Whois Masking Considered Harmful

Whenever you register a domain name, your contact details are published in a publicly visible database called "Whois", where your contact details are instantly harvested by spambots and marketers who proceed to email and postal mail you marketing offers, deceptive "domain slamming" attempts, ads for dubious products, and perhaps even telemarketing calls. Nobody likes that, so over the years people started resorting to various tactics to protect themselves from the deluge of crap that inevitably comes with simply registering a domain name... more»

CIRA Creates Backdoor WHOIS Exceptions for Police and IP Owners

Earlier this year, I wrote glowingly about the new CIRA whois policy, which took effect today and which I described as striking the right balance between access and privacy. The policy was to have provided new privacy protection to individual registrants -- hundreds of thousands of Canadians -- by removing the public disclosure of their personal contact information... Apparently I spoke too soon. more»

Help! My Domain Name Has Been Hijacked!

They are out there. In Internet Cafes and dark rooms from New York to Hong Kong to Iran, the domain name hijackers are plotting to steal your domain names. Fortunately, there are some steps that you can take to protect yourself against losing your domain names. ...Registrars are often skeptical of claims of domain hijacking, and the hijackers often "launder" the domain names to look as if they have sold them to third parties... By the time you discover that your domain name has been stolen, it may be at its third or fourth different registrar in the name of a completely different party... more»

New CIRA Whois Policy Strikes Balance Between Privacy and Access

My weekly technology law column focuses this week on the new CIRA whois policy that is scheduled to take effect on June 10, 2008. The whois issue has attracted little public attention, yet it has been the subject of heated debate within the domain name community for many years. It revolves around the whois database, a publicly accessible, searchable list of domain name registrant information (as in "who is" the registrant of a particular domain name). more»

Canada's New Policy Will Privatize Whois Data for .ca Domains

Canadian Internet Registration Authority (CIRA) has posted its Change of Privacy Status... "As of June 10, 2008 the dot-ca (.ca) WHOIS will no longer release information about individual Registrants and their Adminstrative and Technical contacts, providing more thorough privacy protection for many of our Registrants." more»

Network Solutions Responds to Front Running Accusations

Following a post on the DomainState forum today, a number news and blogs have criticized Network Solutions for front running domain names that customers try to register. (See for instance today's report on DomainNameNews). Jonathon Nevett, Vice President of Policy at Network Solutions, has offered the following in response to the news break... more»

An Open Letter to Yahoo!'s Postmaster

In June 2004, Yahoo! and a number of other companies got together to announce the Anti-Spam Technical Alliance or ASTA. While it appears to have been largely silent since then, ASTA did at least publish an initial set of best practices the widespread adoption of which could possibly have had some impact on spam... The majority of these are clearly aimed at ISPs and end users, but some are either generally or specifically relevant to email providers such as Yahoo!, Google or Microsoft... The problem: Since February this year, we have been receiving a significant quantity of spam emails from Yahoo!'s servers. In addition to their transport via the Yahoo! network, all originate from email addresses in yahoo.com, yahoo.co.uk and one or two other Yahoo! domains. Every such message bears a Yahoo! DomainKeys signature... more»

The Anti-Phishing Consumer Protection Act of 2008

Last week Sen. Snowe filed bill S.2661, the Anti-Phishing Consumer Protection Act of 2008, or APCPA. While its goals are laudable, I have my doubts about some of the details. The first substantive section of the bill, Section 3, makes various phishy activities more illegal than they are now in its first two subsections. It makes it specifically illegal to solicit identifying information from a computer under false pretenses, and to use a domain name that is deceptively similar to someone else's brand or name on the web in e-mail or IM to mislead people... more»

ICA Posts Position Paper and Analysis of Snowe "Anti-Phishing" Legislation

The Internet Commerce Association (ICA) has posted a position paper and analysis of S. 2661, introduced on 2/25/08 in the US Senate. While we are firmly opposed to phishing and other criminal activities that may utilize domain names we are very concerned about the provisions of the proposal that appear to provide trademark owners with a means to avoid both UDRP and ACPA actions and alternatively bring private claims against domain names with a lower burden of proof and the potential for far higher monetary damages, without even requiring an allegation that the DN was in any way being utilized in a phishing scheme... more»

Domain Front Running by Registrars Continues to Draw Attention

In response to accusations lodged yesterday in a post on the DomainState forum, NSI has issued a statement which essentially admits that it engages in a form of domain front running. No one has challenged domain Front Running by registrars in the courts, likely because the practice is new and since the loss of a single domain would not typically generate a level of damages to support litigation. But litigation over this arguably fraudulent domain practice by registrars is both viable and likely inevitable... more»

North Dakota Judge Gets it Wrong

Ever been prosecuted for tracking spam? Running a traceroute? Doing a zone transfer? Asking a public internet server for public information that it is configured to provide upon demand? No? Well, David Ritz has. And amazingly, he lost the case. Here are just a few of the gems that the court has the audacity to call "conclusions of law." Read them while you go donate to David's legal defense fund... more»

How Rampant is Cyber & Typo Squatting? Just Ask WIPO After Reviewing Wipo.com!

How prevalent is cybersquatting and typosquatting? Take a look at www.wipo.com, and then compare it with the World Intellectual Property Organization's web site www.wipo.org. Ironically, the WIPO Arbitration and Mediation Center handles a majority of the UDRP domain dispute arbitrations internationally. The very organization which is invested with the authority by ICANN to resolve cybersquatting and typosquatting disputes internationally under the UDRP is, by all appearances, being squatted. Here are two apparent typosquatters... more»

Nominet Position Paper on Front Running

Nominet has published a very detailed and comprehensive position paper on "front running". Although the paper is a mere 5 pages long it covers all the areas that the topic encompasses very well and is well worth a read. The topic of "front running" has received some publicity in the last few months. If you're not familiar with the concept Nominet's definition is helpful... more»

An Internet Security Operations Viewpoint of IGF

The Internet Governance Forum (IGF) is an annual UN conference on Internet governance which was held this year in Rio de Janeiro, Brazil. The topics discussed range from human rights online to providing Internet access in developing countries. A somewhat secondary topic of conversation is Internet security and cyber-crime mostly limited to policy and legislative efforts. Techies and Internet security industry don't have much to do there, but I have a few updates for us from the conference. more»

Whois: If You Want Privacy, Pay For It

Netchoice, a lobbying group for the e-commerce industry had a strange reaction on the failure of the GNSO working group on Whois to reach a consensus. After all, they say, "Privacy concerns with Whois that were identified years ago have already been addressed by in the marketplace"... more»