Slashdot Mirror
Many Domains Registered With False Data
bakotaco writes "According to research carried out by the US Government Accountability Office (GAO) many domain owners are hiding their true identity. The findings could mean that many websites are fronts for spammers, phishing gangs and other net criminals. The report also found that measures to improve information about domain owners were not proving effective." From the article: "The GAO took 300 random domain names from each of the .com, .org and .net registries and looked up the centrally held information about their owners. Any user can look up this data via one of the many whois sites on the net. The report found that owner data for 5.14% of the domains it looked at was clearly fake as it used phone numbers such as (999) 999-9999; listed nonsense addresses such as 'asdasdasd' or used invalid zip codes such as 'XXXXX'. In a further 3.65% of domain owner records data was missing or incomplete in one or more fields."
I work at an ISP. We've had customers in the past whose domain names expired because they didn't update their address and phone number with their registrar, the person whose email address was on the record left the company, and they didn't get the renewal notice.
It doesn't happen as often now as it used to. Either businesses are getting better at remembering that their domain names need to be updated along with everything else, or the registrars are better at finding other ways to notify them of renewals.
But I ran into one case (with Network Solutions, IIRC -- it was a few years ago) where I personally updated the contact information associated with a role account and discovered, a year or two later, that the registrar had somehow resurrected the old, deleted contact info.
Including the spammer who was trying to forge email from my domain a few years ago. Registered his domain with a non-existent yahoomail account, amongst other false data. Backed off when I lit up the yahoo account and seized control of his domain.
It does not allways have to be with criminal intent.. can also be simply not wanting the assocaiated spam.
Maybe some people just want to be Anonymous Cowards.
Or that a great many domain owners see no reason to post their personal data up on the web where it is available to spammers, phishers or other net criminals. Not to mention random psychos who have some beef with the site's contents.
I have a domain, and I use false information. What to know why? Because when I had my email and real address on my domain name, I got junk mail to my house, and spam to my email address! Until they can hide the contact info from the general public, I will keep falsifying my public information.
What about us regular folk who have a domain? I don't want the world knowing where I live, especially if I'm somebody who runs a blog with unpopular political views.
Check out my podcast: DreamStation.cc Video Game Show
I happen to be at the home of (999)999-9999 on asdasdasd street in XXXXX area code and I get so much junk mail/telemarketing calls you would not believe it.
Maybe, just maybe, domain owners are sick of being spammed at their listed contact info. I know I am. It comes in all forms, too - email, snail-mail, telemarketers.
Pardon my English, but that sucks rocks.
Fortunately, some registrars offer privacy proxy services allowing you to list the registrar as the contact in the whois info. Unfortunately, not all registrars offer this service.
It may also be the case that people using obviously fake whois info do so for the legitimate purpose of free speech to avoid repressive governments or private institutions. The implication that all anonymous speech is fraudulent is unwarranted.
-Isaac
I am not a lawyer, and this is not legal advice. For Entertainment Purposes Only.
Yes. And the disturbing trend is that anyone wishing to do so is presumptively considered to be a criminal, or a potential one (or better yet, a "terrorist".) Given how many "spammers, phishing gangs and other net criminals" end up in my Inbox every day I'd say I have a good reason for wanting to keep that information secret. After all, I pay for the disk space used to store my domain information: I should be able to do with it as I will. And considering that domains are essentially a disposable commodity to "net criminals" any effort to require accurate information will, as always, primarily penalize legitimate users.
The higher the technology, the sharper that two-edged sword.
If I were a smart spammer I would register it in someone elses name. Someone hillbilly who lives in the middle of nowhere. Maybe in the mountains. Odds fo getting caught, low. Looks real good to registrar, sure. Those won't show up in this search.
Evolution or ID?
"many domain owners are hiding their true identity [and could be] fronts for spammers, phishing gangs and other net criminals."
I hide my mailing address and use a rarely-checked email address to reduce the SPAM and physical junk mail I have to deal with. The scammers/SPAMmers don't want me to know who they are...I want to limit the information they have about me. Go figure.
Comment removed based on user account deletion
This is why the GAO is doing what it's doing. This has no (0) benefits for consumers.
sulli
RTFJ.
Instead of using your name, they put their company info in the whois of your domain. Some registrars provide the service for free, while others charge (mine charges 2.99$ per year).
Dvorak on Doomtech
Note that complete and accurate whois information is a prerequisite for maintaining a domain registration.
If you're in the U.S., register the domain(s) with a P.O. box for the address and a cellular phone number. I've been doing that for years, and have had exactly zero problems with people harassing me in any way. Of course, it means that you have to periodically go to the P.O. box to pick up any domain-related mail, but I already was having a fair bit of mail delivered to the box anyway.
Please stand clear of the doors, por favor mantenganse alejado de las puertas
I have specifically-named email accounts for each and every domain I own, which are registered through several different registrars. To each of these addresses, I get about 20 emails a week. Identical emails, sent to each address.
I think it's pretty obvious that there are certainly spammers trolling the whois database. I ask you, WHY would they pass up that super easy source of email addresses? But hey, it's my anecdote vs. your anecdote, do they cancel each other out?
Random and weird software I've written.