In the current debate over the balance between privacy and Internet safety and security, one of the unanswered questions is: "How will those responsible for protecting the public interest gain access to the non-public data in the WHOIS databases post General Data Protection Regulation (GDPR)?" In an attempt to prevent WHOIS data from going "dark," several community members have been working for the past weeks to create a model that could be used to accredit users and enable access to the non-public WHOIS data. more
The compliance deadline for the European Union's General Data Protection Regulation (GDPR) is nearly upon us, the unveiling of a proposed model to bring WHOIS into compliance is said to come from ICANN next week, and everyone is scrambling to understand all that's involved. Implementation of a revised WHOIS model is clearly on the horizon, but what comes after may be the real story! Specifically, if WHOIS information becomes more than nominally restricted, what's the consequence to the data controllers (ICANN and the contracted parties) who implement this revised model? more
Steeped deep in discussions around the European Union's General Data Protection Regulation (GDPR) for the past several months, it has occurred to me that I've been answering the same question for over a decade: "What happens if WHOIS data is not accessible?" One of the answers has been and remains the same: People will likely sue and serve a lot of subpoenas. This may seem extreme, and some will write this off as mere hyperbole, but the truth is that the need for WHOIS data to address domain name matters will not disappear. more
There are thousands of sites and services on the 'net that offer domain name whois lookup services. As of last night, many of them may have stopped working. Why? Many of them rely on fairly rudimentary software that parses the whois from Verisign (for .com and .net) and then relays the query to the registrar whois. The site or service then displays the whois output from the registrar's whois server to you. more
The following is the easyDNS response to ICANN's public comment period on GNSO Privacy & Proxy Services Accreditation Issues Working Group Initial Report. The public comment period is open until July 7, 2015. We strongly urge you to make your voice known by signing the petition over at Save Domain Privacy. I submit these comments as a CEO of an ICANN accredited registrar, a former director to CIRA and a lifelong anti spam contributor with an unblemished record of running a managed DNS provider that maintains zero tolerance for net abuse or cybercrime... more
Question: why has air travel become so painful? Because the threat posed by bad actors requires making everyone jump through hoops before letting them board a plane. To the point that, despite obvious requirements to ensure air safety, some are now openly questioning if the cure is not worse than the disease. Registering a domain name could be about to go the same way. more
DNS blacklists for IPv4 addresses are now nearly 15 years old, and DNSBL operators have gathered a great deal of expertise running them. Over the next decade or two mail will probably move to IPv6. How will running IPv6 DNSBLs differ from IPv4? There aren't any significant IPv6 DNSBLs yet since there isn't significant unwanted IPv6 mail traffic yet (or significant wanted traffic, for that matter), but we can make some extrapolations from the IPv4 experience. more
On Wednesday September 29th at 1PM there will be a meeting in the Old Executive Building in Washington D.C. with Registries and domain Registrars to discuss illegal Internet sales of prescription drugs. ICANN was originally invited but declined because citing "inappropriateness" . One "U.S." Registrar who definitely will not be in attendance is OnlineNIC more
Back from the holidays I must admit I was thinking quite a bit on what is good policy for a registry? Of course I have my own personal favorites that I can not walk away from easily, but instead of thinking for too long, I decided to write down now immediately what is in my head. The main reasons for this are two: the decision by ICANN to change the rules for change in policy regarding the Add Grace Periods. more
In June 2004, Yahoo! and a number of other companies got together to announce the Anti-Spam Technical Alliance or ASTA. While it appears to have been largely silent since then, ASTA did at least publish an initial set of best practices the widespread adoption of which could possibly have had some impact on spam... The majority of these are clearly aimed at ISPs and end users, but some are either generally or specifically relevant to email providers such as Yahoo!, Google or Microsoft... The problem: Since February this year, we have been receiving a significant quantity of spam emails from Yahoo!'s servers. In addition to their transport via the Yahoo! network, all originate from email addresses in yahoo.com, yahoo.co.uk and one or two other Yahoo! domains. Every such message bears a Yahoo! DomainKeys signature... more
The Internet Commerce Association (ICA) has posted a position paper and analysis of S. 2661, introduced on 2/25/08 in the US Senate. While we are firmly opposed to phishing and other criminal activities that may utilize domain names we are very concerned about the provisions of the proposal that appear to provide trademark owners with a means to avoid both UDRP and ACPA actions and alternatively bring private claims against domain names with a lower burden of proof and the potential for far higher monetary damages, without even requiring an allegation that the DN was in any way being utilized in a phishing scheme... more
How prevalent is cybersquatting and typosquatting? Take a look at www.wipo.com, and then compare it with the World Intellectual Property Organization's web site www.wipo.org. Ironically, the WIPO Arbitration and Mediation Center handles a majority of the UDRP domain dispute arbitrations internationally. The very organization which is invested with the authority by ICANN to resolve cybersquatting and typosquatting disputes internationally under the UDRP is, by all appearances, being squatted. Here are two apparent typosquatters... more
Doc's post and the impending comments deadline for the next iteration of ICANN's never-ending WHOIS saga finally pushed me to write up my thoughts on the latest iteration of ICANN debate. As Doc points out, much of the current debate is very inside baseball, tied up in acronyms atop bureaucratic layers. Small wonder then that ordinary domain name registrants and Internet users haven't commented much, while the fora are dominated by INTA members turning out responses to an "urgent request" to "let ICANN know that Whois is important to the brand owners I represent"... more
As faithful CircleID readers will know, iREIT (Internet REIT, Inc.), a Texas domain name portfolio investment corporation, has been sued by Verizon and by Vulcan Golf for cybersquatting. It appears iREIT is taking steps to clean up its portfolio by deleting obvious typos of famous trademarks... more
ICANN's recently released report, ICANN's Whois Data Accuracy and Availability Program: Description of Prior Efforts and New Compliance Initiatives [PDF], is a summary of the Whois Data Problem Report System's (WDPRS) reports spanning a one-year period that concluded at the end of Fenruary 2007. In case you're not familiar with the WDPRS, it's system that tracks complaints about inaccurate or incomplete whois entries. Notable facts from the report include: There were 50,189 reports for which ICANN received follow-up responses during the year... more
A World-Renowned Source for Internet Developments. Serving Since 2002.