day
period after registration is insufficient for identification and recovery
from fraudulent charges.

 

Dominik

 

  _____  

From: owner-ga@xxxxxxxxxxxxxx [mailto:owner-ga@xxxxxxxxxxxxxx] On Behalf Of
Shane Kinsch
Sent: Wednesday, March 26, 2008 5:10 PM
To: chris@xxxxxx
Cc: ga@xxxxxxxxxxxxxx
Subject: RE: Re[2]: [ga] domain tastinmg comments

Chris,

As a Registrar, we pay for the domain name from our Registry account.  If
the perp uses a stolen credit card, we're out of the registration cost for
that domain, not the perp, not the credit card holder, the registrar is.  If
we (the registrar) catches this within the AGP, we get our money back too.

This goes for any suspicious activity caught by our internal fraud systems
as well, to closer look at registrations that have suspicious behavior in
the purchasing process.  Closer looks at registrations may result in
registrations that look like phishing names as well.  When domains are
registered, funds are immediately withdrawn from our Registry account and we
get to make contact/verify the registration manually within the AGP.  If
we're not able to make contact or verify manually after the name has already
been registered, then we can cancel the registration.  i.e. wellsfarg0.com,
etc. 

I, like the credit card holder, want our money back as well.

Shane

 

From: owner-ga@xxxxxxxxxxxxxx [mailto:owner-ga@xxxxxxxxxxxxxx] On Behalf Of
chris@xxxxxx
Sent: Wednesday, March 26, 2008 10:11 AM
To: Shane Kinsch; 'Karl Peters - TLDA'
Cc: ga@xxxxxxxxxxxxxx
Subject: Re: Re[2]: [ga] domain tastinmg comments

 

How does the AGP help you recover funds from someone using a stolen credit
card? That is a totally seperate issue and nothing at all to do with the
AGP. If someone registers a name with a stolen credit card, you take the
names back as soon as you know that it was a fraudulent charge I assume. I
just don't see what the AGP has to do with people using stolen credit cards
to pay for domain names. You are not holdiung the domain name for 5 days to
see if the credit card was good or not. They get their domain name right
away. Please explain the relationship between stolen credit cards and the
AGP.

 

Chris McElroy

 

----- Original Message ----- 

From: Shane <mailto:shane.kinsch@xxxxxxxxxxxxx>  Kinsch 

To: 'Karl <mailto:tlda@xxxxxxxxxxxxxxxxxxx>  Peters - TLDA' 

Cc: ga@xxxxxxxxxxxxxx 

Sent: Tuesday, March 25, 2008 1:10 PM

Subject: RE: Re[2]: [ga] domain tastinmg comments

 

"What other mechanism would allow for this without actually registering the
domain for a year?  Please also answer my challenge about a company that
actually tasted hundreds of domains for their own end use and decided in a
few days which ones were not needed."

There is no other mechanism for people to do this and I doubt anything is
documented about a company that has sampled hundreds of domains for their
own use, but it's possible.  One purpose of the AGP is for the Registrars to
recoup their expenses from a fraudulent or wrong registration.  This was
open-ended and allowed for mass abuse.  Therefore, limiting the number of
free-ride drops needs to be changed to a low percentage.  That way, as
stated before, will take care of Registrars, like myself, who does not want
to eat the cost of a perp who registers 100 names on a stolen credit card.

Shane

From: owner-ga@xxxxxxxxxxxxxx [mailto:owner-ga@xxxxxxxxxxxxxx] On Behalf Of
Karl Peters - TLDA
Sent: Tuesday, March 25, 2008 11:41 AM
To: ga@xxxxxxxxxxxxxx; Shane Kinsch
Cc: jwkckid1@xxxxxxxxxxxxx
Subject: Re[2]: [ga] domain tastinmg comments

 

 

> Karl as far as what you went through, thats a whole difference scenario
and Is really a scam in that aspect, but easy to fulfill.  The scammer will
just search the .org/.net database, index it, and compare any existing
registered .net/.org domains and register the corresponding .com (as in your
case).  Send out an automatic email stating that they want to sell you the
domain and charge you a hideous fee ($295) for the services.  I personally
dont see that as tasting but on the lines of extorting.  Tasting is where
the perp samples the traffic and keeps it if they see it valuable.  Its one
thing whether or not they contact you.  If they register and taste it vs.
register and extort it are two different birds.

>  

> Shane

 

Shane,

       Yes, it may be a different application of tasting, but it was a clear
derivative of tasting, in that during the time of the "offer to sell", the
domain was not available and one week later, it was. What other mechanism
would allow for this without actually registering the domain for a year?
Please also answer my challenge about a company that actually tasted
hundreds of domains for their own end use and decided in a few days which
ones were not needed. This is important, because the only examples of this
"tasting" people can see is the very negative aspect. Please show me people
or companies that actually use it as designed.

 

-Karl E. Peters