Detecting Anonymously Registered Domains

Spamresource.com has up a piece describing a new service that could be useful in evaluating the reputation of sites you deal with — anonwhois.org returns information on domains registered anonymously. It provides a DNSBL-style service that "is not a blacklist and wasn't meant to be used for outright rejection of mail." Only 619,000 domains are listed so far, but more are added as they are queried, so the database will grow more complete. Anonwhois.org seems to be a sister site to Spam Eating Monkey.

Continued misuse of blacklists

[suso]

It provides a DNSBL-style service that "is not a blacklist and wasn't meant to be used for outright rejection of mail.

Which of course means that in a year or two us mail administrators will start encountering mail servers that have been setup to reject mail based soley on them being on this blacklist.

Re:Continued misuse of blacklists

[eldavojohn]

It provides a DNSBL-style service that "is not a blacklist and wasn't meant to be used for outright rejection of mail.

Which of course means that in a year or two us mail administrators will start encountering mail servers that have been setup to reject mail based soley on them being on this blacklist.

Yeah, I urge everyone to exercise caution here ... I looked at the stats and was a little concerned about 123k domains (20%) being domains by proxy. I host a site as a hobby and enjoy tinkering with forums and the like on it. I also don't like the idea of someone looking up my home address via whois and showing up at my front door to complain about something someone said on one of these forums. As a result, I opt for my ISP to be my proxy on the registration of the domain. Now, I know you think that means I have something to hide but I just really don't want my address and name out there because all I would have to put there is my house address.

Granted, my domain's not no the list and I'm not using it as a mail server (yet), I sympathize with hobbyists, non-profitable sites and people who value privacy. Keep that in mind if you're going to utilize this site as an auto-reject authority.

Re:Continued misuse of blacklists

[thePowerOfGrayskull]

Great, so we already have one person planning on blocking.

very single domain involved in spamming or hosting landing pages ARE registered anonymously or have fake contact details, because the lowlife, scumsucking, asshole criminals behind them DO have something to hide. If you want to set up a mail server on your anonymously registered hobbyist domain ... well ... good luck with that. Just another thing you can thank the spammers for.

So obviously the correct response to this is to block anyone with an anonymous registration. Shall we apply similar logic to forums? If so , you wouldn't be allowed to post here without including your home name address and phone number. After all, forum spammers always register under fake names.

I get it though. It's definitely better to blame the victims for the troubles that spammers cause, and punish them in the name of punishing spammers. That's way better than implementing a real solution.

Re:Continued misuse of blacklists

[sopssa]

Anecdotes are not data (and a mailbox works as a contact address).

Maybe in the US. What do you suggest those in the other countries, which have dropped the usage of mailbox addresses, do? No, I'm not putting my home address on the internet, and no, I'm not registering a costly company (with all the tax filing and other things) just so I can register a domain for a hobby site.

Everyone should also be able to be tell their opinion anonymously (interestingly you also posted as anonymous coward).

I'm waiting for your insightful answer.

Re:Continued misuse of blacklists

[eldavojohn]

Operating a server with internet services is contrary to popular belief not for amateurs and basement dwelling guys of the "Hmmm. Lemme se how this works. Ooops!" persuasion. The internet is a global collaboration based on informal (and some not so informal) rules. It's not a testing ground for stuff you found on Google or software you downloaded from Sourceforge.

Wow! The internet is some serious shit! I thought I would just log on and, like, clear up the tubes and make a really wicked site, brah! So tell me, how do I get to be as fucking awesome as you if I can't tinker with hosting a real server with real internet services on the real internet?

Do you imagine that I am paying $70 a year to a web hosting company so that I can open all the ports on their servers, drop my pants, bend over and wait for the first botnet to have their way with me?

Contrary to your elitist belief system, web hosting companies exist that offer you servers and restrict your abilities to protect you and others from the horrors of the internet.

Now get off my lawn before I call the Internet Police.

The Internet Police!? Well, now I'm fucked. And all this time I thought it was the ma-and-pa Windows 9x machines out there that were part of the big bad botnets. Thank you for opening up my eyes, I realize now that I caused all internet cancer.

Re:Continued misuse of blacklists

I never said anything about blocking anyone, but I WAS trumpeting the usefulness of real contact data on domain registrations. As with all other black lists, it's advice you take or advice you don't take. Uninformed decisions are the domain of kneejerks, feelgooders and people who are out on a mission, not professionals whose job (or reputation) hangs in the balance.

