great slashdot conversation on whois and icann
Frannie Wellings
wellings at EPIC.ORG
Sun Apr 4 15:55:46 CEST 2004
Hi all! Hope you're enjoying the weekend! I just saw this slashdot
conversation on whois and ICANN and thought you might like to read it
as well. - F
http://yro.slashdot.org/yro/04/04/03/1726226.shtml?tid=126&tid=95
Here's an excerpt:
ICANN Cracks Down on Invalid WHOIS Data
Posted by michael on Saturday April 03, @04:35PM
from the make-datamining-easier dept.
DotNM writes "Internet News reports that ICANN, the Internet
Corporation for Assigned Names and Numbers, is beginning a crackdown
on invalid data in the WHOIS database. In ICANN's annual report, they
found that nearly 5000 of the 24148 complaints were due to inaccurate
WHOIS information. Some of the domain names in question had the
address information of known spammers in the database. Registrars,
the companies you register your domains with, are under contractual
obligations to ensure this information is correct and accurate. Do
you believe this is a step in the right direction? Why?"
Not quite... (Score:5, Funny)
by Dimensio (311070) <darkstar at iIIIglou.com minus threevowels> on
Saturday April 03, @05:20PM (#8757800)
You don't just turn off the domain instantly. Attempt to contact the
domain holder (they have to have *some* kind of valid contact known
to the registrar). If calls/emails/letters are not answered, lock the
domain. Tell the holder that if data isn't updated within a certain
period of time, the domain registration is forfeit.
In the case of spammers' domains, take a few extra steps. First, lock
the domain right away. Second, instead of attempting to inform the
spammer that their domain is locked until the WHOIS data is updated,
send an assasin to where they live to have them killed.
[ Reply to This | Parent ]
Will this limit freedom of expression? (Score:4, Interesting)
by thesaur (681425) on Saturday April 03, @06:30PM (#8758225)
The proposal to force all domains to use valid WHOIS data would be a
boon to law-enforcement efforts. But that leads to another potential
concern.
In the US, it's not a problem to express yourself. You can say
whatever you like about the government and get away with it. OK, not
quite anything. In other countries, however, including western
countries like Germany and France, freedom of expression is
non-existant -- you may only say what the government allows you to
say. In the two countries I've mentioned, it's not much of a problem,
because they've basically only banned racist expressions. But there
are more than enough other countries (China, anyone?) that actively
work to suppress their citizens from expressing themselves freely.
For dissidents in such countries, false WHOIS data may be necessary
for freedom of expression. Is ICANN trying to help such governments
crack down on their citizens?
If ICANN wishes to enforce this rule, I agree with the procedure
outlined in the parent post, but disagree that spammer's domains
should be treated separately.
The problem is, how do you recognize a spammer's domain? If you
simply look at the "to" address, it will result in a lot of
legitimate sites getting spammed, because a real spammer will fake
the from address. If you look at the originating sender, I've had
enough (virus) spam that apparently originated at my mail server. The
header information was modified -- the IP did not belong to my mail
server. But you can't backtrace to find the domain if the IP is in a
dynamically allocated range. Once again, 1:0 for the spammers.
The few honest souls who are dumb enough to use valid information
will get caught anyway. Now if we are talking about domains that are
linked in spam, that's a little easier to deal with, but there is
still a large potential for abuse. So a spammer doesn't like a site.
Voila, take them down. In fact, anyone could effectively disrupt any
website they like.
Of course, spammers should be prosecuted, provided they are within
the jurisdiction of a state that cares (e.g., the US). But
intellegent spammers work offshore anyway, which puts them beyond the
reach of any western regulatory body except ICANN. We can go after
their domains, but there's no easy solution to determine which
domains are pure spam.
[ Reply to This | Parent ]
* Re:Will this limit freedom of expression? by Dimensio
(Score:1) Saturday April 03, @08:22PM
* Re:Will this limit freedom of expression? by MonsterChicharo
(Score:1) Sunday April 04, @01:40AM
* 1 reply beneath your current threshold.
* Re:Will this limit freedom of expression? by Reziac (Score:2)
Sunday April 04, @01:32AM
* Re:It's a rule, play by it. by Troed (Score:2) Saturday April
03, @04:51PM
* Re:It's a rule, play by it. by secolactico (Score:2) Saturday
April 03, @04:59PM
Re:It's a rule, play by it. (Score:5, Informative)
by Anonymous Coward on Saturday April 03, @05:23PM (#8757819)
postmaster@ is required (RFC822 6.3, C.6), webmaster@ is just a
convention, for now.
RFC 2142, "Mailbox Names for Common Services, Roles and Functions" is
a proposed standard and includes 'webmaster@', 'abuse@', 'noc@', etc.
