Using WHOIS Policy To Snag Good Domain Names
Date: Thursday September 05 2002, @02:54AM
Topic: Registrars

jberryhill writes "...or "How to Get Any Domain Name You Want in Fifteen Days"

In spite of the hoo-ha surrounding ICANN's letter to Verisign on WHOIS accuracy, one should keep in perspective that the 15 day verification rule has long been official policy. Some registrars have been quietly responding to WHOIS accuracy queries and deleting offending registrations for quite some time, some registrars pull the name out of the .com zone and keep the registration, and some registrars do nothing. How well this policy has worked in practice has depended to some extent on just who is doing the asking, who they ask, and how they are doing the asking. The 15 day fuse has always been ticking on domain name registrations, but by shining a spotlight on it, and at least making a pretense of doing something about, ICANN has once again set the stage for a classic ICANN policy train wreck."

Detecting ICANN policy train wrecks is pretty simple. Since ICANN policy is formulated by groups consisting of advocates for their own narrow agenda, there is usually no systematic big picture look at whether any one policy makes sense when coupled with another policy. So, as a spectator sport, what you should try doing is to take two unrelated ICANN policies, and then observe how they completely fail to mesh to produce a desirable result. The result is usually that one hand giveth what the other taketh away.

WHOIS accuracy enforcement is a perfect example, when viewed in light of the Wait List Service (WLS) and the Redemption Grace Period (RGP). The Wait List Service is a soon-to-be introduced registry service which will guarantee that a subscriber will obtain a domain name when it is deleted from the current registrant. The RGP is a policy which is supposed to avoid situations where a registrant is caught unawares by having their domain name deleted and registered to someone else by the WLS if, for example, the registrant doesn't pay their renewal fee.

Of course, the primary reason for registrants inadvertently failing to renew their domain names is that they had a problem with their contact data. For example, when a large Internet Service Provider folds, all of their customer's email addresses become inoperative. This recently happened to millions of people who subscribed to @home cable internet and had home.com email addresses. Sometimes people move or change phone numbers. Sometimes the techie who registered a company's domain name has changed employers. What happens in these situations is that people forget that their domain name is tied to the stale contact data. They don't get reminders, and the domain name expires. Also, some registrars require that people have access to now-inoperative email addresses, or long-forgotten passwords, in order to renew, transfer, or otherwise update their domain name.

Consider, for example, the administrative contact currently listed in the Verisign WHOIS data for thebeast.com:

Domain Name: THEBEAST.COM

 Administrative Contact:
  Mittal, Ashok  (AMI320)		
  TheBEAST.COM, Inc.
  One World Trade Center 80th Floor, Suite
  8067
  80th Floor, Suite 8067
  NY , NY 10048
  212-602-4214 (FAX) 212-602-4225

Somehow this contact information managed to avoid inclusion in Mr. Touton's hit parade of inaccurate contact data about which he chose to complain to Verisign.

Now, let's suppose that ICANN is serious about having registrars resolve WHOIS data issues within 15 days, and to delete domain names which are not in compliance within that period, as the contracts have always required. This opens up a number of opportunities.

First of all, how does a registrar determine whether WHOIS data is bad? As noted in the ICANN letter to Verisign, it should be immediately obvious that the registrant named "Toto" does not live in "Oz". In point of fact, Toto returned to Kansas with Dorothy. However, every registrar is required to be able to verify the existence of any address anywhere on the planet. Presumably the registrar attempts to contact the registrant at the address provided, and if there is no response, then the domain is deleted. Or perhaps, as in the example above, mail is returned as undeliverable.

Now, here's the train wreck. Enforcement of this policy effectively undoes most of the reasoning supporting the Redemption Grace Period. Obviously, if the registrant couldn't respond to a domain renewal notice, they are likewise not going to respond to a WHOIS confirmation inquiry. So, if you put this together with the WLS, then you've got an ICANN-provided roadmap to highjacking domain names (or at least short-circuiting the RGP) which, unlike illegal highjacking schemes, is perfectly legitimate and leaves the registrant with no recourse.

Here's how it works. You mine whois data for domains having bad contact data (i.e. home.com email addresses, relocated businesses, people who might be on a two week vacation or otherwise unavailable, people whose email server has been hacked, etc.).

Once you have your collection of targets, you take out WLS subscriptions on the domain names. The real beauty is that you will get a jump on all of the folks who are going to be taking out speculative WLS positions in bulk on domain names which are approaching expiration (oh, yeah, in the imagination of ICANN, these people don't exist either, but they've already decided to make WLS subscriptions cheaper than the techniques currently in use to register expiring domain names, which undoes a primary policy rationale for WLS, but I digress). Be creative. Pick people whose incoming email you would like to read. Like, say, a US defense contractor.

