Shielding Domain Registration Info?

occamboy asks: "I'd like to register a new domain, but I'm tired of getting tons of spam (most filtered, but some not) and snail mail whenever I register a new domain. In short, I'd like the domain, but I don't want to announce the details of its owner to the world. I was thinking of using GoDaddy's domain proxy, but the terms are scary: they reserve the right to change the agreement anytime, by posting the new terms on their site, and the buyer automatically agrees to the new terms. What's to prevent them from grabbing my domain name from me, or doing some other nefarious thing? So, is there any good way to anonymously acquire a domain? Should I just register with fake info, use a service ... or what?"

PO Box

[Arngautr]

I use a PO Box and an email account I can throw away if things get too bad. I think I might try the 'protected' option next time as the price isn't too bad.

Re:PO Box

[anthony_dipierro]

The PO box might not be a bad idea, but if you're outside the US you won't really need that (I get one snailmailspam per owned domain per year nowadays).

Assuming the only reason you want the PO box is to stop junk mail. Personally I don't want any random slashdotter finding out my address.

Re:PO Box

[anthony_dipierro]

If someone wants your address bad enough, they're not going to stop at whois.

Heh, it took the FBI about a year to find me back in 96 (some idiot was running a vigilante justice site on my webhosting site and apparently was sending threatening letters through the USPS, eventually they were able to trace me through my New York license which they got after finding my New Jersey address on whois and then tracing that to my New York address, finally they called me one day and asked for the contact information of the vigilante, whose site I had already blocked long ago, and I gave them the name that was listed commenting that it was probably fake). So yeah, it's possible, but it's pretty damn hard. Even harder now that I'm living with someone and the lease is in her name. You'd probably have to figure out her name first, at least if you wanted to use public records.

godaddy

[Da_Slayer]

Currently I use domain's by proxy via godaddy for my domain names. Yeah the terms are scary and I have also started looking for some place else to go. I got a letter in the mail (actual paper) from another domain company asking me if I want to switch. I personally do not like the idea of people seeing my info and being able to spam me to high heaven on the listed email address.

Honestly if your just a normal site with nothing illegal on it I do not see the need for other peopel to see your personal information.

As for using fake information... I think that the US government is cracking down on this and is passing laws to really kick you in the butt for using false information. Currently this is a lose lose situation.

All a domain registry company needs to be sucessful is to have all information listed for the WHOIS as anonymous and only release it with a court order. Which would have to be hand delivered by an officer of the law. That is just my opinion, I could be wrong.

Sneakemail it

[polymath69]

This won't do anything about the postal spam, but give your email as a sneakemail address. Then whenever that address gets harvested for spam, you can cancel it, set up a new one, and update your whois record.

It will still get harvested... but you'll probably only have to cycle it a couple of times a year. The three or four spams a year that'll get through is probably negligible.

This is a good strategy for /. email, too.

Re:Sneakemail it

As long as you check your email, of course.

If someone makes ANY complaint against you about your domain or your website, your registrar will typically email you a notification and require a response/action on your part to prevent your domain from being redirected to NULL. If you fail to response, they will assume that your address is fake and then shut down your domain on the basis of false information in your registration.

I had some underage little twit complain about my website. I don't know what their deal was but it was just some random made up complaint. I was really busy and didn't notice the request from dotster to respond. Luckily, I happened to do a whois on my own domain the very day it was being changed and noticed the DNS servers had been changed to 'NULL'.

Now that domain updates occur every 5 minutes, I would probably be completely fucked before I had a chance to act. It would have been terrible, too - I have about 100,000 members and about 500,000 pages served per day. Losing my domain for any period of time would be embarrassing and ruin my reliability.

The problem I have is that there are a lot of crazy people out there and the last thing I want is someone knowing my real phone number, email address and physical address so they can come stalk or harass me if I ban them from my website. Worse, imagine some girl who has been raped and sets up her own website to deal with the aftermath of it. To express herself and discuss her tragedy with other people. Is it fair to make her give her phone number, email address and physical address?!? Hardly! What about children who want to own their own domains?

Why is it so hard to have one set of private records for the registrar and another set for the public and to do it without charging an extra $10/yr per domain?!

Re:Sneakemail it

[Mr.+Slippery]

Why is it so hard to have one set of private records for the registrar and another set for the public and to do it without charging an extra $10/yr per domain?!

Because running a domain is a responsibility. As RFC 1591 puts it,

Concerns about "rights" and "ownership" of domains are inappropriate. It is appropriate to be concerned about "responsibilities" and "service" to the community.

If you don't want the responsibilities, including making contact information available, don't have your own domain. Or hire someone to perform those responsibilities for you.

Incorporate

[Rick+the+Red]

Form a company to own the domain, and register it in the name of that company. That way if someone really needs to find you they can, but it will take some work (they'll have to find where you incorporated and then find your name in that paperwork). That should keep the spammers away -- they hate real work.