I'll start looking up everything on this list, and if 99% of what is otherwise considered spam is also on the list after a few months, I'll start assigning scores to it. That'll leave me with around a 5,000,000 sample body of mails. That's the logic I'm going for, and teenager style similes and anecdotes are still not data.

Re:Continued misuse of blacklists

[DarkOx]

I am not sure I agree. Anonymity on the internet is valuable and important. A domain is kinda formal though. Slashdot for instance is somewhat responsible for the content here. They don't need to really police it but if it were brought to Taco's attention people were arranging drug deals or something they would be obligated to help, the authorites.

All and all I think its a good point of balance; if you are going to have your own domain there should be a responsible part that can be easily determined and contacted when needed.

Re:Continued misuse of blacklists

[masshuu]

that is what PO boxes are for, unless i misunderstood something. They can still call you, but they can't drive to you.

I have a domain thats been up for 4 and a half years, mild traffic, and i have yet to have someone call me or knock on my door.

I have gotten spam mail about switching to another domain register and paying $60 a year for basic services, like DNS.

Re:Continued misuse of blacklists

[DarkOx]

That is my point though with proxy registered domains I very often don't have away to contact the responsible party. I am network administrator. I frequently use whois to find out who to call when there are issues relaying e-mail; or I am being spam by that domain, and various other reasons.

Generally people who are registered in who is tend to be available and get in touch with each other. We usually can figure out what the problem is and whose problem it is, efficiently and get the issue resolved for our users.

Generally people registered by proxy have only an e-mail listed for contact which is the proxy agents not theirs, and often the phone number is completely bogus. This is a pain when the problem is mail related, and when the phone number does work the proxy generally gives me a hard time and refused to even pass messages along to the domain owner.

If the behavior of the proxies were better than I'd be ok with it but generally it causes problems for people who actually use the net for more than just entertainment and need to get problems resolved.

Re:Continued misuse of blacklists

[Reziac]

My solution is to determine who is hosting the abusive domain (just look up the netblock owner on netcraft, that's usually good enough), then complain to the web host. So far it's worked every time, and I don't need to know the domain owner's name, contact info, or anything else about 'em.

Re:Continued misuse of blacklists

[brain159]

In some parts of the world, PO Boxes are not particularly cheap and are absolutely not anonymous. In the UK they cost a bunch (I forget specifics, but it's waaay more than an extra $9 per year for each of the few domains I have set up with DBProxy), and ANYBODY can obtain the name and real-address of the owner simply by writing and asking the Royal Mail.

That's right - no court order, no lawyer intervention, just ask. (There are some specific cases where that doesn't apply, but the general "there are dickheads on the internet" isn't one of them.)

Re:Continued misuse of blacklists

[Runaway1956]

"It's not a testing ground for stuff you found on Google or software you downloaded from Sourceforge."

Now, that's an interesting take. I mean, the internet was BUILT by people doing that sort of thing, wasn't it? Geeks and nerds finding ways to do cool stuff. You're suggesting that the days of innovation are over, and everyone needs to toe the line, or the internet police will come calling?

Granted, I understand what you're trying to say - there is a lot of serious business conducted on the internet, and hobbyists shouldn't be getting in the way of all of that. All the same - I believe you need to make some allowances for hobbyists. Those open source nerds may very well hand you the gift of a lifetime next month, or next year, making your admin job easier by orders of magnitude.

Just keep an open mind, is all I'm saying. ;^)

Re:Continued misuse of blacklists

[Zen+Hash]

Why do you insist on blaming 'everyone' for the stupid actions of a few? Keep your hands off our black lists dammit!

It sounds like he was simply pointing out the likelihood that some idiot mail admins will end up misusing this in a way that punishes everyone for the actions of a few. Unless you were intending on doing that, it was not referring to you.

Re:Continued misuse of blacklists

[Cramer]

If authorities need to contact the domain owner or know who it is, registrars will give them the info.

Yes and no. At any rate, it's no where near as simple as you make it sound. The proper, legal, paperwork littered path takes weeks if not months. And there's no way to know if the information given to the proxy is bogus or not. There are thousands of public registered domains with BS contact records. (and many are immediately obvious) I'm pretty sure bogus information is given to Domains By Proxy as well.

