Whois Policy Review Submission

From:		Ian Mitchell
Received:	7 October 2004


Issue 1 - Information Displayed 


1. Should all the information currently displayed (see example), continue to 
be available as a result of a whois query? 

Yes 


2. If yes to question 1 - why? 

It is needed by the name holder and in practice by anyone managing their 
mail and website. 

Many accesses presumably by software should be blocked except for AntiSpam 
practices - see below. 

Potential antispam mechanisms would need access to limited information. 
Possibly a query from a spam filter would provide both the domain name and 
IPA and the WhoIs server would respond valid or not. This may require a 
further field which says which IPA is validly used for bulk emails by this 
name holder. Perhaps organisations must register from an entitlement to send 
bulk emails and a registration code of some sort must be included. 


3. If no to question 1 
3a) What fields should be displayed and why? 
3b) What fields should not be displayed and why? 


4. Should there be any distinction between information displayed where the 
domain name is registered to an individual compared to one registered to an 
organisation? 

No - each should be a "legal person". 


5. If yes to question 4 
5a) What should and shouldn't be displayed where an individual and why? 
5b) What should and shouldn't be displayed where an organisation and why? 


Issue 2 - Whois Query Options 


6. Do you agree with the current policy position that wild card searches, 
and bulk whois queries, should not be permitted? Why? 

Yes - to stop trawling. 


Issue 3 - Security and System Access 


7. What are your views on the position of InternetNZ to not publish the 
levels set for monitoring Whois query transactions? 

Essentially this is security information and it should not be revealed as 
then some persons will try to work around it. 


8. Should the Whois policy specify the actions the registry can take when 
abuse of the Whois is suspected? Why? 

Yes - essentially a domain name can be blocked after due warning. 


General Feedback 

9. Are there any other issues you think the working group needs to consider 
in the course of the review? 

Currently the WhoIs information does not directly specify the web server 
being used (and all the possible fourth level domains) and the mail servers 
being used (and there can be more than 1). Perhaps more information needs to 
be held or a key or id held which may be validated by an antispam filter 
service.