VeriSign Ignored WHOIS Warnings

VeriSign officials tried to minimize the damage caused
by an Internet Corporation for Assigned Names and Numbers (ICANN) warning
yesterday, which gave the .com and .net registry about two weeks to fix 17
violations in the WHOIS database.

It’s a problem that likely wouldn’t have come to light in the first place,
if VeriSign officials hadn’t dismissed ICANN concerns.

Mary Hewitt, an ICANN spokeserperson, said the notice wouldn’t have been
publicized in the first place if VeriSign were more cooperative.

“A couple weeks ago, we gave them a final notice to fix these violations,
and their answer was essentially, ‘do whatever you want.’ ”

The database contains the names and contact information of registered
domain owners, and is frequently used by
illegal Web site operators
to avoid prosecution. Many such operators
file contact information under bogus e-mail addresses through anonymous
Hotmail or Yahoo! accounts.

Brian O’Shaunghnessy, a VeriSign spokesperson, told The Washington
the violations were only a few incidences among millions of
registered domain name owners at Network Solutions, the registrar division
of VeriSign.

Ross Rader, director of research and innovation at one of VeriSign’s
competitors, Tucows, Inc., said the violations are hardly an aberration, and finds VeriSign’s attempts to downplay the extent of the problem laughable.

“I find it almost ridiculous, to be honest,” he said. “They do have a
serious problem and as far as I can see they’ve taken no steps to follow
these problems. I personally brought this to their attention six months
ago and haven’t heard back from them yet.”

That pattern of neglect is what brought ICANN down on VeriSign in the first
place, according to the announcement yesterday, “based on a broad,
longstanding pattern it has exhibited of failing to abide by its agreements
to provide complete WHOIS data, and to take steps to correct reported
inaccuracies in that data,” the statement read.

In an e-mail obtained by, Rader posted a public
query back on March 29 to Bruce Beckwith, a director at Network Solutions,
asking when Network Solutions would work on its registrant’s invalid e-mail
and contact information.

“While we are on the subject of poor data integrity, can you provide an
indication of when Verisign will be correcting the thousands of invalid
email addresses in your whois that continue to show
[email protected]?”

Rader got no response, he said, and doesn’t expect one forthcoming.

“What (the ICANN warning) will do is get them to fix the 17 violations and
hide their head in the sand with the other thousands they have in the
database,” he said. “It’s no exaggeration that they have thousands of
emails that are invalid.”

But VeriSign does notify its registrants and has taken steps to ensure
WHOIS entries are legitimate, said Patrick Burns, a VeriSign spokesperson.

“VeriSign takes all its obligations seriously,” he said. “We have taken
several steps to ensure it, including a mailing to all registrants back in
June explaining our policies.”

News Around the Web