Whois Database

[paco]

I have read several articles claiming that the major search engines are using the whois database for ranking websites - what names are owned by the same entity, creation dates, expiration dates, etc..

Doesn't this violate the intended use of the whois database?

[Dave Zan]

What is the intended use of the WHOIS database?

[Brett Lewis]

Public Whois records were largely instituted to satisfy concerns of intellectual property owners and law enforcement, and also to provide a means for resolving technical issues involving domain names and Web sites. There is an ongoing debate as to what Whois information should be made available and for what purposes.

That said, as long as a specific use of Whois records is not prohibited, it is lawful, whether or not envisioned as a policy reason for establishing a Whois database. For example, ICANN generally requires registrars to license their whois databases to third parties for a $10,000 fee, but prohibits the use of such information in marketing or soliciting customers. You would need to see the terms of the specific license at issue, but under such a bulk license, use of Whois data in indexing and ranking activities may be perfectly acceptable. Mining data from Web site databases for the same purposes, however, is generally illegal and constitutes a Trespass to Chattels, possible violation of the Computer Fraud and Abuse Act and possible breach of an online services agreement.

[Dave Zan]

Welcome aboard, Brett. Great to see another attorney in here for a change. :-D

[paco]

Thanks for the replies.

There is an ongoing debate as to what Whois information should be made available and for what purposes.

My vote - no access to the entire database.

Is the entire database also available for other extensions like biz and info?

[Brett Lewis]

Without upsetting the IP constituency or the FTC too much, there are many great reasons why the database should be made private. For starters, how many phishers or identity thieves actually list real contact information? My guess would be somewhere less than none. Then, there is the issue of Whois mining, made possible largely thanks to an obscure ICANN requirement that registrars make their whois databases available to other registrars through port 43 recursive look-ups. It facilitates registrar transfers, but also opens the registrars up to being data mined. The mined information is then sold to spammers and scammers. The solution would be in maintaining private registrations which could be unmasked upon request of law enforcement or in response to an infringement complaint. Something of that nature, applied globally, probably would strike the best balance between competing interests.

Brett E. Lewis, Esq.
Lewis & Hand, LLP
www.lewishand.com

[Dave Zan]

Something of that nature, applied globally, probably would strike the best balance between competing interests.

And of course present another money-making venture for registrars. :-D

IIRC, Nominet's doing something what you just described for .uk domains.

[March2005]

http://www.dnforum.com/thread153533.html

Google currently is and ICANN-Accredited Registrar for
.biz, .com, .info, .name, .net, .org, .pro

[Brett Lewis]

And of course present another money-making venture for registrars.

LOL!!! Hey, I'm not shilling for ways to make the registrars more money. :greensmilewinkgrin: I am looking at this from a policy perspective. If ICANN were to do away with the public Whois requirement, and to mandate that all Whois information be kept private, subject to disclosure for law enforcement purposes or IP reasons, charging for a privacy service would seem a bit odd. That's not to say that some registrars still wouldn't try to charge for it, but the reason it is a service today is that ICANN requires that information be publicly listed in the Whois. If that requirement were reversed, the justification for charging for privacy as a service would no longer be there.

Brett Lewis, Esq.
Lewis & Hand, LLP
www.lewishand.com

[Luc]

Brett,

Welcome aboard.

From a domain buyer's perspective, private WHOIS db for all domains would be a nightmare. It would be impossible to contact someone who owns a specific domain and ask them if they are interested in selling it. MOST domains are not put to any use, so many would be available for sale and if the direct approach wouldn't work then we would have to rely on registrars providing their own Make Offer type services which would surely rip off both buyer and seller (since they would have no other choice!).

As far as SEs pulling whois data. They are mostly interested in the IP and nameserver data, as well as the registration date. All three can be extracted without having access to the whois DB. The IP and nameservers can determine how many sites are hosted on a particular machine, ISP, data center, etc. Nameservers can be pulled from the zone files. New registrations and changes can also be pulled from the zone. Registration date and expiration date can be pulled from the registry.

Spam can be filtered easily. I don't think that the whois database should be all private as is done with some ccTLDs because this gives the REGISTRARS too much control and too many ways to make money from services which should otherwise be free.

Best Regards,
Luc L.

[Brett Lewis]

From a domain buyer's perspective, private WHOIS db for all domains would be a nightmare. It would be impossible to contact someone who owns a specific domain and ask them if they are interested in selling it. MOST domains are not put to any use, so many would be available for sale and if the direct approach wouldn't work then we would have to rely on registrars providing their own Make Offer type services which would surely rip off both buyer and seller (since they would have no other choice!).

Fair point. There has to be a better way of balancing concerns. Maybe the answer is to partially mask whois, or to provide a surrogate email address that will be forwarded to the registrant. As it is, a fair number of users mask their contact information and others provide false information.

You raise valid points, but privacy is a real concern. Domain names are also stolen using information posted in the Whois. No one should allow an email address listed as the admin contact address for a domain name to lapse, but they do. Not all spam gets filtered and not being a techie, my understanding is that fighting spam is a constant battle. That's why phishing scams, and to some extent spyware and Trojans are so prevalent.

There are no easy answers here. A private whois database would actually be worse for me, as I rely on it all of the time, but the current system has a lot of problems and should be fixed.


Best,

Brett E. Lewis, Esq.
Lewis & Hand
www.lewishand.com

[jberryhill]

For starters, how many phishers or identity thieves actually list real contact information? My guess would be somewhere less than none

.

Spot on. In ICANN policy discussions on this stuff, it is clear that some participants are just mouthing garbage they've been told to say.

If you want to take out of phishing site, then you go after the IP address of the physical host. Playing around with domain whois data is a waste of time in the types of "illegal activity" situations which some folks bring up in connection with whois data.

If I want registration data on a public company, then I can get limited data via, for example, the Delaware Secretary of State. To get the full record, I have to pay ten bucks. Someone can do a heck of a lot of harm with a corporation, just as they can with a domain name, a car, a gun, and all sorts of things about which various types of registration records are kept, and are made available on a reasonable basis.