Re: [gnso-ff-pdp-may08] Domain takedown through 100% automation - kicking the hornet's nest of controversy

[Joe St Sauver <joe@xxxxxxxxxxxxxxxxxx>]

Marc mentioned:

#I'm not saying the humans be excluded. What I'm saying is that under 
#some circumstances that the registrar can choose to use automation if 
#they want to and use it in cases where that are 100% sure.

Ack.

#Aren't new domains usually used for abuse?

Depends on whether bogus credit cards are involved in some cases. :-)

#But - here's what I'm really saying. Generally a fast flux domain that 
#is driven by a spam campaign has certain identifiable characteristics 
#that only spammers do. It is likely that most of these fraud campaigns 
#can be identified through automation. 

Concur.

#What I'm suggesting is that in the 
#cases where automation is in the 100% accurate range and the domain if 
#very new (hence the damage from a rare false positive is very low) that 
#registrars be ALLOWED to use automation if they CHOOSE to do so. I'm not 
#suggesting that anyone be REQUIRED to use automation.

Practically speaking, I'm not sure there's a lot of functional advantage
to trying to force someone to do something there "heart's not in" --
any required action that isn't embraced by the party that's compelled
to do it simply gets token compliance. ("Yes, I reviewed it." <STAMP>
"Next.")

#I also suggest that registrars share common tools and technologies so 
#that registrars don't have to individually figure out what works. The 
#idea here is to make life easy for registrars.

I think cooperation in dealing with common issues and concerns is a 
great idea.

Regards,

Joe