At 12/1/02 8:06 PM, Roger B.A. Klorese wrote:
>Robert L Mathews wrote:
>
>>Abuse reports should go the domain owner's ISP, not the domain owner's
>>WHOIS address. The person at the WHOIS address is presumably the bad guy.
>>It makes no sense to send complaints to the bad guy.
>>
>You seem to believe that there is usually a model where
>domain-owner->ISP->connectivity.
>
>For most I have any dealings with, domain-owner->connectivity. There is
>no "hosting" ISP.
Well, I'm a little baffled here -- yes, I do believe
"domain-owner->ISP->connectivity" in almost all cases. Probably 99.9% of
all domain names are provided connectivity by an upstream ISP that is a
separate organization. The few exceptions are well known domains owned by
actual ISPs or large, recognizable organizations, such as aol.com -- but
if you need to report abuse to aol.com, you hardly need to look at their
WHOIS information (and doing so is not going to tell you the right place
to send abuse reports; try it).
Even if it were always the case that "domain-owner->connectivity",
wouldn't that just reinforce the point I made? If they're the same
person, there's no need to complain to the domain owner; just send the
report to the connectivity provider from ARIN, and it'll reach the right
person anyway.
>>It
>>was set up to provide people with a way to contact network operations
>>personnel, and everyone who "owned" a domain was in that category.
>>
>Pretty much everyone I ever deal with is in that category.
Perhaps we're misunderstanding each other. You're saying that almost
every domain name associated with a server from which you receive abusive
mail or network interference is owned by the same company that provides
physical connectivity (and presumably enforces the AUP) for that server?
And that you rarely get spam, for example, from people who have colocated
a server someplace and started selling Viagra, or gambling, or porn
through their domain name?
If so, I don't have an explanation of why you would find that to be the
case (it's certainly not the case on the general Internet, excepting the
obvious cases like AOL users that you don't need domain WHOIS to deal
with), but that's fine, too. If they provide the connectivity, they have
a netblock record, and all you need is ARIN (and its cousins) to locate
them.
This abuse reporting discussion seems irrelevant, really, because we
don't seem to be disagreeing about abuse reporting. You're saying that
you almost always want to send abuse reports to network operators, which
is just what I suggested should happen. The contact information for
network operators is by definition in ARIN WHOIS, not domain WHOIS, so I
I don't quite follow the argument that reporting abuse to network
operations personnel requires domain WHOIS -- it seems to argue just the
opposite.
>Legal notices and other written correspondence must be possible.
Yes, of course. It wouldn't be totally inaccessible; people who
legitimately needed it would still be able to get it, in the same way
that lunatics can't get your home address from the department of motor
vehicles any more, but insurance companies, lawyers or police officers
can.
For example, the domain owner's postal address would still be available
in the event of a lawsuit. And for simple form-letter copyright
violations, the DMCA provides an official way for intellectual property
owners to communicate directly with the ISP, who notifies the domain
owner, and the domain owner can then respond with their physical address
if they want to fight it.
(I've noticed that most people who defend the use of WHOIS for legal
purposes just assume that the current WHOIS system is accurate. In the
case of "bad guys", particularly egregious spammers, I've often found
just the opposite to be the case, and even if it isn't intentional, a
good fraction of domain WHOIS data is out-of-date. Again, we're
presumably talking about evildoers here: asking them to enter their true
address isn't something we can rely on for legal purposes. And again,
since the ISP is always going to be contactable, they're probably going
to be a better bet for legal communication than the domain owner anyway.)
>Since I'm in the "business" of giving them away to folks who need them
>and can't afford to buy them (as with lots of other Internet services),
>I have little sympathy for people turning what should be a fre service
>into a business. Now that it's done, it's a necessary evil I need to
>circumvent, but that doesn't mean I need to support it.
Well, fair enough; I can't argue with that, and it sounds like you're
doing good work. But allow me to gently point out that your argument
pretty much boils down to the fact that you don't care a whit for Aunt
Mabel's privacy because you don't think she should be allowed to have a
domain name in the first place, and you believe that people who receive
domain names the "right" way -- as the result of an (admirable) public
service -- have an obligation to reveal something about themselves when
they join the Internet community.
That's fine... except that Aunt Mabel *is* allowed to have a vanity
domain name for her knitting site, and the vast majority of such people
don't see themselves as joining a community where they will be required
to work hard to give back as much as they take. Instead, they pay money
to join. Sad, but there it is; 1993 is never coming back.
Since Aunt Mabel is here, your opinion unfortunately isn't really a
rebuttal to her privacy concerns (my original point being that she cares
an awful, awful lot about whether her home address is available to anyone
on the Internet).
------------------------------------
Robert L Mathews, Tiger Technologies
This archive was generated by hypermail 2.1.3 : Tue Oct 19 2004 - 23:37:32 EDT