Slashdot Mirror
Congress (Still) Looking at whois
bief writes: "A NY Times [free reg., blah, blah] story examines the whois database debate and provides a fair reading of the current situation about the list that which is being abused by 'marketers who regularly cull the Whois database for e-mail addresses and phone numbers to add to their spam lists.' Responses from registrars to the House Judiciary Subcommittee on Courts, the Internet and Intellectual Property were due on February 1st, but Chris J. Katopis, counsel to the subcommittee, said that as of last week many registrars had not replied. 'If they're not going to respond to a government inquiry,' he said, 'what are they going to do to respond to an aggrieved individual when something happens?'"
This is funny, I got this E-mail in my box seconds before this story was posted.
I visited WWW.GEEK-HOUSE.ORG, and noticed that you're not listed on some search engines! I think we can offer you a service which can help you increase traffic and the number of visitors to your website.
The address I got this E-mail on is NOT shown on the site and is ONLY listed on the whois, I've managed to keep this account spam free for over a year till now.
iRepairIT - iPhone, Mac, & PC Repair
Just a suggestion - since Slashdot regularly links to articles in NY Times, couldn't they just simply get an affiliate status and DIRECTLY provide the registration-free link?
On one side of the fence are law enforcement agencies, intellectual property owners and marketers.
On the opposite side of the fence are privacy advocates and many consumers and businesses that have registered Web addresses.
And on which site are the network administrators, which use this information trying to keep their network free of unwanted junk (spam, scans, attacks etc) and to alert other people with broken systems?
bash$
The administrator of DK-TLD has already implemented some security for the Danish registrants - You can't do a whois on .dk domains any more - You must use their website to get the information... Also you can contact them, and have them hide your email, snail mail address etc so you can actually be sort of anonymous.
Any technology distinguishable from magic, is insufficiently advanced.
I have a few domains registered.. and I've also gotten spammed in the form that is being discussed, its a pain in the ass, I provide the correct info so that I can be informed in case any problems arise.. but to have my info used for spamming purposes kinda pisses me off and makes me wonder if I should have just put incorrect info and put an email address that goes to a spam-box that gets checked occasionally.. I wonder if people ACTUALLY just put in fake info just to avoid spam ( I'm sure people do this. ) and inasmuch probably missed out on some info ( I have gotten some comments from people about some domains I host that I thought were valuable so I was happy to have my email on the whois record.. )
Seems that spam is kind of making good info go to shit.. since people do NOT want to get spammed so htey put fake info.. kind of a shame since if they did not use it for spam, it'd be a nice viable database to use for contact info..
Down with the spammers! why the hell cant we sue 'em? they're shoving it down our throats, lets go shove it back down THEIRS!
There are actually two distinct databases: one for domain names, and one for IP addresses. The domain name database is not essential for operating the network. However, it is absolutely REQUIRED to have valid contact information in the IP address registry. Otherwise you cannot contact network administrator to alert them of problems. As a result, fewer problems will get fixed in a reasonable time frame, and the overall quality of the network degrades.
Entries for IP addresses have few privacy problems. Usually, not the end user is listed in the WHOIS database, but the ISP. It would be disastrous if misled privacy advocates and policymakers abolished this database.
Consider using the myprivacy.ca whois-harvester-buster. Create a free @myprivacy.ca e-mail address, and then use it in your whois information. If you've registered your domain from (and admittedly small set) of participating ICANN registrars any mail from the registrar will be forwarded to you automatically, but if someone else sends e-mail to the myprivacy.ca e-mail address they have to answer a simple confirmation e-mail before their e-mail will be forwarded to you.
Of course, this doesn't help if the registrar decides to send you spam...
While I find it an appalling state of affairs that spammers trawl domain registrations simply so they can send out unsolicited advertising, on balance I'm in favour of keeping the system largely as it is.
Without the ability to lookup the owners of domains and individual IP addresses, it would be much harder to register complaints to ISPs about the torrent of spam that's coming into my mailbox. Traceroute's a useful tool for finding out who a spam host's upstream provider is, but it's not as reliable as whois for getting contact information. If there's no reverse lookup for an address and ICMP packets are screened out several hops out from the offending host then there's no other tool to locate the owner or their provider.
What's really needed are tougher data privacy laws. The US falls far behind the EU in this respect - it seems that once someone has your address it's impossible to prevent it being sold on to third parties in the States. Though legislation isn't the solution to every problem, banning unsolicited commercial bulk eMail would be a good place to start.
If you want to know something about the person who owns a domain, go to their site and find a way to contact them and ask.
