Slashdot Mirror
Many Domains Registered With False Data
bakotaco writes "According to research carried out by the US Government Accountability Office (GAO) many domain owners are hiding their true identity. The findings could mean that many websites are fronts for spammers, phishing gangs and other net criminals. The report also found that measures to improve information about domain owners were not proving effective." From the article: "The GAO took 300 random domain names from each of the .com, .org and .net registries and looked up the centrally held information about their owners. Any user can look up this data via one of the many whois sites on the net. The report found that owner data for 5.14% of the domains it looked at was clearly fake as it used phone numbers such as (999) 999-9999; listed nonsense addresses such as 'asdasdasd' or used invalid zip codes such as 'XXXXX'. In a further 3.65% of domain owner records data was missing or incomplete in one or more fields."
I work at an ISP. We've had customers in the past whose domain names expired because they didn't update their address and phone number with their registrar, the person whose email address was on the record left the company, and they didn't get the renewal notice.
It doesn't happen as often now as it used to. Either businesses are getting better at remembering that their domain names need to be updated along with everything else, or the registrars are better at finding other ways to notify them of renewals.
But I ran into one case (with Network Solutions, IIRC -- it was a few years ago) where I personally updated the contact information associated with a role account and discovered, a year or two later, that the registrar had somehow resurrected the old, deleted contact info.
Including the spammer who was trying to forge email from my domain a few years ago. Registered his domain with a non-existent yahoomail account, amongst other false data. Backed off when I lit up the yahoo account and seized control of his domain.
It does not allways have to be with criminal intent.. can also be simply not wanting the assocaiated spam.
Maybe some people just want to be Anonymous Cowards.
Or that a great many domain owners see no reason to post their personal data up on the web where it is available to spammers, phishers or other net criminals. Not to mention random psychos who have some beef with the site's contents.
I have a domain, and I use false information. What to know why? Because when I had my email and real address on my domain name, I got junk mail to my house, and spam to my email address! Until they can hide the contact info from the general public, I will keep falsifying my public information.
Perhaps these domain owners are just concerned with their privacy. One of my domains is an absolute ghost town, with zero visitors besides me, and absolutely no chance of someone linking to it. However, I receive regular spam, simply because I provided an accurate email address that can be fetched by any number of WHOIS lookups on the Web. Next time, I'm putting up fake data.
body massage!
What about us regular folk who have a domain? I don't want the world knowing where I live, especially if I'm somebody who runs a blog with unpopular political views.
Check out my podcast: DreamStation.cc Video Game Show
I happen to be at the home of (999)999-9999 on asdasdasd street in XXXXX area code and I get so much junk mail/telemarketing calls you would not believe it.
Maybe, just maybe, domain owners are sick of being spammed at their listed contact info. I know I am. It comes in all forms, too - email, snail-mail, telemarketers.
Pardon my English, but that sucks rocks.
Fortunately, some registrars offer privacy proxy services allowing you to list the registrar as the contact in the whois info. Unfortunately, not all registrars offer this service.
It may also be the case that people using obviously fake whois info do so for the legitimate purpose of free speech to avoid repressive governments or private institutions. The implication that all anonymous speech is fraudulent is unwarranted.
-Isaac
I am not a lawyer, and this is not legal advice. For Entertainment Purposes Only.
Yes. And the disturbing trend is that anyone wishing to do so is presumptively considered to be a criminal, or a potential one (or better yet, a "terrorist".) Given how many "spammers, phishing gangs and other net criminals" end up in my Inbox every day I'd say I have a good reason for wanting to keep that information secret. After all, I pay for the disk space used to store my domain information: I should be able to do with it as I will. And considering that domains are essentially a disposable commodity to "net criminals" any effort to require accurate information will, as always, primarily penalize legitimate users.
The higher the technology, the sharper that two-edged sword.
If I were a smart spammer I would register it in someone elses name. Someone hillbilly who lives in the middle of nowhere. Maybe in the mountains. Odds fo getting caught, low. Looks real good to registrar, sure. Those won't show up in this search.
Evolution or ID?
"The findings could mean that many websites are fronts for spammers, phishing gangs and other net criminals."
or they could mean that many people - who dont run comercial businesses - do not want all of their personal contact information available to anyone on the internet. Just because you have a domain does not mean that you want everyone around the world to have your personal address and phone number.
You'd be a fool to put that much info in the public domain.
I'll just use my special getting high powers one more time...
I use a WHOIS guard service for all my domains, for a fee the company I registered my domains at lists their email/phone/address instead of mine, and forwards whatever they receive to me.
This way my domains have valid info but at the same time not everyone out there can get my address or phone number.
The IT section color scheme sucks.
I have been threatened and harassed from people who do a "whois" on my web site address and then come find me. When you've got a family and children you become a little touchy about that kind of stuff. Not that finding me is really that difficult but I see no reason to make it any easier. So my domain registration info is garbage.
"I have never won a debate with an ignorant person." -Ali ibn Abi Talib
"many domain owners are hiding their true identity [and could be] fronts for spammers, phishing gangs and other net criminals."
I hide my mailing address and use a rarely-checked email address to reduce the SPAM and physical junk mail I have to deal with. The scammers/SPAMmers don't want me to know who they are...I want to limit the information they have about me. Go figure.
Comment removed based on user account deletion
This is why the GAO is doing what it's doing. This has no (0) benefits for consumers.
sulli
RTFJ.
Instead of using your name, they put their company info in the whois of your domain. Some registrars provide the service for free, while others charge (mine charges 2.99$ per year).
Dvorak on Doomtech
I agree completely with not having the information publicly available.
My site has photos of lots of quite expensive art that I own. I am not particularly happy that anyone who sees it can simply look up my name and address and find out where I live.
There needs to be something better.
Note that complete and accurate whois information is a prerequisite for maintaining a domain registration.
If you're in the U.S., register the domain(s) with a P.O. box for the address and a cellular phone number. I've been doing that for years, and have had exactly zero problems with people harassing me in any way. Of course, it means that you have to periodically go to the P.O. box to pick up any domain-related mail, but I already was having a fair bit of mail delivered to the box anyway.
Please stand clear of the doors, por favor mantenganse alejado de las puertas
I actually had someone use the data from my domain registration to stalk me and my wife...
thank God i set the address to an old address where i used to live. How do i know that he used that data?
in his emails to us, he talked about how he was watching our apartment and described the old apartment i used to work at perfectly.
so - get fscked if you think i'll ever use my real personal data for my domains.
guns kill people like spoons make Rosie O'Donnell fat.
I have specifically-named email accounts for each and every domain I own, which are registered through several different registrars. To each of these addresses, I get about 20 emails a week. Identical emails, sent to each address.
I think it's pretty obvious that there are certainly spammers trolling the whois database. I ask you, WHY would they pass up that super easy source of email addresses? But hey, it's my anecdote vs. your anecdote, do they cancel each other out?
Random and weird software I've written.