Ted 'Tubes' Stevens Tries To Fight Phishing > Phishing part not needed; but domain registration needs chgs

Phishing part not needed; but domain registration needs chgs

I would whole heartily disagree with address phone number thing for domains. There's an expect security that we all should have. You never know who on the net could show up at your biz or house. That in its self is frighting. As usual the spammers will lie and will get away with it, us sheep will follow the herd provided by our "gov". If bills like this keep coming we may end up with a law that says when posting on a forum you must include your Real name, address, phone number and your SSN.

ym

reply to fAcEtIOUs
There needs to be a balance between privacy and public disclosure. Maybe a proxy system whereby someone puts a valid contact for someone who will vouch for the authenticity.

reply to youngmoore
I think information should be accurate. No problem with that being law.

I don't believe though that it should be public information. Such as part of some "who is" database.

If someone wants it, they will have to go to the court and get authorization for getting the information.

But I don't think people should be able to provide bs information to a hosting company in an effort to hide.
--
"There are no stupid questions, but there are a LOT of inquisitive idiots"

reply to youngmoore
On the other hand if the spammers and scam artists who benefit most from stealth domain registrations, never knew which of their victims might show up on their doorstep with a 10 gauge shotgun...
--
We can never have enough of nature.
We need to witness our own limits transgressed, and some life pasturing freely where we never wander.
Test your firewall.

reply to youngmoore
I think you are off base. I think domain entries should be accurate and public. If it scares you to have the infomation out there then maybe running public services isnt for you. The only reason to obfuscate domain information is to empower spammers. At the very least there should accurate information for reporting an abusive domain to a host so as to have it shut down. All spam electronic and real world need to be stopped. They both waste all sorts of resources.

I have to disagree. I hate spam as much as anyone. Maybe more since we host email servers and I fight it daily. But my own info out there for anyone to see on the net, I think not and I'm not comfortable with that and I'm about as far as a spammer as you can get. Just because I like my privacy doesn't make me, my company, or my family "spammers" Nice try though. You don't see the CEO's of ATT or Comcast personal info up on who-is but your expecting anyone even personal website owners to have their full Name/Address/Phone numbers. Come on man get serious.

ym

kfsutops has a good idea. Netfixer, the spammers will Lie anyway so they will never see a problem "most likely".
Ontop of that the most spam we see comes from Eastern block and Asia pac so US law wouldn't apply.

ym

reply to youngmoore
That's actually how it worked until fairly recently. Being able to use a registrar's address or other blocking features is a relatively recent development.

reply to bogey780

reply to bogey780
There already is.

I registered and paid the extra 10 bucks for "Domains By Proxy."

They have my info, but you can't get my personal info from a generic Whois.

There are PLENTY of good reasons for some people to do this. Mostly, if they aren't a business.

I do not want people to be able to dig up all that info. My band's website has plenty of ways to contact if needed.

Having all that info listed is like asking for freaks to harass you.

Yes, scammers and spammers suck. No, they shouldn't be able to hide completely. I agree that a balance should be struck... and I think Domains by Proxy is a good start.

reply to MJRudzik

reply to bogey780
I use Domains by Proxy on my domain. All my valid domain info is protected by them and a Court order is needed to retrieve it. They use their name and address for the public whois database.

»www.domainsbyproxy.com/

EX.

dministrative Contact:
Private, Registration XXXXXXXX@domainsbyproxy.com
Domains by Proxy, Inc.
DomainsByProxy.com
15111 N. Hayden Rd., Ste 160, PMB 353
Scottsdale, Arizona 85260
United States
(480) 624-2599

reply to kfsutops
Just get a court order and approach the hosting company and find out who pays the bills or what IP logs on as admin. Easy peasy.

reply to youngmoore

Registrant:
Comcast Corporation
   1500 Market Street
   Philadelphia, PA 19102
   US
   Domain Name: COMCAST.NET
   ------------------------------------------------------------------------
   Promote your business to millions of viewers for only $1 a month
   Learn how you can get an Enhanced Business Listing here for your domain name.
   Learn more at »www.NetworkSolutions.com/
   ------------------------------------------------------------------------
   Administrative Contact:
      Administrator, Domain Registration ContactMiddleName  domregadmin@COMCAST.net
      Comcast Corporation
      1500 Market, West Tower
      Philadelphia, PA 19102
      US
      215-320-8774 fax: 215-564-0132
   Technical Contact:
      Technical Contact, Domain Reg ContactMiddleName  domregtech@comcastonline.com
      Comcast Corporation
      1500 Market St.
      9Fl West
      Philadelphia, PA 19102
      US
      215-320-8774 fax: 215-564-0132
   Record expires on 24-Sep-2008.
   Record created on 25-Sep-1997.
   Database last updated on 28-Feb-2008 02:00:16 EST.
   Domain servers in listed order:
   DNS101.COMCAST.NET           68.87.64.204
   DNS102.COMCAST.NET           68.87.66.204

--------------------------------------------------------------

Registrant:
Comcast Corp
   1500 Market Street
   Philadelphia, PA 19102
   US
   Domain Name: COMCAST.COM
   ------------------------------------------------------------------------
   Promote your business to millions of viewers for only $1 a month
   Learn how you can get an Enhanced Business Listing here for your domain name.
   Learn more at »www.NetworkSolutions.com/
   ------------------------------------------------------------------------
   Administrative Contact:
      Comcast Corporation  postmaster@COMCAST.COM
      1500 MARKET ST
      PHILADELPHIA, PA 19102-2100
      US
      215-981-7776 fax: 215-981-7776
   Technical Contact:
      Comcast Corporation  postmaster@COMCAST.COM
      1500 MARKET ST
      PHILADELPHIA, PA 19102-2100
      US
      215-981-7776 fax: 215-981-7776
   Record expires on 28-Aug-2010.
   Record created on 29-Aug-1995.
   Database last updated on 28-Feb-2008 02:01:50 EST.
   Domain servers in listed order:
   NS1-AUTH.SPRINTLINK.NET
   NS2-AUTH.SPRINTLINK.NET

