ICANN Reports On WHOIS Inaccuracies

The Internet Corporation for Assigned Names and Numbers (ICANN) Wednesday
published the first in what will be an annual report on the steps being
taken to wipe out bogus or incomplete information found in domain
registrations.

The findings? Nearly 5,000 of the 24,148 complaints dealt with domains
containing incorrect or incomplete contact information — telephone numbers,
email addresses, street addresses — of known or suspected spammers.

The WHOIS database is a list of registered owners for every top-level domain
(TLD) name governed by the Marina del Ray, Calif., organization — .com,
.net, .org, .aero, .biz, .coop, .info, .museum, .name and .pro. Registrars,
the companies who sell the domain names, are under contract to ensure the
contact information regarding the domain registration is correct.

But for years, the WHOIS database has been plagued with inaccuracies, likely thanks to people with quasi-legal or illegal enterprises headquartered on the Internet who are
trying to avoid detection. While registrars automate the forms to get
people signed up and on the Internet, there is no automated process to
ensure the information is correct.

The situation came to a
head
in May 2002, when Federal Trade Commissioner J. Howard Beales III,
director of the Bureau Of Consumer Protection, said the many inaccuracies
were preventing his agency from stopping illegal operations being conducted
through the Internet.

“We cannot easily sue fraudsters if we cannot find them,” he complained to a House
panel at the time.

What the FTC and others found was that while the owners of
Internet fraud sites were leaving legitimate emails, the contact information
that would lead to a real-world arrest was being left out. The report
confirms that: It said that 54 percent of the complaints dealt with missing or
incorrect mailing addresses; another 49 percent had bogus phone numbers.

As a result, ICANN instituted the WHOIS Data Problem Report System (WDPRS)
in September 2002 to let individual users report incorrect domain
registration information. In the following 18 months, the organization
received 24,148 confirmed WHOIS inaccuracies, with 16,045 unique domain
names listed (8,103 complaints were duplicates).

Individuals fill out an online form at the InterNIC Web site maintained by ICANN, which
is then sent on to ICANN staffers. Once they receive the report and
confirmed it, ICANN sends it on to the registrar to investigate. However,
one glaring hole in the process is that registrars are not required to report
back to ICANN on the status of their investigations.

“ICANN’s experience has been that accredited registrars by and large do
conscientiously comply with their contractual obligations by acting promptly
to correct incomplete or inaccurate data that is brought to their
attention,” the report stated. The report went on to say registrars
reported back on 36 percent of the total number of reports sent.

Of the 10 domain extensions, 82 percent of complaints were about incorrect contact info
supplied in the .com space. .Net lagged a distant second, with 13
percent of the complaints.

An interesting find in the report is that no particular registrar was more
deficient than its competitors in the number of incorrect WHOIS entries.
The report stated, “The number of complaints sent to each registrar was
generally proportional to each registrar’s relative market share.”

Each of the
192 ICANN-accredited registrars is under contract to provide “accurate and
reliable contact details and promptly correct and update them during the
term of the registered name registration,” the boilerplate contract reads.
Failure to take adequate steps to correct the errors would result in a
material breach of contract. What this means for the registrar community remains to be seen.

News Around the Web