I had the honor of testifying, in writing and orally, to the US House of Representatives Committee on the Judiciary Subcommittee on Courts, the Internet, and Intellectual Property Oversight Hearing on Internet Domain Fraud & US Government’s Role in Ensuring Public Access to Accurate Whois Data. My written testimony.
In recent years, many Internet users have become aware that domain name registrants do not always offer accurate contact information. The distributed “WHOIS” database storing and distributing this contact data is generally thought to be important for correcting technical errata, resolving disputes over domain name allocation, and holding web site operators responsible for the content they distribute. A series of contracts, from ICANN to registrars to registrants, requires that contact data be complete and accurate, but nonetheless certain registrants fail to properly provide the required contact information.
While many WHOIS errors likely result from accidental error in data entry or data processing, certain registrants have been found to intentionally provide systematically inaccurate contact information to registrars for inclusion in the WHOIS database. Such fraud can include the entry of invalid street addresses and phone numbers, i.e. contact information that in fact reaches no one, or it can instead offer as the purported registrant of a domain some third party in fact wholly unrelated to the domain.
In this article, I document documented 2754 domains reregistered by one particular firm known for its widespread use of invalid WHOIS contact information. The majority of these domains redirect users to a single web page displaying a list of links to content that is, by and large, unrelated; the remaining domain names provide access to sexually-explicit images. While this research is by no means exhaustive — other firms likely follow similar registration practices, and still others make numerous invalid registrations and reregistrations that no doubt differ in various ways — a review of these specific registrations as well as their general characteristics may be helpful in understanding the behavior at issue.
Note that this research is focused specifically on large-scale domain registrations. I do not address the questions of privacy, spam, and consumer protection raised by publication of individual registration data in the WHOIS database.