[anti-abuse-wg] Spam under protection. Believe it or not!

In message <795BDB4E-C73E-4669-AF8E-644156449479 at virtualized.org>, 
ICANN (David Conrad <drc at virtualized.org>) wrote:

>rfg wrote:
>> The entirely predictable result is massive and ongoing
>> fraud in WHOIS records... which ICANN works overtime to try to dismiss,
>> cover-up, sweep under the rug, and to make extremely tedious and difficult
>> to even report to them.
>
>This is, of course, also untrue.

Which part?

Unlike most people here, I actually read the ICANN CEO's published/public
response to just one of Garth Bruen's several very detailed and well-
documented reports which detailed ICANN's abject failure to apply any-
thing that might be confused with disipline or enforcement to various
provably bent registrars who were massively helping either spammers or
criminals or both.  The ICANN CEO's public response was all obfsucation
and denial... it was all stuff like "Bruen got his facts wrong" or else
"We already dealt with this".  In short, it was all just an exercise
in sweeping self-evident problems under the carpet.  Not once did the
ICANN CEO ever admit that ICANN wasn't doing the job of administering
the Internet in every bit as immaculately perfect a way as Jesus Christ
himself would have done.

As regards to my second contention, quoted above, that ICANN has made
the reporting of fradulent domain name WHOIS records exceptionally
tedious and difficult ... so as to effectively discourage anybody
serious from ever even trying to file such a report...  I can
attest from first-hand personal knowledge and experience that this
is absolutely 100% true.  In fact, I'll go further and say that the
creation of unnecessary bureaucratic tedium and bullshit is something
that the enforcement staff at ICANN has raised up to the level of an
art form.

Once upon a time, many years ago, I used to diligently report... via
the ICANN reporting web form... all of the spammers domains that I came
across which had blatantly fradulent information in the associated
WHOIS records.  But for various reasons, several years ago I began
concentrating on so-called "snowshoe" spammers who routinely register
dozens or hundreds or thousands of different domain names at a time.
(This is not at all a new phenomenon.  It has been going on for more
than a decade now.  I first noticed this spammer tactic myself way
back in 2004.)

Anyway, it was already bad enough that the exceptionally tedious ICANN
WHOIS problem reporting form took longer to fill out, per domain, than
it took for the spammer to (fradulently) register his domain.  But then
I also realized that any time I found a snowshoe spammer who had registered,
say, 100 domains, all with fradulent WHOIS data, ICANN gave me no option
other than to sit, for hour after hour, filling out their stupid and tedious
WHOIS problem reporting form, over and over again, for each individual
domain, one at a time.

I asked about the possibility of making reports of groups of fradulent/
bogus WHOIS records in batches, and at first I could not even get the
favor of even a reply from ICANN.  (Obviously, they didn't even want
to think about the issue.)  Perhaps a year or more later on, I asked
about this again.  (I guess ICANN may have  had some personel changes by
that time... another issue that Garth Bruen has reported on, but not
in a positive way.)

So then I finally got a response, and the response was just that they
(ICANN) were "thinking about" the idea of petrhaps accepting
reports of batches of fradulent WHOIS reports.  I asked multiple times
about that and never got a straight answer.  So basically, the answer
slowly became clear to me... ICANN absolutely did not want to even
be dealing with the whole issue of fradulent WHOIS records.  (That was
already self-evident from the fact that... as Bruen also documented...
about half of the time even the reports that ICANN was already getting
never resuled in any action on anybody's part whatsoever.  The WHOIS
data just stayed fradulent and ICANN quietly closed the cases.)

