Re: [Bulk] Re: [gnso-ff-pdp-may08] Solutions - Trusted abuse reporting

[Marc Perkel <marc@xxxxxxxxxx>]

I think I should talk about the idea of "Trusted Abuse Reporting" and 
the concerns that Wendy has.
The idea is that people who are processing lots of email like myself and 
google, yahoo, hotmail, etc, have a mission to block fraud while also 
making sure good email gets through. We are professionals at this and we 
have a lot of data that is useful to registrars.
The idea is that we can use automated abuse reporting through closed 
channels to get the information to the registrar who would be able to do 
something about it. This benefits everyone in that abusers can be 
quickly taken offline.
Why a closed system? It's to reduce the background noise and to prevent 
criminals from attacking the reporting system. If these were open email 
addresses then the spammers would spam them and consumers would email 
them and the registrars would have more "noise" to sort through. So 
limiting this to professionals is for the efficiency of the process.
Wendy is concerned about transparency and the possibility of law 
enforcement or oppressive governments using the system to oppress free 
speech, or innocent people affected by false positives. These are all 
concerns that have to be factored in. My idea is that law enforcement 
and government would not be part of the system. This is more for mail 
processing providers. People with lots of information.
And that the registrars receiving this information are not going to shut 
down a domain due to a single false positive. The idea is that if a 
domain is using fast flux for fraud then hundreds of filtering 
operations are going to be sending thousands of complaints throuh the 
system. So if tucows, for example, sees thousands of complaints coming 
in about a domain it will get their attention. Then when they look at 
the forwarded spam that generated the complaint and they see it is 
clearly phishing they can safely shut it down.
It is my assumption that the Registrar will be responsible and not shut 
someone down unless they are sure based on the nature and number of 
complaints submitted through the system. And we complainers would not be 
able to take anyone down, We are merely providing registrars information 
in a format that helps them make more accurate decisions.
The assumption is that providing registrars with good information from 
trusted sources where there is no external noise would not impact the 
issues that Wendy is concerned about. Membership would just be a process 
of convincing the group that you have good data to share and you are 
capable of providing good data to the process. Providers who didn't 
provide good data would be dropped from the group.
As to liability issues, the registrars would have the complaints that 
were generated that led to a take down decision so I would assume these 
would be discoverable should a lawsuit be filed. But in general I think 
this system would reduce false positives, reduce the workload on the 
registrars, and stop abuse faster and more accurately.