Re:Use fake information

[brewthatistrue]

well, if you are worried about what agreements you are entering into, ICANN requires valid contact information. How often your info will be checked for validity varies, but if you get caught with fraudulent info you can lose your domain. http://www.icann.org/registrars/wdrp.htm http://www.internetprivacyadvocate.org/ProtectYour PersonalInfo.htm (urls via google keywords: whois contact icann)

Changing terms = suicide

[Arngautr]

For GoDaddy changing the terms materially, drastically to steal from/rip off customers would result in commercial suicide. As an online business the one thing they have going for them is the trust of their users and their reputation. They loose this and they loose business, they have a lot of business so the short term gains wouldn't match the long term losses.

namecheap!

[hookedup]

namecheap.com

$8.88 USD domain registry, and like 5$ a year for a 'whoisguard' subscription per domain per year..nobody is getting your info without subpoena

I use them for all of my domains, and couldnt imagine using anyone else..

Also.. you should be wary of godaddy.. i've heard of them snatching up peoples domain for no good reason..

Re:namecheap!

[golgotha007]

great tip, I just registered thru them.

By the way, namecheap is currently running a special, so the $5 'whoisguard' service is currently free. $8.88 for a domain, whoisguard included.

awesome deal.

Re:namecheap!

[adam+mcmaster]

RegisterFly.com offer something similar, only $1 to protect each domain. It puts something like this in the whois record:

Registrant Contact:
RegisterFly.com - Ref# 11453500
Whois Protection Service - ProtectFly.com (11453500.fly@spamfly.com)
+1.2122952121
Fax: +1.2122952153
230 Park Avenue
Suite 864
New York, NY 10169
US

That email address gets forwarded to your actual address, and it changes every so often so you don't get spam to it.

Re:namecheap!

[hookedup]

you have a "Set a new random WhoisGuard email in Whois" option in your account settings.makes accounts like s45nh4k5l2@whoisguard.namecheap.com that point to your real email, it's really quite sweet :)

Please don't fake your e-mail address

[cgenman]

Sometimes people really do need to contact you. If your domain is causing problems or otherwise interfering with the network, or someone has a dispute with you but would rather not let it escalate to the point of sending nastygrams to the owner of your IP block, it is very convienient to be able to just e-mail someone. That's why it is there. Sending a message out to the larger hosting / access company usually results in absolutely nothing, especially if it is a large hosting company.

Stay a part of the community. Keep your contact information available and up-to-date.

Do you know a good registrar?

[Futurepower(R)]

Do you know a good domain registrar? The first step is to find a good registrar. The second step is to solve the domain registration info problem.

My experience with GoDaddy is that the company is very abusive. GoDaddy is always trying to sell something else; there are such a huge number of ads that it interferes with proper operation of their web site. Many of the ads seem to me to try to take advantage of people who don't know much about the Internet.

The GoDaddy web site is, in my opinion, amateurish. There are issues like having a password field with 13 spaces, but actually accepting only 11 characters for a password. (I don't know if they have fixed that since I mentioned it to them.)

It's simply outrageous that a company says they can change the terms of a contract with you without your permission, or even knowing. Legally, that cannot be a contract. A contract only exists if you agree to the terms. You cannot enter into a contract that is so broad that you agree to be bound by any terms in the future.

It's amazing how abusive companies are becoming. They seem to be trying to see who can be the most abusive. Have a look at an Ed Foster column that says that the problem is less in Europe: Anti-Sneakwrap Law is UnAmerican.

I knew a three-year-old who once told me: 1) I can do anything I want. 2) You have no control. This is understandable in a three-year-old, who is merely testing the limits. I don't accept it coming from anyone who is older.

Things are really bad in the U.S. now, it seems. Everything to help powerful people get richer. Nothing to take care of the average person.

--
Bush: Spending money the U.S. doesn't have to try to make his administration look good.

Re:Do you know a good registrar?

[0x0d0a]

Of course, the reason why is fear of liability.

If US legal cases had capped damages, companies wouldn't be so hung up on avoiding the slightest hint of liability, willing to lose customers, even, to avoid the faintest trace.

A friend from Norway once told me that the reason that Norway doesn't have the problems with ridiculous worries over liability that the US does isn't that it's harder to prosecute a case in Norway. It's just that multimillion dollar awards are unheard of. You get restitution, but not scads of money above and beyond.

Cut down on the amount of money floating around in the legal system, and you return sanity to the consumer world.

GANDI

[0x0d0a]

You said that you were worry about proxies -- I have secondhand that GANDI is a good registrar -- prices slightly higer than GoDaddy, but significantly better (as in favoring the user versus the registrar) policies. Not sure if they provide a proxy service.

Godaddy's domains by proxy

[x69]

Be careful using domains by proxy. All someone has to do is email or send a letter to them saying you are violating their copyrights and with or without any proof at all they will release your personal information, remove the proxy service from your domain and charge you a $20 administrative fee.
I run a website that lists mp3 song album and song names and I have had this happen to me several times sofar. Be careful.
-Gerard

Lawyer

[Detritus]

If you're serious, you should talk to a lawyer. He should know the proper, and legal, ways to register the domain so that the contact info points to your legal representative, not your personal info.

