:: Re: [devuan-dev] Private WHOIS for …
Top Page
Delete this message
Reply to this message
Author: Martin Steigerwald
To: devuan developers internal list
Subject: Re: [devuan-dev] Private WHOIS for Devuan Project domains
Hi Rick.

Rick Moen - 10.04.19, 07:04:
> For whatever it's worth, a few points about what I personally consider
> best practices (using my main domain, linuxmafia.com, as an example):
> https://paste.debian.net/1076913/
> 1. Uses multiple persons among the domain roles, to avoid a human
> SPoF. (If this were a crucial domain for business, I'd involve three
> distinct persons, not just two.)
> 2. Cites real, monitored e-mail addresses and telephone numbers -- to
> ensure domain management doesn't miss important communications
> including renewal notices.

For what is worth my domain provider for sure has a mail address not
using any of the domains. It does not use my own mail server what so
ever, but a 3rd party provider.

So I am pretty confident I'd receive such important communication.

However… I really do not see any need to share that mail address
publicly. Thus for now I am going to leave the data protection checkbox
in the web interface of my provider checked. Also helps with probably
spam mail for a mail account that I did not set up spam filtering myself.
That mail address currently receives no spam whatsoever. Likely because
it is completely unknown on the internet.

DENIC goes pretty far with that protection. Too far? Maybe. But in an
age where big companies like Google, Facebook, Microsoft, Apple and so
on collect any data they can, I find it refreshing to be able to hide
data like this. Even if the imprint obligations in Germany in part
contradict this again.

Of course, devuan is not just a little privately used domain. However, I
really do not see any priority in changing any of this and clearly see
the value of the protection.

For abuse contacts I do a whois on the IP address anyway. Interestingly
RIPE appears to be still quite ignorant of the GDPR. However, usually I
do only see work contacts, work mail addresses and work phone numbers
there, since a single person usually does not use provider independent
IP addresses.

Yes, sometimes I found it frustrating not being able to reach through
regarding reporting abuse by a spammer. But serious providers usually
acted on abuse complaints to their abuse addresses which I can see by
whois on IP address. I still remember that OVH at some time ignored
abuse complaints regarding spam from VMs of customers who obviously did
not know how to secure their VMs properly. Then I usually just block
those VMs from sending mail to me. However even in that case being able
to reach the VM owner directly may not even help much.

However all that written… it would be up to one of the caretakers to
respond. And… I bet they have more important things to do after all that
just happened recently.

For me no need to discuss any of this. Just wanted to express that there
are different opinions on this matter. We don't really need to agree on