- Joined
- Oct 4, 2003
- Messages
- 1,393
- Reaction score
- 2
Bogus "Whois Problem Reports" are increasingly going from being an annoyance to being a real security risk.
Dotster threatened to delete a domain based only on a report that was obviously bogus a week or so ago.
BulkRegister threatened to suspend a domain if I didn't respond within 5 calendar days just today.
What good are Whois Problem Reports when anyone can file one and there's absolutely no screening performed to ensure such reports have any validitity to them; reports filed on some of my domains claimed everything was wrong, including the expiration date - what!? Talk about pure nonsense!
If one really wants to cause mayhem, they simply file lots of bogus Whois reports - and for maximum effect, target domains that are name servers - suspended name servers will kill a lot of sites cold and likely not be immediately noticed.
There is much talk about the transfer policy changes and security, and yet bogus Whois Problem Reports is a security risk many times worse!
Some ICANN policy changes are needed pronto...
1. Requiring more than just a name and email for people making complaints - they should have to provide a postal address that's verifyable and/or some other information.
2. Screening of such reports - permit registrars, if they're not already, to toss out Whois Problem Reports that they feel are invalid without involving the registrant; stop wasting their time over this nonsense.
3. A standard on how registrars handle Whois Problem Reports
* including a reasonable time like 30 days before taking any action ... as of now, some registrars do little while others suspend domains within only a few days - so if one goes away on holiday, they could very likely come back and find their domains suspended/deleted.
Something needs to be done before bogus Whois Problem Reports get any further out of hand ...
Ron
Dotster threatened to delete a domain based only on a report that was obviously bogus a week or so ago.
BulkRegister threatened to suspend a domain if I didn't respond within 5 calendar days just today.
What good are Whois Problem Reports when anyone can file one and there's absolutely no screening performed to ensure such reports have any validitity to them; reports filed on some of my domains claimed everything was wrong, including the expiration date - what!? Talk about pure nonsense!
If one really wants to cause mayhem, they simply file lots of bogus Whois reports - and for maximum effect, target domains that are name servers - suspended name servers will kill a lot of sites cold and likely not be immediately noticed.
There is much talk about the transfer policy changes and security, and yet bogus Whois Problem Reports is a security risk many times worse!
Some ICANN policy changes are needed pronto...
1. Requiring more than just a name and email for people making complaints - they should have to provide a postal address that's verifyable and/or some other information.
2. Screening of such reports - permit registrars, if they're not already, to toss out Whois Problem Reports that they feel are invalid without involving the registrant; stop wasting their time over this nonsense.
3. A standard on how registrars handle Whois Problem Reports
* including a reasonable time like 30 days before taking any action ... as of now, some registrars do little while others suspend domains within only a few days - so if one goes away on holiday, they could very likely come back and find their domains suspended/deleted.
Something needs to be done before bogus Whois Problem Reports get any further out of hand ...
Ron