Some TLDs allow you to withold your details

[dizzyduck]

Nominet (administrators of the .uk TLD) allow individuals to withold their personal details from WHOIS via the Registrants Online interface. The only visible information is your name.

Registrant's Address:

THE REGISTRANT IS AN INDIVIDUAL WHO HAS ELECTED TO
HAVE THEIR ADDRESS OMITTED FROM THE WHOIS DATABASE

Privacy

[rawg]

For email, I setup a email address that only receives mail from the registrar. All other email is bounced.

For my phone, I'm on the national do not all list. That's an $11,000 fine if someone calls me to sell me something.

My home/business addresses are not really a problem. The only crap mail I get is from Domain Registry of America. I use junk mail to start my fires when it gets cold. The amount of junk mail I get makes it real easy to start the fire on the first try.

Somewhat simple solution

[zangdesign]

Use a real email address at your domain. Since you control it - set it to filter keep only mail from GoDaddy and your hosting company, since your email from those companies will be coming from known sources.

Use a second account as your personal email, but don't publish that address and make it something slightly off-kilter so spammers have a harder time guessing it.

Re:Somewhat simple solution

[Jesus+IS+the+Devil]

Problem with this is that these domain registrars like to use alternative domains to contact their customers. Godaddy uses supportwebsite.com for all inquiries, and Network Solutions, well they've got aliase domains up the wazoo.

On PO boxes, eamil, and such

[dacarr]

First, PO boxes. Diverting all domain related snail spam to a post office box really isn't the purpose of putting a PO box in your whois record, it's to divert the attention from where your system really is. I for one really don't get that much snail spam or domain spam (more on that in a second).

So you get the PO box, for one reason - as far as the untrained eye without a legal proceeding is concerned, your computer with your domain is actually housed inside of a box that, at its smallest, is the size of a one foot thick index card. They need legal documentation to get your real address, and you in turn need to prove to the USPS where you really live.

The email address is a little simpler. It's easy enough to set in your /etc/aliases file (or whatever your MTA of choice uses) something like 'hostmaster' or 'hostslave' and have it divert to you, and in turn you just have either Procmail or your MUA of choice to stick it in a folder that you might check on once in a while. After a while, remove/change the address, change it in the whois record, and watch as the few spams that come in just kind of bounce.

In short, in my experience it's really not that much that you're going to get in the way of junk mail of any flavor. YMMV.

Dotster

[Tumbleweed]

My registrar is Dotster, who has a free spam whois shield available for its customers. The email address in the domain info given out is really an alias to the one you give them, and that alias shifts like once a week or so (not sure on how often). This is generally not often enough to get onto spam lists, though I have gotten a couple of messages over the last few years. Obviously not something to worry about.

Re: RegisterFly.com -- ugh...

[hlygrail]

As an IT manager at a previous employer, I once had to consolidate a bunch of domain names to a single vendor (Verisign terms, at the time, didn't suck as much as they seem to now, so that's where we consolidated). All the other domain hosting services let go of the records once they were notified and had verified the validity of my request.

RegisterFly, on the other hand, fought tooth and nail to hold on to it, and only let go once we got our company attorneys involved. I never understood the reasoning -- we only had 4 months left with them anyway, and we'd paid such a ridiculously low amount to register the name anyway, I"m certain they spent more manpower dollars in fighting the transfer than they ever could have made on the original domain registration fees.

Truly the worst part (then anyway, YMMV now) was that they didn't have a phone contact method -- most everything had to be done via online chat, and INVARIABLY the person "typing" on the other end (loosely stated because of their awful grammar skills) didn't have a clue. Nevertheless, you may have better experiences with them, but you couldn't pay me to put a domain with them now.

"Anonymous" domain registration problems

[Animats]

• Most of the "anonymous domain registration" schemes involve some dummy party actually being the domain owner. If you ever get into a dispute with that party, you have a problem.
• Those "indemnification" clauses really matter in a situation like this. If someone goes after the dummy party, you'll end up paying their legal fees.
• Operating a business anonymously is a criminal offense in many jurisdictions, including California.
• It's not clear what happens if someone files a Whois Data Problem Report for your "anonymous" domain. But you probably won't like what happens.
• If someone wants your domain, they could make a case under the UDRP that your registration was in bad faith.
• Some spam filters may blacklist mail from, or mail that mentions, anonymous domains. It's like putting up a sign that says "I am a slimeball".
• There are signs of a crackdown on anonymous business web sites. Microsoft is sueing "bullet proof web hosting" firms.

Re:top level domain .spam

[theonetruekeebler]

After that, maybe they can require burglars to wear black turtlenecks and a Cato mask, and carry a burlap sack with "LOOT" written on it. If they're caught wearing, say, a tiara, they can be busted for "not dressing like a burglar." Also, supervillains should speak with a Russian accent and wear a cape.

http://www.myprivacy.ca/

[MDMurphy]

Use MyPrivacy.ca. They give you a free email address that will forward to your existing address. They only allow email from legit domain hosts to get through unchallenged. If from just anyone, they have to go through a challenge/response system.

Works great, I've yet to get any Spam in the last few years that I've been using them.

http://www.myprivacy.ca/