> I know that whois is a lost cause, and I still believe that methods for > identifying the real controlling entities of domains would help quite a bit > in reducing unwanted e-mail spam.
I agree, but the reality of the matter is that even if mailgun.co and mailgun.net had matching org information in the whois for mailgun.com, that would still not prove a connection, only that whomever registered those domains put in the same information that was found in the mailgun.com whois record. Validating the identity of the ownership of domains would go a long way to helping the situation, but the current whois implementation will never get us there. Mike -----Original Message----- From: mailop <mailop-boun...@mailop.org> On Behalf Of Hans-Martin Mosner via mailop Sent: Wednesday, May 31, 2023 1:50 AM To: mailop@mailop.org Subject: Re: [mailop] Transparency is key... Here is a perfect example.. M3AAWG is coming.. time to take a st Am 31.05.23 um 01:18 schrieb Sebastian Nielsen via mailop: > I don't agree with your stance. > > Hiding whois details doesn't mean you hiding your identity. Normally, this > type of privacy is also used when you want to hide the actual person that is > responsible for, lets say paying the domains. Still, in this example the domain information for mailgun.co and mailgun.net is so thoroughly hidden that it isn't possible which legal entity owns them. I don't care about the private phone number of some poor fellow who is tasked with paying for the domains but for a commercial enterprise I one can reasonably expect truthful and working contact information as well as an identification of the legal entity. A role e-mail address and a phone number where someone can be reached in emergencies should not be to hard to implement for a sizable business. > Because, you don't want people calling these phones, about spam, about > support cases, about things that SHOULD be taken through their ticket system. Do mailgun.co and mailgun.net have working ticket systems? > But you still want a private phone there, that could be ringing in the middle > of the night if something went amiss with their payment for their domain, so > the domain doesn't get snapped by a squatter. Who said that they wanted a private phone contact? Not Michael if I read his words correctly. Not me (I hate phone conversations). I don't think that any reasonable person expects private phone numbers in whois contacts. Companies must have company contact channels which should be public info, and for truly private domains I'm fine with not seeing their private contact data in whois. However, they should also be fine if my mail system does not accept mail from essentially anonymous sources and requires them to ask for whitelisting. > So I would say, this practice is legitimate for larger companies like mailgun. Well, is this mailgun even? These are just domain names which use that sequence of characters, registered with registries and registrars who don't give a flying f for the actual identity of their customers. There is no way for me to find out whether these are fake or real. From my experience with NameCheap, "fake" is a pretty safe bet, I'm seeing those kind by the hundreds daily, and very rarely do I see a legitimate domain using them as registrar. > Just because details are hidden at location A or for automated tools doesn't > mean they are dubious. > Same if they hide their details on website, but require filling out a captcha > to get their office address. Doesn't mean they are shady. > > You can still find their details on their official website > https://www.mailgun.com/contact/ With a address to their office even. To repeat myself: That contact info is for mailgun.com, not for mailgun.co nor mailgun.net. It is conceivable that somewhere hidden on mailgun.com's web site there is a mention of those two domains and that they are indeed operated by the same company, but the domain info itself does not say that. I know that whois is a lost cause, and I still believe that methods for identifying the real controlling entities of domains would help quite a bit in reducing unwanted e-mail spam. Cheers, Hans-Martin _______________________________________________ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop _______________________________________________ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop
