Re: What about unauthorized registrations? Re: [gnso-rap-dt] Updated document and wiki pages
i agree -- a great line of thinking. let's do this. but only on days when the weather is bad. :-) m On Jul 11, 2009, at 4:47 AM, martinsutton@xxxxxxxx wrote: Rod, Prevention rather than cure - that's a novelty :-) I like your thoughts on this Rod.It would be useful to get some metrics on this to illustrate the scale of the problem and how it affects Registries and Registrars. I fear that in isolation, these may not appear significant and are absorbed within costs of doing business, whereas combined data would show a more worrying picture.Make sure you get out in the sun more often... Kind regards, Martin Martin Sutton Manager, Group Fraud Risk and Intelligence Ph: ++44 (0)20 7991 8074 Mob: ++44 (0)777 4556680 Sent from my BlackBerry ********************************* HSBC Holdings plc Registered Office: 8 Canada Square, London E14 5HQ, United Kingdom Registered in England number 617987 ********************************* From: Rod Rasmussen [rod.rasmussen@xxxxxxxxxxxxxxxxxxxx] Sent: 10/07/2009 15:48 MST To: gnso-rap-dt@xxxxxxxxxSubject: What about unauthorized registrations? Re: [gnso-rap-dt] Updated document and wiki pagesSo perusing this list again, it struck me that we've done a great job capturing what potentially abusive things people are doing with domains they do register, but not how they're actually registering them, outside of perhaps front running and a kind of "side effect" abuse of false whois data. I could argue (but won't get drawn into that with this post) that the other two "registration" abuses we have listed are really post-registration abuse (mis)use (cybersquatting, inappropriate use of whois), as that's where the harm is really felt.The thing we're missing is the use of stolen/fraudulent credentials to obtain the registration in the first place! This is the enabling force behind all (other than really stupid) criminal abuse of the domain registration process. A criminal will use one of three methods to obtain a new domain name: a stolen credit card/bank/ payment account, a fake financial instrument (card, check, transfer), or unauthorized access to someone else's domain management account. If you kill this problem, most of the criminal uses of fraudulently registered domains (i.e. post registration abuse) disappear. There are certainly many methods out there to use to verify the authenticity of the domain applicant, screen fraudulent credentials, score transactions, and the like. That seems like a very fruitful area of pursuit to putting a real dent in all domain abuse issues to me.Soooo... am I just missing something here, or should we make this a major part of the work of this group - how to curtail the abuse of the domain registration system by people registering domains using stolen/unauthorized credentials? Seems to me that's certainly an abuse AT THE POINT OF REGISTRATION and it directly affects registrar and registry operations at that time, and will affect everyone else in the food chain eventually.Just food for thought on a beautiful Friday afternoon. Cheers! Rod On Jul 10, 2009, at 3:52 AM, Marika Konings wrote:Dear All,As discussed on our last call, I have updated the definitions document to add a category to capture the discussion on potential recommendations (see attached). I have also added this column to the relevant wiki pages. In addition, I have moved the comments and notes related to the abuse definition discussion to a separate wiki page (see https://st.icann.org/reg-abuse-wg/index.cgi?abuse_definition) , to focus the document on our current discussion.With best regards, MarikaSAVE PAPER - THINK BEFORE YOU PRINT! This E-mail is confidential. It may also be legally privileged. If you are not the addressee you may not copy, forward, disclose or use any part of it. If you have received this message in error, please delete it and all copies from your system and notify the sender immediately by return E-mail. Internet communications cannot be guaranteed to be timely secure, error or virus-free. The sender does not accept liability for any errors or omissions. - - - - - - - - - phone 651-647-6109 fax 866-280-2356 web www.haven2.comhandle OConnorStP (ID for public places like Twitter, Facebook, Google, etc.)
|