Congress (Still) Looking at whois

bief writes: "A NY Times [free reg., blah, blah] story examines the whois database debate and provides a fair reading of the current situation about the list that which is being abused by 'marketers who regularly cull the Whois database for e-mail addresses and phone numbers to add to their spam lists.' Responses from registrars to the House Judiciary Subcommittee on Courts, the Internet and Intellectual Property were due on February 1st, but Chris J. Katopis, counsel to the subcommittee, said that as of last week many registrars had not replied. 'If they're not going to respond to a government inquiry,' he said, 'what are they going to do to respond to an aggrieved individual when something happens?'"

Coincidence?

[UnifiedTechs]

This is funny, I got this E-mail in my box seconds before this story was posted.

I visited WWW.GEEK-HOUSE.ORG, and noticed that you're not listed on some search engines! I think we can offer you a service which can help you increase traffic and the number of visitors to your website.


The address I got this E-mail on is NOT shown on the site and is ONLY listed on the whois, I've managed to keep this account spam free for over a year till now.

New York Times articles

[Zarhan]

Just a suggestion - since Slashdot regularly links to articles in NY Times, couldn't they just simply get an affiliate status and DIRECTLY provide the registration-free link?

Tag your data

When I created my domains (1994 and 1996), they got created with some unusual data in the "company name" field thanks to my ISP's registration process. One was someone's guess at what my domain stood for, and so on.

The "organization" names have never existed in any other form. I've been getting mail with them in the address for years now. It's obvious who's scraping the whois registries.

These days, I've added another line to my address information listing the registrar and approximate age of the update. Nobody's mailed one of them yet, but it's only been a couple of months.

NSI and friends need to salt the databases with spam traps and LART anyone who mails them. Give unique salts to each query and see what happens.

Whois also a useful anti-spam tool

[Cybertect]

While I find it an appalling state of affairs that spammers trawl domain registrations simply so they can send out unsolicited advertising, on balance I'm in favour of keeping the system largely as it is.

Without the ability to lookup the owners of domains and individual IP addresses, it would be much harder to register complaints to ISPs about the torrent of spam that's coming into my mailbox. Traceroute's a useful tool for finding out who a spam host's upstream provider is, but it's not as reliable as whois for getting contact information. If there's no reverse lookup for an address and ICMP packets are screened out several hops out from the offending host then there's no other tool to locate the owner or their provider.

What's really needed are tougher data privacy laws. The US falls far behind the EU in this respect - it seems that once someone has your address it's impossible to prevent it being sold on to third parties in the States. Though legislation isn't the solution to every problem, banning unsolicited commercial bulk eMail would be a good place to start.

Not a real Problem

[lostchicken]

I run my own e-mail server, so I obviously don't sell my address.

I have three domains in my name with my real e-mail address, and post to slashdot and USENET with my real email address.

I have never, in 2 years, recieved a piece of spam. The only reason I can see for spam, is people having their addresses sold by their ISP. WHOIS hasn't hurt me, and in two years, I should've been hurt if there was anything wrong.