Really? Try to contact me, the administrator for satch-test DOT com, modem-museum DOT org, or even jimgalloway DOT com without resorting to the WHOIS database. Or the Slashdot User Information for this ID. :)
Congratulations. Not every name has a "site" associated with it, contrary to your unwarranted assumption. I hold several domain names to which a web site (1) has not been created because I haven't had the time, (2) will never have a web site because it's used only for electronic mail and other, non-Web, Internet applications, (3) used to have a web site but now is gone, and (4) is intended for secure HTTP traffic with draconian access controls so even if you did figure out how to gain initial access you wuould have to be a cracker to get past the authenticaion that protects the content from the eyes of just anyone.
The information in the contact information portion of the WHOIS record for those domain names is real, and the spam traffic level is low...for now.
Please remember there is more to the Internet than just the World Wide Web and P2P file sharing.
I run my own e-mail server, so I obviously don't sell my address.
I have three domains in my name with my real e-mail address, and post to slashdot and USENET with my real email address.
I have never, in 2 years, recieved a piece of spam. The only reason I can see for spam, is people having their addresses sold by their ISP. WHOIS hasn't hurt me, and in two years, I should've been hurt if there was anything wrong.
-twb
I agree that, the whois should be protected by some kind of official use only clause. Anybody can look, but the info can be used for official uses such as tracking spam, owners, technical problems.
.NET is here! to a non-existant user!
The biggest problem would be actualy getting the law written that does this, only this, and wouldn't be twisted to pieces by the lawyers.
Sure maybe your Aunt Sally might get a little freaked by the notice, but hey she'd be pretty low on the radar compared the asian's who can send 100k SPAM's a hour.
a little off topic but i got SPAMMED by Microsoft the other day, after all the hype about security and privacy and evil-hackers, the send a Email pimping Visual Studio
Apocalypse Cancelled, Sorry, No Ticket Refunds
We can not allow Congress to do this. The Constitution prohibits them from regulating this industry. If we don't want our information available on whois, we must find a private market solution. I just can't believe people would want MORE government in an area where the lack of government has propelled all of our lives to higher standards.
If you dislike the whois database containing your information, let's e-mail, call, and write letters to the organizations telling them we want more privacy. Eventually, we must find a way to find a provider who will offer us the privacy we want.
Or, use the free market solution -- create an e-mail address you don't use, and check it once in a while for important e-mails. Filter out anything but what comes from your ISP or registrar.
The wois database once was a worthy resource for internet administration.
Yet another good thing is destroyed by spammers. Folks, frankly, I wonder when will we start really doing something against these subhuman vermin ? The poison every well they touch, the steal other people's resources and they don't bother detroying whatever they use to advance their cause.
Put Spammers to jail !
A better change would be to return email back to it's pre-attachment days (which would make using it for spam more unattractive - as well as shrink the size of the documents and make the net more secure in general).
Leave whois alone... or make it such that it won't allow datamineing. But don't remove our ability to locate and communicate with owners of domain names!
Seems to me that culling addresses from a whois database for the purposes of spamming would be somewhat self defeating. Maybe I am offbase here, but I would expect that email addresses in whois records would have a far lower than average percentage of people who would fall for spams, and a far higher percentage of people who will complain. And sometimes those complaints actually get spammers nuked (yea I know, rarely).
Still, I would think that if a spammer actually thought it through, they would use the whois database to do list washing, to minimize complaints.
You, sir, are seriously mistaken. You, like the vast majority of idiots in the world, mistakenly associate "the web" with "having a domain name." It was some brilliant marketing ass (at netsol probablly) that started the whole notition of "getting a web address" instead of "registering a domain name." (The concept of a domain name was too hard for most companies to understand.)
And by association, most people mistakenly believe the only reason to have a domain name is to have a web site. This has never been true. By extention, as you have proposed, most of these mistaken individuals expect to find detailed, accurate ownership and contact information at said web sites. I have enough trouble finding contact information for actual companies and you expect to be able to find contact data on any random individual's web site?
It already is, and has been for years. Nobody pays it any attention. And absoultely noone enforces it.
It's like the DMCA -- breaking copyright is illegal but no one is stopping it, so we pass a law to make it illegal to break the law.
Why on earth would they do that? They sell the whois data!
There is a very good reason to have valid whois contact information: so that the reponsible parties can be tracked down and the problem resolved Last week, for a period of about 30 hours, my email server got slammed with over 30,000 copies of the same spam. The spammer aparantly rooted some newbie's RedHat box and installed his sendspam script on it. Aparantly he didn't know how to write code, because it kept sending the same message to the same 20 or so people over and over. Thanks to a little work with dig and whois, I was able to get a phone number for the guy who owned the rooted redhat box and was able to get him to shut it down. [A little more investigation of the addresses used on the spammed webpage led me to the spammer himself. Now I'm going to get a chance to try out all the things I learned from spamcon.]
Why is it that the proponents of "one nation under God" are so eager to get rid of "liberty and justice for all"?
Comment removed based on user account deletion