WHOIS (for those unfamiliar with it) is a system that provides free public access to domain name registration. Every domain name has to be registered with the following information: the registrants name, an administrative contact, a technical contact, and the name servers associated with each domain name. Its all about traceability.
But “ human nature being what it is “ many have taken advantage of lax, inconsistent registration requirements and submitted a complete load of rubbish. Example:
1 Mucky Road, Mucksville, Muckland MU11CK UK
PRIVATE, XXXXX, XXX, 99999
It’s well known that scammers have been abusing the system for years by creating massive numbers of domain names with equally junky information. The extent of this behavior was recently investigated by ICANN1 (Internet Corporation for Assigned Names and Numbers), and the findings are definitely not pretty.
There were three criteria for determining the accuracy of WHOIS records:
1. Was the address of the registrant a valid mailing address?
2. Was the registrant named associated in some way with the given address?
3. When contacted, would the named registrant acknowledge that they were indeed the registrant of the domain name, and confirm all details given as correct and current?
The results: only 23% of the records were fully accurate.
When the criteria was relaxed somewhat (requiring only that ownership of the site be confirmed, as opposed to confirmation of both ownership and the currency/correctness of all detail), the accuracy level rose to a whopping 46%. So, that means that more than half of the data cannot be believed!
ICANN concluded the following: Most of the barriers to accuracy found (concerns about privacy, confusion about information needed, lack of clarity in the standard to which information should be entered, no requirement for proof of identity or address, the structure of WHOIS itself) can be addressed by the internet community. However, the cost of ensuring accuracy will escalate with the level of accuracy sought, and ultimately the cost of increased accuracy would be passed through to the registrants in the fees they pay to register a domain.
Right “ throw more money at them and their data might be more accurate. People have to prove they are worthy of a raise before seeing an increase in pay, and organizations should be held to the same standard. WHOIS: get yourselves organized, and standardize and validate the process first, and then we’ll talk about increased fees.
What do you think? Do you have any other suggestions for improving the system?
References