Re:Continued misuse of blacklists

[Cramer]

And when will people learn there is no such thing as "anonymous"? Esp. online.

If you don't want your name associated with your (home) address linked to a domain name -- which is yet another public record -- then don't register a domain in your name with your home address.

Re:Continued misuse of blacklists

[Cramer]

And the internet has changed a great deal over those 12 years. I've been around the internet for ~20 years... before there were firewalls, back when spam was a caned meat product. The internet didn't consist of millions of complete morons trying to make a buck (which is where SPAM came from), bored teens out to break other peoples stuff, or thugs, gangs, and other criminal organizations out to steal and extort money from anything they can find. (phishing, fake websites, botnets, trojan keyloggers, etc.)

Simply plugging a Windows computer (pretty much ANY version, patched or not) directly into the internet is bad enough. Having inexperienced, non-admins setting up mail servers, dns servers, web servers, forum software, blog software, etc., etc. makes just as big a mess. (if not worse since they lack the skills to secure and harden their installations, assuming they realize they've been hacked -- the "windows problem" is simple enough: hide it behind a NAT box.)

Re:Continued misuse of blacklists

[masshuu]

nothings gonna stop some crazy serial killer, but a PO box will still stop some idiot from knocking on your door because they can.

Re:Continued misuse of blacklists

[IBBoard]

What address do you use, then?

I think the UK way of doing it is right - let "non-trading individuals" have an option to hide their address but make companies show it. That way the ones you need to have an address for to help with trust issues (companies) have the details shown and those who don't show it (individuals and hobbyists) still have it recorded in case of legal proceedings, but their home address isn't there for every crazy nutjob to see and associate with a domain. The .com method of making everyone show their address is unnecessary and just leads to registrars making an extra buck from it as a "value added" service.

As for the earlier idea of having a mailbox - PO Box addresses in the UK cost money. If you're registering a £3 per year domain (rough price of a .uk domain) then why would you want to spend twenty times that just so that some idiot online can't read your address from the WhoIs record? Only in the first half of the new millennium did I receive anything to my registered address, and that was before .uk domains stopped posting paper certificates for your registration. Other than that then the address isn't legitimately used by the registration, so the PO Box is a waste of money.

Re:Continued misuse of blacklists

[RockDoctor]

In some parts of the world, PO Boxes are not particularly cheap

From the Royal Mail website : "A PO Box® costs just £62.85 a year or £51.00 for six months."
Not particularly cheap.
Personally, at that sort of price I'd be tempted to persuade a big, old and ugly friend to give me a "care-of" service : all addresses "care of Big Ugly Bastard, [address]".
Other providers ... £192 per year, another company won't say, a local provider £240/year. Not exactly a cheap option.

Re:Continued misuse of blacklists

[suso]

Jeez man, chill.

Stupid

[tgd]

In 2010, who *doesn't* use a "hiding" service for a domain? For fifteen years now you'd basically have to throw away any e-mail address on a domain, and get inundated with physical spam on any mailing address used.

Black listing domains because the owner doesn't want to deal with jackass spammers and bulk mailers is just stupid.

Re:Stupid

In 2010, who *doesn't* use a "hiding" service for a domain?

Many legitimate companies like to clearly indicate who they are. For example, IBM.com is listed as:

Registrant:
International Business Machines Corporation
      New Orchard Road
      Armonk, NY 10504
      US

      Administrative Contact:
            IBM DNS Admin dnsadm@us.ibm.com
            IBM Corporation
            New Orchard Road
            Armonk, NY 10504
            US
            +1.9147654227 fax: +1.9147654370

Now, since it's so easy to throw up a website, those of us who are less well known than IBM like to project an air of respectability, including who we are, where we are, and how to contact us.

(and there is some very good anti-spam software out there)

Re:Stupid

[Sir_Dill]

I second this

This has to be the brainchild of a spammer or someone who hasn't been a domain owner for very long (if at all).

The parent has a VERY good point about scammers and spammers scraping whois for personal information to use for whatever nefarious purpose.

Consider also that for the many people who register their own domains, the address listed is their personal physical address.

Anyone who ISN'T using an anonymizer is opening the floodgates for scamming and spamming.

Re:Stupid

Says the Anonymous Coward.

