ICANN cracking down on incomplete registrations

[ldyguique]

Internet News reported that ICANN is cracking down on domain registrations with incomplete or bogus information.

Quote:

The Internet Corporation for Assigned Names and Numbers (ICANN) Wednesday published the first in what will be an annual report on the steps being taken to wipe out bogus or incomplete information found in domain registrations.

The findings? Nearly 5,000 of the 24,148 complaints dealt with domains containing incorrect or incomplete contact information -- telephone numbers, email addresses, street addresses -- of known or suspected spammers.

The WHOIS database is a list of registered owners for every top-level domain (TLD) name governed by the Marina del Ray, Calif., organization -- .com, .net, .org, .aero, .biz, .coop, .info, .museum, .name and .pro. Registrars, the companies who sell the domain names, are under contract to ensure the contact information regarding the domain registration is correct.

But for years, the WHOIS database has been plagued with inaccuracies, likely thanks to people with quasi-legal or illegal enterprises headquartered on the Internet who are trying to avoid detection. While registrars automate the forms to get people signed up and on the Internet, there is no automated process to ensure the information is correct. And, from what I can tell, it's a drop in the bucket.

The situation came to a head in May 2002, when Federal Trade Commissioner J. Howard Beales III, director of the Bureau Of Consumer Protection, said the many inaccuracies were preventing his agency from stopping illegal operations being conducted through the Internet.

"We cannot easily sue fraudsters if we cannot find them," he complained to a House panel at the time. [more in article]

[bebarrett]

About 6 months ago there was a guy hijacking one of my domain names to send out a ton of spam, and for days, my inbox was crowded with hundreds of bounced emails. Looked him up on WHO IS, and discovered a phone number with area code that didn't exist, an address with a city that didn't exist, and a zip code that also didn't exist. The contact email, of course, bounced back.

And what made me really angry, was that the site he was promoting didn't work at all! It was a blank page. No HTML, no nothing!

I contacted ICANN about the inconsistancies in the contact info and 3 months later, the domain was SUSPENSION_PENDING... then it was just suspended.

I feel real good about that victory.

[Nargule]

Quote:

Originally Posted by bebarrett

About 6 months ago there was a guy hijacking one of my domain names to send out a ton of spam, and for days, my inbox was crowded with hundreds of bounced emails. Looked him up on WHO IS, and discovered a phone number with area code that didn't exist...

Perhapes I am missing some information here - if he was hijacking your domain, what information did you use to do a WHOIS lookup?

[bebarrett]

I just followed the link in the spam.

Which is why its always good when the systems send the whole message body back to "sender" I recently had a rash of bounces (not as bad... the one I complained about was about 200 undeliverables a day for almost a week) and the system didn't send the body, which makes it infinitely more difficult.

[Nargule]

Quote:

Originally Posted by bebarrett

I just followed the link in the spam.

Ok, I think I get it - The WHOIS of the domain the spam was promoting?

[Andilinks]

I've heard of some plans to filter email by the domain name in the body, that would be the link that the spammer wants you to click to buy his cialis, viagra etc.

All that would be needed is a blacklist database of the spammer's site's domains. Once the blacklist were widely distributed the spammer would have to buy a new domain, which puts a brake on his whole operation.

I read this on a thread in another forum, but so far there's been no follow-up.

Seems like the best filtering idea I've heard yet, because they can use all kinds of weird charaters to spell V1.agrA but they can't misspell their domain!

I'll post back here if I hear any more on this...

Andi

[Nargule]

Quote:

Originally Posted by Andilinks

I've heard of some plans to filter email by the domain name in the body, that would be the link that the spammer wants you to click to buy his cialis, viagra etc...
...Seems like the best filtering idea I've heard yet, because they can use all kinds of weird charaters to spell V1.agrA but they can't misspell their domain!

Cool ideal! It seems like that would be pretty simple to implement too. I might start playing around with that on my server, I just need to build a database of SPAM destinations or find one availible for public use.

