Subscribe
Proxy abuse and what ICANN should do
Submit to Digg.com!
March 5th, 2007 by 
Jay Westerdal
What is the purpose of a proxy service? 1) Prevent people from contacting the registrant directly 2) Prevent someone from knowing who owns the domain. Based on these two purposes, I think there are a lot of healthy changes that could be made to proxy system. The current proxy system seems to be broken and leads to a lot of abuse.
In the case of Whois Data Shield in the Flying Karamazov post, it is clear that ICANN should regulate Proxy companies. A standard set of rules and laws should be followed by all proxy companies. A bond should be posted as well to insure all rules are followed. A proxy company shouldn’t be allowed to hide the identity of any direct or indirect investor in a proxy company, simply because of the fact that law enforcement organizations often serve subpoenas on these companies and ask that the investigation remain confidential. It would be hard to keep an investigation confidential from the suspect if you had to serve the suspect themselves to get their true identity.
Hiding behind a proxy is a popular thing for domain criminals, but it is also popular for individuals that may have stalkers or privacy concerns. Proxies make it harder to prosecute people and build cases. Any commercial enterprise/registered company/registered organization that operated a commercial site would not be allowed to hide behind a proxy service.
I can see why a company that was doing a merger or launching a new brand would want to hide that fact until it was publicly disclosed. In those cases the rule should be a numbered trustee account be listed instead. The proxy service would need to display in days how long the numbered trustee account will be listed. Legal entities need to be listed that are liable for the domain, so the numbered trustee accounts would be limited to 365 days. To prevent abuse of the numbered accounts, a freedom of information request would need to be returned with the true owners identity within 60 days or receipt of a request. Transferring or placing new numbered trustee accounts on the domain would be prohibited for 30 days after expiration of the old numbered account.
Five things should happen at ICANN and in the whois:
- Proxy companies should register with ICANN and be forced to display their official IANA Proxy ID in whois output.
- Pass a rule stating that if a domain operates in a commercial capacity it is not allowed to use a proxy service.
- Always display the true registrant’s name but allow for the proxy of contact details if they are not a commercial entity.
- Mandate the public listing in the whois of what State or Provence the company is registered in.
- Allow arbitrators to decide if a domain is operating in a commercial capacity, registrars would be forced to follow the ruling.
« Newer Post Older Post »
Posted in Domain Industry, ICANN |
March 5th, 2007 at 3:57 pm
Im not sure if this is for proxy websites such as http://www.proxd.com or something else..
any comment?
March 5th, 2007 at 5:46 pm
Great article!
the Proxy system is being completely abused. Every fake, fraud order on the net comes from one of these open unsecured proxies, usually from overseas in a 3rd world lawless society. Chasing anyone one of them will get you nowhere (and they know it).
I would ban everyone of them!
While some are valid, AOL uses proxies for some reason, but
there should be mandatory registration and a master database of “acceptable registered commercial proxies” where system administrators could allow users of those registered proxies onto their servers. All others would be blocked.
I’ve never seen a proxy user do any good on any of my systems in 10 years. They’re all crooks, cheats, hackers, carders, and scammers.
I doubt the bankers would want to do anything about this, because they’re making a fortune on chargeback fee’s.
Help us ICANN! Please turn off the frauds.
March 6th, 2007 at 1:21 am
I think there is some confusion here. The blog article is talking about proxy services in a sense of “Whois Privacy”, i.e. the real owners of an internet domain are not shown.
What annav1 is talking about is something completely different. He is talking about “proxy servers” that web surfers can use to browse web sites in order to not reveal their real IP address.
March 6th, 2007 at 8:16 pm
Interesting idea, will make those whom profit from child exploitation or child pornography much more “visible”, then the surrent system of bouncing domain registration thruogh a dozen pre-existing active domains that allow for contact information to be filtered through. No longer can they hide their identity, instead they be forced to reveal all, afterall, they victimize children - do so without hiding true identities.
For example: (Most this info is provided by the register, but fake)
WHOIS Record For
playtoymagazine.com
Domain: PLAYTOYMAGAZINE.COM
Registrant
Nikolajs Buts
support@playtoydigital.com
Dzirciema 125-28
Riga, Latvia LV1055 LV
+371.371738103
(FAX)
Domain Name: PLAYTOYDIGITAL.COM
Registrant:
Art Modeling
Nikolajs Buts (fashion@ptmodelingsupport.com)
Dzirciema 125-28
Riga
null,LV1055
LV
Tel. +371.738103
Domain Name: ptmodelingsupport.com
Registrant:
Nikolajs Buts (nik_buts@lycos.com)
Dzirciema 95-18
Riga
Rlga,1055
LV
Tel. +371.79643260
The street addresses and phone numbers are spoofed by a simple proggy, and the “lycos” e-mail is most likely fake.
Apparently, cross checking and verifying actual contact data for registration of a domain is a huge task. These people whom conduct questionable unethical business practices know it, and exploit it, and use this weakness to their advantage.
March 9th, 2007 at 6:00 am
As a specialist in Intellectual Property matters, I find the entire concept of “Domains by Proxy” and similar services to be nothing but a way to shield scammers and line the wallets of the Registrars. While most users of the service have nefarious reasons for doing so (I have investigated thousands for my clients), there are those that legitimately have concern about spam issues. Those people could easily use a disposable email for registration purposes. Also, very few snail mail campaigns result from WHOIS information. Most are from fake Registrars or resellers looking to make a quick buck, and those mailings pale in comparison to the daily deluge of mail order catalogs we all get. Another issue with a proxy service is that I also negotiate domain purchases for clients. When I am confronted with Domains by Proxy and some others, I find myself in a bind because by their nature, they don’t forward any email. Therefore, anyone foolish enough to think they are shielding themselves, may actually hurt themselves if they never receive a bonafide offer. Network Solutions was smart enough to figure out a way around this by offering to be a go between for a fee. But even then, I have concerns about whether the offer goes through and the lack of direct contact makes general negotiations beyond money impossible. As far as those individuals who have a real fear of stalking, etc, such as that faced by many entertainers, they can easily put the domain into the name of a representative such as their lawyer, accountant, webmaster (although I have reservations about that), etc. All in all, there is no legitimate reason for using a proxy service. 99 percent of the time, the owner is up to no good.