[ Reply to This | Parent ]
* Some role accounts are no good. by Jonathan Quince (Score:1)
Saturday April 03, @05:49PM
* Re:Some role accounts are no good. by AndroidCat (Score:1)
Saturday April 03, @06:55PM
* Re:It's a rule, play by it. by Zeinfeld (Score:2) Saturday
April 03, @07:23PM
Re:It's a rule, play by it. (Score:4, Informative)
by multipart/mixed (163409) * on Saturday April 03, @09:09PM (#8758968)
(http://wes.zapto.org/~wes/maximus/)
>> postmaster@ is required (RFC822 6.3, C.6)
> Oh dear you thought they were standards,
RFC 822 *is* a standard. It is also known as STD 11, "Standard for
the format of ARPA Internet text messages".
--------- *snip* ---------
6.3. RESERVED ADDRESS
It often is necessary to send mail to a site, without know-
ing any of its valid addresses. For example, there may be mail
system dysfunctions, or a user may wish to find out a person's
correct address, at that site.
This standard specifies a single, reserved mailbox address
(local-part) which is to be valid at each site. Mail sent to
that address is to be routed to a person responsible for the
site's mail system or to a person with responsibility for general
site operation. The name of the reserved local-part address is:
Postmaster
so that "Postmaster at domain" is required to be valid.
Note: This reserved local-part must be matched without sensi-
tivity to alphabetic case, so that
"POSTMASTER", "postmas-
ter", and even "poStmASteR" is to be accepted.
[ Reply to This | Parent ]
* Re:It's a rule, play by it. by Jah-Wren Ryel (Score:2) Sunday
April 04, @02:03AM
* Re:It's a rule, play by it. by S.Lemmon (Score:2) Saturday
April 03, @07:28PM
* Re:It's a rule, play by it. by FattMattP (Score:2) Saturday
April 03, @08:44PM
* 1 reply beneath your current threshold.
* Re:It's a rule, play by it. by Frater 219 (Score:3) Saturday
April 03, @04:55PM
* Re:It's a rule, play by it. by MCZapf (Score:1) Saturday
April 03, @05:09PM
* Re:It's a rule, play by it. by Fastolfe (Score:2) Saturday
April 03, @05:57PM
Forget the spammers... it's the stalkers! (Score:5, Insightful)
by Anonymous Coward on Saturday April 03, @05:21PM (#8757808)
How many personal domains are out there? And how many freaks are
there online who'd wet themselves over the chance to stalk people
whose website the dislike or whose website turns them on or whatever
the hell it is that they get off on?
My websites all point to my former address. I moved because some
freak was harassing me and I was worried he was going to show up on
my doorstep some day. I didn't update the listing and won't for at
least another year, unless I get a PO box, and I'm sure as hell not
going to spend the money on that when I'm getting zero benefit on it.
My registrar has my real contact info. That's all that matters. If
someone has a complaint about one of my sites that can't be resolved
by emailing me, they can write to my hosting provider or my registrar.
[ Reply to This | Parent ]
* Re:Forget the spammers... it's the stalkers! by Fastolfe
(Score:3) Saturday April 03, @06:05PM
Because I want a persistent address (Score:5, Insightful)
by phr1 (211689) on Saturday April 03, @10:19PM (#8759289)
If I have a lower level domain under some ISP, then I'm trapped with
them. If my ISP's service goes down the tubes, or if they go out of
business altogether, or if they jack up their prices or whatever, I
can't switch ISP's without losing email or web contact with anyone I
gave my address or URL to. I move around a lot; my physical addresses
and phone numbers change all the time. My internet domain is the most
stable point of contact that I have.
I had a stable email address with an ISP for about ten years, but the
ISP discontinued my service plan and said I'd have to change
addresses if I wanted to stay with them, so that's why I registered a
domain, so I have a permanent net address that I can give out to
friends and acquaintances. That doesn't mean I want it advertised to
the public. It's like an unlisted phone number. I'm ok with the
registrar having my contact info in case law enforcement needs to
find me, but I see absolutely no reason they have to publish it in
WHOIS.
[ Reply to This | Parent ]
* Re:Forget the spammers... it's the stalkers! by Fastolfe
(Score:1) Saturday April 03, @06:58PM
* Re:Forget the spammers... it's the stalkers! by Fastolfe
(Score:1) Saturday April 03, @07:00PM
* 2 replies beneath your current threshold.
* Re:Forget the spammers... it's the stalkers! by Avihson
(Score:3) Saturday April 03, @06:35PM
* Re:Forget the spammers... it's the stalkers! by silas_moeckel
(Score:3) Sunday April 04, @12:33AM
* Re:Forget the spammers... it's the stalkers! by Anonymous
Coward (Score:1) Saturday April 03, @07:06PM
* Re:Forget the spammers... it's the stalkers! by Anonymous
Coward (Score:3) Saturday April 03, @08:42PM
* Re:Forget the spammers... it's the stalkers! by
howhardcanitbetocrea (Score:1) Saturday April 03, @11:29PM
* 1 reply beneath your current threshold.
