Whois Misuse

This information is brought to you by DNS Seal, a best practices wiki for DNS

Whois misuse refers to using public Whois data, such as registrants' contact and personal information, for "harmful actions such as spam, phishing, identity theft or data theft."^[1] Whois information includes these elements: the registered domain name, the nameserver(s) used, the registrar's name, when the registration was opened and when it will expire, the registered name holder's name and address, and the contact information for the administrative and technical contacts.^[2] Because of the sensitive nature of this information, it can be vulnerable to data mining, a type of Whois misuse, defined as searching through Whois entries in order to find valuable information to exploit.^[3]

Public Perception

The public perception of Whois misuse is negative and very widespread. Because of the believed frequency of Whois misuse, it is a fairly common practice to use privacy services or even False Whois to avoid such risks as identity theft, phishing, or spamming.^[1]^[2]

Outcome

The frequency of and dangers represented by Whois misuse make users hesitant to share real contact or personal information in the Whois database. Additionally, the practices that use Whois data for malicious purposes, like phishing, spamming, Domain Slamming, sending fake renewal notices or gathering information to instigate further attack on the domain or registrant^[4] detract further from a user's sense of security.^[3]

Historical Use

The Whois database is supposed to provide a means of contacting a website's registrant or its administrative and technical contacts if there are technical difficulties with the site or if illegal activity has occurred, among other things.^[2] Registrars are required to provide publicly either thin Whois entries (which consist of the identity of the sponsoring registrar, the registration status, and when the registration was opened and will expire) or thick entries (which have additional details like "the registrant’s contact information and designated administrative and technical contacts").^[5] In the case of Whois misuse, the information provided by registrars and registrants in good faith is utilized by others for illegal or malicious purposes.

ICANN Policy

ICANN is currently conducting and reviewing multiple studies on the Whois database, including one on Whois Misuse.^[6] In addition, ICANN working groups and committees such as the Generic Names Supporting Organization (GNSO) and the Security and Stability Advisory Committee (SSAC) have studied and made recommendations for the Whois system.^[6]

A recent Whois misuse study conducted by Carnegie Mellon University found that "there is a statistically significant occurrence of WHOIS misuse affecting Registrants’ email addresses, postal addresses, and phone numbers" with 44% of registrants experiencing these kinds of Whois misuse.^[7] A different experiment in the study also found that Whois anti-harvesting techniques, which can be employed by the registry or registrar, are "statistically significant in predicting the potential of email address misuse."^[8] Email address misuse resulting from Whois misuse is 2.3x more likely to occur if anti-harvesting techniques are not employed.^[8]

The results of these and the other Whois studies may lead to changes in the Whois system.^[9] To read a working group report on a potentially new system to replace the current Whois system, see ICANN's Status Update Report: A Next Generation Registration Directory Service.

- An update to the proposed Registration Directory Service (RDS) was discussed at ICANN Singapore by its Expert Working Group (EWP).^[10] The new RDS could differ from the current Whois system by only providing certain identifying elements to those who query the system. People with authorized access could then see additional contact and personal information while those without authorization would see more basic information.^[10]^[11] Additional discussion surrounded how this new system should protect privacy, security, and free speech while providing accurate information.^[10] The EWG is still collecting information on how changing the Whois system will affect the Internet community.^[10]

Legislation

There is no legislation that directly addresses Whois misuse, though some of the results of Whois misuse (phishing, fraud, identity theft, slamming or sending fake renewal notices, and spamming) do constitute illegal activity and can be addressed through legislation like the CAN-SPAM Act of 2003 or a civil lawsuit.

Additional Resources

View a full list of legitimate uses for Whois data
Review current GNSO Whois Studies, including the study conducted by Carnegie Mellon
Watch a video describing the proposed RDS.

References

↑ ^1.0 ^1.1 https://www.icann.org/en/news/public-comment/whois-misuse-27nov13-en.htm Internet Corporation for Assigned Names and Numbers (ICANN)
↑ ^2.0 ^2.1 ^2.2 http://whois.icann.org/en/questions-answers Internet Corporation for Assigned Names and Numbers (ICANN)
↑ ^3.0 ^3.1 https://web.easydns.com/10_things_to_know_before_you_register.php Easydns Technologies, Inc.
↑ http://www.icann.org/en/groups/ssac/documents/sac-023-en.pdf (PDF) (October 2007), ICANN Stability and Security Advisory Committee
↑ http://idnblog.com/2010/01/19/liz-gasster-qa-whois-abuse-studies/ IDNblog.com interview with Liz Gasster (January 20, 2010)
↑ ^6.0 ^6.1 http://gnso.icann.org/en/group-activities/other/whois/studies Generic Names Supporting Organization (GNSO)
↑ http://www.icann.org/en/news/public-comment/whois-misuse-27nov13-en.htm (PDF) by Nektarios Leontiadis and Nicolas Chrisin (November 26, 2013), Whois Misuse Study Draft Report, p. 6
↑ ^8.0 ^8.1 http://www.icann.org/en/news/public-comment/whois-misuse-27nov13-en.htm (PDF) by Nektarios Leontiadis and Nicolas Chrisin (November 26, 2013), Whois Misuse Study Draft Report, p. 73
↑ http://whois.icann.org/en/whats-horizon Internet Corporation for Assigned Names and Numbers (ICANN)
↑ ^10.0 ^10.1 ^10.2 ^10.3 http://singapore49.icann.org/en/schedule/mon-gtld-directory-services (March 24, 2014) Presentation from the ICANN #49 Signapore Conference
↑ https://community.icann.org/display/WG/Video%3A+Introducing+the+RDS Internet Corporation for Assigned Names and Numbers (ICANN)

[comment-1] 1.0 ^1.1 https://www.icann.org/en/news/public-comment/whois-misuse-27nov13-en.htm Internet Corporation for Assigned Names and Numbers (ICANN)

[qa-2] 2.0 ^2.1 ^2.2 http://whois.icann.org/en/questions-answers Internet Corporation for Assigned Names and Numbers (ICANN)

[easydns-3] 3.0 ^3.1 https://web.easydns.com/10_things_to_know_before_you_register.php Easydns Technologies, Inc.

[4] ttp://www.icann.org/en/groups/ssac/documents/sac-023-en.pdf (PDF) (October 2007), ICANN Stability and Security Advisory Committee

[5] ttp://idnblog.com/2010/01/19/liz-gasster-qa-whois-abuse-studies/ IDNblog.com interview with Liz Gasster (January 20, 2010)

[gnso-6] 6.0 ^6.1 http://gnso.icann.org/en/group-activities/other/whois/studies Generic Names Supporting Organization (GNSO)

[cmu6-7] ttp://www.icann.org/en/news/public-comment/whois-misuse-27nov13-en.htm (PDF) by Nektarios Leontiadis and Nicolas Chrisin (November 26, 2013), Whois Misuse Study Draft Report, p. 6

[cmu73-8] 8.0 ^8.1 http://www.icann.org/en/news/public-comment/whois-misuse-27nov13-en.htm (PDF) by Nektarios Leontiadis and Nicolas Chrisin (November 26, 2013), Whois Misuse Study Draft Report, p. 73

[9] ttp://whois.icann.org/en/whats-horizon Internet Corporation for Assigned Names and Numbers (ICANN)

[sing-10] 10.0 ^10.1 ^10.2 ^10.3 http://singapore49.icann.org/en/schedule/mon-gtld-directory-services (March 24, 2014) Presentation from the ICANN #49 Signapore Conference

[vid-11] ttps://community.icann.org/display/WG/Video%3A+Introducing+the+RDS Internet Corporation for Assigned Names and Numbers (ICANN)

[1]

[2]

[3]

[4]

[5]

[6]

[7]

[8]

[9]

[10]

[11]

Whois Misuse

Contents