Now you are ready to declare Jihad, um, I mean, light the 15-day fuses on the domain names you have selected. Complain to the registrar, complain to ICANN, complain to the Federal Trade Commission, do whatever you can to start that 15 day registrar verification cycle.

If all goes well, at the end of 15 days, you will have shaken a lovely bounty from the branches of the domain name tree into your waiting WLS net, without the annoyance of the Redemption Grace Period, and below the radar of circling expiring domain name vultures.

Among fruitful fields to pick are the thousands of domain name registrants who had subscribed to Verisign's "dot com biz card" service, which provided several bundled services along with a domain name, and which can be identified by the characteristic email address: no.valid.email@worldnic.com that Verisign assigned to these registrations, since Verisign handled all administrative services for these domain names. Mr. Touton and ICANN are apparently totally unaware of the extent of domain names having this email address as the administrative contact address, which was specifically singled out by Mr. Touton as a false email address, and hence these thousands of domain names are ripe for the picking.

Happy hunting. Incidentally, Mr. Mittal, and all of the employees of TheBeast.com are alive and well. His Verisign handle contact data will hopefully reach the top of his to-do list before it reaches someone else's.

This discussion has been archived. No new comments can be posted.
Using WHOIS Policy To Snag Good Domain Names | Log in/Create an Account | Top | 27 comments | Search Discussion
Click this button to post a comment to this story
The options below will change how the comments display
Threshold:
Check box to change your default comment view
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
Re: Using WHOIS Policy To Snag Good Domain Names
by fnord (groy2kNO@SPAMyahoo.com) on Thursday September 05 2002, @12:20PM (#9077)
User #2810 Info
Richard Henderson wrote Dan Halloran and others at ICANN regarding ICANN accredited registrar YesNic over four months ago (with no action or even response to date). Some of their questionable activities have been publicized for months before that. Now comes an allegation that YesNic is shielding WHOIS information and offering to act as a broker to someone who wants the name. Even VeriSign isn't doing this SFAIK. So where is ICANN when it comes to dealing with longstanding complaints of multiple apparent breaches against a registar? I guess it's just not politically wise or newsworthy enough for ICANN to threaten YesNic with disaccreditation. -g

whois -h whois.crsnic.net joesworld.com

Domain Name: JOESWORLD.COM
Registrar: YESNIC CO. LTD.
Whois Server: whois.yesnic.com
Referral URL: http://www.yesnic.com
Name Server: No nameserver
Updated Date: 16-apr-2002


whois -h whois.yesnic.com joesworld.com

No record found for domain joesworld.com.

[ Reply to This | Parent ]
Re: Using WHOIS Policy To Snag Good Domain Names
by fnord (groy2kNO@SPAMyahoo.com) on Wednesday September 11 2002, @05:43AM (#9152)
User #2810 Info
Life follows art. -g
[ Reply to This | Parent ]
Don't believe someone for his pretty face!
by isquat on Thursday September 05 2002, @04:08AM (#9049)
User #3363 Info | http://i.squ.at/
"You mischaracterize the purpose behind ICANN's letter to Verisign."

Really? Do you think that ICANN can actually take away the accreditation of Verisign? Verisign will sue ICANN to death. Touton knows that. So there must be something else behind this than either the wish to be unkind to Verisign or the wish to make whois more accurate.
[ Reply to This | Parent ]
Re: CONSPIRACY!!
by RFassett on Thursday September 05 2002, @04:56AM (#9052)
User #3226 Info | http://www.enum.info
.....it was inevitable that policy issues being "spelled out" in agreements ICANN has made with both registries and registrars would become challenged by the very parties that "mutually agreed". The act of centrally regulating the market place is the issue, to me. ICANN has taken the entrusted role of gatekeeper to influence regulatory language in its agreements. To point back to these agreements as justification is circular logic given the assumption ICANN is not a regulator to private business, as it claims not to be, and has overstepped its scope in its contractural agreements. Where does the need to properly coordinate technical stability of DNS end and issues of policy begin? I now quote my most favorite quote from ICANN thus far in 2002:

"there are other kinds of stability than just technical stability"

Think about what this quote says (or does not say) and then think about how ICANN should look to keep itself out of legal liability in contracts it has with registries and registrars. The first step, to me, would be for ICANN to clearly define where its responsibility in coordinating technical stability ends and issues of policy begin. To my knowledge, this has not been done making certain language in its contracts inevitable to challenge by the parties that "mutually agreed".
[ Reply to This | Parent ]
Re: Using WHOIS Policy To Snag Good Domain Names
by PeterBarron (pebarron@hotmail.com) on Thursday September 05 2002, @05:10AM (#9053)
User #3240 Info | http://www.icannwatch.org/
I would think that deletion due to bad data, and deletion due to expiration are two different things.

