Many Domains Registered With False Data

bakotaco writes "According to research carried out by the US Government Accountability Office (GAO) many domain owners are hiding their true identity. The findings could mean that many websites are fronts for spammers, phishing gangs and other net criminals. The report also found that measures to improve information about domain owners were not proving effective." From the article: "The GAO took 300 random domain names from each of the .com, .org and .net registries and looked up the centrally held information about their owners. Any user can look up this data via one of the many whois sites on the net. The report found that owner data for 5.14% of the domains it looked at was clearly fake as it used phone numbers such as (999) 999-9999; listed nonsense addresses such as 'asdasdasd' or used invalid zip codes such as 'XXXXX'. In a further 3.65% of domain owner records data was missing or incomplete in one or more fields."

It could also mean

[DrXym]

The findings could mean that many websites are fronts for spammers, phishing gangs and other net criminals.

Or that a great many domain owners see no reason to post their personal data up on the web where it is available to spammers, phishers or other net criminals. Not to mention random psychos who have some beef with the site's contents.

Legitimate reason to do it

[Sp00nMan]

I have a domain, and I use false information. What to know why? Because when I had my email and real address on my domain name, I got junk mail to my house, and spam to my email address! Until they can hide the contact info from the general public, I will keep falsifying my public information.

I don't want ppl to know my real contact info

[ThomasMis]

What about us regular folk who have a domain? I don't want the world knowing where I live, especially if I'm somebody who runs a blog with unpopular political views.

Fuzzy math?

[k3s]

300 sites times 5.14 % = 15.42 sites.

How is 0.42 of a domain clearly fake?

If I were a smart spammer

[millahtime]

If I were a smart spammer I would register it in someone elses name. Someone hillbilly who lives in the middle of nowhere. Maybe in the mountains. Odds fo getting caught, low. Looks real good to registrar, sure. Those won't show up in this search.

False data or laziness? or both?

[digitaldc]

If noone is enforcing these domain registration rules, then apparently you are allowed to put in anything you like. I guess that will be changing soon.

Also, why does everyone need to know that information? Is there a privacy concern here?

WHOIS guard

[Dreadlord]

I use a WHOIS guard service for all my domains, for a fee the company I registered my domains at lists their email/phone/address instead of mine, and forwards whatever they receive to me.

This way my domains have valid info but at the same time not everyone out there can get my address or phone number.

Many registrars have this as an optional service

[Nichotin]

Instead of using your name, they put their company info in the whois of your domain. Some registrars provide the service for free, while others charge (mine charges 2.99$ per year).

Amusingly

[NanoGator]

Admittedly, I'm one of these people that owns domains with false info. When I registerred my first domain, I wrote down 'Supreme Commander of the Universe' as my name. Before long, I started recieving mail addressed to 'Mr. Supreme Commander of th'. Not sure I wanna put my real address down.

Re:Or attempts at "Privacy"

[Anonymous Coward]

I agree completely with not having the information publicly available.

My site has photos of lots of quite expensive art that I own. I am not particularly happy that anyone who sees it can simply look up my name and address and find out where I live.

There needs to be something better.

I call BS - 3 pieces of junk mail 5 yrs

[acomj]

I have a number of domain names registered. I have received a total of 3 pieces of junk mail in the 5 years I've held the domains. Oddly one for for a corprate credit card. I have a separate email acount for the domains and it gets almost no spam.

I feel the benifits of having someone contact me due to forgoten registration/ problems and other reasons outweigh the anonymous aproach.

I had a stalker...

[gsfprez]

I actually had someone use the data from my domain registration to stalk me and my wife...

thank God i set the address to an old address where i used to live. How do i know that he used that data?

in his emails to us, he talked about how he was watching our apartment and described the old apartment i used to work at perfectly.

so - get fscked if you think i'll ever use my real personal data for my domains.

Re:Or maybe...

[dwight0]

I made the mistake of changing my info from 000-000-0000 to my real cell phone number and i get alot of calls from marketers telling me my site is ugly and they can redo it for a fee. I asked them which site and they dont know the name or what it looks like. they still continue to call my cell after is said DO NOT CALL.

I do this for customers

[Anonymous Coward]

I register domains for my customers and keep my company information on every field and simply pass along any non-spam messages to the customers. Most customers prefer this, a few get worried about ownership of the domain with my information on the registrant. In that case I offer to either put their information on the registrant or give them something in writing stating that they are the domain owner regardless of my information on the registrar.

Re:Many registrars have this as an optional servic

[garcia]

A) why does my private information need to become public just because I register a domain? I most certainly should not be required to provide a home address and telephone number let alone my real name just because I like to have a domain.

