Re: [gnso-ff-pdp-may08] Abuse in general

["George Kirikos" <fastflux@xxxxxxxx>]

Hello,

On Fri, Aug 8, 2008 at 12:06 AM, Marc Perkel <marc@xxxxxxxxxx> wrote:
> I'm assuming that we are working to stop only fraud and phishing. I think we
> all agree that impersonating banks to steal money is bad?

Sure. Where it gets trickier, though is where say someone hijacks a
single page on an otherwise "good" domain (e.g. on a small business's
site that ranks #500,000 in Alexa, and says gets 200 visitors/day
after 3 years in business), maybe a blog script was vulnerable or
something. Some might find that reason enough to shut down the entire
domain immediately, on an automated basis at the registry level,
without contacting the webhost/registrar to contain collateral damage.
Safeguards like domain age would protect the registrant. Suppose that
small business is a law firm, and taking down their domain affected
the email of 50 lawyers (with missed court deadlines). Or, it's the
site of an accounting firm, and because their email goes down with
their domain, your taxes get filed late, etc.

If you've read the text of the overly broad new .INFO Abusive Use Policy:

http://www.icann.org/en/registries/rsep/afilias-abusive-domain-policy-request-rev-31jul08.pdf

you'll know what I mean. (it doesn't have the codified safeguards that
we've been talking about, but leaves it to "discretion" which can be
abused).

Sincerely,

George Kirikos
www.LEAP.com