At 12/1/02 8:06 PM, Roger B.A. Klorese wrote: >Robert L Mathews wrote: > >>Abuse reports should go the domain owner's ISP, not the domain owner's >>WHOIS address. The person at the WHOIS address is presumably the bad guy. >>It makes no sense to send complaints to the bad guy. >> >You seem to believe that there is usually a model where >domain-owner->ISP->connectivity. > >For most I have any dealings with, domain-owner->connectivity. There is >no "hosting" ISP.
Well, I'm a little baffled here -- yes, I do believe "domain-owner->ISP->connectivity" in almost all cases. Probably 99.9% of all domain names are provided connectivity by an upstream ISP that is a separate organization. The few exceptions are well known domains owned by actual ISPs or large, recognizable organizations, such as aol.com -- but if you need to report abuse to aol.com, you hardly need to look at their WHOIS information (and doing so is not going to tell you the right place to send abuse reports; try it). Even if it were always the case that "domain-owner->connectivity", wouldn't that just reinforce the point I made? If they're the same person, there's no need to complain to the domain owner; just send the report to the connectivity provider from ARIN, and it'll reach the right person anyway. >>It >>was set up to provide people with a way to contact network operations >>personnel, and everyone who "owned" a domain was in that category. >> >Pretty much everyone I ever deal with is in that category. Perhaps we're misunderstanding each other. You're saying that almost every domain name associated with a server from which you receive abusive mail or network interference is owned by the same company that provides physical connectivity (and presumably enforces the AUP) for that server? And that you rarely get spam, for example, from people who have colocated a server someplace and started selling Viagra, or gambling, or porn through their domain name? If so, I don't have an explanation of why you would find that to be the case (it's certainly not the case on the general Internet, excepting the obvious cases like AOL users that you don't need domain WHOIS to deal with), but that's fine, too. If they provide the connectivity, they have a netblock record, and all you need is ARIN (and its cousins) to locate them. This abuse reporting discussion seems irrelevant, really, because we don't seem to be disagreeing about abuse reporting. You're saying that you almost always want to send abuse reports to network operators, which is just what I suggested should happen. The contact information for network operators is by definition in ARIN WHOIS, not domain WHOIS, so I I don't quite follow the argument that reporting abuse to network operations personnel requires domain WHOIS -- it seems to argue just the opposite. >Legal notices and other written correspondence must be possible. Yes, of course. It wouldn't be totally inaccessible; people who legitimately needed it would still be able to get it, in the same way that lunatics can't get your home address from the department of motor vehicles any more, but insurance companies, lawyers or police officers can. For example, the domain owner's postal address would still be available in the event of a lawsuit. And for simple form-letter copyright violations, the DMCA provides an official way for intellectual property owners to communicate directly with the ISP, who notifies the domain owner, and the domain owner can then respond with their physical address if they want to fight it. (I've noticed that most people who defend the use of WHOIS for legal purposes just assume that the current WHOIS system is accurate. In the case of "bad guys", particularly egregious spammers, I've often found just the opposite to be the case, and even if it isn't intentional, a good fraction of domain WHOIS data is out-of-date. Again, we're presumably talking about evildoers here: asking them to enter their true address isn't something we can rely on for legal purposes. And again, since the ISP is always going to be contactable, they're probably going to be a better bet for legal communication than the domain owner anyway.) >Since I'm in the "business" of giving them away to folks who need them >and can't afford to buy them (as with lots of other Internet services), >I have little sympathy for people turning what should be a fre service >into a business. Now that it's done, it's a necessary evil I need to >circumvent, but that doesn't mean I need to support it. Well, fair enough; I can't argue with that, and it sounds like you're doing good work. But allow me to gently point out that your argument pretty much boils down to the fact that you don't care a whit for Aunt Mabel's privacy because you don't think she should be allowed to have a domain name in the first place, and you believe that people who receive domain names the "right" way -- as the result of an (admirable) public service -- have an obligation to reveal something about themselves when they join the Internet community. That's fine... except that Aunt Mabel *is* allowed to have a vanity domain name for her knitting site, and the vast majority of such people don't see themselves as joining a community where they will be required to work hard to give back as much as they take. Instead, they pay money to join. Sad, but there it is; 1993 is never coming back. Since Aunt Mabel is here, your opinion unfortunately isn't really a rebuttal to her privacy concerns (my original point being that she cares an awful, awful lot about whether her home address is available to anyone on the Internet). ------------------------------------ Robert L Mathews, Tiger Technologies