B) why should the registrar or ISP get to make additional money on top of the already outrageous costs associated with registering a domain name just to protect my information that shouldn't be required anyway?

C) My domain information is fake. Fuck em.

Re:I call BS - 3 pieces of junk mail 5 yrs

[Cecil]

I have specifically-named email accounts for each and every domain I own, which are registered through several different registrars. To each of these addresses, I get about 20 emails a week. Identical emails, sent to each address.

I think it's pretty obvious that there are certainly spammers trolling the whois database. I ask you, WHY would they pass up that super easy source of email addresses? But hey, it's my anecdote vs. your anecdote, do they cancel each other out?

GAO zone transfer into private industry?

[chunews]

Hey,

I was getting ready to rant and say well, of course individuals use fake information because, as the article already points out -- Any user can look up this data via one of the many whois sites on the net - and most users don't actually want to be looked-up.

I was getting ready to talk about the difference between 'personal use' domains, where the ability to contact the owner is almost immaterial to the correct operation of the personal use, and how the reverse is true for corporate domain users where you'd bloody well have valid dns, technical, and ABUSE contact information clearly laid out.

And then I did something I almost never do - I RTFA and whoaaaa, isn't this a bit outside of the GAO jurisdiction? To wit, from their own website (URL:http://www.gao.gov/about/what.html) Congress asks GAO to study the programs and expenditures of the federal government. GAO, commonly called the investigative arm of Congress or the congressional watchdog, is independent and nonpartisan. It studies how the federal government spends taxpayer dollars. GAO advises Congress and the heads of executive agencies (such as Environmental Protection Agency, EPA, Department of Defense, DOD, and Health and Human Services, HHS) about ways to make government more effective and responsive. GAO evaluates federal programs, audits federal expenditures, and issues legal opinions. When GAO reports its findings to Congress, it recommends actions. Its work leads to laws and acts that improve government operations, and save billions of dollars.

So, where is the direct federal impact, ability to make government more efficient (oh, unless you meant the Patriot Act enforcement agencies...), and study of taxpayer dollars related to GAO's research?

And what the heck is the GAO doing colluding with ICANN, other than to more tightly couple its operations with that of the US government?

PS: Why not look at .gov names? Oh wait, perhaps you cannot because (http://slashdot.org/article.pl?sid=02/09/21/12592 11&tid=95 [slashdot.org]) "Verisign stopped providing access to information about the .gov internet domain, which is restricted to US government bodies, over concerns the data could be used in planning internet attacks."

Re:Or attempts at "Privacy"

[WoodstockJeff]

I don't object to the people who legitimately need this information being able to access it -- I don't think it should be held 'in the clear' for just anyone to see.

Please define, in advance and universally, who the "people who legitimately need this information" are. If I get a phishing expedition message that uses a compromised website as a hiding place, how does a registrar differentiate between my wanting to contact that person to inform them of the compromise, and Bob The Spammer's desire to send that person spam? And, as a domain owner, which would weigh heaviest in your mind - preventing spam from Bob, or not finding out for days or weeks that your server has been used for criminal activities, and a prosecuter in Chicago now wants to speak with your attorney about negotiatiating your plea?

This is why the default is to publish the information. Using proxy registrations must have provisions for passing such notifications through to the responsible parties, or it violates the spirit and letter of the regulations that require responsible party contact information in the first place. I don't know many people who are going to provide such as service for free.

Perhaps a compromise would be that you could chose one public contact method... Some way that you can be reached for domain- or server-related notifications. And, of course, there is no requirement that what you publish be your "personal contact info", because it is simple to set up an email address for a specific purpose.

Re:Or attempts at "Privacy"

[Phillup]

That said, there should be strict laws against knowingly sending unsolicited commercial email of any sort using a private domain, and the first violation should result not only in jail time, but also in a ten year ban on the individual and/or company being allowed to register ANY domain name.

And which country would pass (and enforce) these laws?

The large majority of the spam I receive isn't from my country... and, I really don't give a rat's ass about another country's laws.

I suspect people in other countries feel the same about laws made by my country.

Re:Or attempts at "Privacy"

[gstoddart]

Which brings up the question, why would anyone hide their technical contact information? Personal, I have no problem with... I rarely have to deal with the domain owner. But fake tech info?

Simple, when it's a personal domain, the tech contact and domain owner are, oddly enough, the same person.

At present, I have the choice, fill in bogus information, or provide my personal information (which I do).

Small/personal site owners don't necessarily want their private info out. And the amount of crap spam I get which is clearly trolled from my whois record is annoying.