<<<
Chronological Index
>>> <<<
Thread Index
>>>
Re: [ga] Tasting and other errant or illegal registration activity, was: Re: [ga] List Rules
- To: <chris@xxxxxx>, "Neuman, Jeff" <Jeff.Neuman@xxxxxxxxxx>, "Jeffrey A. Williams" <jwkckid1@xxxxxxxxxxxxx>
- Subject: Re: [ga] Tasting and other errant or illegal registration activity, was: Re: [ga] List Rules
- From: "Elisabeth Porteneuve" <elisabeth.porteneuve@xxxxxxxxxxxx>
- Date: Wed, 2 Apr 2008 21:29:53 +0200
Now, that we learned not only about the dark side of the moon, but also
about kiting - many thanks Chris for a very clear explanation - my question
is: is the recent increase of prices by VeriSign related to the necessity to
face permanent kiting kind-of denial of service attacks? Billions fake
registrations, billions deletes, it all requests for huge databases, robust
servers, much bigger than the normal data processing.
If the price increase by VeriSign is to cover the kiting, then those who
generate that volume must pay for their games. Not the end registrant.
Incidentally it means ICANN failed in its mission - they knew about kiting
since 2004, and they even did not hire a mathematician to observe tendencies
in registration, and provide them with adequate analysis?
Kind regards,
Elisabeth Porteneuve
----- Original Message -----
From: chris@xxxxxx
To: Neuman, Jeff ; Jeffrey A. Williams ; Elisabeth Porteneuve
Cc: ga@xxxxxxxxxxxxxx
Sent: Wednesday, April 02, 2008 7:51 PM
Subject: Re: [ga] Tasting and other errant or illegal registration activity,
was: Re: [ga] List Rules
Thank you Jeff. FYI, I would really like this to be resolved. I am not just
against registrars, registries, and ICANN. I am simply going by ICANN's past
history and performance when it comes to these type of issues when referring
to it. If there is mistrust, there is good reason.
Actaully what Bob is referring to IS kiting and not tasting. Tasting is when
anyone uses the AGP to try out a domain name. Kiting happens when they work
with others so that person number 2 picks it right back up for another 5
days, person 3 does the same, and so on and so on. That domain name is not
off the market for 5 days. It is off the market for an indeterminate amount
of time depending on the size of their network.
Tim is a good guy and I respect his opinion as I do yours Jeff. However, I
have to wonder if he is choosing this because it is at least a good start or
if he actually believes this will solve the problem.
The evidence you ask for cannot exist and I assume that is a rhetorical
question. It's like going into a lab and finding an unlimited button and
someone says I wonder what this does. We cannot know until you push the
button.
However I do know that if the AGP did not exist, it would solve the problem.
That is fact. Indisputable. So choosing that solution will definitely solve
the problem and the other method "might" solve the problem or at least we do
not have proof that it won't solve the problem, so you would rather choose
the "might" method. I would rather choose the definite method.
You do agree that we can "prove" that the elimination of the AGP will stop
the abuse of same right?
And Jeff, I do appreciate the dialogue. We may disagree, but I do not mean
any of it as a personal attack on anyone. I have to work for clients who
want better domain names and many of those are not available due to tasting
and kiting being allowed for this long.
Chris McElroy
----- Original Message -----
From: Neuman, Jeff
To: chris@xxxxxx ; Jeffrey A. Williams ; Elisabeth Porteneuve
Cc: ga@xxxxxxxxxxxxxx
Sent: Wednesday, April 02, 2008 1:06 PM
Subject: RE: [ga] Tasting and other errant or illegal registration activity,
was: Re: [ga] List Rules
Thank you for this.
FYI, Tim Ruiz, who is in senior management at GoDaddy was on the drafting
committee and supports the motion. The motion proposes to end the types of
abuses Bob is talking about. However, I will note for the record that what
Bob calls kiting is not actually kiting, but rather tasting. Big
difference.
My question still remains. If the motion goes through and is implemented,
what evidence is there that this will not stop the AGP abuses?
With respect to your questions:
1. There has been very little tasting going on in .biz or .us. Any tasting
that has occurred did not start until last year. So no, I was not part of
anything related to this prior to when the issues were brought forward by
the ALAC in their draft issues report.
