[lac-discuss-en] Fwd:WHOIS Violations

Mon Jun 7 12:19:26 CDT 2010

FyI, a very detailed report on WHOIS matter from KnuJon.   Garth Breun is a
member of the WHOIS WG.

==============================
Carlton A Samuels
Mobile: 876-818-1799
Strategy, Planning, Governance, Assessment & Turnaround
=============================

Dear At-Large and ALAC,

On April 16 ICANN issued a breach notice to Turkish Registrar Alantron
(http://www.icann.org/correspondence/burnette-to-acir-16apr10-en.pdf)
for not consistently providing access to its WHOIS database via Port 43,
a command-line query location that all Registrars are required to supply
under conditions of their contract with ICANN
(http://www.icann.org/en/registrars/ra-agreement-21may09-en.htm#3) under
section 3.3.1. Four days later they issued a breach to Internet Group do
Brazil for the same problem
(http://www.icann.org/correspondence/burnette-to-malinardi-02apr10-en.pdf).
WHOIS is a critical resource that makes the Internet function the way it
is expected to. It is also at tool of consumer trust and investigation.
Without Port 43 access ICANN?s WDPRS compliance system does not work.
The WHOIS record, as we all know, is a massive fraud with illicit
parties filling records with bogus information and hiding behind
anonymity. Fake WHOIS records are typically initiated by the registrant
and only technically become the Registrar?s problem after a complaint
is filed. The issue of blocking access to the WHOIS record is strictly
the province of the Registrar.

Coincidentally, while parties unknown to us filed complaints against
Alantron and Internet Group do Brazil, KnujOn was conducting its own
far-reaching audit of Port 43. For a period 71 days KnujOn tested the
Port 43 WHOIS accessibility of each unique Registrar, we did not test
multiple accreditations held by the same companies and only tested once
per day to avoid being blacklisted. We also tested at different times of
the day each time to avoid possible regular maintenance periods and
discarded results if the Registrar?s service only failed once in
during the study period. The full results, and ongoing testing of Port
43 access, are posted at: http://www.knujon.com/whoisblockingwhois.html

In addition to testing access, we also tested how easy it was to find
the Port 43 location of each Registrar. In most cases the Port 43 is
logically located at WHOIS.[REGISTRARDOMAIN].[TLD], for example
?whois.networksolutions.com? for NetworkSolutions. Sometimes it is
located at a different domain as in the case of Xin Net, the Port 43 is
hosted at whois.paycenter.com.cn. In most cases we were able to find
alternate Registrar WHOIS locations easily but for scores of them we had
to ask the Registrar. A handful quickly responded with the correct
location, but most never responded, and in a few cases our email was
rejected from the ICANN-listed Registrar contact email. A small minority
wanted to know why we were asking, but we logged this as non-response
since the RAA does allow for Registrar discrimination in the access to
WHOIS.

Marcaria.com International, Inc. was the worst, their Port 43 WHOIS
worked at beginning of test period and stopped responding on March 30
for a total of 14 successful days out of 71. That Darn Name, Inc., which
became intrustdomains.com during the test period, had serious regular
outages only responding a total of 38 days, slightly more than a 50%
success rate. South America Domains Ltd. dba namefrog.com also started
off OK but ceased responding after 46 days on May 10.

OnlineNIC had the worst record in terms of consistency, failing 25
times, intermittently during the study period making their reliability
about 65%. OnLineNic was in fact worse during the study period than
Alantron. In addition to OnlineNIC being worse than Alantron during this
period, World Biz Domains had the exact same Port 43 record responding
only 79% of the time.

Netfirms, Inc. failed 12 times, Freeparking Domain Registrars, Inc. 9
times. Good Luck Internet Services, Hebei Guoji Maoyi, Jetpack Domains,
Inc., United Domain Registry, Inc. all failed on 8 days. NetraCorp LLC
,NamesBeyond7, and Web Commerce Communications failed 7 times. GKG.NET,
INC. and Netpia.com, Inc. failed 4 times. 3 failures for Paknic.
Advanced Internet Technologies, Inc., Galcomm, Inc. Guangzhou Ming Yang,
Internet Invest, Moniker, Nordreg AB, Visesh Infotecnics Ltd., SiteName
Ltd. and Regtime all filed twice.

All Internet companies have technical issues. Even Google and Microsoft
do. Much more troubling were the 57 Registrars who would not disclose
their Port 43 location to us: 21Company, Hu Yi Global, Abansys, 1st
Antagus Internet, AOL LLC, Aruba SpA, Aust Domains, Brights Consulting,
chinagov.cn, China Springboard, Cronon AG Berlin, AllGlobalNames,
VocalSpace, Digitrad France, Samjung Data Service, Netdorm, French
Connexion, Domain Jamboree, Spirit Telecom, Domain Monkeys,
Webagentur.at, DomainRegistry.com Inc, DomainSpa, Ledl.net, DotArai, Gee
Whiz Domains, Hetzner Online, Digirati Informatica, Hostway Services, ID
Genesis, Instra Corporation, Interdomain, Intermedia.NET, InterNetworX
Ltd, Internet Solutions, FBS Inc, iWelt AG, Key-Systems, Launchpad, Inc,
Advantage Interactive, Add2Net Inc, Planete Marseille, Melbourne IT DBS,
M. G. Infocom, Nameshield, New Great Domains, GMO Internet, Porting
Access, AB RIKTAD, Sedo.com, Simply Named, Domain Services Rotterdam BV,
UK2 Group, HooYoo (US), Verelink, Web Business, and Xiamen ChinaSource.

Our emails to Internet Group do Brasil and Black Ice Domains, Inc. were
rejected. For each we used the contact email located in the ICANN
Registrar directory. Secura GmbH would not disclose the Port 43 location
and asked us why we wanted to know. Humeia Corporation would not
disclose the Port 43 location and told us to use the InterNIC WHOIS
lookup. Domainfactory GmbH said they were not an ICANN-accredited
Registrar and thus not required to have a public WHOIS. However they are
listed as an accredited Registrar by ICANN and sell gTLD domains on
their website. We are requesting ICANN clarification on this issue.

All of this information has been forwarded to ICANN compliance and we
hope it can be resolved quickly. This is merely one section of a much
large report we will be publishing soon.

-Garth

-------------------------------------
Garth Bruen
gbruen at knujon.com
http://www.knujon.com
http://www.linkedin.com/pub/4/149/724
Linkedin Group: http://www.linkedin.com/groups?gid=1870205
Blog: http://www.circleid.com/members/3296/
Twitter: @Knujon