https://icannwiki.org/index.php?title=Whois_Audits_and_Verification&feed=atom&action=historyWhois Audits and Verification - Revision history2024-03-29T06:43:24ZRevision history for this page on the wikiMediaWiki 1.35.2https://icannwiki.org/index.php?title=Whois_Audits_and_Verification&diff=99497&oldid=prevJackie Treiber: Created page with "{{Glossary| |note = '''This information is brought to you by<br> [http://dnsseal.wiki/ DNS Seal], a best practices wiki for DNS''' | logo = DNS Seal.png |link..."2015-04-17T21:05:03Z<p>Created page with "{{Glossary| |note = '''This information is brought to you by<br> [http://dnsseal.wiki/ DNS Seal], a best practices wiki for DNS''' | logo = DNS Seal.png |link..."</p>
<p><b>New page</b></p><div>{{Glossary|<br />
|note = '''This information is brought to you by<br> [http://dnsseal.wiki/ DNS Seal], a best practices wiki for DNS'''<br />
| logo = DNS Seal.png<br />
|link = http://dnsseal.wiki/<br />
}}<br />
<br />
'''Whois Audits and Verification''' practices allow registrars to help target fake or incorrect Whois information. Whois validation and verification, now required by ICANN’s 2013 [[Registrar Accreditation Agreement]] (RAA), refers to the registrars’ responsibility to check the contact and personal information provided during registration. <ref name="RAA">http://www.icann.org/en/resources/registrars/raa/approved-with-specs-27jun13-en.htm#whois-accuracy Internet Corporation for Assigned Names and Numbers (ICANN)</ref> The registrar must validate required items such as whether the street address the registrant provided exists and whether the provided email is correctly formatted.<ref name="RAA"/> Additionally, the registrar must verify the registrant's email address or phone number by asking the registrant to respond using a "unique code."<ref name="RAA"/><br />
<br />
==Public Perception==<br />
The public perception of Whois auditing may be mixed because it is so common to use [[False Whois]] information, not necessarily to cover criminal activity but to avoid the risk of identity theft or maintain privacy.<ref name="q">http://whois.icann.org/en/questions-answers WHOIS Beta, Internet Corporation for Assigned Names and Numbers (ICANN)</ref> However, in the case of a technical malfunction on the registrant's website or a [[Domain Name Hijacking]] attempt, it is important for the registrant's contact information to be correct so that they can be informed in a timely manner.<br />
<br />
==Outcome==<br />
More frequent Whois audits can encourage more open behavior in the domain name industry and provide accountability. Hopefully, people concerned about privacy and security will seek additional fee-based privacy or proxy services or sign up with a registrar that provides such services for free instead of risking their domain name by using false Whois information.<ref>http://www.publicdomainregistry.com/privacy-protection/ Public Domain Registry</ref><br />
<br />
==Historical Use==<br />
*ICANN requires that Whois information be correct and publicly available, which is supposed to increase transparency in addition to providing information on whom to contact in the case of emergency, abuse, or criminal investigation.<ref>http://www.icann.org/en/resources/policy/background/whois Internet Corporation for Assigned Names and Numbers (ICANN)</ref> However, many people feel doubtful about providing personal information to the public, especially as phishers and spammers may take advantage of the Whois database.<ref name="q"/><ref>http://www.icann.org/en/news/public-comment/whois-misuse-27nov13-en.htm Internet Corporation for Assigned Names and Numbers (ICANN)</ref> Whois audits can be a means of combating illegal activity online in addition to providing important contact information.<br />
*Some registries, such as Nominet, have set supplemental guidelines regarding additional registrant information checks for their .uk selling registrars under a Good Practice Terms clause.<ref>http://www.nominet.org.uk/sites/default/files/nominet_registrar_resources_-_good_practice_terms_for_registrar_agreement_-_2012-07-03.pdf (PDF) Nominet</ref><br />
<br />
==ICANN Policy==<br />
*2013 Registrar Accreditation Agreement ([[RAA]]): as discussed above, this policy outlines the registrar's responsibility to check the personal and contact information provided by the registrant. <br />
**If the registration information is not correct, the registrar gives the registrant 15 days to fix any errors. If the information is not changed, then the account may be suspended or deleted.<ref name="RAA"/><br />
**In addition, if the registrar believes that any information provided maybe be false or out of date, the registrar must re-verify the account email information.<ref name="RAA"/><br />
*[[Whois Data Reminder Policy]] (WDRP): this 2003 policy requires that registrars send out yearly notices requesting updates to Whois information.<ref name="wd">http://www.icann.org/en/resources/registrars/consensus-policies/wdrp Internet Corporation for Assigned Names and Numbers (ICANN)</ref> If no changes have occurred, no response is necessary.<ref name="wd"/><br />
*ICANN released a Draft Implementation Plan that would create a Whois program to report the accuracy of Whois information and to perform periodic audits.<ref name="announce">http://www.icann.org/en/news/public-comment/whois-accuracy-reporting-11mar14-en.htm (March 11, 2014), Internet Corporation for Assigned Names and Numbers (ICANN)</ref><ref name="plan">http://www.icann.org/en/news/public-comment/whois-accuracy-reporting-11mar14-en.htm (PDF) titled WHOIS Online Accuracy Reporting System Implementation Plan, under the heading Section III: Document and Resource Links (March 11, 2014), Internet Corporation for Assigned Names and Numbers (ICANN)</ref> The report is available for public comment until April 1.<ref name="announce"/> The next step in implementing this program is an ICANN request for an official proposal.<ref name="announce"/><br />
**This plan is based on an experimental study performed by NORC and [[SSAC]] recommendations.<ref name="plan"/><br />
**ICANN would sample Whois information in gTLDs, rating them on this scale: "No Failure, Minimal Failure, Limited Failure, Substantial Failure, and Complete Failure."<ref name="plan"/><br />
**Whois entries would be judged in three major categories: syntactic accuracy, operational accuracy, and identity.<ref name="plan"/> Syntactic accuracy would involve validating that all the fields are filled out and in the correct format. Operational accuracy would address whether or not the information is "applicable," and the identity category refers to validating that the Whois information "can be used to confirm the identity of the registrant."<ref name="plan"/><br />
**ICANN would also notify registrars with false or inaccurate Whois information.<ref name="plan"/><br />
<br />
==Legislation==<br />
Currently, there is no legislation that specifically addresses these practices. <br />
<br />
==Additional Resources==<br />
*Read ICANN's [http://www.icann.org/en/resources/registrars/raa/approved-with-specs-27jun13-en.htm 2013 RAA]<br />
*View a [http://www.icann.org/en/resources/registrars/consensus-policies/wdrp#modelwdrpnotice Sample WDRP Notice]<br />
*Read the [[SSAC]]'s [http://www.icann.org/en/groups/ssac/documents/sac-058-en.pdf Report on Domain Name Registration Data Validation]<br />
*Read [http://www.icann.org/en/news/public-comment/whois-accuracy-reporting-11mar14-en.htm ICANN's Draft Implementation Plan]<br />
<br />
==Related Articles==<br />
*[[False Whois]]<br />
==References==<br />
<references/><br />
[[Category: Good Practice]]</div>Jackie Treiber