An incredible 77 per cent of internet domains - nearly 90 million internet addresses - are registered with false, incomplete, or unverifiable information. An extensive review of 1,419 representative domain names conducted by overseeing body ICANN, including direct contact with over 500 individual domain owners, produced some …
I was trying to come up with a domain name yesterday for a new website. 99% of the ones I checked were either just PPC ad sites dressed up like some kind of search service (I'm sure you've come across them) or simply registered for a 10 year period by some marketing corp and nothing further done with them.
It's very frustrating, but what can you do?
you have a stronger case for ownership of the domain, you could try the dispute process and get the domain handed over.
Otherwise, if youre just looking for a domain on a whim, you could try making an offer for it, but chances are they will want far too much for it.
Domains shouldnt have any value greater than their registration price.
Mr. Holmes would be constipated
So some researcher has discovered that when people have the ability not to reveal person information, they choose not to - talk about statin' the obvious. As anyone who's registered a domain name will know, as soon as you publish a valid contact email address the SPAM starts pouring in. Where's the incentive to give up this information when the whole process can be done quite easily without it?
Other way around
The registrations aren't fake to avoid spammers. They're FROM the spammers. Spamming is illegal, regulated, or at least hated with a furious passion in most places. Every time you get a spam you can bet that the domain name owner doesn't want to be found. Try looking some up.
At One Time, I Gave False Info
This was because dear old InterNIC decided to make a little extra dosh on the side, and sold their database.
For a year or so, I would get carefully targeted Webmaster ads. Not so bad.
Then, the penis pill ads started cumming ;)
I had to demolish my old address. I haven't used it in about five years.
Recently, I tried turning it on, just to see if it was still on the radar.
Oh, boy, was it ever. I had about 300 NEW spams in the space of an hour or so. My jaw dropped.
Thanks, Network Solutions.
Nowadays, I pay extra, and use domain privacy services. This works. My PO box has also stopped getting all that damn junk mail.
Maybe entering dodgy contact information for a domain is to try to avoid being spammed to death?
If you put real information in your records, you get tons of junk email and snail mail trying to con you into changing domain providers, simple solution is to put junk info in there. You can still login to manage your domain so whats the problem??
To opt out of domain whois, so you arent snowed under with junk is chargeable on an annual basis.. maybe if these were run more like a free ex-directory then people would be tempted to put in correct and accurate information!
Your domain provider knows who you are and links up to their billing system so why does anybody else need to know this information? Its not like you can phone a mobile number and are presented with the full address and name of the owner, so why does the internet need to broadcast it.
Spot on mate!
I used to enter useful information on my registrar record but the spam got be a pain. So I dumped the email addresses that were getting hit and put a load of crap in my registrar DNS record and I get one maybe two spams a week now.
Damn' straight, man...
...see my comment further down the thread.
That's why, when going to read news articles or other content on sites that insist that I "register" before I can read it, I always fill out the demographic survey with totally, absurdly fake information.
For instance, the Washington Post thinks I'm a black woman in her thirties living in Afghanistan earning over $100k per year.
Well, yes. Duh!
This comes as no surprise whatsoever. I think most people are very reluctant to put in true information because of the whois lookup. I know Nominet have an opt-out on this information being displayed on whois, but the last time I looked, there is no such opt-out with .com, .org, etc.
Most people simply do not want their name and address and phone number being easily accessable like this.
As for AC's comment above (17/2, 09:08), I totally agree. These "search" web sites that are set up to sit on a domain name are very very annoying. My solution would be to implement the same scheme as is used for trademarks (or at least, the way it works in the UK). That is, if you don't actively use a registered trademark then after a certain time (I think it's 5 years), someone can challenge it and get the trademark off you. This prevents anyone just sitting on a good trademark without using it. I think the 'idle' time for domains should be much shorter - say 6 months, but I think the principle is good.
How do you define 'idle' for a domain?
I have a .me.uk domain and the only thing it's used for is email. Does that class as 'idle' in your books?
