<<<
Chronological Index
>>> <<<
Thread Index
>>>
Re: [nc-impwhois] Melbourne IT WHOIS implementation comments
fyi...
take a look at the whois for microsoft.com
your example is not too far from reality
1. incorrect address
2. no contact name for snail mail l
if an email went unanswered a very embarassing situation could be created
here if the 15 day guideline was strictly adhered to...
----- Original Message -----
From: "Tim Ruiz" <tim@godaddy.com>
To: <Bruce.Tonkin@melbourneit.com.au>
Cc: <nc-impwhois@dnso.org>
Sent: Thursday, January 16, 2003 7:35 AM
Subject: Re: [nc-impwhois] Melbourne IT WHOIS implementation comments
> Bruce,
>
> ACCURACY
> I agree with your suggestions regarding 1 and 2. And excellent suggestion
> regarding 3.
>
> I would also suggest that further definition of a valid "complaint about
> WHOIS accuracy" is needed. I'm concerned about frivolous submission of
> complaints that could quickly overwhelm a registrar's current resources to
> deal with them in a timely manner. Some complaints we receive are simply
> based on the fact that the complainant received no response to their
> attempts to email someone.
>
> For example, someone could submit a complaint about the accuracy of the
> WHOIS data of Microsoft.com. If the sponsoring registrar's employees
> dealing with these complaints use the email method, then if someone at
> Microsoft does not respond within 15 days the domain could potentially be
> put on hold. I cringe at the thought of the potential litigation that
would
> ensue as a result.
>
> That is an extreme example, but very possible. Large organizations with
> floods of communication to deal with on a daily basis may not be
> immediately responsive to emails or postal communications. Large
registrars
> who face floods of WHOIS accuracy complaints will certainly handle it
> through a production line like process and may not always catch
potentially
> high profile complaints.
>
> I suggest that any complaint about WHOIS accuracy be accompanied by
> documentary proof of the inaccuracy, such as from one of the accredited
> authentication agencies. If a complaint is received without documentary
> proof, then the process in 3 would be optional.
>
> Tim
>
> -------- Original Message --------
> Subject: [nc-impwhois] Melbourne IT WHOIS implementation comments
> From: "Bruce Tonkin" <Bruce.Tonkin@melbourneit.com.au>
> Date: Thu, January 16, 2003 1:15 am
> To: <nc-impwhois@dnso.org>
>
> Hello All,
>
> Here are some Melbourne IT comments on implementation of the WHOIS
> recommendations.
>
> ACCURACY
>
> (1) Transfers Task Force Recommendation (WHOIS update at renewal)
> "Registrars must require Registrants to review and validate all WHOIS
> data upon renewal of a registration. (effectively an extension of RAA
> clause 3.7.7.1 above) The specifics of required validation remain to
> be determined by this Task Force or another appropriate body."
>
> This is implementable IF:
> - the registrar presents the WHOIS data to the registrant at time of
> renewal (via website, fax, or postal message) = REVIEW - the
> registrant is required to confirm that the data is still current, or
> update the information, and warrant that the information is still
> correct = VALIDATE
>
> It is not feasible for the Registrar to validate the data (e.g make
> phone calls to registrant, ring post office to confirm address exists
> etc). A registrar may optionally use various heuristic techniques to
> do some data validation (e.g check that a USA city existing within a
> particular USA state) - but such techniques are not applicable
> uniformly across the globe. In general it is in the registrars best
> interests to get accurate data as it increases the chance of a
> successful renewal - so there are commercial incentives here for
> clever registrars.
>
> I suggest rewording to:
> "Upon renewal of a domain name, a registrar must present to the
> Registrant the current WHOIS information, and remind the registrant
> that provision of false WHOIS information can be grounds for
> cancellation of their domain name registration. Registrants must
> review their WHOIS data, make any corrections, and warrant that the
> data is correct to the Registrar."
>
>
> (2) Transfers Task Force recommendation (Redemption Grace Period
> issue) "When registrations are deleted on the basis of submission of
> false contact data or non-response to registrar inquiries, the
> redemption grace period -- once implemented -- should be applied.
> However, the redeemed domain name should not be included in the zone
> file until accurate and verified contact information is available. The
> details of this procedure are under investigation in the Names
> Council's deletes task force."
>
> The principle is OK.
> The wording of "accurate and verified" needs to be updated in the
> context of the recommendation that relates to correction of data
> following a complaint. See below:
>
>
> (3) Transfers Task Force recommendation (Data correction following a
> complaint) "When registrars send inquiries to registrants regarding
> the accuracy of data under clause 3.7.8 of the RRA, they should
> require not only that registrants respond to inquiries within 15 days
> but that the response be accompanied by documentary proof of the
> accuracy of the "corrected" data submitted, and that a response
> lacking such documentation may be treated as a failure to respond."