So obviously, given that they (ICANN) didn't want to even deal with the
fradulent WHOIS data issue AT ALL, the last thing they would want was
to start accepting such reports IN BULK.  So they hemmed and hawed and
delayed and procrastinated.  Eventually after a few years I heard tell
that they (ICANN) finally had put something into place to allow JUST
a few special pre-selected folks to report fradulent WHOIS records in
bulk.  But there were a LOT of qualifying requirements, or so I heard.
You had to give them a blood sample and one of your kidneys before
they would accept you into the exclusive club that was now allowed to
report batches of fradulent WHOIS records.  But even with that, I'm
sure that they worked things out so that it would STILL be substantially
more tedious and more time consuming for the person who was _reporting_
a fradulent batch of WHOIS records to them than it was for the original
spammer to register that same entire batch of domains.

Advantage:  Spammer.

But anyway, by this point in time I wasn't at all interested in partici-
pating anymore in ICANN's little WHOIS policing charade.  It was obvious
to me... just as it was to Garth Bruen... that they (ICANN) were only
going through the motions, and even then they were only doing even the
minimum that they promised to do only some of the time.  Many other times
they would just close the cases.  It was 100% clear that they just didn't
really want to do any of this (WHOIS policing) and that they had only
been dragged, kicking and screaming, into lifting a finger at all in
this whole area.  (Certainly, none of the registrars who pay their
salaries wanted to have ICANN hasseling them about the lies told in
the WHOIS records by their various criminal and spammer customers.)

Also, ICANN did other things to try to disuade people from even filing
WHOIS problem reports... I mean above and beyond just making the process
as slow, tedious and time consuming as they thought they could get away
with, and then also totally ignoring a large percentage of the reports
that they ended up receiving anyway, even despite all of the obstacles
that they (ICANN) has erected to try to disuade people from even filing
them.

Whereas ICANN... which is to say the registrars who pay for ICANN's
existance... bend over backwards to make it easy for criminals to
register domain names with completely fradulent and fictitious
identifying information, they were... at least back in 2008...
simultaneously INSISTING that anybody who filed a WHOIS problem
MUST give them that reporter's true and correct name, e-mail address,
etc.... all information which ICANN would then PASS ON to the relevant
registrar.  The domain registrar would often then, in turn, further
pass on the name and e-mail address of the person who had ratted them
out to their criminal and spammer customers.  I'M NOT MAKING THIS UP!

The idea that the spammers who one had just ratted out might turn around
and mailbomb you, or DDoS you was not in the least bit far-fetched.  In
fact, quite the contrary.  I'm pretty sure that it actually happened
as a direct result of ICANN policies... policies which demanded total
honesty from those public-spirited people who were kind enough to report
fradulent WHOIS records to ICANN, even as ICANN itself (via its
accredited registrars) were busy making sure that the system which
allowed crooks and criminals to put any lies they wanted into their
WHOIS records would not be materially changed, impacted or disturbed
in any meaninful way... except maybe a little bit around the edges...
to keep the critics quiet, and to prevent governments from getting
involved.

I was so outraged at the way that ICANN was setting up its own WHOIS
problem reporters for DDoS attacks, that I decided to squawk, loudly,
about it at the time... but only after ICANN refused to even acknowledge
the problem (in private correspondance to me):

  http://krebsonsecurity.com/2011/03/whois-problem-reporting-system-to-gain-privacy-option/

As you can see, EVEN AFTER this particular bit of ICANN shit had hit the
fan (i.e. made it to the press) ICANN still wouldn't even commit to a date
by which they would fix the problem.  Maybe they eventually did.  I never
went back to check.  By this point in time I had had it, and I had finally
and fully realized that ICANN... far from wanting to work to fix the
problem...  had been actively working and scheming, finding ways to thwart
and/or deter anybody from the outside who might want to see WHOIS data
become more accurate.

That is actually not at all surprising, once one realizes who is actually
paying their salaries and who is actually paying to keep the lights on at
ICANN, i.e. the registrars, even the best of which are, at best, ambivalent
about WHOIS accuracy.  Others are knowingly making money from people who
they know good and well are filling up the WHOIS data base with complete
bullshit.  Garth Bruen has seen it.  I have seen it.  Suresh has seen it.
It is silly to try to deny this simple reality anymore.  There are just
too many witnesses.


Regards,
rfg