Surely the only way a domain can be 'idle' is if it has never been the subject of a DNS query. If that's the case then the sites you and AC are complaining about are not idle. (S)he found them through DNS. Okay so you/we know that wasn't a 'real' query but how would a DNS server know that?
Give out my RL info in the interweb?
Someone has got to be joking. That is never going to happen.
Request privacy then
I hold the registration for a protest website (a .com). I did not want my details to appear in the clear as I did not want reprisals from certain sections. So I stumped up £5 and had my details withheld.
There can be very good reasons for NOT having you details in the clear!
So save £5
Save the £5 and don't put your real details! It seems obvious to me that if you want to maintain your privacy and keep the spam down, don't put your real details into domain registrations!
Re: So save £5
Some privacy services are free!
suspend them all
Have ICANN/Nominet randomly check 100 domain names per week with a recorded delivery notification, if no reply within 28 days or the post bounces then suspend the domain name for another 90 days and then put it back on the market! If they contact after the 28 days because they're wondering why their domain isn't working, then fine them costs+£10 for not having the correct details registered.
One of the great annoying thing about the internet is; if you register a .co.uk, then some random will watch co.uk will then buy the .com equiv especially if it looks like a business bought it. I've seen this a few times. It's like the stock market, with automated systems getting in instant orders. You only fallback is to research the domain names with a trusted provider and then buy the lot.
Domain names are running out and most are just domain squatters. The great thing with .co.uk is that nominet will just kick them off and give it to you, however, it takes a little while.
Why Mr Squirrel?
Why should there even be a public database at all?
The public database is a throwback to when all domains were only owned by companies/education/government etc. with their own leased lines etc.
If the domain registration system was created today, I doubt they'd have a public database.
Ok, I know this doesn't answer your question, because there's nothing stopping them changing their policy!
buy both .co.uk and .com then!
It doesn't cost much!
Re: suspend them all
If you find a .com domain with fake contact details you can report it http://wdprs.internic.net/
I'm sure if you found fake info on a .co.uk Nominet might investigate, and they did send a reply form years ago but they've stopped doing that now.
we have over 150 domains with fasthosts. we moved premises and need to update our contact info for all those addresses. we have to go into each domain name to update the details, you can't just update all at once! thats one reason why domain details are incorrect - it's such a pain in the arse to do it!
Batch Details Update
Check with your registrar again. Mine allows me to alter the details of all the domains in my account by just doing one update. I can also check a box next to the names of those I want to change in sync and it will update only those. I am surprised that your registrar's interface does not offer this time saving capability.
You managed to tell your banks, supplyers, the governtment and sundry other people.
Whois for phones
I checked the telephone directory and was shocked to find that barely 23% of people included their details in the phone directory! Shocked! It must means that 80% of people are criminals!
They should be required to give out their private details to anyone who may call them. Add their telephone number to a big database in the US so they can be checked not to be a criminal!
Otherwise how would the person calling know they're not calling a criminal????
Did they really need to research this?
What a load of rubbish, why did they need to invest money to find out these statistics? Tell us something we don't know!
If they can identify those domains with bogus information why don't they simply delete them?
I mean, all registrars I've ever dealt with has it as a requirement that the registration information must be valid so I see no problems simply deleting the bogus domains...
Of course, there's probably a gazillion semi-legit business with more or less bogus registrations due to mismanaged registrations, shoddy practices and so on and they'll get disconnected too. Oh well, that'll teach them to use decent business partners... ;)
it's worse than that
The domain name business is fundamentally corrupt. ICANN is unable to do anything about that because it relies on fees from the sale of domain names.
One common practice is domain tasting. The registrar buys the name, puts a web site behind it with banner ads. If the site gets enough traffic, they keep the name and then try to sell it on to the leeches who trade domain names. If it doesn't, they hand the name back to the registry and get their money back.
Even worse is front-running. This time, when a punter wants to see if a name is available, the registrar immediately registers the name for themself. So if the punter wants to buy a name that they thought was available, they find it's gone. Though the registrar will sell it to them for a juciy fee.
If it wasn't so expensive...
... to actually hide your details, then I'm sure more people would actually enter the correct information.
