ICANN ICANN Email List Archives

[gnso-rap-dt]


<<< Chronological Index >>>    <<< Thread Index >>>

RE: [gnso-rap-dt] revised WHOIS note

  • To: "Roland Perry" <roland@xxxxxxxxxxxxxxxxxxxxxxxx>
  • Subject: RE: [gnso-rap-dt] revised WHOIS note
  • From: "James M. Bladel" <jbladel@xxxxxxxxxxx>
  • Date: Tue, 21 Jul 2009 15:16:52 -0700

But does this not present the paradox of a criminal entering fraudulent
WHOIS data, and then purchasing (or stealing) Proxy Services to obscure
that fraudulent data?

Or, does this scenario presume that a (not very bright) criminal will
operate a fraudulent website, but enter their -valid- contact
information behind a Proxy service?  This is analogous to someone
burglarizing an darkened home, but leaving their wallet behind.

My point in all of this is simply that I am not aware of any
quantifiable data that establishes a clear and conclusive link
implicating proxy / privacy services and criminal behaviors.  In fact,
the recent SSAC report seems to indicate that these services provide
some security benefits for registrants versus hijacking / compromised
accounts.

Thanks--


J.


   -------- Original Message --------
 Subject: Re: [gnso-rap-dt] revised WHOIS note
 From: Roland Perry <roland@xxxxxxxxxxxxxxxxxxxxxxxx>
 Date: Tue, July 21, 2009 2:16 pm
 To: gnso-rap-dt@xxxxxxxxx
 
 
 In message 
 <20090721111333.9c1b16d3983f34082b49b9baf8cec04a.870be0e1f5.wbe@xxxxxxxxx
 ureserver.net>, at 11:13:33 on Tue, 21 Jul 2009, James M. Bladel 
 <jbladel@xxxxxxxxxxx> writes
 
 >I guess I'm not clear on what is meant by "Abuse of WHOIS proxy
 >services." Do you mean bad actors using fraudulent / stolen data to
 >open these accounts, or compromised accounts?
 
 earlier Mike said:
 
 #particularly when registrars are providing the service and do not 
 #divulge underlying WHOIS info upon reasonable evidence of abuse, as 
 #clearly required by the RAA.
 
 Meanwhile, as someone who tries to help victims of e-crime, I find the 
 proxy-WHOIS is very often used to obscure the fraudster's details. I'm 
 aware that they might just be hiding false details, but shouldn't 
 registrars be doing more checks on such things? For example, where a 
 domain is paid for by a Credit Card, making available as default the 
 address details used to verify that payment.
 -- 
 Roland Perry





<<< Chronological Index >>>    <<< Thread Index >>>

Privacy Policy | Terms of Service | Cookies Policy