[AfrICANN-discuss] Liz Gasster Q&A on Whois Abuse

Anne-Rachel Inné annerachel at gmail.com
Tue Jan 19 19:58:15 SAST 2010


January 19 2010 Posted by: IDNBlog in: IDN
Liz Gasster Q&A on Whois Abuse

Liz Gasster is a Senior Policy Counselor at ICANN, and commendably she
is always eager to engage in discussion with domain registrants. Liz
has over 27 years of experience in technology and Internet-related
marketing, public policy and advocacy. Most recently, Liz was General
Counsel of the Cyber Security Industry Alliance. Previously she was
with AT&T in Washington D.C. from 1979–2006.

Q: What is the Whois system, who runs it and where is the data stored?

A: Created in the 1970s, Whois began as a service that Internet
operators could use to identify and contact individuals or entities
responsible for the operation of a computer on the Internet. Since
then, the Whois service has evolved into a tool used for many
purposes, such as determining whether a domain name is available for
registration, identifying the source of spam e-mail, enforcing
intellectual property rights, and identifying and verifying online
merchants, to name a few.

ICANN requires registrars to provide public access to data on
registered names through the Registrar Accreditation Agreement (RAA).
Specifically, the current RAA requires that “At its expense, Registrar
shall provide an interactive web page and a port 43 Whois service
providing free public query-based access to up-to-date (i.e., updated
at least daily) data concerning all active Registered Names sponsored
by Registrar for each TLD in which it is accredited.” (ICANN 2009 RAA

ICANN also has agreements with generic top-level domain (gTLD)
registries, specifying Whois service requirements. Different
registries have different type of agreements, often characterized as
either “thin” or “thick” Whois. With a thin registry, Whois records
merely include data sufficient to identify the sponsoring registrar,
status of the registration, and creation and expiration dates for each
registration. An example of a thin registry is .COM. Most registries
are required to provide “thick” Whois, which includes registrant’s
contact information and designated administrative and technical
contacts, in addition to the information supplied by a thin registry.

Q: What are forms of Whois misuse?

A: Whois misuse refers to harmful acts that exploit contact
information obtained from Whois. Those harmful acts may include
generation of spam, abuse of personal data, intellectual property
theft, loss of reputation or identity theft, loss of data, phishing
and other cybercrime-related exploits, harassment, stalking, or other
activity with negative personal or economic consequences.

Q: What studies is ICANN conducting regarding Whois misuse and when
will findings be reported?

A: ICANN’s GNSO policy council is considering several studies of
Whois, to provide a factual foundation for future policy making. Whois
“misuse” is one of several areas of study we are examining. The Misuse
study will assess the extent of misuse of public Whois data to
generate spam or for other illegal or undesirable activities. One
Misuse study will survey registrants about specific acts they have
experienced that they believe occurred using Whois contact data;
survey registrars about how Whois can be queried, and survey others
about reported incidents from cybercrime, research and law enforcement
organizations. A second Misuse study will measure a variety of harmful
acts by classifying messages sent to unpublished test domain names
registered specifically for the study using a representative sample of
registrars. The study will compare harmful acts associated with public
vs. non-public addresses and examine impact of public Whois and
anti-harvesting measures.

The GNSO Council is also considering a “Whois Registrant
Identification” Study, which will look at how registrants are
identified in Whois and study the extent to which domains used by
legal persons (commercial entities) or for commercial purposes are: 1)
not clearly identified as commercial entities in Whois (perhaps their
identity is obscured or suggests that the registrant is a
non-commercial entity); and 2) are correlated to use of privacy and
proxy services.

A third study area, still in the initial evaluation stage, will look
more closely at proxy and privacy services from two perspectives:

1) whether domain names used to conduct illegal or harmful Internet
activities are registered via proxy and privacy services to obscure
the perpetrator’s identity; and 2) the extent to which proxy and
privacy services impede or delay timely identification of
perpetrators. More information about these studies will be available
in the coming weeks.

For all of these studies, ICANN’s policy staff are still at the
initial stage of gathering costs and feasibility to provide to the
GNSO Council, then the Council and staff will decide which studies to
conduct. Studies would be initiated after the Council decides what to
do, and would likely take a number of months to complete.

ICANN’s compliance department is also conducting studies of Whois.
More information may be found at: http://www.icann.org/en/compliance/

Q: For IDN domain owners, are there available Whois tools that allow
one to easily look up an IDN.com?

There are several . . . Domaintools.com is [a] source (www.domaintools.com).

Q: What improvements to the Whois system can domain name owners look forward to?

A: Information provided by future studies of Whois will provide a
factual foundation for further policy making on Whois. In addition,
there are two other initiatives that may result in changes to Whois in
the longer term.

The first is a working group on Internationalized Registration Data
that is currently underway. Currently, no standards or guidelines
define how Domain Registration Data should be composed and displayed.
As volumes of registrations increase from around the world, it will be
increasingly hard for those who use WHOIS contact data today to “read”
contact information displayed in different non-US ASCII language
character sets. This technical group was recently convened to study
the feasibility and suitability of introducing display specifications
to deal with the internationalization of Registration Data. The
initial set of goals of the group is to gain an understanding of, and
achieve consensus on, the types, kinds, and encodings of registration
data that contracted parties would collect, display and maintain. This
group’s work is just beginning at this time.

Staff is also compiling an inventory of Whois features and
requirements based on current requirements and capabilities suggested
in previous policy discussions. This inventory, once complete, is
intended to provide a foundation for considering significant changes
to Whois in the future, including a possible replacement to the
current Whois protocol.

More information about policy development activities at ICANN may be
found at: http://www.icann.org/en/policy/.

You can subscribe to a monthly policy update at:

More information about the AfrICANN mailing list