Below is an extract from an email just received from the organisation that
auDA identified as the one who had used AUNIC to create the one tel list. It
is self explanatory.


"Dear Chris,

I appreciate your request for a response, when I first read your original
email, I was rather concerned, since I wasn't able to find what it was that
you wanted.

I saw an opportunity to attempt to attract a number of new customers,
customers who were obviously in need of a new service company. I avoided
sending 'spam' as much as possible, and instead sent out, by post, letters
explaining to people what was happening and their options. I received a
number
of calls, where I took great pains to explain that I wasn't their only
choice,
but they should in fact make a move somewhere. Furthermore, I didn't send
anything to anyone until AFTER One.Tel had already announced that everything
would be closed down. ie, while there was a chance that they might survive,
I
left them alone to do their best (unlike C&W Optus, IMHO).

I knew of the problems associated with 'spam', and I know that there are
many
companies that use the whois data for the purpose of sending spam, as well
as
for sending out 'Renewal Notices' for domain names. Also thinking that the
whois database was in fact a public record, for public use to find the owner
details of a domain, I used it for that purpose.

I now know that I was wrong. I didn't in actual fact have authorisation to
use
that data for the purposes I did. There were in fact certain terms and
conditions that I should have agreed to before using the whois data.

Technical Reasoning:
There were a number of whois requests from my system around June. Yes, they
were late at night/early morning, that was a simple choice to run the
queries
at a time when there would be less impact on any service, whether bandwidth,
or machine load on the whois servers. I also ensured that there would be
some
'sleep' time between each request, to also have as little impact as
possible.
I was trying to be considerate, ie, doing the lookups at 'quiet times',
sending via post (where I pay the cost), fielding phone calls (giving out
information that One.Tel Administrators should have, even downloading
websites, and emailing them to people, for no charge, who had no affiliation
to me).

In general, I can see by reading the terms and conditions, that using the
information for the purposed I did was not permitted. However, I am not
entirely sure of how we can proceed past this point such that we are both
satisfied. ie, what is it that I need to do? From your original email I
assumed the first I would hear is from some solicitor. I am hopeful that I
can
avoid that particular path, and as such am keen to work with you to come to
a
mutually satisfying solution.

PS, from my reading of the T&C's, it would seem that allowing people to do a
whois query from a website and see the results is also not allowed, is that
correct? Or is it only restricted if the number of queries exceeds a
'reasonable' number? How do major domain name companies provide the web
based
forms if this is the case? Is there some other way to perhaps provide a
local
cache of the whois data, or similar?

Also, do you only follow up on companies that you notice, or is there some
sort of reporting mechanism, where suspected mis-use of whois data can be
reported? Specifically, with regards to un-solicited domain name renewal
notices.

Finally, thank you for your time and patience in dealing with this matter."

For clarity;
* auDA followed this matter up immediately upon receipt of the list from the
anonymous source
* the extract is the complete email with the identifying information removed
* I will not publish the name of the organisation
* auDA was not aware that this had occurred prior to receiving the anonymous
email

Regards

Chris Disspain
CEO - auDA
ceo§auda.org.au
+61-3-9226-9495
www.auda.org.au


--
This article is not to be reproduced or quoted beyond this forum without
express permission of the author. 329 subscribers. 
Archived at http://listmaster.iinet.net.au/list/dns (user: dns, pass: dns)
Email "unsubscribe" to dns-request§auda.org.au to be removed.