[Andilinks]

OK then, check out this thread, maybe you'll find some help with it.

http://www.aota.net/forums/showthrea...threadid=16760

Andi

[Nargule]

Quote:

Originally Posted by Andilinks

OK then, check out this thread, maybe you'll find some help with it.

Cool. I dropped them a post over there.

[Digger51]

I hate SPAM and its operators as much as the next guy. However, I do not think that I have an obligation to provide any information to anyone whatsoever (other than what it takes to pay for) for the right to own a domain.

The only people that ICANN’s new rules are going to bother are those of who aren't trying to hide. I just can't wait to get 85 SPAMs aimed at me because I own a domain and my contact info is now public domain.

Is ICANN really so naive as to believe that this will prevent SPAM? Come on- get real.

[paulm]

Quote:

I just can't wait to get 85 SPAMs aimed at me because I own a domain and my contact info is now public domain.

I have a few thoughts here (and have been quietly listening for long enough):

1. The registrar situation should more regulated. It seems that there are many, many registrars now. Back when Network Solutions ran the show (so to speak), it would've seemed more obvious that they should've started hiding the info. With so many registrars now, it'll be harder, but not impossible...not by a long shot. I will point out, however, that a couple of registrars are at least moving toward providing alternatives to posting your email address (aliases). Though, it still doesn't account for your other personal information...which is (somewhat) fine if you're a business but not so good if you're an individual.

2. There are definitely those who will argue that the registrar information should remain public. I know somebody who runs a business but for personal reasons is actually hiding and doesn't want to be contacted. No, it's not for something illegal...it's more like not wanting to be contacted by an ex-spouse. This would be nicely handled by having the registrars not publish the info.

3. For those who use registrars that don't have aliases (which is most), there are several Disposable Email Address (DEA) services available. I started one a few years ago for precisely these reasons: http://www.emailias.com. To avoid seeming a complete opportunist, I will point out that there is another major player (http://www.spamex.com). Both will serve you well, and work with any existing email address(es) that you already have. I really recommend trying out the free trial membership, and if you're convinced, upgrade. I'll throw in an incentive to use Emailias: $1 for the first year, using the coupon "webproworld-1" (Renewal will be $19.95). I'd give it to you for free, but if you're serious, then credit cards seem to be the best way to ensure that you're really a legitimate person.

If you own a domain or comment in newsgroups then you really shouldn't publish your own email addresses. Period. It's even debatable as to whether you should give your address out anywhere because you lose control of it once you give it out. Orbitz.com had an issue a few months back where some of their data was stolen and then spammed. Some of our members found this out and were saved from future junk. Orbitz didn't plan to spam or share with spammers. It happened, unfortunately.

[ChristinaS]

I think most if not all registrars offer an option to keep registrants information private by providing proxy information for WHOIS. The registrant has to pay extra for this service, and unfortunately it can be more expensive than the actual domain registration. I assume that the proxy registrar must make the real information available in case of a law-enforcement investigation.

Now, on the subject of giving out or not giving out your email, I use email addresses at yahoo or hotmail for forums and such. If the email addresses starts collecting too much uncontrollable spam, I change it asap. Blocking a whole domain is no good usually (or fake addresses on the same). Lots of people use those email providers for all sorts of purposes, not all really ill-intentioned, so not actually an option. Yahoo at least has improved the spam detection mechanism and one can report unfiltered spam as such and that will be blacklisted somehow. It works reasonably well.

[Digger51]

All good ideas on how to avoid SPAM but the issue is still ICANN's right to force legitimate information from the owner of a domain. What are they going to do with it? Do they think criminals won't figure out a way around?

I should be able to own any domain I wish and it is nobody's right to know who owns my domain any more than it is their right to know what CD or TV dinner I bought.

The reason they have so much crap in their WHOIS db is that htey require a bunch of crap ( who needs four contact records?)and don't protect the information once they have it.

[ChristinaS]

Quote:

Originally Posted by Digger51

All good ideas on how to avoid SPAM but the issue is still ICANN's right to force legitimate information from the owner of a domain. What are they going to do with it? Do they think criminals won't figure out a way around?

