RealTime IT News

VeriSign Ignored WHOIS Warnings

VeriSign officials tried to minimize the damage caused by an Internet Corporation for Assigned Names and Numbers (ICANN) warning yesterday, which gave the .com and .net registry about two weeks to fix 17 violations in the WHOIS database.

It's a problem that likely wouldn't have come to light in the first place, if VeriSign officials hadn't dismissed ICANN concerns.

Mary Hewitt, an ICANN spokeserperson, said the notice wouldn't have been publicized in the first place if VeriSign were more cooperative.

"A couple weeks ago, we gave them a final notice to fix these violations, and their answer was essentially, 'do whatever you want.' "

The database contains the names and contact information of registered domain owners, and is frequently used by illegal Web site operators to avoid prosecution. Many such operators file contact information under bogus e-mail addresses through anonymous Hotmail or Yahoo! accounts.

Brian O'Shaunghnessy, a VeriSign spokesperson, told The Washington Post the violations were only a few incidences among millions of registered domain name owners at Network Solutions, the registrar division of VeriSign.

Ross Rader, director of research and innovation at one of VeriSign's competitors, Tucows, Inc., said the violations are hardly an aberration, and finds VeriSign's attempts to downplay the extent of the problem laughable.

"I find it almost ridiculous, to be honest," he said. "They do have a serious problem and as far as I can see they've taken no steps to follow these problems. I personally brought this to their attention six months ago and haven't heard back from them yet."

That pattern of neglect is what brought ICANN down on VeriSign in the first place, according to the announcement yesterday, "based on a broad, longstanding pattern it has exhibited of failing to abide by its agreements to provide complete WHOIS data, and to take steps to correct reported inaccuracies in that data," the statement read.

In an e-mail obtained by internetnews.com, Rader posted a public query back on March 29 to Bruce Beckwith, a director at Network Solutions, asking when Network Solutions would work on its registrant's invalid e-mail and contact information.

"While we are on the subject of poor data integrity, can you provide an indication of when Verisign will be correcting the thousands of invalid email addresses in your whois that continue to show no.valid.email@worldnic.com?"

Rader got no response, he said, and doesn't expect one forthcoming.

"What (the ICANN warning) will do is get them to fix the 17 violations and hide their head in the sand with the other thousands they have in the database," he said. "It's no exaggeration that they have thousands of emails that are invalid."

But VeriSign does notify its registrants and has taken steps to ensure WHOIS entries are legitimate, said Patrick Burns, a VeriSign spokesperson.

"VeriSign takes all its obligations seriously," he said. "We have taken several steps to ensure it, including a mailing to all registrants back in June explaining our policies."