It is my belief that all known abuses to the AGP will be eliminated by the
proposal. Will tasting be eliminated? Tougher question, but the answer is
the same whether this motion is adopted or the AGP is eliminated. In other
words, eliminating the AGP will not sole any more problems in my view that
the current version. It will create additional problems with respect to
legitimate deletes.
Registrars have abused the AGP, however, the motion should cure the known
abuses.
And no, I do not believe personally that the response to the abuses has been
as quick as it should have been either from ICANN or by the Registrars.
That said, I believe NeuStar's implementation will solve the known issues
with the AGP.
Also, I believe you asked whether I believe registrars just made up reasons
for legitimately using the AGP to benefit from tasting or something like
that. The answer is no. Most of the reasons for keeping the AGP were
submitted by companies like GoDaddy and others that do not engage in tasting
or have ever abused the AGP.
Sorry if I missed some questions, but I hope I got most of them. If I did
not, feel free to ask again. (Although maybe we can start a new chain.this
one got long and hard to follow).
Jeffrey J. Neuman, Esq.
Sr. Director, Law, Advanced Services &
Business Development
NeuStar, Inc.
e-mail: Jeff.Neuman@xxxxxxxxxx
From: chris@xxxxxx [mailto:chris@xxxxxx]
Sent: Wednesday, April 02, 2008 12:50 PM
To: Neuman, Jeff; Jeffrey A. Williams; Elisabeth Porteneuve
Cc: ga@xxxxxxxxxxxxxx
Subject: Re: [ga] Tasting and other errant or illegal registration activity,
was: Re: [ga] List Rules
Here is a letter written to ICANN in 2004 from Bob Parsons.
http://www.godaddy.com/gdshop/pdf/100804_letter_iyd.pdf
This is from april of 2006
"35 million names registered in April. 32 million were part of a kiting
scheme. A serious problem gets worse.
In a nutshell, here's how domain kiting works.
Domain kiting registrars put up mini-Web sites - loaded with search engine
links - for domains names for which they never pay. When people land on
these Web sites and click on the links, money is made. It's easy to spot one
of these registrars as the number of total registrations they make often far
exceed the number of permanent registrations - or names for which they
actually pay. This is why during the month of April 2006, out of 35 million
registrations, only a little more than 2 million were permanent or actually
purchased. The vast majority of the rest were part of the domain kiting
scheme.
Now let's drill down a little further into domain kiting 101.
A registrar who participates in this scheme - Go Daddy and its affiliates do
not participate in this scheme - makes a large deposit - sometimes a huge
deposit - at a registry. Then the registrar registers as many domain names
as the deposit will allow. For example, if the registrar makes a $600,000
deposit at VeriSign Registry, they could register 100,000 .COM domain names
as .COM names cost $6.00 per year."
Now if registrars are engaged in domain kiting how do you assume that
registrars and registries opinion of how to solve this issue should carry
more weight than any user on this list or any user on the web for that
matter. Since it is the very industry doing the domain kiting, why should
recommendations from that industry be taken seriously regarding this issue?
It's not like it just now happened and your industry is taking progressive
steps to police it. It was going on since before 2004. So where were the
other registries and registrars, excluding Bob Parsons, who did speak out,
when it was going on then? Where was your outrage at a few rogue registrars
abusing the AGP? It was ignored because there was no public outrage. Now
that there is, the registries and registrars step up and tell us that they
will take the lead to solve this problem and that we should all just trust
you. As you said our mistrust of the registries and registrars and ICANN is
no reason to suggest the elimination of the AGP.
Had all of the "legitimate" registries and registrars stepped up to solve
this issue in 2004, maybe it would be different. Maybe you could raise the
issue that you should be trusted to come up with a solution. But that did
not happen did it? And as far as trusting ICANN to solve the domain kiting
and tasting issue, why are we just now addressing this? Where were they
then? Where have they been on every single issue? On the side of big
business and registrars and registries and never on the side of users.
The abuse of the AGP has hurt small business owners and users by creating a
false shortage of domain names. The registries and registrars and ICANN
allowed it to happen. Now we should just trust them to fix it? Why? What
evidence or prior good acts can you point to that suggests that this
industry or ICANN deserves that trust?
