I would like to propose something contrary to many recent posts to this
list - I propose a vote of thanks to Mr Guy.  Let me explain why.


For many years, when most of the .au domain names used the AUNIC Registry,
the database was available for download by anyone.  Many entities downloaded
copies of the Registry.  In the end, some of them started using the data as
a source for spam of various sorts, including unsolicited renewal notices -
almost all of which were scams anyway.

After control of the AUNIC Registry was moved to auDA, auDA made the
decision to stop the uncontrolled access to the database.  This made things
more difficult for scammers, as they had to work from old copies of the
database which were gradually going out of date, or try and keep them
up-to-date by querying aunicstatus for the latest data.

Restrictions were also introduced on the number of queries entities could
make.  This also made life harder for dodgy operators.  But, data fields
such as the 'expiry date' were still visible.

When the .au Registry was moved to the new AusRegistry system, the 'expiry
date' (the critical field used by scam 'domain name renewal' operators) was
no longer visible - making things still more difficult for the dodgy folks.



So the history of the .au Registry under auDA's supervision is a history of
changes that have gradually made things much more difficult for shonky
domain name renewal operators.



And then auDA announces a review of the whois policy.  Now right then and
there, if we'd put on our thinking hats we might have been able to guess
some of the entities that might put in submissions - e.g. such as the ACCC.

But we also should have guessed that a review of the .au whois policy is a
golden opportunity for any frustrated domain renewal scammer to put in a
submission recommending removing the restrictions on the whois data, so that
they could start up their scamming activities again with accurate data.



And that's why I'd like to thank Mr Guy.


Having just done a re-read of the submissions to the .au whois policy review
(see http://www.auda.org.au/policy/policy-review/), I note that the ONLY
submission which supports both:

* making the domain name expiry dates public again, and
* making bulk downloads available to entities other than law enforcement
agencies

is Mr Guy's submission.


I'm sure that Mr Guy doesn't support domain name renewal scams.  And I'm
sure that his support for changes to the whois policy that happen to be just
the changes that renewal scammers would like, is a complete and total
co-incidence.  Just as it's a co-incidence that he operates from the same
premises that a previous domain name renewal notice practioner of
questionable integrity operated (operates?) from.


However, Mr Guy's many postings to this listserver over the last week, which
have so clearly demonstrated for everyone his unfailing:

* understanding of domain name issues
* ability to consistently get facts right
* thorough understanding of Privacy issues
* mastery of English
* ability to spell - or use a spell checker

have, I believe, highlighted that the existing restrictions on the .au whois
should not be removed until it has been reliably determined that hell has
frozen over.


So, Mr Guy, my public vote of thanks to you.  I can now think of nothing
that would scare me more than the thought of auDA removing some of the
existing restrictions on the .au whois data - either what fields are
available, or who they're available to.  This past week of postings to the
listserver has conclusively demonstrated that any policy change that
increases the risk that some entity with demonstrated lack of competence or
morals might get access to the data, must be avoided.





Regards, Mark


PS - just to show I don't play favourites and I'm happy to critique ANY
submission, what about the ACCC's & ASIC's submissions to the .au whois
policy review, eh?

ASIC supports:

" listing of Non personal email contact, business contact, registration
information and currency dates. This should be achieved without the need to
write to or fax auDA, reseller or registry."

while the ACCC says in their submission:

"The ACCC is of the view that there must be enough information publicly
available to enable consumers to seek redress or to take private action.
This requires the disclosure of the registered business address and business
contact telephone number for .com.au and .net.au domain names."

Gee, if its so important to ASIC and the ACCC that customers of businesses
are able to get the contact details for those businesses easily, then why
doesn't the ASIC company search include the businesses' contact address and
phone number???

On this, auDA is entitled to respond to them "We will if you will".  If ASIC
refuses to make the information available in it's company search, why should
auDA?


Mark Hughes
Effective Business Applications Pty Ltd
+61 4 1374 3959
www.pplications.com.au
effectivebusiness§applications.com.au