I'm fed up of taking calls on my mobile phone in the night time in the UK, because some twit in the US wanted to wreck vengeance on some other twit in a chat room or forum ... thoguht that their oponents handle was "somewhat" related to mine ... looked up my details and literally phoned my mobile.
Unless there is some form of protection for this valuable information ... it is equivalent to handing out our registration details to any wanker who wants to vent their anger at someone totally unrelated to whatever crap is going on in their lives. Even that stupid phone look up service that went in to "maintenance" mode and didn't come back, didn't display a persons name and phone number ... why should domain name registrations?
...but it costs the same as the domain registration again, in order to have it hidden. WHY? Surely any domain which stays operable for a length of time and has reliable content, should be given the automatic right to hide their details, for free.
In that case, you offer to buy it from them.
Also they need to get rid of masked domains. If you are willing to pay for a domain, hosting, etc, you can certainly pay for a P.O. box or private maildrop to list as your official address.
This also ties into DNSSec because who cares if the dns response is authentic if its authentic garbage?
I registered my domain but took out whois privacy so that my address and phone details aren't visible to con artists and cold callers,
However, Network Solutions did charge over the odds in my opinion for the service.
Been saying that all along!
So much for the uproar for when the ITU and governments wanted to take over ICANN, the fact that the everyone oversaw the problem that the ICANN does an appalling job at domain registration baffles me! They actively encourage cybersqaueters (criminals to you and me) with their free 2 days domain registration trial and also has been the practice for over a decade that they don't actively check registration rules trial.
I provide "shady" contact information for my domain registrations because I want anonymity, and don't want people being able to see where I live. I work from home.
Make personal registrations anonymous, and I'll happily provide full details.
Registrar land grab
Hardly surprising. Many of the large registrars (not naming TUCOWS) have abused their position by block buying 1000's of TLDs on the cheap and then marking them up exhorbitantly.
The rules should be simple, registrars themselves should not be allowed to own TLDs other then their primary trading domain, and the 1000s of existing domains they currently own must be allowed to expire, they cannot be sold or transferred.
It's not always easy to keep the information up to date. I have three domains of which I manage two directly with a registrar. These two have accurate whois information (I suppose this is important to ensure I can get the latest V1aggra offers). However, the other domain name is managed via my hosting provider and they are just unable to keep it up to date. I first have to change my address details on-line, then send them a letter or fax to confirm and the whois information is of course not updated (they don't even get it right on my invoice). If it's such a struggle to get the billing right, I honestly can't be bothered to insist on correct whois information as well. I would just switch to another provider, but their support and technical services are actually very good compared to other hosting providers I used before.
Another thing I find quite irritating is the Nominet privacy option which hides contact information. This feature is is actually only for 'non-trading individuals', however - quite often - people who hide their information want to sell something through their website. This option really should only be available for private websites.
Chicken and egg
Legitimate users are unwilling to publish genuine credentials as they will just be harvested by crooks. Crooks can set up domains using false credentials because there is no requirement to supply genuine information.
Another example of ursine arboreal defecation...
... So the spammers, pill pushers, purveyors of illegal porn and so on are putting fake details in their domain registrations.
Wow, who would have thought it...
"Worse, an extraordinary 29 per cent of domains are registered with patently false or suspicious information - a shady sign of online criminalty."
Biased much? Who paid for this 'research'?
There are -what- 4 billion people on the intertubes? Not all of them are going to be nice. Giving them ALL access to your name, address and phone number would be an act of criminal stupidity.
Registrars INSIST on your correct details purely so they can then sell you some sort of masking system. Point 1, it's a protection racket. Point 2, you are then forced to trust that the registrar is going to take the same sort of care with your personal details that you would. Which they don't. I know for a fact that my email address has been sold on by registrars.
Lying glibly on the form addresses both of the above issues.
Privacy is not forgery
The registrar I use offers (for free!) to replace contact information (name, address, phone number) with their own. Email addresses are also anonymized. This doesn't make the whois record fraudulent. If someone needs to contact me, the registrar can forward their correspondence.
