Slashdot Mirror


ICANN Cracks Down on Invalid WHOIS Data

DotNM writes "Internet News reports that ICANN, the Internet Corporation for Assigned Names and Numbers, is beginning a crackdown on invalid data in the WHOIS database. In ICANN's annual report, they found that nearly 5000 of the 24148 complaints were due to inaccurate WHOIS information. Some of the domain names in question had the address information of known spammers in the database. Registrars, the companies you register your domains with, are under contractual obligations to ensure this information is correct and accurate. Do you believe this is a step in the right direction? Why?"

15 of 358 comments (clear)

  1. It's a rule, play by it. by LostCluster · · Score: 4, Interesting

    Just because a rule has gone unenforced for years doesn't make it an invalid rule. I think the Internet would become a much better place if everybody with bad WHOIS information lost their domains until they corrected it.

  2. Lots of useless data in there by Space+cowboy · · Score: 4, Interesting


    I looked at using the whois db for my IP to city project, but rejected it because (a) it's forbidden [which was the most important reason, honest :-), and (b) the correlation between locations I did know and what was in the whois DB was pretty poor.

    So I just depend on good folks like yourselves to fill in the data. I think that gets around the various patents that Quova etc. have got on populating a city/ip database as well :-)

    Frankly I'd give it about 50% accuracy, and I'm approaching that without using it at all...

    Simon

    --
    Physicists get Hadrons!
  3. Ironic by shirai · · Score: 5, Interesting

    I remember I got this email from NetworkSolutions promising to hide your contact information so I looked it up in my email archive. It costs an extra 5 bucks and promises to protect you from spammers and telemarketers.

    Something about this is ironic.

    Someone needs to speak to NetSol about the ICANN report. :)

    -----
    Protect Your Privacy
    from Spammers and Telemarketers

    When you register a domain name, your address, e-mail, and phone number are published in the public WHOIS database. ICANN requires this personal information to be available for anybody to view on the web. With
    Private Registration you can deter spammers, telemarketers, identity thieves, harassers, stalkers and others who access this database.

    Private Registration provides you with alternate contact information for your domain name registrations. The contact information you want to keep private is kept out of the public WHOIS database.

    For a limited time you can add Private Registration to each of your existing domain name registrations for the introductory price of just $5 a year. Terms and conditions are included in our Service Agreement.

    To add Private Registration
    1) Log into your Network Solutions Account
    2) From the Account Details page, click on one of your domain names
    3) In Domain Details, click "Make this a private registration"
    4) Check the domain name registration(s) you want to make private and
    click continue

    Introductory Offer Only $5 a year

    --
    Sunny

    Be my Friend

  4. We can do it. We have the technology. by LostCluster · · Score: 3, Interesting

    The US Postal Service, along with most of its counterpart postal authorties around the world, sells a master database of all "deliverable" addresses to vendors so that they can create services that will easily detect incorrect addresses such as streets that don't exist in the given town, or a number that doesn't exist on a real street. In short, if you have this software, you can reliably predict if the postal serivce would bounce a piece of mail as an invalid address and know why.

    It'd be interesting to see what would result if WHOIS is washed against such a list...

  5. I love my hosting dudes by Nicholas+Evans · · Score: 3, Interesting

    The guys I bought hosting from also registerred the domain for me, and put in their info for the whois. This way I don't get any lamers using it to spam me.

  6. ramblings... by koody · · Score: 4, Interesting
    I can see why the autorities would want (need?) to have information about who owns a domain, the whois database as it currently exists is a simple and fast way for spammers to get email addresses.

    Some whois databases already put the e-mail address in an image so that spiders cant harvest them, most do not. This means that a first timer will quickly find his/her e-mail address useless becuase of the sheer amount of spam the address gets.

    Then there is the question of privacy and personal safety. Let's say I believe that some cult exists only for the sole purpous of ripping people off, and I put up a web site warning other people and telling them of my personal experiences. The cult memebers that feel outraged by my blasphemy might look up who I am by the database, and I would be risking life and limb by putting opinions on the web.