* Re:It's a rule, play by it. by 91degrees (Score:1) Saturday
April 03, @05:44PM
* Obligation by The Monster (Score:2) Saturday April 03, @05:46PM
* Re:Obligation by Fastolfe (Score:2) Saturday April 03, @06:00PM
* Re:It's a rule, play by it. by blutrot (Score:2) Saturday
April 03, @05:49PM
* Re:It's a rule, play by it. by Fastolfe (Score:1) Saturday
April 03, @06:17PM
* Re:It's a rule, play by it. by iminplaya (Score:2) Saturday
April 03, @05:57PM
Re:It's a rule, play by it. (Score:5, Insightful)
by cubicledrone (681598) on Saturday April 03, @06:45PM (#8758288)
If you want to make a dent in spamming, just take away their
property(including house and car, in fact the food out of the fridge
and their clothes too) and empty their bank accounts.
If you want to make a dent in spamming, just violate the first,
fourth, fifth, sixth and eighth amendments. Simple!
[ Reply to This | Parent ]
* Re:It's a rule, play by it. by iminplaya (Score:2) Saturday
April 03, @06:59PM
* Re:It's a rule, play by it. by PsiPsiStar (Score:2) Saturday
April 03, @11:08PM
* Re:It's a rule, play by it. by Bagheera (Score:3) Saturday
April 03, @11:59PM
* Re:It's a rule, play by it. by pipingguy (Score:2) Saturday
April 03, @09:37PM
* 1 reply beneath your current threshold.
* Domain Collectors' Field Day by Jonathan Quince (Score:1)
Saturday April 03, @05:10PM
Re:It's a rule, play by it. (Score:5, Insightful)
by JPriest (547211) on Saturday April 03, @05:16PM (#8757780)
(http://toolbar.google.com/ | Last Journal: Tuesday January 13, @06:21AM)
I have registered a total of 4 domains, after using valid information
on the first one I refuse to make the same mistake again. My first
domain expired in 2001 and I still get credit card offers from it.
Like it or not, it is still a public database containing personal
information. I can't really blame people for using incorrect
information.
[ Reply to This | Parent ]
Re:It's a rule, play by it. (Score:4, Insightful)
by tyldis (712367) on Saturday April 03, @08:40PM (#8758825)
First off: I'm a poor student and live in Norway. I have a few hobby
domains, mostly so I can run my own email configuration.
I haven't recieved any snailmail spam, most likely because I'm not
American, but one evening I got a [lovely] call from China. A female
(yes, I was shocked myself, first time a girl calls me!) said
something about representing some huge business.
Her english was bad so I couldn't really hear what she was saying,
but I finally figured out that they had heard about 'my large and
great company' and that I was known worldwide for my splendid
leadership and nose for business.
I kinda freaked out, hung up and went for my tinfoil hat. I changed
the contact info, but when my registrar complained that my address
'BOFH Avenue 666' was bouncing I had to change it back.
Bottom line, I would very much appreciate some kind of mechanism that
would protect your privacy a little bit better. The problem is that
the Internet is global and legislation is very different around the
globe so the solution would have to be technical.
[ Reply to This | Parent ]
* How about this? by Adam9 (Score:2) Saturday April 03, @10:57PM
* 1 reply beneath your current threshold.
* 1 reply beneath your current threshold.
* Re:It's a rule, play by it. by nomadic (Score:2) Saturday
April 03, @05:18PM
* Hell no! by Snaller (Score:3) Saturday April 03, @05:49PM
It's a crappy rule; change it. (Score:5, Interesting)
by wurp (51446) on Saturday April 03, @05:54PM (#8757995)
(http://www.magicosm.net/)
Three years ago some jackass from /. thought it would be funny to
call up my home phone and leave a nasty drunken message because I
disagree with him about the current SUV craze. The reason he was able
to do this was because (stupid me) I kept accurate whois information
for my domain names. Had I pissed him off enough, there was nothing
keeping him from coming to my home.
Requiring public, accurate whois information is idiotic. I think a
requirement for accurate information held in confidence by ICAN is a
good idea (to be available to the police with a warrant). Before you
run out there cheering for accurate public information, think about
how you would feel if every email and every web posting you made had
your home phone & address on it. If everyone were sane and
reasonable, it would be good. Since everyone's not, and someone can
anonymously e.g. burn your house down, it's bad.
Spammers are just going to get phones with junk info and PO boxes.
This can only hurt, not help.
I'm surprised to see the responses I'm seeing on a site where most
people ostensibly argue for free speech and anonymity
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.ncuc.org/pipermail/ncuc-discuss/attachments/20040404/045da3cd/attachment.html>
More information about the Ncuc-discuss
mailing list