I'm sorry sorry sorry
Jenny Kelly of the National Opinion Research Center (NORC) - well really!!
Apart from the privacy issues which cause honest people to fill in false information etc,, no-one expects that a fraudulent website will have correct registrant information anyway.
Name ownership, now that's a different matter -but ICANN seem to have that sorted out, mostly.
The whole system seem anachronistic to me. I guess it made sense to publish contact details in the early days when only governments, universities and large companies had domains, but that hasn't been true for well over a decade. Now that small businesses and private individuals regularly have one, it doesn't seem reasonable to require everybody to put their name address and phone number out there.
I have my WHOIS mangled for obvious reasons...
And that obvious reason is because I get enough spam. I used to have my real info in the registry, way back when, and I changed it the minute I found out that either Network Solutions (the *only* registrar at the time) had sold my info or that spammers were actively harvesting it.
Reform desperately needed
Now that ICANN is finally released from complete US control, maybe there might be a bit more sanity in such policies. (Hope springs eternal, eh?)
We have to have the public WHOIS database, unless we want the internet to complete its transition to 100% scammers, spammers and botnets.
Re: personal details being abused, I'm only partially sympathetic. #1 because if you wanna run with the big dogs and have a cute personal (yet public) domain, there are responsibilities that go along with that. As someone else mentioned, get a private maildrop if you don't want to list your home address. #2 there are domain privacy services that will mask that info, but see below.
The "domain privacy" have become part of the problem. There needs to be standards here, and at the same time we need an EXPEDIENT way of getting public WHOIS info for the billions of people out there who have a legitimate right to know if the junk someone is sending them (or providing a link to) is linked to a legitimate organization or not. Having to send a snail-mail to a generic address in the hopes of eventually getting a snail-mail reply about who it is that is trying to sell you something just doesn't cut it.
Getting the domain industry's hand out of the corporate bank-account would be a good 1st step.
,,,we don't have to have a public WHOIS database. If there were a thoroughly-checked one, it would just serve as a harvesting resource for the spammers and scammers whilst doing absolutely sod-all to combat it.
As for the partial sympathy: #1 By renting a domain, I am paying $10/year to make an IP address easier to find. End of transaction, as far as I'm concerned. In the unlikely event of me wanting to haemorrhage my phone number and home address (I work from home too) to every. single. user. on the net I will do it at a time and place of my choosing and not because some ICANN chap on a different continent has commanded it. It's MY data. And as for shelling out €70/year for a maildrop...why the hell should I? #2 Domain Privacy requires that you give your details to registrars who can and do abuse that information. If they don't have the information they cannot abuse it.
And in your penultimate para, you're completely forgetting that spammers have been known to *gasp* lie about who's sending the email. I have one domain that's regularly spoofed as a 'from' address and there's NOTHING I can do about it. People can and do email me to complain, and I have a cut'n'paste response to explain about it. There's a small but real chance that my details being published could lead to a real-life spammer vigilante who will do more than swear at me by email. You're also forgetting that most legitimate organisations do publish contact details. I have a list of 'legitimate' businesses who have spammed me and I don't do business with them.
This has turned into a bit of a personal rant, and I apologise for that. It wasn't just the fact that you were wrong in nearly every syllable- it was the "run with the big dogs" that got me up to take-off speed. Very condescending. Not everyone is, has, or wants to be a multinational corporation, and people buy domain names for all sorts of reasons.
too much money to be made
Theres just too much money to be made. Companies like privacyprotect.org blatantly tell you mail will NOT be delivered.
For example the domain privacyprotect.org
Registrant Name:Domain Admin
Registrant Street1:P.O. Box 97
Registrant Street2:Note - All Postal Mails Rejected, visit Privacyprotect.org
We've contacted ICANN numerous times for comment and we never hear anything. Worrying about joe shmoe putting in a fake or bogus address is nothing when you compare it to these large companies doing it for profit and getting away with it.
ICANN is useless, it should of been dissolved during the registerfly fiasco. Let ICANNs financial records be audited and im sure you'll find some very interesting patterns as to who's putting bread on their tables, and it ain't you and me buyin domains.