    Now someone is bound to ask "Hey, what about kiddy pr0n". Well, that's why I think the autorities should have access to that information, just as they have some other rights not bestowed upon us regular joes.

    The next argument will then prolly be
    Those who would sacrifice a little freedom for temporal safety deserve neither to be safe or free.
    - Benjamin Franklin

    I think this is hypocrisy and not even quite realistic. It's easy to quote famous people from behind a keyboard, but I just wonder how many of the slashdot crowd would actually put the money where their mouth is. After all, living together is but a series of compromises. No one can live their lives as they whish. Chance and other people will prevent this.
    And as someone said

    No man is an island,
    Entire of itself.
    Each is a piece of the continent,
    A part of the main.

    But I digress...

  7. A WHOIS horror story by madopal · · Score: 4, Interesting

    I've had my domain since about 1997. At some point during the 'Net boom, some idiot company harvested a BUNCH of WHOIS info. At the time I had the correct information in there (INCLUDING phone number).

    Well...I got on every telemarketing phone call list imaginable...AS A BUSINESS. You think it's hard stopping residential telemarketing? Wait until you start getting phone calls at your house asking you to buy Pitney Bowes postage equipment, insurance for your employees, etc, etc.

    It was a NIGHTMARE. All I could do was ask the individuals to a) place me on their do not call list, and b) ask where they bought my information from (information that, not a SINGLE COMPANY was able to provide).

    So, since then, I've used a P.O. Box for mail, and I FLAT REFUSE to give a phone number.

    I'll start providing valid information when I know that it isn't going to be harvested by any slimy company out there.

  8. Re:Good for spammers by merdark · · Score: 3, Interesting

    I couldn't give two flying fucks about your "privacy" issues. If you're so paranoid you won't put your info into the WHOIS, then just DON'T BUY A DOMAIN NAME.

    Well, I don't give two flying fucks about your "valid WHOIS" issues. I have a private site. It's not for you, it's not for others, it's for me. It recieves MY mail, and provides services to select friends. That's all it does.

    I should not need to give out all my contact information to the world just so I can locate my damn server on the internet easily.

  9. Email in WHOIS by transient · · Score: 3, Interesting
    It's important to have a valid email address in WHOIS that goes to a real person. As someone mentioned above, the Internet is cooperative and it's hard to cooperate when you can't communicate. But it's also important to keep spammers from finding your email address.

    Here's a suggestion. I've only been doing this for about a week but it's been effective so far. In WHOIS, list your email address as dns-admin@yourdomain.blah. Configure your mail server to accept email to this address but then send a bounce with "5.1.1 User has moved; please try dnsadmin@yourdomain.blah" message (note the lack of hyphen). Configure dnsadmin@yourdomain.blah to go to your real mailbox.

    This works because no spammer ever uses their real email address, so they'll think their message was accepted and they'll never see the bounce. Meanwhile, a real human being who actually needs to communicate with you will get the bounce with your real address.

    As for physical contact information, the best I've come up with so far is a PO box. But that costs money.

    --

    irb(main):001:0>
  10. Spammers and other questions... by John+Seminal · · Score: 3, Interesting
    Why would a spammer need to register a website to send out their spam? How is this going to help eliminate spam? The reason I want a valid WHOIS database is so I can find contact information if there is a problem.

    Second question. Why not have some small fee in order to access the WHOIS database. Make it a dollar charge, that has to be charged to a credit card with correct contact information (for example, they fax you the data). If someone abuses the database, then they get cut off.

    Third question, and the most important. How the hell can we make a better system where the 98% of us who do not abuse resources do not get screwed by a few bad apples who will do anything for a buck. Do we make it a charge, so there can not be an easy profit? Do we have a system where a few trusted people are allowed to forward requests, and block those they know are from the bad apples? How do we identify the bad apples?

    This all pisses me off. I hate it how one person can force the rest of us to NEED locks for doors. It would be better if they did not exsist.

    --

    Rosco: "If brains were gunpowder, Enos couldn't blow his nose."

  11. Never again. by Anonymous Coward · · Score: 3, Interesting

    I've owned my domain since the late 90's, and for the first couple years I had legit info in the .whois dbase.