More from Bob Parsons;
Domain kiting registrars abuse the 5 day refund period to work their scheme.
After a domain name is registered, a registrar has five days to cancel a
domain name registration - i.e. drop the name - and get their money back.
Domain kiting registrars abuse this rule and cancel the lion's share of the
names they register just before the five day period expires - so they get
their money back. But then something unexpected happens. After names are
cancelled or dropped, the domain kiting registrar goes out and immediately
registers the same names again. The domain kiting registrar will then put
the same simple Web site back up for each domain name, wait another five
days and then cancel all the names again - just in time to get a full
refund. And for most names caught up in the domain kiting scheme, this
process will repeat itself over and over and over.
Meet DirectNIC.
You might find the registration statistics of DirectNIC somewhat
interesting. DirectNIC registered more than 8.4 million domain names in
April 2006, but only permanently registered - or paid for - 51.4 thousand of
those. The trend was the same in March, when DirectNIC registered 7.6
million names and only permanently registered - or paid for - 52.5 thousand.
Whatever could DirectNIC be doing? Why are they dropping and re-registering
all those names - again - and again - and again? And why doesn't ICANN care?
But wait, there's more - many more.
And the list of registrars, that register many more domain names than they
actually purchase, goes on and on.
ICANN fiddles while the Domain system burns.
I will point out that at this time, unlike check kiting - there is nothing
illegal about domain kiting. Of course, domain kiting should be illegal.
ICANN is perfectly happy with the practice. In spite of many complaints they
have done nothing to put an end to it.
ICANN's favorite comment.
Since my last blog article a number of people have contacted ICANN and quite
predictably, but sadly, ICANN has had no comment.
Domain kiting is out of control and must be stopped.
This domain kiting practice needs to be stopped. It benefits only those few
organizations that are pillaging the domain name system. It takes millions
of good names off the system, and makes them unavailable for the purposes
for which those names were originally intended. It places an unnecessary
burden on every registry.
You said that "There are a lot of conclusory statements made in the e-mails
calling for the abolishment of the AGP. Yet, there is little evidence behind
those conclusions."
When has there not been evidence? None of the above statements by Bob
Parsons refers to evidence of registrars engaging in domain kiting?
You also said, "evidence was presented by the Registrars on how the AGP was
used for legitimate purposes."
And you do not expect them to come up with reasons to keep the AGP when some
of them benefit from it in non-legitmate ways?
You say "Neither the registries nor the registrars will support the
abolishment of the AGP because of these legitimate purposes."
Are you sure that is the reason? Do you ask us to believe that only
"legitimate reasons motivate the registrars to keep the AGP? None of them
want to keep it for other reasons? Where does Bob Parsons stand on the
issue?
Then you say "The fact that your gut tells you there could in theory be
issues or that you general distrust registries, registrars and ICANN is NOT
a basis to call for the abolishment of the AGP, where legitimate uses have
been demonstrated."
Questions
Where has this trust been earned in regards to the issue of domain tasting
and domain kiting?
Did you write the proposal you speak of in 2004 or just recently since this
has gotten more public attention?
Do you think domain kiting and domain tasting is a theory?
Do you think that it is only a theory that registrars have engaged in this
practice?
Do you believe ICANN has addressed these issues in a timely fashion?
Do you think the registrars and registries have acted to police their own
industry in regards to these issues in a timely fashion?
I'm really curious as to your answers to those questions. It may be a matter
of perception. If you perceive that ICANN and the registrars and registries
have acted in a timely fashion then your idea of timely is much different
than it is for many of us. Had those actions in your proposal been suggested
when this was first brought to everyone's attention, then they woiuld
definitely have been taken more seriously and more drastic action might not
have been called for.
Chris McElroy
----- Original Message -----
From: "Neuman, Jeff" <Jeff.Neuman@xxxxxxxxxx>
To: "Jeffrey A. Williams" <jwkckid1@xxxxxxxxxxxxx>; "Elisabeth Porteneuve"
<elisabeth.porteneuve@xxxxxxxxxxxx>
Cc: <ga@xxxxxxxxxxxxxx>
Sent: Wednesday, April 02, 2008 11:29 AM
Subject: RE: [ga] Tasting and other errant or illegal registration activity,
was: Re: [ga] List Rules
I feel an obligation to respond, since my comments are quoted here.