Re:Stupid

[Necroman]

I use a PO Box for my domains and don't put my real name on anything I register. It at least keeps away most crap. For email, I always just list a GMail address now and they do a pretty good job filtering out any spam I may get through it.

Re:Stupid

And you do realize that, in the United States, it is a PMITA Federal Crime to register a domain with false information.

Absurd, yes. But true.

Re:Stupid

I don't use a hiding service. I've owned my domains for 10 years. My name, PO BOX, and phone number are all real. I can't really say it has been an issue.

I realize the irony of posting as anonymous coward, but every time I create an account I get modded down as flame bait for being a m$ fan boy.

Re:Stupid

[BlueUnderwear]

On the other hand, how many people put up their DOB on their websites?

May I remind you that Facebook is a website too?

Re:Stupid

[Reziac]

Some people are so anal-retentive that they just can't deal with an "invasion" of their personal space by something as disorderly as spam. So rather than deal with their own psych issues, they inflict 'em on the rest of us.

Yeah, spam sucks; yeah, spammers should die horribly. But that doesn't mean everyone else should be forced to suffer MORE spam (or in some cases, a very real fear of exercising free speech) so that some people can have an utterly orderly universe.

Re:Stupid

[Cramer]

I've had domains registered in public for many years. I get almost NONE of what you whine about. Yes, I've received some postal mail over the years -- mostly Register.com bullshit trying to scam away one's domain registration. I've received many orders of magnitude more junk mail (postal mail) from "mortgage insurance" crap, car warantee crap, various retirement related shit, credit card offers, and so on. Spam is next to nothing even though it's in the whois data and dozens of archived, searchable email lists. (I receive more spam at addresses that nothing should know exists.)

Re:Stupid

[Cramer]

Domain registration doesn't ask for anything that isn't public knowledge already. All proxy services do is hide who actually uses the domain. By ICANN rules, the proxy owns the domain; they are the registrant. They can do whatever they please with "your" domain and you have little power to stop them. And of course, you have to pay for the service.

Re:Stupid

[Cramer]

No, it is not. Back that up with the actual law there Anonymous Coward.

What's the point?

[DJ+Jones]

This is the dumbest thing since lawn darts. I can tell you who is listed anonymously just by looking at the standard whois database. There's only a handful of privacy companies that represent the majority of anonymous domains. If you could find their contact information then that would be useful.

Congrats, you are the proud owners of a text parsing machine.

Re:What's the point?

[markwalling]

Yes, a human can look at the standard whois database. A mail server cannot easily do that. If you would RTFA, you would see that it is a DNS RBL that your mail server can query. Sure, you could write a script to do that, but if someone hits you with a spam run, you're going to get banned from the whois databases pretty damn fast.

Dumb idea.

[loxosceles]

I can't think of a good use for this flavor of dnsbl... too little correlation with anything that matters. A lot of privacy-conscious domain owners use private registration, and it has nothing to do with using the domain for spam or other nefarious purposes.

Fake whois info

[digitalsushi]

I'm not a spammer, so why should I be honest and publish my true whois info? Whenever I do, cold-callers bug me at 11pm for security systems, credit cards, and worse; if I leave for more than 5 days my mailbox gets so full of junk mail they stop delivering until I go downtown for it. And since I am not abusing anyone, no one has a concern about how to call me, except those that want to spam me -- am I truly the scum of the earth for hiding? Or why should I pay for a po box and answering voicemail for the same spammers? If I do something that needs to get me put offline, the police can get a warrant through the registrar like every other real issue. Or they can take my site down until I call, or whatever. Don't make me force feed my home info for spammers. The other 0.01% of the time there's still a way to get the info, it's just a hassle, a hassle for which someone is gonna get paid. Leave it alone already. I got lucky with midnight phone calls and phonebook sized junkmails -- what happens when your psycho forum members get mad and publish your contact info? Oh yeah, and those privacy services just transfer ownership to your registrar. You lost your legal right when you bought that.

Re:Fake whois info

[slimjim8094]

Use a proxy service. It's not fake info, but it adds a level or indirection.

Re:Fake whois info

[thePowerOfGrayskull]

In order to avoid the overpriced fees for that, I just got a PO box and use an invalid phone number.

10 domains at $9/yr each for privacy gives $90/year extra. A PO box costs $45 or so a year. For any more than 5 domains, it's cheaper to go the PO Box route.

