Re: Security Risks from Bogus Whois Problem Reports

From: Barry Margolin (barmar_at_alum.mit.edu)
Date: 11/05/04

  • Next message: Mike Karsyan: "Re: Folder protection" 
    Date: Fri, 05 Nov 2004 02:34:13 -0500

    In article <cmf7cu$hl1@library1.airnews.net>,
     Ron Bennett <bennett@wyomissing.com> wrote:

    > Whois Problem Reports are intended to allow people to submit complaints
    > about incorrect Whois information. However, this feature is
    > increasingly being abused, and thus presents a security risk to all
    > domain name registrants.

    It's very difficult to provide a system for complaining that doesn't
    invite problems if abused. Someone can call the cops and report that
    you're dealing drugs, and the police will most likely show up at your
    door. I don't know if this call would be enough to get a warrant for a
    thorough search, but maybe they can look for anything in plain sight.

    >
    > Some recent incidents I've personally experienced recently due to bogus
    > Whois Problem Reports merely being filed:
    >
    > * Dotster, about two weeks ago, threatened to delete a domain if I
    > didn't respond.

    So respond.

    >
    > * BulkRegister, just yesterday, threatened to suspend a domain if I
    > didn't respond within 5 calendar days.

    That's certainly too short -- what if you're on vacation or in the
    hospital for a week? 2-4 weeks seems reasonable, though.

    You can also lose your domain if they send you an invoice for the
    renewal and you ignore it for too long. Domain registrants shouldn't
    ignore mail from their registrars. 

    -- 
Barry Margolin, barmar@alum.mit.edu
Arlington, MA
*** PLEASE post questions in newsgroups, not directly to me ***
  • Next message: Mike Karsyan: "Re: Folder protection"
    • Quantcast