It's been a while since I worked the abuse desk, but "using WHOIS to combat abuse" is a convenient handle that may gloss over an important part of how it's really used.
Don't abuse fighters usually need to know WHOIS data, not to act on it directly ourselves ... but rather to direct *someone else's* attention to the registrant? Like their network upstream, or their systems "upstream" (hosting provider), or law enforcement, etc.? Isn't the problem with domain anonymity that it increases the cost of enforcement? Is there a way to decrease the cost of enforcement, and to increase leverage over abusive domains, while still allowing private registration? A pie-in-the-sky idea: What if abuse fighters, registrars, and upstreams could participate in a pooled domain reporting and reputation system? What if domain reputation was itself visible in WHOIS, even for private domain registrations? Imagine a "domain reputation management clearinghouse" like the following: * Abuse fighters register their contact information and can open a case on a domain. This automatically escalates that domain to appropriate upstreams, with ability to select which part of their T&Cs and AUPs are violated, and a way to attach evidence, all via an API * Registrars can view a list of complaints, their status, and upstream responses * Upstreams can contact abuse fighters directly (if needed) for more information - without revealing their downstreams' private identity * Registrars and upstreams have reputation scores for responsiveness and complaint volume In other words, take "we have contacted our customer and taken appropriate action", and apply eBay-like ratings -- whether or not the evil actually stopped, turnaround time, etc. And the ratings would also apply to the domain itself. Imagine if public WHOIS data -- even for proxied WHOIS - showed their real reputation? I would totally shop for registrars and and peers based on their score. I would also use that reputation data to increment spam scores, etc. The clearinghouse would also provide a simple API, free of charge, for blacklist/milter use, to look up: - date of original registration - date of first complaint - date of last complaint - current reputation score - average reputation score over the last x days ... etc. In other words, allow abuse fighters to operate directly against the domains themselves *and publish the results*. The real power in the public WHOIS is reputation. Streamlining the expression of that reputation could be powerful. The semi-anonymity would reduce our direct power to "name and shame", but it might be worth the trade-off. Royce _______________________________________________ mailop mailing list mailop@mailop.org https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop
