2 posts • joined Wednesday 31st October 2007 12:05 GMT
Opt-out for individuals would be fine. But if a registrar is processing thousands of registrations per hour, who checks to see whether a domain is registered under the correct category? If you check the whois information for spam sites you will quickly see that in most cases no one is checking anything, and that obviously fake information is being accepted. Even registrars who are seriously trying to avoid spammers still have some domains registered by notorious spam operations slip through despite their best efforts.
As far as registrars being required to be responsive: I notified eNom (via the email address they list with ICANN) of a domain registered with stolen identity information on 10/10/07. Six days later the site was still up, and so I telephoned eNom to explain that I had promised the victim that I would take care of this and I wanted to follow through. The person I spoke with said that they only accepted reports via an online form and that he didn't even know they had any email address for reporting. He assured me that they ignored all email because there was so much spam. When I pointed out that ICANN required a reporting email address, he changed his story and said that they did look at emails but that it would take a long time. He also would not accept any information about the fraud over the phone. (He didn't have to believe me; he just had to call the phone number in the whois information itself.) So I filed the online form. It is now over two weeks later and the site is still up. And eNom is far from the worst registrar. Repeated reports and pleading letters to ICANN about even some of the most egregious offenders get no response except an email from their challenge-response antispam system.
If ICANN won't police anything, and the registrars selling cheap domain names can't afford to police anything at the prices they charge, it is up to the general public to do the best we can to fight criminal activity on the internet. Don't take away one of the few tools we have.
Whois protects the innocent, too
I've been spending the last couple weeks tracking down spam websites that have been registered using real people's contact info and in at least some cases, paid for using their real credit/debit card numbers. If I had to go through the registrars, I would have gotten nowhere, because I can tell you they aren't terribly quick to respond even when faced with documentation that they have a fraudulent registration.
The spammer got these folks' names, addresses, and phone numbers without the help of a whois database. It's the whois database that allowed a volunteer like me to alert them to the identity theft.