[At-Large] Godaddy & ICANN Compliance: Port 43 whois

Derek Smythe derek at aa419.org
Tue Nov 7 14:06:18 UTC 2017


Congratulations! At least you do not have a generic block, but that
does not mean you're not affected by this issue either.

I will reiterate what the issue is, as stated at
http://blog.aa419.org/2017/09/08/an-open-letter-to-godaddy-whois-service/:

The ICANN RAA 2013, which Godaddy is a signatory to, says:
> 3.3.1 At its expense, Registrar shall provide an interactive web page and, with respect to any gTLD operating a "thin" registry, a port 43 Whois service (each accessible via both IPv4 and IPv6) providing free public query-based access to up-to-date (i.e., updated at least daily) data concerning all active Registered Names sponsored by Registrar in any gTLD. Until otherwise specified by a Consensus Policy, such data shall consist of the following elements as contained in Registrar's database:
... followed by the whois data elements ...

and then a bit later:
> 3.3.5 In providing query-based public access to registration data as required by Subsections 3.3.1 and 3.3.4, Registrar shall not impose terms and conditions on use of the data provided, except as permitted by any Specification or Policy established by ICANN. Unless and until ICANN establishes a different Consensus Policy, Registrar shall permit use of data it provides in response to queries for any lawful purposes except to: (a) allow, enable, or otherwise support the transmission by e-mail, telephone, postal mail, facsimile or other means of mass unsolicited, commercial advertising or solicitations to entities other than the data recipient's own existing customers; or (b) enable high volume, automated, electronic processes that send queries or data to the systems of any Registry Operator or ICANN-Accredited registrar, except as reasonably necessary to register domain names or modify existing registrations.


We see Godaddy filtering some IP addresses despite the IP not being
used for whois lookups in years at least. No standard whois lookups
are possible.

In other cases, there seems to be a hard limit of 10 lookups per 24
hours. The first few times you will get the standard output. Feel free
to have a coffee/tea between lookups. But do more than ten per day.
Then you will get something along the line of:

> Domain Name: GODADDY.COM
> Registrar URL: http://www.godaddy.com
> Registrant Name: Domain Administrator
> Registrant Organization: Go Daddy Operating Company, LLC
> Name Server: CNS1.GODADDY.COM
> Name Server: CNS2.GODADDY.COM
> Name Server: CNS3.GODADDY.COM
> Name Server: A11-64.AKAM.NET
> Name Server: A1-245.AKAM.NET
> Name Server: A20-65.AKAM.NET
> Name Server: A6-66.AKAM.NET
> Name Server: A8-67.AKAM.NET
> Name Server: A9-67.AKAM.NET
> DNSSEC: unsigned
>
> For complete domain details go to:
> http://who.godaddy.com/whoischeck.aspx?domain=GODADDY.COM

Once you hit that, try the next day again, you are stuck and blocked.
This is not rate limiting, this is not blocking, this is filtering and
output format substitution.

Upon confronting Godaddy with this issue, their Port 43 team requires
you to supply additional info so they may consider this, in violation
of "Registrar shall not impose terms and conditions on use of the data
provided, except as permitted by any Specification or Policy
established by ICANN." and not in violation of the exclusions (a) and
(b) in 3.3.5.

Obviously this does not scale for parties investigating domain based
abuse.  This is seen on various anti-abuse fronts severely hampering
the folks trying to keep us safe.

I trust this clarifies the issues.

The only movement on this issue is Godaddy fixing the output for
http://who.godaddy.com/whoischeck.aspx?domain=....

Previously it would simply show if the domain was available or not,
after fighting Google's reCaptcha which sometimes goes into a broken
loop (a seperate issue I was stuck at for a while once).