There are a lot of conclusory statements made in the e-mails calling for
the abolishment of the AGP. Yet, there is little evidence behind those
conclusions.
I will be the first to state the process followed in getting this motion
together has been less than stellar....IN short, there were lots of
flaws. I have pointed this out on a number of occasions. That said,
evidence was presented by the Registrars on how the AGP was used for
legitimate purposes. As a registry, I have personally seen how the AGP
has been used in cases where a reseller or registrant has attempted to
defraud a registrar. Just because you may not have personally
benefitted from the AGP, does not mean that other registrants have not.
Neither the registries nor the registrars will support the abolishment
of the AGP because of these legitimate purposes. Let me also state for
the record, there is no financial or other benefits NeuStar will receive
by keeping an AGP. In fact, one might argue that eliminating the AGP
will result in NeuStar getting more money because no refunds will ever
be issued. However, we do see the benefits of the AGP if used properly
and therefore, despite the possibility of making more money, we do
support keeping a limited AGP (as you saw in our proposal).
What I have not seen from anyone in support of eliminating the AGP is
evidence as to (i) why the proposed motion will not solve the abuses of
the AGP, and (ii) more importantly, if the solution does solve these
abuses of the AGP, as NeuStar believes, why is eliminating the AGP
necessary. The fact that your gut tells you there could in theory be
issues or that you general distrust registries, registrars and ICANN is
NOT a basis to call for the abolishment of the AGP, where legitimate
uses have been demonstrated.
If you believe I am wrong, please provide EVIDENCE....not gut feelings,
disbelief, conjectures, distrust and conspiracy theories. I really do
want to see this evidence.
Like Roberto said earlier (or something like this), why do you need a
bazooka to kill a mosquito.
Jeffrey J. Neuman, Esq.
Sr. Director, Law, Advanced Services &
Business Development
NeuStar, Inc.
e-mail: Jeff.Neuman@xxxxxxxxxx
-----Original Message-----
From: owner-ga@xxxxxxxxxxxxxx [mailto:owner-ga@xxxxxxxxxxxxxx] On Behalf
Of Jeffrey A. Williams
Sent: Wednesday, April 02, 2008 10:37 AM
To: Elisabeth Porteneuve
Cc: ga@xxxxxxxxxxxxxx; dstansell@xxxxxxxxxxxxxxx;
aheineman@xxxxxxxxxxxx; greg.abbott@xxxxxxxxxxxxxxx;
board-review-tor@xxxxxxxxx; jeffrey@xxxxxxxxx; twomey@xxxxxxxxx;
public.information@xxxxxxxxxxxxxxx
Subject: [ga] Tasting and other errant or illegal registration activity,
was: Re: [ga] List Rules
Elisabeth and all,
Thank you for your thoughtful and somewhat detailed
response. Very much welcomed by me anyway, and I hope
by others of the GA members. Perhaps you would be
so kind as to forward this, your response to the ALAC as
well. I am sure it would be of interest to some on
that forum as well. I shall be sure to forward mine
in response! >:)
The remainder of my remarks, thoughts, concerns in
response will be interspersed below elisabeths and
are intended to be very general and applied to the
GA members as a whole or other perhaps interested
parties and addressed to/cc.
-----Original Message-----
From: Elisabeth Porteneuve <elisabeth.porteneuve@xxxxxxxxxxxx>
Sent: Apr 1, 2008 6:45 AM
To: Roberto Gaetano <roberto@xxxxxxxxx>, 'Danny Younger'
<dannyyounger@xxxxxxxxx>, 'Hugh Dierker' <hdierker2204@xxxxxxxxx>,
debbie@xxxxxxxxxxxxxxxxxx, ga@xxxxxxxxxxxxxx
Cc: Elisabeth Porteneuve <elisabeth.porteneuve@xxxxxxxxxxxx>
Subject: Re: [ga] List Rules
I went through PPT presentations attached to the quoted message (via
Danny)
http://gnso.icann.org/mailing-lists/archives/registrars/msg05626.html,
re-read Jeff Neuman's quotes from New Delhi (via Dominik)
http://gnso.icann.org/mailing-lists/archives/ga-200709/msg01071.html ,
Ross
Rader's note
http://gnso.icann.org/mailing-lists/archives/ga-200709/msg01300.html ,
but
also browsed contractual reports ICANN receives from registries at
http://www.icann.org/tlds/monthly-reports/ , especially com-net ones.