Re:Fake whois info

[vlm]

Whenever I do, cold-callers bug me at 11pm for security systems, credit cards, and worse; if I leave for more than 5 days my mailbox gets so full of junk mail they stop delivering until I go downtown for it.

Are you certain that's from domain registration? Nothing of the sort has ever happened to me, and I have not hidden my domain info.

I got one or two "renewal notices" from DROA over the course of a decade, not much else.

You can be certain by selective falsification and then watch the incoming physical spam. Slightly inaccurate spelling, etc.

Re:Fake whois info

[Bigbutt]

Yea, same here. I've had my main domain for 10 years now. I use a whois specific e-mail and occasionally get an e-mail from someone in China trying to convince me to get an equivalent Chinese domain for one of the 13 or so I run. I get more e-mail from some film guy trying to get one of my domains than the folks in China though. Every few months it's, "you're not using the domain, can I have it?" "Look dude, just because you don't see anything on port 80 doesn't mean I'm not using it." Heck now I can't even reply to him. My domain "doesn't have a good reputation" so he's refusing e-mail from me. And I can't get off that list, I've tried. I have a years worth of e-mail logs and can account for every message that goes out.

I do get the occasional domain renewal mailings ("are you kidding! that's three times what I'm paying now!") and no phone calls.

[John]

Re:Fake whois info

[afabbro]

In order to avoid the overpriced fees for that, I just got a PO box and use an invalid phone number.

10 domains at $9/yr each for privacy gives $90/year extra. A PO box costs $45 or so a year. For any more than 5 domains, it's cheaper to go the PO Box route.

Hate to tell you this, but most registrars/hosters provide the service for free. I have a dozen or so domains, all use whois privacy proxy, and I've never paid a penny for it.

Re:Fake whois info

[Archon-X]

- Then you're using false WHOIS info, which is against ICANN policy. It seems you're agreeing with the GP - WHOIS data gets abused, there's a good reason to hide it.
- Domain protection varies with registrar. .ca, for example - it's turned on by default.

Re:Fake whois info

[NNKK]

RTFA jackass, it's proxies that are getting listed.

Re:Fake whois info

[thePowerOfGrayskull]

- Then you're using false WHOIS info, which is against ICANN policy. It seems you're agreeing with the GP - WHOIS data gets abused, there's a good reason to hide it. - Domain protection varies with registrar. .ca, for example - it's turned on by default.

The PO box is valid and real. Heck, sometimes I even check it. You got me on the phone number though - perhaps a better alternative would be an internet-based phone account, still cheaper. And yes indeed, I do think that there's a good reason to hide it. My point is that a PO box is just as anonymous as domainsbyproxy et al. It still allows you to give legitimate contact information, not worry about phone calls, and is cheaper than many commercial services dedicated providing that service.

Re:Fake whois info

[Archon-X]

Sounds like we're in accordance except for a few things. Other fringe benefits of having anonymised info:

1- Easier to manage (data, versus physical drop box)
2- The mailbox method isn't so anonymous: Say you have 10 domains, all with your PO box in the whois info.
Say on one of your sites, you have your name / email. Suddenly, you've just revealed yourself as the person who owns all those domains.
With domainsbyproxy / etc - you're one of x million people using it - anonymous :)

Re:Fake whois info

[assassinator42]

Do you expect me to pay $60 a year extra to rent the smallest sized PO box just for a domain I'm using for email? And my friend who does the same thing should pay as well?

Re:Fake whois info

[slimjim8094]

Fair enough. Though marking down for using a proxy service (often provided by the registrar) seems like a really, really bad idea. My whois information isn't inaccurate, fake, or anonymous. It's closer to a pseudonym, since I can still be contacted easily.

On the other hand, I've seen people putting in fake information. Then, you can't contact them at all. Shouldn't that be the problem?

Re:Fake whois info

[bloobloo]

If you register your domain through Dreamhost then you don't need to pay for privacy.

Re:Fake whois info

[fl!ptop]

use an invalid phone number

If you do that you run the risk of getting reported to ICANN.

Re:Fake whois info

[Dredd13]

I really don't know how this happens, to be honest. I've had domains (I own about two dozen) registered with my personal contact info, completely legitimate and valid, since....

Created On:16-Jul-1996 04:00:00 UTC

and I have yet to get a single cold-call on my personal phone number (listed in the WHOIS database).