Never let the facts get in the way of a good story
I guess it is tempting to put up a sensational headline and then deal with the truth later on in the story. If I read your the whole story it states that much of the whois information was not able to be verified and that includes people who use PO Boxes.
Being from the USA, I may have the wrong impression of the word rubbish, but I am sure people who use business addresses such as PO Boxes or for some other reason were not able to be verified like to be considered rubbish.
Reform is not what's needed
"We have to have the public WHOIS database, unless we want the internet to complete its transition to 100% scammers, spammers and botnets."
Look around. That's happened already at least in the sense that the WHOIS system is entirely ineffective in combating such practices. Fixing it might have an impact but it would be hugely expensive since any effective and fair system would require a large amount of human oversight and that impact would be marginal at best since dodgy times are well versed in the art of obscuring their identities.
"if you wanna run with the big dogs and have a cute personal (yet public) domain, there are responsibilities that go along with that."
No, I'm not interested in running with dogs, big or small. I own a domain which I use for legitimate non-commercial purposes. It's not a big deal, but it is a part of what the internet does best (provide and easy and inexpensive way for individuals to communicate with the world on whatever subject takes their fancy). I could hire a PO box but would that increase my costs over sixfold so I would probably just not bother. Multiply that by millions and the internet would be a much poorer place. Of course, we could always migrate to Facebook. I hear they're really good on privacy.
"Having to send a snail-mail to a generic address in the hopes of eventually getting a snail-mail reply about who it is that is trying to sell you something just doesn't cut it."
You send letters to people who spam you? Are you so concerned that your \/!@gr@ is genuine? Seriously, if you have a genuine need to confirm the an online identity you'll need something better than a random post box (or even a random street address). Law enforcement agencies on the other hand would do just as well with a minimally private database (but see my first point above).
Yes, the whois system is broken, anachronistic and ripe for replacement. It pointless to tinker. Either let it die a natural death or come up with an alternative suited to the realities of the contemporary internet.
My post above was of course meant to be a reply to Phil Koenig little piece of snark. (hear, hear moiety.) Secondly, for "the whois system" read "the entire domain registration system". The problems with whois are trivial compared to the mess of barely legal corruption that we call domain registration.
Privacy doesn't always cost
There simply has to be accountability, whether we like it or not, but that doesn't mean 'no privacy' for registrants. A primary obligation of any registrar should be to confirm identity of the registrant, and make sure that the registrant is contactable using reasonable means.
I believe a verifiable postal address (non PO Box) is rightly obligatory, but should be enforced, as well as an active email address and phone number. However, beyond the registrar, there is no reason why anyone else should have access to these details unless some serious crime is committed....and only then - and that should be covered in any T&Cs. That's why all registrars should also be required to offer privacy control, like many do already, but for free. At the moment too many rip-off registrars make money out of a service that should be cost free to the registrant.
I am very happy indeed with my registrar. Privacy features are free with every domain. So all my details, even my name, is obscured from WHOIS for non Nominet domains. However, Nominet still haven't grasped that if a registrant 'opts out' then they don't want their name displayed in the WHOIS registrant field. That info should be obscurable as well.
At the moment, if an individual wants complete privacy, the answer isn't to provide fake details. It is to purchase a non nominet domain from a reputable registrar and register real details but then use the registrar's privacy service (which should be free from any good registrar..it's a ruddy automated service). That way all your details are removed from WHOIS and idiots can't contact you. If you're a legitimate business you'll provide a registered address on your website anyway.
Oh, and as a btw, try verifying who you are with Nominet if you register a domain using an alias. "Please FAX us a telephone bill with NOONEHOME as the account holder".
That is all.
- Does Apple's iOS 7 make you physically SICK? Try swallowing version 7.1
- Fee fie Firefox: Mozilla's lawyers probe Dell over browser install charge
- Pics Indestructible Death Stars blow up planets with glowing KILL RAY
- Hands on Satisfy my scroll: El Reg gets claws on Windows 8.1 spring update
- Video Snowden: You can't trust SPOOKS with your DATA