Derek

On 2017-11-07 11:55 AM, McTim wrote:
> Command line whois on port 43 is being answered AFAICS
> 
> 
> 
> McTim$ whois -p 43 -h whois.godaddy.com godaddy.com
> 
> Domain Name: GODADDY.COM
> 
> Registrar URL: http://www.godaddy.com
> 
> Registrant Name: Domain Administrator
> 
> Registrant Organization: Go Daddy Operating Company, LLC
> 
> Name Server: CNS1.GODADDY.COM
> 
> Name Server: CNS2.GODADDY.COM
> 
> Name Server: CNS3.GODADDY.COM
> 
> Name Server: A11-64.AKAM.NET
> 
> Name Server: A1-245.AKAM.NET
> 
> Name Server: A20-65.AKAM.NET
> 
> Name Server: A6-66.AKAM.NET
> 
> Name Server: A8-67.AKAM.NET
> 
> Name Server: A9-67.AKAM.NET
> 
> DNSSEC: unsigned
> 
> 
> For complete domain details go to:
> 
> http://who.godaddy.com/whoischeck.aspx?domain=GODADDY.COM
> 
> 
> The data contained in GoDaddy.com, LLC's WhoIs database,
> 
> while believed by the company to be reliable, is provided "as is"
> 
> with no guarantee or warranties regarding its accuracy.  This
> 
> information is provided for the sole purpose of assisting you
> 
> in obtaining information about domain name registration records.
> 
> Any use of this data for any other purpose is expressly forbidden
> without the prior written
> 
> permission of GoDaddy.com, LLC.  By submitting an inquiry,
> 
> you agree to these terms of usage and limitations of warranty.  In particular,
> 
> you agree not to use this data to allow, enable, or otherwise make possible,
> 
> dissemination or collection of this data, in part or in its entirety, for any
> 
> purpose, such as the transmission of unsolicited advertising and
> 
> and solicitations of any kind, including spam.  You further agree
> 
> not to use this data to enable high volume, automated or robotic electronic
> 
> processes designed to collect or compile this data for any purpose,
> 
> including mining this data for your own personal or commercial purposes.
> 
> 
> Please note: the registrant of the domain name is specified
> 
> in the "registrant" section.  In most cases, GoDaddy.com, LLC
> 
> is not the registrant of domain names listed in this database.
> 
> On Tue, Nov 7, 2017 at 4:46 AM, Derek Smythe <derek at aa419.org> wrote:
>> This is exactly the same games being played with other complainants in
>> the ITSec sector. Also the reason why this complaint was lodged on
>> behalf of numerous parties and in full public view.
>>
>> It seems it may be appropriate to test the ICANN complaints procedure
>> soon if these games are not stopped promptly  as it's undermines
>> negotiated stated policies. I have seen numerous unused IP addresses
>> similarly filtered.
>>
>> Derek Smythe
>> Artists Against 419
>> http://www.aa419.org
>>
>>
>> On 2017-11-07 09:20 AM, Bill Silverstein wrote:
>>>> An edited version of a post I made on the APWG. Certain parts have
>>>> been redacted to protect innocent victims. The rest is topical here.
>>>>
>>>> Certain parties at Godaddy were copied on the original.
>>>>
>>>> ==============================================================
>>>>
>>>> I'm not sure if here is anybody on list that can address this issue. I
>>>> have lodged an ICANN complaint on it, but this is extremely topical in
>>>> doing what we do, fighting fraud as this affects each of us. So I'll
>>>> share:
>>>>
>>>> http://blog.aa419.org/2017/09/08/an-open-letter-to-godaddy-whois-service/#Oct04
>>>>
>>>> I have reached out to folks in other communities fighting abuse. The
>>>> issue is global and complaints are sandbagged.
>>>>
>>>> To show what a harmful effect this has:
>>>>
>>>
>>>
>>> I have been trying to deal with both Godaddy and ICANN about GoDaddy's
>>> violation of the RAA requirements to provide port 43 access. The response
>>> from Godaddy is that you can go to the web site. ICANN's response is
>>>
>>> "However, please note that the registrar demonstrated to ICANN it was
>>> compliant with its Whois Service obligations at the time the complaint
>>> was received in accordance with Section 3.3.5 of the 2013 Registrar
>>> Accreditation Agreement (RAA) Additionally, please note, ICANN's authority
>>> is purely contractual, and limited to the RAA, the Registry Agreements
>>> (RA) and ICANN’s Consensus Policies."
>>>
>>> What crap!  I had provided the proof, but they ignore it.
>>>
>>>
>>> _______________________________________________
>>> At-Large mailing list
>>> At-Large at atlarge-lists.icann.org
>>> https://atlarge-lists.icann.org/mailman/listinfo/at-large
>>>
>>> At-Large Official Site: http://atlarge.icann.org
>>>
>> _______________________________________________
>> At-Large mailing list
>> At-Large at atlarge-lists.icann.org
>> https://atlarge-lists.icann.org/mailman/listinfo/at-large
>>
>> At-Large Official Site: http://atlarge.icann.org
> 
> 
> 


More information about the At-Large mailing list