Many Domains Registered With False Data

bakotaco writes "According to research carried out by the US Government Accountability Office (GAO) many domain owners are hiding their true identity. The findings could mean that many websites are fronts for spammers, phishing gangs and other net criminals. The report also found that measures to improve information about domain owners were not proving effective." From the article: "The GAO took 300 random domain names from each of the .com, .org and .net registries and looked up the centrally held information about their owners. Any user can look up this data via one of the many whois sites on the net. The report found that owner data for 5.14% of the domains it looked at was clearly fake as it used phone numbers such as (999) 999-9999; listed nonsense addresses such as 'asdasdasd' or used invalid zip codes such as 'XXXXX'. In a further 3.65% of domain owner records data was missing or incomplete in one or more fields."

And then there's outdated data

[Kelson]

I work at an ISP. We've had customers in the past whose domain names expired because they didn't update their address and phone number with their registrar, the person whose email address was on the record left the company, and they didn't get the renewal notice.

It doesn't happen as often now as it used to. Either businesses are getting better at remembering that their domain names need to be updated along with everything else, or the registrars are better at finding other ways to notify them of renewals.

But I ran into one case (with Network Solutions, IIRC -- it was a few years ago) where I personally updated the contact information associated with a role account and discovered, a year or two later, that the registrar had somehow resurrected the old, deleted contact info.

And why should our privacy be violated?

[karl.auerbach]

Perhaps a lot of those names with bogus contact info are being used in the domain parking business - that's where people register thousands of names and monitor the traffic for a couple of days to deside which ones are getting hits and which are not. The good ones might then be paid-for and updated with better contact info while the poor ones are released without payment.

But there is a bigger issue: Why should those of use who buy domain names be forced to reveal our contact information to the world?

The reason is that the intellectual property industry, which dominates ICANN, forced this down our throats.

It is an ICANN rule that is in violation of the privacy laws of many countries.

Some lazy law enforcement types claim that they need an open "whois" to enforce the law. That is not true. Law enforcement types have tools (subpoenas) to open closed databases, and, moreover, allowing access to law enforcment does not require that the public be granted the same access 24x7x365.

There is a claim that "whois" data for DNS has operational value, yes it has some, but it is of much lower value operationally than the value of the whois data for IP addresses, a separate and disinct database.

The other week I met an attorney for a large company (very large) who routinly registers domain names anonymously - so as to avoid giving notice of the company's actions. Yet at the same time he watches new registrations and has a tool that automatically sends out cease and desist letters to names that offend his regular expression. Fair? Not really. An exercise in economic bullying? Yes.

here's where to report domains with bad info:

[artifex2004]

http://wdprs.internic.net/ [internic.net]

Note that complete and accurate whois information is a prerequisite for maintaining a domain registration.

All accredited registrars have agreed with ICANN to obtain contact information from registrants, to provide it publicly by a Whois service, and to investigate and correct any reported inaccuracies in contact information for domain names registered through them.

Re:And then there's outdated data

[bcrowell]

I did run into an interesting case recently where the domain owner's info was fake, and it was clearly because he was a crook. This was someone who had plagiarized a bunch of information from a copylefted physics book I wrote, posted it on his own web page without the copyright, licensing, or authorship info, and was using it as a way to lure web surfers to his site, which had some very scary looking obfuscated javascript on it -- presumably it was designed to exploit some security flaw in IE. The contact info was bogus, although not obviously so (nonexistent street in Atlanta, phone number not connected). I contacted his webhost, who are a bunch of Russian guys living in London... draw your own conclusions :-)

The article doesn't make much sense to me for several reasons: (1) it assumes anonymity on the internet is a bad thing, (2) it assumes the federal government should be getting involved in people's free speech activities, (3) as a gazillion slashdotters have noted, it ignores the legitimate reasons for doing this kind of stuff.

Personally, I use a single-purpose hotmail address for my domains, and I have a note on my calendar to log into that hotmail account once in a while so the account doesn't get canceled. It's a hassle, but it saves me the money of paying my registrar for privacy.

Can you blame ME

[macdaddy]

Yes, I mean to emphasize "ME" because I'm one of the millions of domain owners that uses fake information to keep from being spammed to death (electronically or physically) on either my role email account or mailing address. Yes, I'm well briefed in the ways of various registrars privacy options. I even utilize GoDaddy's on a couple of my domains. Why would I want to pay another $10/yr for privacy options? It's just not worth it. I'd rather let people contact me through my websites where I can prevent the use of spiders than freely hand out my details via WHOIS.