>
> This recommendation is not implementable in its current form.
>
> Implementation of this will depend on the business model of the
> individual registrar and the level of service/price paid for the
> domain name. For example a registrar that charges $6 for a domain
> name, would likely only send an email message to the registrant to
> update the information. A registrar that charges $1000 for a domain
> name to a large corporate client would likely use every means possible
> to contact the registrant (phone call, send letter, send a staff
> member to visit in person etc).
>
> The 15 day period also relates to the implementation. It should be
> extended to 30 days if the registrar chooses to use postal mail to
> communicate with the registrant.
>
> In terms of requiring documentary proof - other than just storing the
> documentary proof - registrars are not authentication agencies (they
> collect information and store it in a registry) - they do not have
> skilled staff capable of detecting whether a document is real or a
> forgery, nor could they be expected to have staff with knowledge of
> all types of documents across all countries.
>
> The recommendation needs to identify a cost effective minimum
> implementation.
>
> There are two components:
> - contact of the registrant
> - correction of information
>
> Contacting the registrant is a common problem for registrars at the
> time of renewal, and various methods are used. Most registrars use a
> final step of placing the name in REGISTRAR HOLD status (the name is
> locked and removed from the zonefile).
>
> I will suggest the minimum implementation:
>
> IN RESPONSE TO A COMPLAINT ABOUT WHOIS DATA
>
> First phase:
> CONTACT phase
> - registrar sends an email to all contact points available in the
> WHOIS (e.g registrant, admin, technical and billing) to request the
> information be corrected - if no response is received after 15 days
> the name should be placed in REGISTRAR-HOLD status (or equivalent) -
> the registrar can continue to try to contact the registrant using
> various other means, but normally the registrant of an active name
> will contact the registrar themselves - the name would remain in
> REGISTRAR-HOLD status until the contact information is updated, or the
> name is deleted from the registry for lack of renewal - this protects
> the registrant from any attempts at domain name hijacking, and also
> protects the community from any unsatisfactory practices resulting
> from the use of the domainname for a website or email
>
> CORRECTION phase
> - registrar must present to the Registrant the current WHOIS
> information, and remind the registrant that provision of false WHOIS
> information can be grounds for cancellation of their domain name
> registration. Registrants must review their WHOIS data, make any
> corrections, and warrant that the data is correct to the Registrar. -
> if within 60 days of updating the information, an independent
> authenticating party provides confirmation (a list of accredited
> authenticating parties to be defined, and a mechanism for them to
> securely communicate with registrars electronically) that the contact
> information is still incorrect - then the name will be placed on
> REGISTRAR-HOLD (or equivalent) until that authenticating party
> certifies that the information is correct. The cost of the
> authenticating party would be borne by the complainant. This clearly
> separates the registrar role of data collection and not
> authentication. - ICANN will need to accredit authentication parties
> in the same way that UDRP providers are accredited. - The data
> accuracy complainant will need to pay the costs of the authenticating
> party verifying that the contact information is incorrect. - The
> Registrant will need to pay the costs of an authenticating party to
> verify the corrected information. Could be a different authenticating
> party to the one used by the data accuracy complainant. - a Registrar
> will be entitled to charge for the costs of updating WHOIS information
> via an accredited authentication agency (as their is likely to be
> manual processes involved).
>
>
> Thus I suggest the following rewording of this recommendation:
>
> "(a) Upon receiving a complaint about WHOIS accuracy, a registrar must
> at a minimum send an email to all contact points available in the
> WHOIS (including registrant, admin, technical and billing) requesting
> the WHOIS contact information be updated. If no response is received
> after 15 days a Registrar must place a name in REGISTRAR-HOLD (or
> equivalent) status, until the registrant has updated the WHOIS
> information. If a registrar uses postal means to communicate with
> the registrant, then the 15 days is extended to 30 days before the
> name is placed in REGISTRAR-HOLD status.
>
> (b) Once contact is established, the registrar must present to the
> Registrant the current WHOIS information, and remind the registrant
> that provision of false WHOIS information can be grounds for
> cancellation of their domain name registration. Registrants must
> review their WHOIS data, make any corrections, and warrant that the
> data is correct to the Registrar.
>
> (c) If within 60 days of the contact information being updated, an
> accredited authentication agency informs the Registrar that the data
> is incorrect, then the name will be placed in REGISTRAR-HOLD status
> until the registrant provides contact information that has been
> verified by an accredited authentication agency.
>
>
> BULK ACCESS
> Melbourne IT supports the recommendation. Some further clarification
> of the definition of "marketing activities" would be useful.
>
> Regards,
> Bruce Tonkin
>
>
>
>
>
<<<
Chronological Index
>>> <<<
Thread Index
>>>
|