ICANN ICANN Email List Archives

[gnso-ff-pdp-may08]


<<< Chronological Index >>>    <<< Thread Index >>>

Re: [gnso-ff-pdp-may08] Information based solutions instead of policy based solutions

  • To: gnso-ff-pdp-may08@xxxxxxxxx
  • Subject: Re: [gnso-ff-pdp-may08] Information based solutions instead of policy based solutions
  • From: Marc Perkel <marc@xxxxxxxxxx>
  • Date: Sat, 12 Jul 2008 10:07:10 -0700




Diaz, Paul wrote:
Just to underscore Greg's point about cyber-criminals using fake contact
data: in our experience most FF names are registered with stolen credit
cards.  This definitely makes the registrant data unreliable.  Therefore
I also do not think #2 addresses the means by which FF is executed.



I'm not really thinking about a Whois based solution because whois isn't fast enough. And whois isn't supposed to be used that way. What I'm thinking is a DNS based information solution that returns this information. For example, if I do this command:

dig example.com.registrar.icann.info TXT

it might return "godaddy"

I then do:

dig example.com.age.godaddy.com TXT

And that would return 539 which is the number of days owned by the current owner.

In the spam filtering world we used DNS to making information available to the world about a wide variety of data - not just traditional name to IP data. For a real example run:

dig icann.org.hostkarma.junkemailfilter.com
dig icann.org.hostkarma.junkemailfilter.com TXT

You will see that it indicates that hosts ending in icann.org are white listed for spam filtering. So DNS (not whois) can provide outer information than just the SOA and nameserver records. This additional information would be useful to allow people like myself to distinguish between free speech and fraud and we can change our rules as fast as criminals change their tactics. We could also notify the registrars when we detect a problem so that they can take action.

For example - I get an email that appears to be impersonating a bank. So I fine a link in the message pointing me to a domain. I look up the domain and I see the domain is hosted with godaddy, is new, and is fluxing. That would allow me to determine that the message is bank fraud and it would allow me, using automation, to fork a copy of the message to abuse@xxxxxxxxxxx (for example) alerting them to the problem. This alert might even trigger godaddy to start rate limiting name server changes on that domain. If a lot of automated complaints came in about one domain from a variety of spam filtering vendors then someone would be able to take action on that.







<<< Chronological Index >>>    <<< Thread Index >>>