I'm not going so far as to say "you haven't", but my personal experiences owning my domain for 14 years do not match up with your fear.

Easy work-around

[Jabrwock]

Registered under Shell Company X owned by son/daughter of employee. Not anonymous, possibly fraudulent, but as if anyone's going to waste their time tracking every company contact down.

This will only get misused

[thePowerOfGrayskull]

The next step is someone taking this too far and thinking "Great, I can incorporate this into my blacklists!" The problem here ist the underlying assumption that using anonymous registration makes you a spammer.

While that is certainly a use for anonymous registration, there are a lot of us who register anonymously to avoid having our names and addresses unnecessarily exposed to spam and risk of identity theft.

Re:This will only get misused

[HolyCrapSCOsux]

The problem here ist the underlying assumption that using anonymous registration makes you a spammer.

Using bittorrent makes you a pirate too.
And being muslim makes you a terrorist
and being old makes you wnat to have a nice (unfootprinted) lawn... etc.

Re:This will only get misused

[gencha]

It doesn't make you a spammer. Just less trustworthy. Who people want to receive emails from is up to them. And if they decide they don't want emails from people who have registered their domain anonymously then so be it.

Re:This will only get misused

[thePowerOfGrayskull]

It doesn't make you a spammer. Just less trustworthy. Who people want to receive emails from is up to them. And if they decide they don't want emails from people who have registered their domain anonymously then so be it.

I agree, except for the part where a single policy maker can prevent millions of people from receiving those emails. It's not like individuals always have a choice in this.

Jeebus

This is just more kdawson FUD.

I thought he was relegated to the night shift. Guess not.

Everyone in Canada will end up on this list

[Digital_Quartz]

CIRA (the ".ca" registry) has a feature called "whois privacy" which hides the information of individuals who register domains by default. Only businesses get their information published in the whois database (by default - individuals and businesses can turn this on or off, although businesses need to provide CIRA with a good reason why they want their whois info hidden).

Re:Everyone in Canada will end up on this list

[jonbryce]

It is the same for Nominet, the .uk registry. I believe EU law requires them to do that.

Re:Everyone in Canada will end up on this list

[EvilIdler]

The Norwegian TLD has no privacy option - if you want to use the .no domain, you need valid contact details. There is no option for individuals, as you have to register a company to be allowed to buy .no domains anyway. That's why I recommend .com/.net/.org addresses for everyone (or some other TLD which isn't too suspicious-looking ;), since domain privacy is now part of the price anyway.

Re:Everyone in Canada will end up on this list

[Antony-Kyre]

Doesn't that hurt the private registration companies?

Contact!

[caturday]

Everyone who has brought up or agreed with any of the points raised here (private information protection, spammers lying, disclaimers not working, etc), please use the contact form on the anonwhois site to send them a message informing them that they're doing us all a disservice. Doubtful that we'll get anywhere, but you never know... Note: in the case that this is a front for spammers trying to farm information, you'll probably not want to associate your domain with this site in any way.

Re:Reasonable idea

[SelfishMan]

Rejecting during the SMTP session is a bad answer because IT ISN'T MADE TO BE USED AS A BLACKLIST. The whole purpose of the list is to gather statistics about how many domains have private whois info. Al Iverson is using it correctly to gather stats about domains. Also, don't trust SPF. Many legit sites don't use it or don't use it properly and spammers like to set "ip4:0.0.0.0/0" in their records.

Anonymous registration is necessary

[StealthyRoid]

I'm the owner of an anonymous hosting company, InvisiHosting.com, and I'd like to comment briefly on the distaste for anonymous domain registration.

1. ICANN regulations require the listing of accurate data in a WHOIS record, with a threat of revocation if inaccurate data is not corrected. That means that anyone who has a domain name, who doesn't have a company to register it under, has to have their real name, address, email and phone number listed in the WHOIS record. While most registrars are pretty lax in enforcing this, it still leaves normal, good people faced with having to put information that they wouldn't necessarily want public. Anonymous registration makes this unnecessary.
2. Many people have very very good reasons for not wanting to be associated with a website. Whistleblowers, pranksters, bloggers, etc, all could face serious legal or social repercussions if they data they make public is attached back to them. Many of my non-American customers would be arrested or sued for exercising nothing more than the freedom of speech that the rest of us are accustomed to.
3. If this idea really takes hold, and ANONWHOIS lists are actually used to spam score email, real spammers will just find a registrar that doesn't enforce ICANN policy too strictly (Joker, GoDaddy, etc...), throw up fake data, and the list would be left penalizing honest people who simply don't want their name attached to their domain.