I did a quick review of this report and found it very interesting.
I would like to ask if it could be acceuented on the GNSO web
site more promonantly for others whom have recently ask, to review.
At the end of my reading, I think I understand better.
First of all, I understand the AGP serves the large spectra of non
written
purposes, for the benefit of registrars and their resellers. My blunt
perception from PPTs is that a number of registrars run insecure
software,
and let their uneducated resellers to do as much mess as possible - all
that
is on the dark side of the moon, because outside of ICANN's contracts,
AGP
is a kind of insurance to fix unspoken disasters.
Your first sentance here really get's to the central aspect of the
AGP's existance and or need/lack there of. Non written purposes
for the existance of the AGP has a "Gaming" aspect that seems to
be central to the problem of Tasting, warehousing, kiting, and
other related errant registration activity. As such, the only
method or means by which those aspects of the AGP can be addressed
is to either document what does and does not constitute the AGP's use
for those now unwritten benifits to registrants, or the elimination
of the AGP, which I Chris, and Dominik proposals/motions outline
and call for, becomes necessary. Chris and myself have doubts as
to wheather of not such specifics in modification of the AGP to
provide for the desired flexability or the now non written benifits
can be adaquately accomplished, and I personally am of the opinion
the policing of same would be a huge burden of responsibility on
the ICANN staff that is obviously desired to be eliminated. Some
of those oversite functions I know can be automated programatically
in the registration software, but given that less than secure
registration software in used a additional security level requirement
would than also become necessary. I have frequently suggested such
be done long ago, but was sarimoniously ignored. Now that chicken
has come home to roost!
Secondly, VeriSign's reports clearly indicate that some registrars -
very
few - delete N (big N) times more domains than add or renew, and that
is a
permanent situation. VeriSign's benefit is that their servers'
performances
are permanently benched and able to withstand a lot.
Yes but Verisign in not necessarly respectively comparative to
other registries as far as server performance ability is concerned,
and does not apply to registrars at all.
Third, I do not see much AGP benefit to registrants, they do not have
EPP
access to anything, and IMHO cannot make many mistakes (typo happens,
of
course).
I fully agree. What is and has for years now been necessary is
that registrants have EPP access to their own registered domain name
records at both the registrar level and registry level so as to
keep them accurate and up to date. Both registries and registrars
have been particularly resistant to providing for this function,
and as such errors in both registry/registrar data for any particular
Domain name information remain, AND Whois listing data. This poses at
least one, and I would be glad to argue at any time in any setting,
several other significant legal and criminal activity directly related
to this lack of ability and oversite of domain name registration
data. As such, ICANN by way of the RAA contracts is liable to a
limited degree in complicity of such illegal activity accordingly.
However anyone of reasonable sensibilities can understand a
typo error, but as Chris has pointed out those should not occur
after the second opt-out has been sent to the registrant and
recieved accordingly.
Eventually I concur with proposed GNSO (Council?) motion - 50 deletes
or
10% - to discriminate between occasional mistakes or incompetence of
the
dark side and permanent tasting by some registrars.
Plain and simple, registrars that have shown a short history
of Tasting or other errent and possibly illegal activity should
immediately have their ICANN accreditation revoked and their
Domain Name taken down.
Last, I think ICANN's should compile tendencies of monthly reports to
show
to the Board any new piggyback services happening in registrations.
I fully agree. Additionally if such activity is recognized, the
offender should be immediately notified and given no longer than
10 calender days to correct the problem or face whatever legal
consequences that may and should insue.
