<<<
Chronological Index
>>> <<<
Thread Index
>>>
RE: [registrars] Some observations
Donny
and Tim - for purposes of the Montreal workshop (and possibly later for the GNSO
Council task force), your research would be really instructive. So, I'm
wondering if you can send anything written about the test domain that
Intercosmos did, and the legal articles that Tim came
across.
Also,
Tim, do you have suggestions for short-mid term solutions for port43
limiting? Proxy domains are only a short term solution or provide a good
service for a section of the market. I've outlined a tiered access
approach. Anything else would be helpful.
No
matter who presents in Montreal, if we all gather our data, it will provide a
more comprehensive picture of what registrars face.
Thanks, Elana
Tim,
I completely agree
with you that port 43 whois access is one of the main reasons the spam problem
is as bad as it is today. For example about 6 months ago, I setup a test
domain with a specific email address that was never used anywhere else.
I have tracked every email that I have received and I have received 239 emails
in those 6 months. I have received emails from all types of services
including one domain name registrar. So in my opinion public access to port 43
should go away! It’s become one of the largest public sources of spam
without us even realizing it.
The bulk whois access
was always a waste IMHO. $10,000 for a few hundred thousand
contacts. Could you imagine Microsoft selling a list of all of their
customers for $10,000. There would be a senate hearing about it or
something similar.
Donny
From:
owner-registrars@dnso.org [mailto:owner-registrars@dnso.org] On Behalf Of Tim Ruiz Sent: Wednesday, June 11, 2003 7:19
AM To:
Registrars@dnso.org
Web Based Whois Services - Public
Access We provide a web based whois, as required by our RAA. We have
decided to make it near live, although that is not required. The reason is
that our customers have indicated a need for it. For example, if they are
applying for a digital certificate and need to make changes that are
immediately visible to the certificate authority, they can make those changes
and refer the authority to our web whois, where those changes are visible
almost immediately. If a registrar should choose to make their
web whois more flexible, search by last name, geographic location, etc. they
could certainly do so, and even charge for that (like WhoBIZ for example) if
they like. There is nothing preventing that. It would be simpler to do with a
web interface than it would be with port 43. Web based Whois
services can also be made relatively secure from scripting/data
mining. This is all the general public really needs to meet
Mike's concern about verifying the actual registrant, admin, etc. of a domain
name. There is also the potential to make it as flexible as desired without
any new technology, and could provide an opportunity for registrars to recover
some of the cost of providing this access. Bulk Whois -
Appearances Only I don't agree with Mike that this is simply a matter of
enforcement right now. I do agree with Ross' response on that topic.
Also, it has already been made clear that the major registrars have a
huge number of opt-outs and any bulk Whois they would provide might be half
the data at best. In addition, proxy services are going to
continue to grow. Domains By Proxy is offered by Go Daddy and Wild West
Domains, ProtectFly is offered by Registerfly (a large eNom reseller), and I
don't think that will be the end of it. So the half of the data that a bulk
whois licensee does receive is likely to have a significant number of proxied
domains. Bottom line, bulk whois is not going to get anyone what
they really think they need from it. IF the bulk whois
requirement continues to exist then: 1) It should be available
only to appropriate parties (Law Enforcement, Registrars, verifiable IP
interests, certificate authorities, etc.) with appropriate non-disclosure
requirements based on their intended use of the data. 2) It
should not be used for marketing purposes of ANY kind. 3) It
should not be allowed to be incorporated into any value added products or
services that are directly accessible to anyone other than the
licensee. 4) Registrars should be allowed to charge an
appropriate fee based on number of records provided and perhaps even on
intended use. If someone is going to make money, even indirectly, on customers
we spent huge dollars to acquire, we should get something out of it. What's
your current CPA? And to expect a registrar with millions of records to
provide that data on a weekly basis for the same annual fee that a registrar
with a few thousand is ridiculous. The $10,000 annual fee ($192.31 a week)
should be just the baseline, and go up from there. 5) Registrars
should be allowed latitude in the models they develop to provide bulk
access. 6) Registrars should not be required to provide any whois
data, directly or indirectly, that they are not considered authoritative
for. Port 43 - A Data Miner's Dream Anyone who would argue
that port 43 is not a significant source for data mining must have a hidden
agenda. Any registrar who monitors their port 43 knows better. We can identify
most of the registrars who access our port 43. We know the level of transfers
that go to these registrars. After filtering out those queries, how do we
account for the other 80,000,000 or more queries we get? 1.
Improper data mining. I don't think I have heard any registrar claim that data
mining port 43 is THEE primary source of Spam. What we do know is that it IS a
significant source. And in the context of what we are dealing with here, that
problem should not be ignored. Why would we ignore it simply because it is not
the primary source of Spam. We have an opportunity to make a dent in reducing
Spam. Why wouldn't we want to do something about it? And spam
isn't the only mis-use of this data. It is also used to acquire bulk access
without paying the fee. At least two major law suits over the last few years
have been about just that. Sending unsolicited postal mail from improperly
acquired bulk data may not be considered Spam, but our customers didn't view
it as anything less when it happened to them. 2. Cross registrar
public Whois services. We don't mind allowing access for other Registrars who
provide a public service of this type. It provides a valuable service to our
industry and helps to facilitate portability. If a registrant can view their
current whois data before a transfer request it can help to alleviate problems
later when things don't match up. Most registrars who provide this type of
service also protect their service from potential scripting and data
mining. What we don't like is providing access to anyone who
decides to throw up a cross registrar whois service and then sells advertising
there, charges for the privilege, etc. When a third party makes a profit out
of accessing this data through an infrastructure we have to provide and
support, we would at least like our cut. Registrars should not be
expected to continue to provide all of these services on their own
nickel. Port 43 needs to change. I don't care what port it
becomes, or if we manage this one differently. I like the
capabilities that CRISP has to offer, and a lot of other suggestions I have
heard from this group on this subject. But I'm not as concerned with the
technical how-to as I am with the policy. It's the policy that HAS to change.
High speed automated access to this data needs to be
restricted. Question: There is no SLA portion to the port 43
requirement in our RAA. Has anyone given any thought to providing a minimum
level of service to meet the RAA requirement, and another one that is fee
based? I don't see anything preventing
that. Assumptions Registrars are going to be required to
continue providing some form of public ally accessible whois
service. There are parties who have a legitimate need to access
this data in more than a one-off fashion. Some of the suggestions
above will help to minimize improper access to this data. It does not really
address the issue of privacy. Should this data be public ally accessible
at all? That is another
debate. Tim
<<<
Chronological Index
>>> <<<
Thread Index
>>>
|