They are not a bulk whois licensee. They have mined the whois or otherwise obtained it against our terms of use.
-rwr ----- Original Message ----- From: "Robert L Mathews" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Saturday, April 20, 2002 3:28 PM Subject: Renewal Scam Data Source > I've been thinking about the misleading notices sent by Verisign and > DROA/DROC, and my thoughts turned to "where did they get the list of > postal addresses?". > > Assuming they aren't illegally mining the WHOIS (which is doubtful for > operations of that size), the answer is most likely that these two > companies purchased the information from OpenSRS under the ICANN-mandated > bulk WHOIS sharing program. (I'd be interested to hear if OpenSRS would > confirm that, although I assume they aren't able to disclose customer > information for privacy reasons. But if OpenSRS has never dealt with > these companies, it seems possible to say so without overstepping privacy > bounds... hint hint...) > > Anyway, one of the provisions of the ICANN requirement is that the > registrar may, at its option, provide domain owners with a way to opt out > of the bulk WHOIS sharing: > > http://www.icann.org/registrars/ra-agreement-17may01.htm > > (Section 3.3.6.6.) > > This topic has come up a couple of times over the last two years, and the > consensus, if I recall correctly (I'm having a hard time finding the > exact responses from OpenSRS folks in the archives) has pretty much been > that there were more important things for OpenSRS to work on, which was > probably true at the time. > > I'd like to suggest that this is now a much higher priority issue. > Previously, it was merely annoying: other registrars would occasionally > send "special offers" to try to tempt our customers, and our customers > were subjected to extra paper junk mail -- both annoying, as I said, but > both a part of this modern world. Now, it's different: our competitors > are using the information that OpenSRS sells them to commit mail fraud in > an attempt to steal our mutual customers, and I suspect this situation > will probably get worse before it gets better. > > A way for customers to opt out of having their name, address and domain > name sold to third parties in bulk is now much more important. Since > ICANN does allow OpenSRS to implement such a thing, I'd hope that this > could be made a priority. I would also hope that the technical ability > would be provided for resellers to set this flag (and not just > end-users), as I would intend to set it for all my customer accounts > (disclosing that fact to them, of course, and giving them the chance to > leave it on if they wanted to). > > Finally, I want to point out that I'm NOT blaming OpenSRS for the fact > that they sold the info to Verisign/DROA in the past (assuming that > happened), because they had no choice, and the work required to > ameliorate the situation by providing an opt-out mechanism was previously > out of proportion to the benefit. But things have clearly changed. > > So, OpenSRS folks: any possibility of adding this feature? > > -- > Robert L Mathews, Tiger Technologies > > "The trouble with doing something right the first time is that nobody > appreciates how difficult it was." >