I should be able to own any domain I wish and it is nobody's right to know who owns my domain any more than it is their right to know what CD or TV dinner I bought.

The reason they have so much crap in their WHOIS db is that htey require a bunch of crap ( who needs four contact records?)and don't protect the information once they have it.

LOL! So I suppose you're opposed to what else? Mandatory firearm registrations? Seat-belt usage in cars?

All kidding aside, I see nothing wrong with full disclosure. I sort of object somewhat to the information being public, I'd prefer it to be available only to law enforcement agencies. If I was that concerned with my privacy, I'd probably buy the private registration service.

While enforcing and verifying addresses will certainly not deter the bigger, smarter, more ruthless criminals, it will deter the smaller, annoying dumb ones. Not all criminals are smart, in fact most are outright stupid. If they were that smart, we'd never catch them, would we?

So why then is there so much crap in the registries? Precisely because there is no actual verification. If they were to verify as seriously as Paypal does, this wouldn't happen. I suppose they are now starting to clean up their act, and none too soon.

[Conficio]

Dear webmasters,
great discussion, still I think there is a difference between owning a domain and owning a CD, etc.

First of all, a domain does identify a network with potentially hundereds of computers and thousands of services, not just a website.

Second, a domain is like a street address or a newspaper or a radio station for that matter. It is not an item of personal consumption, but rather a point of (public) communication.

If you want to hide from the world, then don't try to communicate with the world. However, if you want the freedom to publish a website or any other service, then don't think you could hide your identity. I think that is only a fair deal.

Just my five cents worth after a full working day. May be I find a dime tomorrow.

K<o>

[Conficio]

Sorry accidentally I submitted twice.

K<o>

[Digger51]

I guess I am not familiar with the part of the US Constitution that guarantees freedom of speech but only with full, proper and documented identification.

The internet is public domain and you and I should feel free to use it freely (relative) in whatever way we see fit within the boudaries of the law.

Again the question, why do they want it and for what?

[DosDog]

What's missing here is a reality check for Icann actually.... I'm sure that back in the days all this was being worked out, the intention was never to force individuals to divulge their actual street address and full name, nearly everything besides bank account / credit card number needed to assume their identity...
the current process is broken.
Stupid.
Enforcing the voracity of the info, that will be published to the world, on threat of revocation, is a really bad idea.

This is ludicrous, to publish someone's name and address, combined with their e mail, to any old joe who requests it.

I can't say how dumb I think the present system (if it can be called that) is....

[albatross2147]

It is good to see that ICANN is getting off their butt in regard to these sorts of issues.

Some of their approved registrars have (in the past at least) registered expiring "good" gTLD domain names on their own behalf using false information and then attempted to sell them on auction sites etc. at inflated prices.

[Andilinks]

A simple private mailbox service will keep your home address off of the whois, though a proxy registration is probably cheaper.

Domain name abuses, screw-ups, and scams are so common that better regulation is needed, though I suspect that the low creatures who abuse will probably always be a step ahead of the regulations.

Andi

[ChristinaS]

Quote:

Originally Posted by Digger51

I guess I am not familiar with the part of the US Constitution that guarantees freedom of speech but only with full, proper and documented identification.

The internet is public domain and you and I should feel free to use it freely (relative) in whatever way we see fit within the boudaries of the law.

Again the question, why do they want it and for what?

They want it to ensure that a domain can be traced back to its real owner in case of any dispute, criminal activity and such. Using false information can in itself be a breech of a contract, as it's most likely noted in the TOS at time of registration. So you get a second chance to come clean, so to speak.

[Lando]

Well, I just rechecked my domain as far as Whois (and as expected, there is still some wrong info) and after three telephone calls in the past (over a period of a year or so as I remember) and talking to a REAL person, some of my information is STILL not correct!

If they want up-to-date and correct info, then some of these registrars have to respond to corrections, and I'm not talkng about a small company, I talked to one of the original registrars, and all was to be corrected.

Anyway, thought I'd mention that they have some cleaning up to do on their end, and if I am having this problem, how many others are there?

Lando