RealTime IT News

ICANN Reports On WHOIS Inaccuracies

The Internet Corporation for Assigned Names and Numbers (ICANN) Wednesday published the first in what will be an annual report on the steps being taken to wipe out bogus or incomplete information found in domain registrations.

The findings? Nearly 5,000 of the 24,148 complaints dealt with domains containing incorrect or incomplete contact information -- telephone numbers, email addresses, street addresses -- of known or suspected spammers.

The WHOIS database is a list of registered owners for every top-level domain (TLD) name governed by the Marina del Ray, Calif., organization -- .com, .net, .org, .aero, .biz, .coop, .info, .museum, .name and .pro. Registrars, the companies who sell the domain names, are under contract to ensure the contact information regarding the domain registration is correct.

But for years, the WHOIS database has been plagued with inaccuracies, likely thanks to people with quasi-legal or illegal enterprises headquartered on the Internet who are trying to avoid detection. While registrars automate the forms to get people signed up and on the Internet, there is no automated process to ensure the information is correct.

The situation came to a head in May 2002, when Federal Trade Commissioner J. Howard Beales III, director of the Bureau Of Consumer Protection, said the many inaccuracies were preventing his agency from stopping illegal operations being conducted through the Internet.

"We cannot easily sue fraudsters if we cannot find them," he complained to a House panel at the time.

What the FTC and others found was that while the owners of Internet fraud sites were leaving legitimate emails, the contact information that would lead to a real-world arrest was being left out. The report confirms that: It said that 54 percent of the complaints dealt with missing or incorrect mailing addresses; another 49 percent had bogus phone numbers.

As a result, ICANN instituted the WHOIS Data Problem Report System (WDPRS) in September 2002 to let individual users report incorrect domain registration information. In the following 18 months, the organization received 24,148 confirmed WHOIS inaccuracies, with 16,045 unique domain names listed (8,103 complaints were duplicates).

Individuals fill out an online form at the InterNIC Web site maintained by ICANN, which is then sent on to ICANN staffers. Once they receive the report and confirmed it, ICANN sends it on to the registrar to investigate. However, one glaring hole in the process is that registrars are not required to report back to ICANN on the status of their investigations.

"ICANN's experience has been that accredited registrars by and large do conscientiously comply with their contractual obligations by acting promptly to correct incomplete or inaccurate data that is brought to their attention," the report stated. The report went on to say registrars reported back on 36 percent of the total number of reports sent.

Of the 10 domain extensions, 82 percent of complaints were about incorrect contact info supplied in the .com space. .Net lagged a distant second, with 13 percent of the complaints.

An interesting find in the report is that no particular registrar was more deficient than its competitors in the number of incorrect WHOIS entries. The report stated, "The number of complaints sent to each registrar was generally proportional to each registrar's relative market share."

Each of the 192 ICANN-accredited registrars is under contract to provide "accurate and reliable contact details and promptly correct and update them during the term of the registered name registration," the boilerplate contract reads. Failure to take adequate steps to correct the errors would result in a material breach of contract. What this means for the registrar community remains to be seen.