++Peter
[ Reply to This | Parent ]
Re: Using WHOIS Policy To Snag Good Domain Names
by jberryhill on Thursday September 05 2002, @05:40AM (#9055)
User #3013 Info
Bitter? I'm amused.


In point of fact, I have no idea what is the purpose behind ICANN's letter to Verisign, but I doubt that the motivation had anything to do with improving services provided to domain name registrants or enhancing "stability" of the internet domain name system. Registrars are required to do a lot of things in accordance with the registrar accreditation agreement. They often do not. There is not a week which goes by where I am not a witness to unauthorized registrar transfers, domain hi-jackings, or other inexplicable registrar behavior in violation of the registrar accreditation agreement. As I noted, there have always been registrars who followed the 15 day verification policy, and it was a useful policy for dealing with certain spammers and some cybersquatters who used false contact data. If you provided the information to the registrar, along with some indication of what motivated the report, many registrars would exercise reasonable discretion in evaluating the report.


With the report form at internic.net, what we now have is a tool for unanticipated gamesmanship, especially in combination with the WLS. You can also use the report form for sending spam, since one function of the form is to send an email message to whatever email address is typed into the "reporter" field.


And don't kid yourself if you don't believe there are eager-beaver lawyers out there who consider failure to respond to a cease-and-desist letter, or to return their emails and phone calls, as a positive sign that the contact data is "bad". Some lawyers don't understand their relative social unpopularity, I suppose....


ICANN has indeed come out swinging at Verisign, but why THIS issue, and why now? Certainly this swing is not directed at routine policy violations that relate to issues of importance to domain name registrants (e.g. transfers, slamming, and hi-jacking). It is a characteristic feature of ICANN that the interests of domain name registrants are a distant runner behind policies designed to satisfy those interests which have a seat at the policy table, and also behind ICANN's own self preservation instincts.


Please don't get me wrong. Any hint from ICANN that they might someday have an interest in actually seeing whether people abide by their ICANN contracts is a welcome movement. Again, I have seen registrar representatives expressly laugh a the idea that ICANN would enforce accreditation terms, including a registrar who just last week told Mr. Touton personally what he could do with his interpretation of ICANN transfer policy.


Maybe I am too pessimistic, and maybe next week ICANN will turn its enforcement attention to terms of the accreditation agreement which are regularly ignored and which, if enforced, would inure to the benefit of domain name registrants. But I am not holding my breath.


In the meantime, however, we at least have the entertainment of playing WHOIS "gotcha" with people who are having problems updating their contact data. And I will keep beating the same dead horse that legitimate government is one which derives its authority from those governed. I'm not talking about some amorphous category of "internet users". Domain name registrants have no place at the very table at which the terms of their contracts are negotiated. And it will be a cold day in a warm place before ICANN enforces any of the conditions designed to protect those few interests of domain name registrants which are reflected in the relevant contracts. I will reserve the registrar data escrow rant for later, but it is a sure bet that one of the non-escrowed registrars will go belly-up long before the escrow system - also required by the accreditation contracts - is in place. You can take that to the bank.

[ Reply to This | Parent ]
Re: Using WHOIS Policy To Snag Good Domain Names
by jberryhill on Thursday September 05 2002, @09:33AM (#9062)
User #3013 Info
No, RGP relates to "redemption" of an unpaid registration. The 15 day period on rectifying bad whois data is a black-and-white condition of the registrar accreditation agreement. Take the UDRP, for example, if a "cancellation" is ordered in a UDRP proceeding, they aren't going to sit around and wait 30 days RGP or no RGP.
[ Reply to This | Parent ]
Re: Book Deal?
by fnord (groy2kNO@SPAMyahoo.com) on Thursday September 05 2002, @11:12AM (#9069)
User #2810 Info
A book, even a publish on demand book or ebook from John Berryhill would be great. With his ability to see issues from numerous angles no-one else seems to think of, his writing style, and some of the wacky things he's seen and done (hey, it seems to have expired and been picked up by someone in China, mebbe the original registrant? LOL!), it would have to come with a disclaimer to empty bladder before reading. -g
[ Reply to This | Parent ]
  • 4 replies beneath your current threshold.




  • This article comes from ICANNWatch
    http://www.icannwatch.org/

    The URL for this story is:
    http://www.icannwatch.org/article.pl?sid=02/09/05/065406