77% of domain registrations stuffed with rubbish

Whois in charge? ICANN't tell

Intelligent flash storage arrays

An incredible 77 per cent of internet domains - nearly 90 million internet addresses - are registered with false, incomplete, or unverifiable information.

An extensive review of 1,419 representative domain names conducted by overseeing body ICANN, including direct contact with over 500 individual domain owners, produced some startling results (PDF). Example: only 23 per cent of domain registrations display the owner's correct name and physical address.

Worse, an extraordinary 29 per cent of domains are registered with patently false or suspicious information - a shady sign of online criminalty. The remaining 48 per cent of faulty registrations are in a grey area where people are either unaware or unwilling to hand over their identifying details.

But Jenny Kelly of the National Opinion Research Center (NORC), who headed the investigation, warned against making broad assumptions about the initegrity of the Whois system for registration data. "What we found was that 23 per cent of domains had good information that we could verify but there are many others where we were not able to confirm the content and so were not able to say they were good," she explained, citing as an example post-office boxes.

The survey found that Whois records for domains contain a lot of incomplete information - something that can be put down to the practices of different registrars. "The approach taken varies widely by registrar," Kelly explained.

"As part of my background preparation, I tried to register domains with different registrars. It was clear that some companies have good checks: checking your zip code is right for the city and state you entered, and likely checking credit card details against the registered address. But others did not apply such checks during the registration process, although whether or not they apply them subsequently I don't know."

The findings will have far-reaching implications for the domain-name system, which has spent the past five years working under the broad assumption that 95 per cent of domain information was at least partially accurate.

The report itself expressed surprise that no incidences of identity theft were found - but it concluded, incredibly, that this was because such theft wasn't needed. "It would seem that given the latitude that people have in choosing what information to provide when registering a domain name, identity theft may not be necessary. It is all too easy to enter any or no name, along with an unreliable or undeliverable address," the report reads.

The reasons behind the widespread failure of the Whois system, which is supposed to ensure accurate domain registration information, are complex - but they stretch beyond complaints about the privacy implications of people posting their information online for anyone to view.

There are no mandated standards for registrars to check whether the information provided is accurate. A large number of domain registrants are unaware that the service even exists, and until a few months ago, the system only accepted ASCII English, causing millions of registrants to register with best-guess information.

The report notes that the majority of the issues behind the inaccuracy are within the ICANN community's ability to fix. All registrars of generic top-level domains (such as .com or .info) have to sign a Registrar Accreditation Agreement (RAA) with ICANN and changes to that agreement can oblige registrars to improve the level of checking for domains.

ICANN is also in a position to provide ratings of different registrars so that consumers can be better informed about with whom they register their domain. However, both alterations in the RAA and the creation of a rating mechanism require a change in policy at ICANN - something to which registrars would need to agree.

Following the collapse of one registrar, RegisterFly, a few years ago that resulted in tens of thousands of individuals losing control of their domains, ICANN announced it would revise the RAA to make sure it didn't happen again. However, the end result of its review was watered down over time by the registrars themselves before they were agreed to. A new set of amendments are currently under discussion.

Improving accuracy of the Whois system would also come at a cost, the report warns. "The cost of ensuring accuracy will escalate with the level of accuracy sought, and ultimately the cost of increased accuracy would be passed through to the registrants in the fees they pay to register a domain."

Kelly wouldn't be drawn into discussing the cost of such a system, but she did note that heavy competition in the registrar market has driven down costs to less than $10 per domain per year. She hypothesised: "If registration cost $20 rather than $10, would it stop people from registering domains? And would we find that it enables more security?"

The report may help break a decade-long impasse over the Whois service, during which conflicting interests have ensured that no progress has been made on much-needed changes. The last time a full study (PDF) of Whois accuracy was commissioned - by the US Government Accountability Office (GAO) in 2005 - it was reported that only 5 per cent of domain names contained "missing or patently false information."

That report was dismissed by those in the know as being wildly inaccurate because it didn't look into the accuracy of information, but only whether it appeared normal. Today's report discovered roughly the same 5 per cent of nonsense information but found a far greater percentage of wrong or false information by looking at the actual data itself.

ICANN is obliged under its Affirmation of Commitments with the US government to maintain the Whois service as well as "assess the extent to which WHOIS policy is effective and its implementation meets the legitimate needs of law enforcement and promotes consumer trust."

ICANN's management has also clearly signalled that it intends to use the report to break the Whois impasse, with its Chief Operating Officer Doug Brent telling us: "Ultimately, any solution reached for Whois accuracy must be closely tied to ICANN’s contractual enforcement mechanisms which today go no further than requiring investigation of inaccuracy complaints.

"Sometimes, the thorniest problems are the most important to address, and we hope that putting some facts out on the table leads to a more informed debate, and an actual path to solutions.”

You can view public comment on the report - or submit your own thoughts - here. ®

Secure remote control for conventional and virtual desktops

More from The Register

next story
Same old iPad? NO. The new 'soft SIMs' are BIG NEWS
AppleSIM 'ware to allow quick switch of carriers
Arab States make play for greater government control of the internet
Nerds told to get lost in last-minute power grab bid at UN meeting
Brits: Google, can you scrape 60k pages from web, pleeease
Hey, c'mon Choc Factory, it's our 'right to be forgotten'
Of COURSE Stephen Elop's to blame for Nokia woes, says author
'Google did have some unique propositions for Nokia'
By 'eck! Eccles cake production thrown into jeopardy
Mobile coverage on trains really is pants
You thought it was just *insert your provider here*, but now we have numbers
Don't mess with Texas ('cos it's getting Google Fiber and you're not)
A bit late, but company says 1Gbps Austin network almost ready to compete with AT&T
prev story


Forging a new future with identity relationship management
Learn about ForgeRock's next generation IRM platform and how it is designed to empower CEOS's and enterprises to engage with consumers.
Why cloud backup?
Combining the latest advancements in disk-based backup with secure, integrated, cloud technologies offer organizations fast and assured recovery of their critical enterprise data.
Win a year’s supply of chocolate
There is no techie angle to this competition so we're not going to pretend there is, but everyone loves chocolate so who cares.
High Performance for All
While HPC is not new, it has traditionally been seen as a specialist area – is it now geared up to meet more mainstream requirements?
Intelligent flash storage arrays
Tegile Intelligent Storage Arrays with IntelliFlash helps IT boost storage utilization and effciency while delivering unmatched storage savings and performance.