From: Paul McGowan Sent: Monday, 22 August 2005 10:32 AM To: jo.lim@auda.org.au Subject: WHOIS Policy Review - Aug 2005 Hi, With regard to the publicly available information in the WHOIS database. My first objection is to the removal of the creation date of a domain. I understand why this is being done, however I wish to point out the flip side as I see it. Fake domain name renewals are not the only type of fraud that happens on the internet (no news there). There are a number of instances where domain name creation dates are actively used to prevent fraud. These include credit card fraud, scam websites, phishing, and so on. Removing the ability to easily determine how long a domain has been registered will not necessarily make it impossible to send fake domain renewals, but it will make it harder to spot fraudulent websites quickly. I believe that this measure (the removal of registration date) is unnecessary given the prohibitions outlined elsewhere in the policy. Further, given the limits placed on queries, the collection of this data for illicit purposes will already be more difficult, it therefore provides little gain (and a big loss) to remove it entirely. Secondly, I believe that the requirement to publish an email address which must be active is unnecessary, and will just lead to spamming. I believe a system for forwarding email via the registrar would be much simpler and safer. This is the system used in many registrars around the world, and in my experience, works very well. I can be contacted, but it is difficult to abuse the address as all mail must go through the registrar (not a very onerous requirement, given that the mail supposedly relates to my domain). Upon registration, an address is assigned to me, and forwarded to the address which I provide (this address is not published). The assigned address is published for all to see. Moreover, as the assigned address is within the control of the registrar, it can be changed as often as necessary to prevent abuse. Once a month should be sufficient, however. eg. some_random_string@domains.registrar.com.au This protects privacy, prevents SPAM, and allows me to be contacted at all times. Best regards, Paul McGowan Technical Manager ----------------------------- Yawarra Information Appliances Pty Ltd