--------------------------------------------------------------

Registrant:
        AT&T Corp.
        Corporate Administration
        32 Avenue of the Americas
        New York, NY 10013
        US
        eiss-dns@att.com
        +1.3172651482  Fax: +1.3172651482
    Domain Name: ATT.COM
    Registrar of Record: Corporate Domains, Inc.
    Administrative Contact:
        AT&T Services, Inc.
        Domain Administrator
        240 N Meridian Room 280
        Indianapolis, IN 46204
        US
        jn4238@att.com
        +1.3172651482  Fax: +1.3172651482
    Technical Contact:
        AT&T Corp
        DNS Support
        801 Chestnut St.
        St. Louis, MO 63101
        US
        eiss-dns@att.com
        +1.3172651482  Fax: +1.3172651482
    Domain servers in listed order:
        NS2.ATTDNS.COM
        NS3.ATTDNS.COM
        NS1.ATTDNS.COM
        NS5.ATTDNS.COM
        NS4.ATTDNS.COM
    Created on..............: 25-Apr-86
    Expires on..............: 26-Apr-10
    Record last updated on..: 13-Jul-07

---------------------------------------------------------------

Registrant:
AT&T Corp.
   55 Corporate Drive
   Bridgewater, NJ 08807
   US
   Domain Name: ATT.NET
   ------------------------------------------------------------------------
   Promote your business to millions of viewers for only $1 a month
   Learn how you can get an Enhanced Business Listing here for your domain name.
   Learn more at »www.NetworkSolutions.com/
   ------------------------------------------------------------------------
   Administrative Contact, Technical Contact:
      GNMC  rm-hostmaster@ems.att.com
      424 S. Woodsmill Rd
      Chesterfield, MO 63037
      US
      800-325-1898 fax: 281-664-9975
   Record expires on 14-Dec-2012.
   Record created on 13-Dec-1993.
   Database last updated on 28-Feb-2008 02:04:33 EST.
   Domain servers in listed order:
   ORCU.OR.BR.NP.ELS-GMS.ATT.NET 199.191.129.139
   WYCU.WY.BR.NP.ELS-GMS.ATT.NET 199.191.128.43
   OHCU.OH.MT.NP.ELS-GMS.ATT.NET 199.191.144.75
   MACU.MA.MT.NP.ELS-GMS.ATT.NET 199.191.145.136
 

reply to fAcEtIOUs
I own a number of domains, and I don't have Domain Privacy, and I haven't received any of the spam that I have been promised. (WAAAH!)

I don't mind Domain Privacy, though, on one condition: That the information on a privacy-protected domain is useful for contacting the owner of that domain in the event of a technical or administrative problem.

I've tried on numerous occasions to contact domain owners about malware on their site -- and these guys have bought Domain Privacy from their Registrar. But contacting the Registrar is useless -- they refuse to forward any message to the registrant, no matter how important it is. To me, that's the problem.

If someone wants to replace their name on a registration with some generic "Privacy Protected - Contact Registrar" entry, fine -- but then provide a screened forwarding service that protects the registrant from spam and anonymous harassment but gets important messages through.
--
Robb Topolski -= funchords.com =- Hillsboro, Oregon
"We don't throttle any traffic," -Charlie Douglas, Comcast spokesman, on this report.

reply to youngmoore
The solution I came up with when I was publishing my own domain was to get a Post Office box and a GrandCentral phone number. If you do a whois on one of my domains (say, PCQandA.com), you'll get these instead of my real address/phone number.

I stop by the PO Box every so often to pick up the junk mail and donations that arrive there. (I use the PO Box for donations to help keep my site running also since I don't want to publish my address for that.) Any phone calls coming in will ring my real phones (via GrandCentral's service), but I can choose whether or not I take them and can block spam callers.

The PO Box costs me $26 per year (prices vary from post office to post office) and the GrandCentral number is free.
--
-Jason Levine
Support a children's charity. Buy a calendar. Shooting For A Cause
Jason's Toolbox | PCQandA.com

reply to fAcEtIOUs

reply to NetFixer
If your network is being attacked you work off of IP address blocks and their owners info, not domain name registrations per se.

reply to jester121
Exactly. If I were the member of an online criminal group and suddenly I was required to put my real name/address on a domain, I'd find someone else's name/address to use. Probably something from identity theft.

Alternatively, they could auto-generate fake names/addresses. Take a list of common first names, a list of common last names, a list of street names, a list of cities and run them all through a random number generator and you get a new name/address each time. By the time the ISP and/or police realize and the domain gets shut down, the criminals are already on to the next domain and fake name/address.

I had, in fact, once had a similar idea for fake identity generation to poison phishing pages. (Generate a fake identity and submit it to the phishing form. If enough people do it enough times, the data they collect becomes useless.) I even got as far as to locate free lists of common first names, last names, street names, and cities. So everything the criminals would need are online for free right now.
--
-Jason Levine
Support a children's charity. Buy a calendar. Shooting For A Cause
Jason's Toolbox | PCQandA.com