    I used to write a lot about moronic white supremicist groups around the country.

    One day I saw my home phone and address being passed around on skinhead message boards, and the real-life threats began.

    I'll never provide legit info again, ever. I'd rather lose my domain than have someone come to my door and threaten to kill my "nigger loving" family, again.

  12. It's a crappy rule; change it. by wurp · · Score: 4, Interesting

    Three years ago some jackass from /. thought it would be funny to call up my home phone and leave a nasty drunken message because I disagree with him about the current SUV craze. The reason he was able to do this was because (stupid me) I kept accurate whois information for my domain names. Had I pissed him off enough, there was nothing keeping him from coming to my home.

    Requiring public, accurate whois information is idiotic. I think a requirement for accurate information held in confidence by ICAN is a good idea (to be available to the police with a warrant). Before you run out there cheering for accurate public information, think about how you would feel if every email and every web posting you made had your home phone & address on it. If everyone were sane and reasonable, it would be good. Since everyone's not, and someone can anonymously e.g. burn your house down, it's bad.

    Spammers are just going to get phones with junk info and PO boxes. This can only hurt, not help.

    I'm surprised to see the responses I'm seeing on a site where most people ostensibly argue for free speech and anonymity.

  13. Will this limit freedom of expression? by thesaur · · Score: 4, Interesting

    The proposal to force all domains to use valid WHOIS data would be a boon to law-enforcement efforts. But that leads to another potential concern.

    In the US, it's not a problem to express yourself. You can say whatever you like about the government and get away with it. OK, not quite anything. In other countries, however, including western countries like Germany and France, freedom of expression is non-existant -- you may only say what the government allows you to say. In the two countries I've mentioned, it's not much of a problem, because they've basically only banned racist expressions. But there are more than enough other countries (China, anyone?) that actively work to suppress their citizens from expressing themselves freely. For dissidents in such countries, false WHOIS data may be necessary for freedom of expression. Is ICANN trying to help such governments crack down on their citizens?

    If ICANN wishes to enforce this rule, I agree with the procedure outlined in the parent post, but disagree that spammer's domains should be treated separately.

    The problem is, how do you recognize a spammer's domain? If you simply look at the "to" address, it will result in a lot of legitimate sites getting spammed, because a real spammer will fake the from address. If you look at the originating sender, I've had enough (virus) spam that apparently originated at my mail server. The header information was modified -- the IP did not belong to my mail server. But you can't backtrace to find the domain if the IP is in a dynamically allocated range. Once again, 1:0 for the spammers.

    The few honest souls who are dumb enough to use valid information will get caught anyway. Now if we are talking about domains that are linked in spam, that's a little easier to deal with, but there is still a large potential for abuse. So a spammer doesn't like a site. Voila, take them down. In fact, anyone could effectively disrupt any website they like.

    Of course, spammers should be prosecuted, provided they are within the jurisdiction of a state that cares (e.g., the US). But intellegent spammers work offshore anyway, which puts them beyond the reach of any western regulatory body except ICANN. We can go after their domains, but there's no easy solution to determine which domains are pure spam.

  14. I don't feel like publishing my personal data by drwho · · Score: 4, Interesting

    I own my domains, not some company. My I am not going to publish my phone number, and get more junk calls like the postal spam I get due to the fact I used my legitimate address (at the time) for registering my domain(s) years ago.

    What's next, publishing my SSN and birthday in whois data?

    I know some other countries (france, for example) are very strict and will only issue domains to a company with a tax ID and right to the name. Well, go right ahead france, but I think the generic domains (com/net/org) should remain open to all without prying eyes.

    If we wanted such open access to domain owner data, how how about a .inc TLD, with data linked to corporate registration number and state and country of inc.? and leave the rest of us alone!

  15. Re:Forget the spammers... it's the stalkers! by Anonymous Coward · · Score: 4, Interesting

    I recently used the network solutions "private listing" feature. For $5/year they put their address/phone number and a constantly changing email address in the WHOIS DB. They answer calls, forward certified mail, and forward email to my private contact info. I maintain full control of the registration.