The Curious Correlation Between .biz Domains, Bad Whois Data, and Spam
Terry Calhoun, IT Trends Commentator
Society for College and University Planning (SCUP)
University of Michigan
J'e's been busy playing detective and he's discovered some interesting loopholes
in various procedures related to ICANN policies. I've noticed "bad"
whois registration addresses before but never followed through to do anything
about them. Maybe now that J'e has laid all of this out for us, more of us can
join in to plug these spam holes.
***
J'e St Sauver, Ph.D. (j'e@oregon.uoregon.edu)
Director, User Services and Network Applications
University of Oregon Computing Center
If you take the time to deconstruct the spam you receive, one of the most interesting
things to scrutinize is any URL contained in the body of the spam. Notice any
pattern to the URLs you see? Ever wonder who's behind those all those different
domain names?
Non-network-geeks may not know that every domain has (or at least is *supposed*
to have) accurate registrant information available via "whois." For
example, if you have access to a unix shell account, the command:
whois -h whois.networksolutions.com syllabus.com
will show you the whois data associated with this Web site's domain." If you'd
prefer a Web-based whois, you can try http://www-whois.internic.net/cgi/whois.
The general requirement that domains have accurate registrant information is
explicitly defined at Registrar
Advisory Concerning Whois Data Accuracy. Later that same year, the ICANN
Security and Stability Advisory Committee did a nice job of explaining
why accurate whois data is absolutely key to the security and stability of the
network.
If you find a .com or .net domain, spamvertised or otherwise, that happens
to have inaccurate whois data, you can easily report it using the online
form.
Thus, for example, if you see a whois U.S. street address that looks suspicious,
you can use any of a variety of online address verification tools (such as USPS)
to check at least the superficial validity of that address. (The more profound
question of whether or not a valid address is actually the right valid
address for a given entity is a more subtle question that we'll set aside for
now, along with the issue of doing address verification for non-U.S. addresses
where computerized address validation tools may not be available.)
Anyhow, if you should happen to find a street address associated with a .com
or .net address that turns out to be wrong, you can report that problem using
the Internic's online form. For the most part, .com and .net whois data is generally
pretty clean, and when you find a .com or .net domain that has data that isn't
right, you can easily get that whois data cleaned up (or the registration data
for that domain "registrar locked" or deleted).