My final and personal concerns regarding Tasting and registration
of Domain Names:
As I have repeatedly stated for a number of years, along with
Dr. Joe Baptista, my single biggest concern regarding the Domain
name registration is similar to the assingment of IP addresses,
that being that many, too many Domain Names that are registered
are used for illegal activities, such as spam, phishing, and
more importantly Child Ponrnography solicitiation or direct
Child Ponography activity. This must be STOPPED and ICANN
can and has the direct ability to STOP it if it so chooses.
Currently it does not choose to do so, or is unable to do
so due to lack of staff and technical ability. Those are
not reasonable excuses IMHO! Yet the user, just like myself,
cannot by themselves stop this errant or illegal activity.
But we can, and I persoanally do, just like Dr. Joe, Chris,
and Dominik have, object strongly to this lack of responsibility
by ICANN!
As a matter of practicality and legal liability, passing
along to LEA's, court systems in any and all countries,
judicial systems of same due to a lack of responsibility
by the ICANN Bod and legal staff is an unecessary burden
upon those LEA's, judicial systems, court systems and an
affront to the public that I am sure they do not appriciate
at all. Nor do I! >:(
My 2 euro-cents
Elisabeth Porteneuve
----- Original Message -----
From: "Roberto Gaetano" <roberto@xxxxxxxxx>
To: "'Danny Younger'" <dannyyounger@xxxxxxxxx>; "'Hugh Dierker'"
<hdierker2204@xxxxxxxxx>; <debbie@xxxxxxxxxxxxxxxxxx>;
<ga@xxxxxxxxxxxxxx>
Sent: Monday, March 31, 2008 11:04 PM
Subject: RE: [ga] List Rules
Thanks, Danny, that could be really helpful in trying to sort this
issue
out. At least for me.
RG
-----Original Message-----
From: owner-ga@xxxxxxxxxxxxxx
[mailto:owner-ga@xxxxxxxxxxxxxx] On Behalf Of Danny Younger
Sent: Monday, 31 March 2008 21:49
To: Hugh Dierker; debbie@xxxxxxxxxxxxxxxxxx; ga@xxxxxxxxxxxxxx
Subject: Re: [ga] List Rules
Hello Eric,
As much as I like motions, we would in a better position if
we could draft an issues paper laying out the pros and cons
of the AGP. I note that the registrars have already created
a powerpoint on the benefits of the AGP -- you can view it by
clicking on the attachment at this url:
http://gnso.icann.org/mailing-lists/archives/registrars/msg05626.html
By this way, this powerpoint was quite convincing (at least
to Board director Steven Goldstein that referenced this
presentation at the Washington JPA session), so our
counterpoint arguments must necessarily be of equal or
greater caliber if we are to convince both the GNSO and the
Board over the objections of the registrars.
regards,
Danny
--- Hugh Dierker <hdierker2204@xxxxxxxxx> wrote:
> The list has run along very smoothly for several months. The main
> reason is voluntary compliance with the rules. Once this concept
> breaks down so does the list. We are not talking about
individual one
> time lapses. For constant repeat violations we must stand
strong and
> enforce the rules.
>
> We are at a point for the first time in months, that the list is
> coalescing into the form of producing a statement/motion. The AGP
> issue seems to have come to a head and more formal resolution
> procedures may be appropriate. I believe it is at a motion
stage with
> 4 seconds. If the desire is to move forward in a constructive
> effective matter, we should hear that from the members.
>
> Eric
Regards,
Spokesman for INEGroup LLA. - (Over 277k members/stakeholders strong!)
"Obedience of the law is the greatest freedom" -
Abraham Lincoln
"Credit should go with the performance of duty and not with what is
very often the accident of glory" - Theodore Roosevelt
"If the probability be called P; the injury, L; and the burden, B;
liability depends upon whether B is less than L multiplied by
P: i.e., whether B is less than PL."
United States v. Carroll Towing (159 F.2d 169 [2d Cir. 1947]
===============================================================
Updated 1/26/04
CSO/DIR. Internet Network Eng. SR. Eng. Network data security IDNS.
div. of Information Network Eng. INEG. INC.
ABA member in good standing member ID 01257402 E-Mail
jwkckid1@xxxxxxxxxxxxx
My Phone: 214-244-4827
<<<
Chronological Index
>>> <<<
Thread Index
>>>
|