Slashdot Mirror
ICANN Cracks Down on Invalid WHOIS Data
DotNM writes "Internet News reports that ICANN, the Internet Corporation for Assigned Names and Numbers, is beginning a crackdown on invalid data in the WHOIS database. In ICANN's annual report, they found that nearly 5000 of the 24148 complaints were due to inaccurate WHOIS information. Some of the domain names in question had the address information of known spammers in the database. Registrars, the companies you register your domains with, are under contractual obligations to ensure this information is correct and accurate. Do you believe this is a step in the right direction? Why?"
As someone who filled in his WHOIS information correctly (and has suffered the ills of having this information public) I think people should be accurate.
Why? I don't know. Seems to me if you are a big enough boy to purchase a domain name registration, you are a big enough boy not to forge your details. No other industry allows you to do that.
If you are planning on infuriating people and don't want to be stalked, just use the privacy feature. It's like 10 bucks. (I'm assuming this is an ICANN authorized system)
Clif
clifgriffin > blog
Don't fake your info, just get a private registration:
& from%5Fapp=&prog%5Fid=GoDaddy&authGuid=
https://registrar.godaddy.com/dbp.asp?isc=&se=%2B
It only costs 2-3$ a year more than a normal domain, and the domain is registered in the registrar's name so your info isn't public.
godaddy offer such a service as part of registering with them (for a little extra). They put their details in and forward all mail on to you. Great solution really :) This way you are contactable but your address remains private
Actually the DB is a bit cleverer than just trusting the user, it takes a track history into account... Even when someone does put the wrong city in, simply to screw it up, as soon as 2 people with different IP's do it correctly, the correct city will appear. Since you can only upload info for your own IP address, and it works on a /24 block, it should recover from bad input data over time...
:-)
:-)
As for maxmind (and quova), I think you'll find you pay for anything other than the country data. Hostip gives you the city if it can...
Regardless, one of the points is to try and analyse just how much wrong data is entered, when you let the net as a whole put info into a system, so I'm happy anyway, and if it turns out to be a useful resource, so much the better
It's always easier to knock something down rather than build it up, isn't it ? Let's just see how it evolves over time
Simon
Physicists get Hadrons!
I have phone numbers in my whois that don't go to my home phone - they go to The Telemarketer's Nightmare because I sas sick of credit card and health insurance salesmen calling me trying to sell me stuff because they scraped my home number from my whois info. While not *my* number, they ARE valid phone numbers. Everything else in my whois info is legit, so I can be contacted by email or snail mail.
Come to the University of Mars! Classes starting soon!
For those who fear stalkers, etc., there are services like Domains by Proxy (related to the registrar Go Daddy). These services will register the domain on your behalf; they require valid contact info from you, and they put their own contact info in the WHOIS database. This is technically in line with the ICANN rules because the proxy registrant is the real registrant of the domain. (Although they have a contractual obligation of doing it on your behalf.)
If you break the terms of service -- for example, if you use the domain for spam support or to commit illegal activities -- the proxy registrant will expose your real identity. Otherwise, your privacy is pretty well protected with these services.
I've used those types of services (including Domains by Proxy) to register domains on behalf of minor children who shouldn't have their contact info exposed online, and for other purposes requiring some level of privacy. For my own domains, I'm not afraid to use my valid PO box address and phone number.
(Note: I am not affiliated with these services in any way, except as a customer.)
Microsoft Windows is, fittingly, the official Desktop OS of Olig
postmaster@ is required (RFC822 6.3, C.6), webmaster@ is just a convention, for now.
RFC 2142, "Mailbox Names for Common Services, Roles and Functions" is a proposed standard and includes 'webmaster@', 'abuse@', 'noc@', etc.
My registrar (Network Solutions) recently sent out an offer to me for private registration, i.e. I can keep my real whois information private.
This is so bogus I don't know where to begin. It is just like the telephone companies. They charge you to *not* have your phone number listed in the phone book. Their justification for the charge? They get paid ad money per name listed.
The purpose of whois is that the information should have to be public.
The only reason ICANN is enforcing this is to line the pockets of private registrars who want to regulate dollars into their new "private registration" bullshit.
How is this "+4 Insightful"? If you don't want to publish your contact information according to the rules dealing with high level domains, then don't register your own domain name! It's not like having a .com or .net domain is a right or something. If you can't agree to the rules, then don't register domains.
Enforcing this rule for the ".us" domain name is to be required as part of the proposed US-Australia Free Trade Agrement - Chapter 17, Article 17.3
If your privacy is that critical, hire a lawyer to act as your agent.
Mea navis aericumbens anguillis abundat
A postmaster address is required if you're running a mail server...
"[RFC822 6.3, C.6] requires the presence of a <POSTMASTER@domain> mailbox name on all hosts that have an SMTP server"
However, a domain name in and of itself is NOT required to support SMTP or any other specific service.
>> postmaster@ is required (RFC822 6.3, C.6)
> Oh dear you thought they were standards,
RFC 822 *is* a standard. It is also known as STD 11, "Standard for the format of ARPA Internet text messages".
--------- *snip* ---------
6.3. RESERVED ADDRESS
It often is necessary to send mail to a site, without know-
ing any of its valid addresses. For example, there may be mail
system dysfunctions, or a user may wish to find out a person's
correct address, at that site.
This standard specifies a single, reserved mailbox address
(local-part) which is to be valid at each site. Mail sent to
that address is to be routed to a person responsible for the
site's mail system or to a person with responsibility for general
site operation. The name of the reserved local-part address is:
Postmaster
so that "Postmaster@domain" is required to be valid.
Note: This reserved local-part must be matched without sensi-
tivity to alphabetic case, so that "POSTMASTER", "postmas-
ter", and even "poStmASteR" is to be accepted.
Do daemons dream of electric sleep()?
Spammers register throwaway addresses because one of the most basic and most effective, rules for email spam detection is to verify the hostname as being valid. Invalid hostname means the mail is not accepted: Roughly a third of more than 10,000 email messages a day at one site I run have invalid hostnames, and no one has *ever* complained about real email being blocked for this reason.
To fix the problem, being able to track the abuse back to a real person and a real address is extremely helpful. It lets you know where to direct the complaints, the lawyers, or the baseball bats.
Unfortunately, we can now expect the spammers to hide behind a small set of throwaway "private domain clearing houses", basically a shell game to hide their real business address.