Re:Anonymous registration is necessary

[Cramer]

Name, address, etc. are not exactly private information to begin with. The only thing they want ("need") hidden is their association with a domain. One court order and it's not hidden anymore. One hack, and none of them are hidden. In most respects, if they don't want to be associated with what they're doing, they probably shouldn't be doing it. (or should find some other venue.)

And for the record, I don't know of any registrar who looks very closely at the registrant data. (even when it's pointed out to them.)

Re:Anonymous registration is necessary

[StealthyRoid]

Well, not everyone's name is publicly associated with their home address, especially now that many people don't have landlines that would put them in the phone book.

The "if they need anonymity, they're doing something bad" argument is a poor fallacy that's been exposed multiple times. It's the online version of "Well, if you're not doing anything wrong, why do you need privacy?" Why should someone who wants to write a blog about shady dealings at their work be forced to put themselves at risk? Or even just something that their bosses wouldn't like ? There's no intrinsic need for identity to be associated with the registration of a domain name.

Yes, a court order can (in some cases) strip off the anonymity protections, but not all. For example, InvisiHosting doesn't require that a customer give us any personal information, we allow untraceable payments, and we delete logs daily, so even if a court order comes down, there's no guarantee that someone will be exposed. Still, that same argument applies to warrants to investigate a private residence, and I don't think you're arguing that everyone should just expose all their private behavior to the world, just because cops could go in their house if they're suspected of a crime. If someone's behavior doesn't even meet the laughable criteria for the cops to get a warrant, why should their identity be exposed to the world?

As far as hacks go, that's not necessarily true. If a registrar gets hacked, that's a much huger deal than the stripping of anonymity from domains. If someone's hosting account gets hacked, there's no guarantee that there will be any personal info there, that's on the user. If the server they're hosted on gets hacked, same thing. Most hosts don't keep customer records on their hosting boxes.

NetSol looks closely at registrant data.

Re:Anonymous registration is necessary

[Cramer]

If they own any property (namely their house), then they most certainly do have their name publicly associated with their address.

I would say there's no "intrinsic need" to hide one's identity either. As I said, if you don't want to be associated with what you're doing, you probably shouldn't be doing it. No one is "forced" to bad-mouth their employer. Whistle blowers have ways of doing so without putting their own lips on the whistle.

I would certainly hope you guys have a good team of lawyers on staff. You're rolling a very dangerous set of dice if you think you can provide bulletproof anonymity. "we delete logs daily" is the surest way to get yourself thrown in jail. "untracable payments" *sigh* No. Such. Thing. It can be made very difficult, but given enough time and determination it can be chased down. (I'm not saying any LEO would go to the extraordinary lengths necessary.)

NetSol looks closely at registrant data.

Where "looks closely at" means they do any validation at all, then maybe. I've done business with those overpriced morons; no, they do not. They'll accept incorrect information and never care. They won't take complete nonsense like GoDaddy, but you most certainly can give them false information.

Re:Lawn Darts were Great!

[veganboyjosh]

You can still buy Lawn Darts. Apparently, the sale of the entire set of them is illegal, but selling the parts is not.

This place:
http://www.lawndartparts.com/
sells the parts on their own, so you wind up paying around $200 for a whole set, but if you really want them, you can get them.

Re:Reasonable idea

[Darknight]

Also, quit whining that putting your real name on your WHOIS registration will get you annoying phone calls, threats, or whatever. I've had my real name and contact info on all my web sites and WHOIS information for a decade, and that's just not happening.

Ah, so your logical conclusion is "Since it's never happened to me, it doesn't happen. Period". Brilliant, Sherlock.

Fake Chinese Addresses

[Frosty+Piss]

You know, I can't think of a Spam domain that I've checked that uses a proxy service. Most are registered in Russia or China with addresses - that are probably fake.

Not a problem

[Intron]

This is why my domain is registered with name and contact information: Bill Gates, Redmond, WA, 555-1212.

rfc-ignorant.org already does this

[griffinn]

This sounds a lot like the whois DNSBL service by rfc-ignorant.org, which has been around for much longer. Why do we need another one?