> On 31 May 2023, at 14:21, Mike Hillyer via mailop <mailop@mailop.org> wrote: > >> I know that whois is a lost cause, and I still believe that methods for >> identifying the real controlling entities of domains would help quite a bit >> in reducing unwanted e-mail spam. > > I agree, but the reality of the matter is that even if mailgun.co and > mailgun.net had matching org information in the whois for mailgun.com, that > would still not prove a connection, only that whomever registered those > domains put in the same information that was found in the mailgun.com whois > record. > > Validating the identity of the ownership of domains would go a long way to > helping the situation, but the current whois implementation will never get us > there.
And I’ll remind folks that GoDaddy implemented privacy on by default prior to GDPR coming into effect. I went to a talk they gave on why fully intending to explain to them why this was a bad thing to do. But they had good reasons, primarily protecting their customers from scams and spam, for doing it. As much as I hate it, we’re never getting back to having whois being a useful database. There are also registrars that don’t even offer customers a choice on publishing information. I don’t like it. I don’t want it to be that way. But that ship sailed almost a decade ago. laura > > Mike > > -----Original Message----- > From: mailop <mailop-boun...@mailop.org> On Behalf Of Hans-Martin Mosner via > mailop > Sent: Wednesday, May 31, 2023 1:50 AM > To: mailop@mailop.org > Subject: Re: [mailop] Transparency is key... Here is a perfect example.. > M3AAWG is coming.. time to take a st > > Am 31.05.23 um 01:18 schrieb Sebastian Nielsen via mailop: >> I don't agree with your stance. >> >> Hiding whois details doesn't mean you hiding your identity. Normally, this >> type of privacy is also used when you want to hide the actual person that is >> responsible for, lets say paying the domains. > Still, in this example the domain information for mailgun.co and mailgun.net > is so thoroughly hidden that it isn't possible which legal entity owns them. > I don't care about the private phone number of some poor fellow who is tasked > with paying for the domains but for a commercial enterprise I one can > reasonably expect truthful and working contact information as well as an > identification of the legal entity. A role e-mail address and a phone number > where someone can be reached in emergencies should not be to hard to > implement for a sizable business. >> Because, you don't want people calling these phones, about spam, about >> support cases, about things that SHOULD be taken through their ticket system. > Do mailgun.co and mailgun.net have working ticket systems? >> But you still want a private phone there, that could be ringing in the >> middle of the night if something went amiss with their payment for their >> domain, so the domain doesn't get snapped by a squatter. > Who said that they wanted a private phone contact? Not Michael if I read his > words correctly. Not me (I hate phone conversations). I don't think that any > reasonable person expects private phone numbers in whois contacts. Companies > must have company contact channels which should be public info, and for truly > private domains I'm fine with not seeing their private contact data in whois. > However, they should also be fine if my mail system does not accept mail from > essentially anonymous sources and requires them to ask for whitelisting. >> So I would say, this practice is legitimate for larger companies like >> mailgun. > > Well, is this mailgun even? These are just domain names which use that > sequence of characters, registered with registries and registrars who don't > give a flying f for the actual identity of their customers. There is no way > for me to find out whether these are fake or real. From my experience with > NameCheap, "fake" is a pretty safe bet, I'm seeing those kind by the hundreds > daily, and very rarely do I see a legitimate domain using them as registrar. > >> Just because details are hidden at location A or for automated tools doesn't >> mean they are dubious. >> Same if they hide their details on website, but require filling out a >> captcha to get their office address. Doesn't mean they are shady. >> >> You can still find their details on their official website >> https://www.mailgun.com/contact/ With a address to their office even. > > To repeat myself: That contact info is for mailgun.com, not for mailgun.co > nor mailgun.net. It is conceivable that somewhere hidden on mailgun.com's web > site there is a mention of those two domains and that they are indeed > operated by the same company, but the domain info itself does not say that. > > I know that whois is a lost cause, and I still believe that methods for > identifying the real controlling entities of domains would help quite a bit > in reducing unwanted e-mail spam. > > Cheers, > Hans-Martin > > _______________________________________________ > mailop mailing list > mailop@mailop.org > https://list.mailop.org/listinfo/mailop > _______________________________________________ > mailop mailing list > mailop@mailop.org > https://list.mailop.org/listinfo/mailop -- The Delivery Experts Laura Atkins Word to the Wise la...@wordtothewise.com Email Delivery Blog: http://wordtothewise.com/blog
_______________________________________________ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop
