Forgot your password?
typodupeerror
Spam The Internet

Detecting Anonymously Registered Domains 97

Posted by kdawson
from the may-i-tell-them-who-is-calling dept.
Spamresource.com has up a piece describing a new service that could be useful in evaluating the reputation of sites you deal with — anonwhois.org returns information on domains registered anonymously. It provides a DNSBL-style service that "is not a blacklist and wasn't meant to be used for outright rejection of mail." Only 619,000 domains are listed so far, but more are added as they are queried, so the database will grow more complete. Anonwhois.org seems to be a sister site to Spam Eating Monkey.
This discussion has been archived. No new comments can be posted.

Detecting Anonymously Registered Domains

Comments Filter:
  • by suso (153703) * on Tuesday March 02, 2010 @01:51PM (#31333368) Homepage Journal

    It provides a DNSBL-style service that "is not a blacklist and wasn't meant to be used for outright rejection of mail.

    Which of course means that in a year or two us mail administrators will start encountering mail servers that have been setup to reject mail based soley on them being on this blacklist.

    • by eldavojohn (898314) * <eldavojohn AT gmail DOT com> on Tuesday March 02, 2010 @01:58PM (#31333486) Journal

      It provides a DNSBL-style service that "is not a blacklist and wasn't meant to be used for outright rejection of mail.

      Which of course means that in a year or two us mail administrators will start encountering mail servers that have been setup to reject mail based soley on them being on this blacklist.

      Yeah, I urge everyone to exercise caution here ... I looked at the stats [anonwhois.org] and was a little concerned about 123k domains (20%) being domains by proxy. I host a site as a hobby and enjoy tinkering with forums and the like on it. I also don't like the idea of someone looking up my home address via whois and showing up at my front door to complain about something someone said on one of these forums. As a result, I opt for my ISP to be my proxy on the registration of the domain. Now, I know you think that means I have something to hide but I just really don't want my address and name out there because all I would have to put there is my house address.

      Granted, my domain's not no the list and I'm not using it as a mail server (yet), I sympathize with hobbyists, non-profitable sites and people who value privacy. Keep that in mind if you're going to utilize this site as an auto-reject authority.

      • by Anonymous Coward on Tuesday March 02, 2010 @02:19PM (#31333828)

        [...]I host a site as a hobby and enjoy tinkering with forums and the like on it. I also don't like the idea of someone looking up my home address via whois and showing up at my front door to complain about something someone said on one of these forums. As a result, I opt for my ISP to be my proxy on the registration of the domain. Now, I know you think that means I have something to hide but I just really don't want my address and name out there because all I would have to put there is my house address.

        Anecdotes are not data (and a mailbox works as a contact address).

        Every single domain involved in spamming or hosting landing pages ARE registered anonymously or have fake contact details, because the lowlife, scumsucking, asshole criminals behind them DO have something to hide. If you want to set up a mail server on your anonymously registered hobbyist domain ... well ... good luck with that. Just another thing you can thank the spammers for.

        Admining a mail server (or god forbid - a whole room full of them - like I do) requires constant vigilance and lots and lots of contact with other mail admins. Most of the contact involves stuff that is broken, and if you can't contact anyone to get stuff fixed at their end which breaks your stuff, you have very few options. One of the options is to 55x them (with an informational reject message) until they take notice and contact YOU. If you never hear anything ... well ... then it's their problem.

        Operating a server with internet services is contrary to popular belief not for amateurs and basement dwelling guys of the "Hmmm. Lemme se how this works. Ooops!" persuasion. The internet is a global collaboration based on informal (and some not so informal) rules. It's not a testing ground for stuff you found on Google or software you downloaded from Sourceforge.

        Now get off my lawn before I call the Internet Police.

        • by Anonymous Coward on Tuesday March 02, 2010 @02:30PM (#31334046)

          Admining a mail server

          But why would you want to mine your server with ads? Sounds like YOU have something to hide.

        • Great, so we already have one person planning on blocking.

          very single domain involved in spamming or hosting landing pages ARE registered anonymously or have fake contact details, because the lowlife, scumsucking, asshole criminals behind them DO have something to hide. If you want to set up a mail server on your anonymously registered hobbyist domain ... well ... good luck with that. Just another thing you can thank the spammers for.

          So obviously the correct response to this is to block anyone with an anonymous registration. Shall we apply similar logic to forums? If so , you wouldn't be allowed to post here without including your home name address and phone number. After all, forum spammers always register under fake names.

          I get it though. It's definitely better to blame the victims for the troubles that spammers cause, and punish them in the name of punishing spammers. That's way better than implementing a real solution.

          • by Anonymous Coward on Tuesday March 02, 2010 @02:50PM (#31334366)

            I never said anything about blocking anyone, but I WAS trumpeting the usefulness of real contact data on domain registrations. As with all other black lists, it's advice you take or advice you don't take. Uninformed decisions are the domain of kneejerks, feelgooders and people who are out on a mission, not professionals whose job (or reputation) hangs in the balance.

            I'll start looking up everything on this list, and if 99% of what is otherwise considered spam is also on the list after a few months, I'll start assigning scores to it. That'll leave me with around a 5,000,000 sample body of mails. That's the logic I'm going for, and teenager style similes and anecdotes are still not data.

          • by DarkOx (621550) on Tuesday March 02, 2010 @03:56PM (#31335448) Journal

            I am not sure I agree. Anonymity on the internet is valuable and important. A domain is kinda formal though. Slashdot for instance is somewhat responsible for the content here. They don't need to really police it but if it were brought to Taco's attention people were arranging drug deals or something they would be obligated to help, the authorites.

            All and all I think its a good point of balance; if you are going to have your own domain there should be a responsible part that can be easily determined and contacted when needed.

            • by sopssa (1498795) * <sopssa@email.com> on Tuesday March 02, 2010 @04:19PM (#31335828) Journal

              There is already - you contact the email in the whois (if there isn't contact info on the site). In some cases it's unique email that goes directly to the site owner, sometimes you have to specify the domain in message and they send it to correct owner. In either case you will get the email delivered. If authorities need to contact the domain owner or know who it is, registrars will give them the info. Anonymous whois data doesn't mean you can break laws and do whatever, it just means that spammers/weirdos/random people on the internet won't get your name or home address. That's how it should be.

              • by DarkOx (621550) on Tuesday March 02, 2010 @05:27PM (#31336828) Journal

                That is my point though with proxy registered domains I very often don't have away to contact the responsible party. I am network administrator. I frequently use whois to find out who to call when there are issues relaying e-mail; or I am being spam by that domain, and various other reasons.

                Generally people who are registered in who is tend to be available and get in touch with each other. We usually can figure out what the problem is and whose problem it is, efficiently and get the issue resolved for our users.

                Generally people registered by proxy have only an e-mail listed for contact which is the proxy agents not theirs, and often the phone number is completely bogus. This is a pain when the problem is mail related, and when the phone number does work the proxy generally gives me a hard time and refused to even pass messages along to the domain owner.

                If the behavior of the proxies were better than I'd be ok with it but generally it causes problems for people who actually use the net for more than just entertainment and need to get problems resolved.

              • by Cramer (69040) on Tuesday March 02, 2010 @09:18PM (#31339520) Homepage

                If authorities need to contact the domain owner or know who it is, registrars will give them the info.

                Yes and no. At any rate, it's no where near as simple as you make it sound. The proper, legal, paperwork littered path takes weeks if not months. And there's no way to know if the information given to the proxy is bogus or not. There are thousands of public registered domains with BS contact records. (and many are immediately obvious) I'm pretty sure bogus information is given to Domains By Proxy as well.

        • by sopssa (1498795) * <sopssa@email.com> on Tuesday March 02, 2010 @02:43PM (#31334272) Journal

          Anecdotes are not data (and a mailbox works as a contact address).

          Maybe in the US. What do you suggest those in the other countries, which have dropped the usage of mailbox addresses, do? No, I'm not putting my home address on the internet, and no, I'm not registering a costly company (with all the tax filing and other things) just so I can register a domain for a hobby site.

          Everyone should also be able to be tell their opinion anonymously (interestingly you also posted as anonymous coward).

          I'm waiting for your insightful answer.

          • by Cramer (69040) on Tuesday March 02, 2010 @09:27PM (#31339584) Homepage

            And when will people learn there is no such thing as "anonymous"? Esp. online.

            If you don't want your name associated with your (home) address linked to a domain name -- which is yet another public record -- then don't register a domain in your name with your home address.

            • by IBBoard (1128019) on Thursday March 04, 2010 @08:13AM (#31357012) Homepage

              What address do you use, then?

              I think the UK way of doing it is right - let "non-trading individuals" have an option to hide their address but make companies show it. That way the ones you need to have an address for to help with trust issues (companies) have the details shown and those who don't show it (individuals and hobbyists) still have it recorded in case of legal proceedings, but their home address isn't there for every crazy nutjob to see and associate with a domain. The .com method of making everyone show their address is unnecessary and just leads to registrars making an extra buck from it as a "value added" service.

              As for the earlier idea of having a mailbox - PO Box addresses in the UK cost money. If you're registering a £3 per year domain (rough price of a .uk domain) then why would you want to spend twenty times that just so that some idiot online can't read your address from the WhoIs record? Only in the first half of the new millennium did I receive anything to my registered address, and that was before .uk domains stopped posting paper certificates for your registration. Other than that then the address isn't legitimately used by the registration, so the PO Box is a waste of money.

        • by eldavojohn (898314) * <eldavojohn AT gmail DOT com> on Tuesday March 02, 2010 @02:49PM (#31334346) Journal

          Operating a server with internet services is contrary to popular belief not for amateurs and basement dwelling guys of the "Hmmm. Lemme se how this works. Ooops!" persuasion. The internet is a global collaboration based on informal (and some not so informal) rules. It's not a testing ground for stuff you found on Google or software you downloaded from Sourceforge.

          Wow! The internet is some serious shit! I thought I would just log on and, like, clear up the tubes and make a really wicked site, brah! So tell me, how do I get to be as fucking awesome as you if I can't tinker with hosting a real server with real internet services on the real internet?

          Do you imagine that I am paying $70 a year to a web hosting company so that I can open all the ports on their servers, drop my pants, bend over and wait for the first botnet to have their way with me?

          Contrary to your elitist belief system, web hosting companies exist that offer you servers and restrict your abilities to protect you and others from the horrors of the internet.

          Now get off my lawn before I call the Internet Police.

          The Internet Police!? Well, now I'm fucked. And all this time I thought it was the ma-and-pa Windows 9x machines out there that were part of the big bad botnets. Thank you for opening up my eyes, I realize now that I caused all internet cancer.

        • by Anonymous Coward on Tuesday March 02, 2010 @04:10PM (#31335692)

          You sound like an elitist asshole who has either a) only recently started getting paid to do this stuff and has a BOFH complex or b) some burnt out faggot from NANOG or ASR who's been doing it for far too long and needs to shut the fuck up and retire.

          There's nothing wrong with people running hobbyist servers. I've been doing it for 12 years, which means that I was doing it for 2 years before I started doing this shit for a living....and not even ONCE in that 2 years as an "amateur" did my little "basement" server cause any problems to anybody else on the internet.

          Everybody is entitled to their opinion but you need to take yours and shove it up your ass.

          • by Cramer (69040) on Tuesday March 02, 2010 @09:51PM (#31339790) Homepage

            And the internet has changed a great deal over those 12 years. I've been around the internet for ~20 years... before there were firewalls, back when spam was a caned meat product. The internet didn't consist of millions of complete morons trying to make a buck (which is where SPAM came from), bored teens out to break other peoples stuff, or thugs, gangs, and other criminal organizations out to steal and extort money from anything they can find. (phishing, fake websites, botnets, trojan keyloggers, etc.)

            Simply plugging a Windows computer (pretty much ANY version, patched or not) directly into the internet is bad enough. Having inexperienced, non-admins setting up mail servers, dns servers, web servers, forum software, blog software, etc., etc. makes just as big a mess. (if not worse since they lack the skills to secure and harden their installations, assuming they realize they've been hacked -- the "windows problem" is simple enough: hide it behind a NAT box.)

        • by Runaway1956 (1322357) on Tuesday March 02, 2010 @06:12PM (#31337566) Homepage Journal

          "It's not a testing ground for stuff you found on Google or software you downloaded from Sourceforge."

          Now, that's an interesting take. I mean, the internet was BUILT by people doing that sort of thing, wasn't it? Geeks and nerds finding ways to do cool stuff. You're suggesting that the days of innovation are over, and everyone needs to toe the line, or the internet police will come calling?

          Granted, I understand what you're trying to say - there is a lot of serious business conducted on the internet, and hobbyists shouldn't be getting in the way of all of that. All the same - I believe you need to make some allowances for hobbyists. Those open source nerds may very well hand you the gift of a lifetime next month, or next year, making your admin job easier by orders of magnitude.

          Just keep an open mind, is all I'm saying. ;^)

      • by Anonymous Coward on Tuesday March 02, 2010 @02:31PM (#31334058)

        Now, I know you think that means I have something to hide but I just really don't want my address and name out there because all I would have to put there is my house address.

        You do have something to hide: your home address. There is nothing wrong with that.

      • by masshuu (1260516) on Tuesday March 02, 2010 @04:16PM (#31335786)

        that is what PO boxes are for, unless i misunderstood something. They can still call you, but they can't drive to you.

        I have a domain thats been up for 4 and a half years, mild traffic, and i have yet to have someone call me or knock on my door.

        I have gotten spam mail about switching to another domain register and paying $60 a year for basic services, like DNS.

        • by brain159 (113897) on Tuesday March 02, 2010 @05:41PM (#31337098) Journal

          In some parts of the world, PO Boxes are not particularly cheap and are absolutely not anonymous. In the UK they cost a bunch (I forget specifics, but it's waaay more than an extra $9 per year for each of the few domains I have set up with DBProxy), and ANYBODY can obtain the name and real-address of the owner simply by writing and asking the Royal Mail.

          That's right - no court order, no lawyer intervention, just ask. (There are some specific cases where that doesn't apply, but the general "there are dickheads on the internet" isn't one of them.)

        • by Anonymous Coward on Tuesday March 02, 2010 @06:01PM (#31337422)
          I own a home. Once you have my name and city you can find me. Sure, you can't be sure I live in the home I own, but that's no comfort to me. I've had may landlords use PO boxes and be surprised when I tell them I know their address anyway.
      • by Anonymous Coward on Tuesday March 02, 2010 @08:32PM (#31339204)

        PO box?

    • by Anonymous Coward on Tuesday March 02, 2010 @04:11PM (#31335700)

      Which of course means that in a year or two us mail administrators will start encountering mail servers that have been setup to reject mail based soley on them being on this blacklist.

      I knew even before clicking to read the comments, such a post would be in the #1 spot and yet again modded +5.

      Sorry in advance if this dips into flame territory, but people who try to push their opinions on everyone else in the world, knowing in advance everyone else does NOT desire what your opinion is, is such bullshit.

      You pretty much allude to who you have problems with... Idiot mail admins that outright block email based on this one DNSBL entry.

      So WHY FOR THE LOVE OF GOD do you have to take away a valuable and useful tool such as this, or DNSBL in general, when those of us that know how to setup Bayesian filtering know how to do it right?

      I'm sure you will try to claim you made no such comment about taking it away from everyone, but I fail to see the purpose of your complaint unless you desire that to not be able to happen?

      Why do you insist on blaming 'everyone' for the stupid actions of a few?
      Keep your hands off our black lists dammit!

  • meh (Score:-1, Offtopic)

    by Anonymous Coward on Tuesday March 02, 2010 @01:55PM (#31333428)
    let me knoe when they can detect anonymous gay sex. I don't want people finding out about my love of glory holes!

    - Larry C., Iowa

  • Stupid (Score:5, Insightful)

    by tgd (2822) on Tuesday March 02, 2010 @01:56PM (#31333438)

    In 2010, who *doesn't* use a "hiding" service for a domain? For fifteen years now you'd basically have to throw away any e-mail address on a domain, and get inundated with physical spam on any mailing address used.

    Black listing domains because the owner doesn't want to deal with jackass spammers and bulk mailers is just stupid.

    • Re:Stupid (Score:2, Funny)

      by Anonymous Coward on Tuesday March 02, 2010 @02:07PM (#31333620)

      In 2010, who *doesn't* use a "hiding" service for a domain?

      Many legitimate companies like to clearly indicate who they are. For example, IBM.com is listed as:

      Registrant:
      International Business Machines Corporation
            New Orchard Road
            Armonk, NY 10504
            US

            Administrative Contact:
                  IBM DNS Admin dnsadm@us.ibm.com
                  IBM Corporation
                  New Orchard Road
                  Armonk, NY 10504
                  US
                  +1.9147654227 fax: +1.9147654370

      Now, since it's so easy to throw up a website, those of us who are less well known than IBM like to project an air of respectability, including who we are, where we are, and how to contact us.

      (and there is some very good anti-spam software out there)

      • Re:Stupid (Score:3, Interesting)

        by Anonymous Coward on Tuesday March 02, 2010 @02:10PM (#31333666)
        Says the Anonymous Coward.
      • by Anonymous Coward on Tuesday March 02, 2010 @02:18PM (#31333802)
        Spam software doesn't prevent a scammer from stealing my address and then attempting to use that to open lines of credit in my name or any number of possible nasty things that could be done.

        If it is a commercial website, then yes. Not having "valid" whois information is a bit suspicious.

        Bob down the street however, shouldn't be penalized because he doesn't want his ip address to connect back to his home address.

    • Re:Stupid (Score:3, Insightful)

      by Sir_Dill (218371) <slashdot.zachula@com> on Tuesday March 02, 2010 @02:09PM (#31333648) Homepage
      I second this

      This has to be the brainchild of a spammer or someone who hasn't been a domain owner for very long (if at all).

      The parent has a VERY good point about scammers and spammers scraping whois for personal information to use for whatever nefarious purpose.

      Consider also that for the many people who register their own domains, the address listed is their personal physical address.

      Anyone who ISN'T using an anonymizer is opening the floodgates for scamming and spamming.

      • by Reziac (43301) * on Tuesday March 02, 2010 @05:46PM (#31337190) Homepage Journal

        Some people are so anal-retentive that they just can't deal with an "invasion" of their personal space by something as disorderly as spam. So rather than deal with their own psych issues, they inflict 'em on the rest of us.

        Yeah, spam sucks; yeah, spammers should die horribly. But that doesn't mean everyone else should be forced to suffer MORE spam (or in some cases, a very real fear of exercising free speech) so that some people can have an utterly orderly universe.

      • by Cramer (69040) on Tuesday March 02, 2010 @10:21PM (#31339974) Homepage

        Domain registration doesn't ask for anything that isn't public knowledge already. All proxy services do is hide who actually uses the domain. By ICANN rules, the proxy owns the domain; they are the registrant. They can do whatever they please with "your" domain and you have little power to stop them. And of course, you have to pay for the service.

    • Re:Stupid (Score:3, Informative)

      by Necroman (61604) on Tuesday March 02, 2010 @02:29PM (#31334020)

      I use a PO Box for my domains and don't put my real name on anything I register. It at least keeps away most crap. For email, I always just list a GMail address now and they do a pretty good job filtering out any spam I may get through it.

      • by Anonymous Coward on Tuesday March 02, 2010 @03:09PM (#31334642)

        I hope you told the post office of the fake name you registered your domains with, otherwise they won't deliver mail addressed to that name into your box. If a name isn't on the list of people who receive mail at that box, the mail is returned rather than delivered into the box, since it is assumed to have been intended for a previous owner of the box.

      • by Anonymous Coward on Tuesday March 02, 2010 @03:35PM (#31335062)

        I use a PO Box for my domains and don't put my real name on anything I register. It at least keeps away most crap. For email, I always just list a GMail address now and they do a pretty good job filtering out any spam I may get through it.

        I would just like to point out that this is no different than using an anonymizing service.

        You're just doing all the work yourself, plus you have to pay for and check a PO box now.

        The ONLY difference is that this method negates the purpose of this list of anon domains.

    • Re:Stupid (Score:1, Insightful)

      by Anonymous Coward on Tuesday March 02, 2010 @04:03PM (#31335568)

      I don't use a hiding service. I've owned my domains for 10 years. My name, PO BOX, and phone number are all real. I can't really say it has been an issue.

      I realize the irony of posting as anonymous coward, but every time I create an account I get modded down as flame bait for being a m$ fan boy.

    • by Cramer (69040) on Tuesday March 02, 2010 @10:13PM (#31339926) Homepage

      I've had domains registered in public for many years. I get almost NONE of what you whine about. Yes, I've received some postal mail over the years -- mostly Register.com bullshit trying to scam away one's domain registration. I've received many orders of magnitude more junk mail (postal mail) from "mortgage insurance" crap, car warantee crap, various retirement related shit, credit card offers, and so on. Spam is next to nothing even though it's in the whois data and dozens of archived, searchable email lists. (I receive more spam at addresses that nothing should know exists.)

  • What's the point? (Score:3, Insightful)

    by DJ Jones (997846) on Tuesday March 02, 2010 @01:59PM (#31333490) Homepage
    This is the dumbest thing since lawn darts. I can tell you who is listed anonymously just by looking at the standard whois database. There's only a handful of privacy companies that represent the majority of anonymous domains. If you could find their contact information then that would be useful.

    Congrats, you are the proud owners of a text parsing machine.
  • Dumb idea. (Score:3, Insightful)

    by loxosceles (580563) on Tuesday March 02, 2010 @02:06PM (#31333590)

    I can't think of a good use for this flavor of dnsbl... too little correlation with anything that matters. A lot of privacy-conscious domain owners use private registration, and it has nothing to do with using the domain for spam or other nefarious purposes.

  • by Anonymous Coward on Tuesday March 02, 2010 @02:08PM (#31333622)

    I don't see the point of this. My own domain is not anonymized, but I get a lot of spam and it also somehow bothers me that anyone can see my address. If I would register a new domain, I'd surely subscribe to one of those anon services. And I'm not a spammer. In fact, wouldn't it be much better if domains were anonymous by default and the registrars provided email forwarding services? I think so.

  • by digitalsushi (137809) <slashdot@digitalsushi.com> on Tuesday March 02, 2010 @02:12PM (#31333696) Journal

    I'm not a spammer, so why should I be honest and publish my true whois info? Whenever I do, cold-callers bug me at 11pm for security systems, credit cards, and worse; if I leave for more than 5 days my mailbox gets so full of junk mail they stop delivering until I go downtown for it. And since I am not abusing anyone, no one has a concern about how to call me, except those that want to spam me -- am I truly the scum of the earth for hiding? Or why should I pay for a po box and answering voicemail for the same spammers? If I do something that needs to get me put offline, the police can get a warrant through the registrar like every other real issue. Or they can take my site down until I call, or whatever. Don't make me force feed my home info for spammers. The other 0.01% of the time there's still a way to get the info, it's just a hassle, a hassle for which someone is gonna get paid. Leave it alone already. I got lucky with midnight phone calls and phonebook sized junkmails -- what happens when your psycho forum members get mad and publish your contact info? Oh yeah, and those privacy services just transfer ownership to your registrar. You lost your legal right when you bought that.

  • by DietCoke (139072) on Tuesday March 02, 2010 @02:13PM (#31333726)

    I anonymize my registration so every PR company and marketer on the face of the earth doesn't spam the crap out of me or call me in the middle of the night, like they were doing before I did this. If that means you won't be visiting my sites, umm... ok. I'd rather not be interrupted by a spam email or phone call.

    Good intention, bad fucking execution.

  • by Jabrwock (985861) on Tuesday March 02, 2010 @02:14PM (#31333730) Homepage
    Registered under Shell Company X owned by son/daughter of employee. Not anonymous, possibly fraudulent, but as if anyone's going to waste their time tracking every company contact down.
  • by Anonymous Coward on Tuesday March 02, 2010 @02:17PM (#31333774)

    lol what

  • The next step is someone taking this too far and thinking "Great, I can incorporate this into my blacklists!" The problem here ist the underlying assumption that using anonymous registration makes you a spammer.

    While that is certainly a use for anonymous registration, there are a lot of us who register anonymously to avoid having our names and addresses unnecessarily exposed to spam and risk of identity theft.

  • Jeebus (Score:1, Interesting)

    by Anonymous Coward on Tuesday March 02, 2010 @02:24PM (#31333922)

    This is just more kdawson FUD.

    I thought he was relegated to the night shift. Guess not.

  • by Digital_Quartz (75366) on Tuesday March 02, 2010 @02:34PM (#31334128) Homepage

    CIRA (the ".ca" registry) has a feature called "whois privacy" which hides the information of individuals who register domains by default. Only businesses get their information published in the whois database (by default - individuals and businesses can turn this on or off, although businesses need to provide CIRA with a good reason why they want their whois info hidden).

  • Contact! (Score:2, Interesting)

    by caturday (1197847) on Tuesday March 02, 2010 @02:36PM (#31334166)
    Everyone who has brought up or agreed with any of the points raised here (private information protection, spammers lying, disclaimers not working, etc), please use the contact form on the anonwhois site to send them a message informing them that they're doing us all a disservice. Doubtful that we'll get anywhere, but you never know... Note: in the case that this is a front for spammers trying to farm information, you'll probably not want to associate your domain with this site in any way.
  • Reasonable idea (Score:1, Flamebait)

    by Animats (122034) on Tuesday March 02, 2010 @02:51PM (#31334390) Homepage

    That's a good idea. We do something like that at SiteTruth [sitetruth.com], where we down-rate commercial sites that don't have a real-world contact address on the site. We're looking at user-visible pages, though, not WHOIS. WHOIS data quality is too low.

    I'm all in favor of this sort of thing. But don't drop the messages silently; reject them during the SMTP session if you can, or send a mail bounce if you can't. There's much to be said for having a hard-ass attitude about this, but you have to handle the false positives properly.

    Anything that sends mail bounces needs to check SPF records. This makes it possible to stop joe-job mail bounce problems. (EXIM mailer people: please finish the implementation of SPF checking and advance it from "experimental", so large ISPs can use it.)

    Also, quit whining that putting your real name on your WHOIS registration will get you annoying phone calls, threats, or whatever. I've had my real name and contact info on all my web sites and WHOIS information for a decade, and that's just not happening.

    • by SelfishMan (1661011) on Tuesday March 02, 2010 @03:00PM (#31334516)
      Rejecting during the SMTP session is a bad answer because IT ISN'T MADE TO BE USED AS A BLACKLIST. The whole purpose of the list is to gather statistics about how many domains have private whois info. Al Iverson is using it correctly to gather stats about domains. Also, don't trust SPF. Many legit sites don't use it or don't use it properly and spammers like to set "ip4:0.0.0.0/0" in their records.
    • by Darknight (8142) on Tuesday March 02, 2010 @04:46PM (#31336258) Homepage

      Also, quit whining that putting your real name on your WHOIS registration will get you annoying phone calls, threats, or whatever. I've had my real name and contact info on all my web sites and WHOIS information for a decade, and that's just not happening.

      Ah, so your logical conclusion is "Since it's never happened to me, it doesn't happen. Period". Brilliant, Sherlock.

  • by StealthyRoid (1019620) * on Tuesday March 02, 2010 @03:31PM (#31335000) Homepage
    I'm the owner of an anonymous hosting company, InvisiHosting.com, and I'd like to comment briefly on the distaste for anonymous domain registration.
    1. ICANN regulations require the listing of accurate data in a WHOIS record, with a threat of revocation if inaccurate data is not corrected. That means that anyone who has a domain name, who doesn't have a company to register it under, has to have their real name, address, email and phone number listed in the WHOIS record. While most registrars are pretty lax in enforcing this, it still leaves normal, good people faced with having to put information that they wouldn't necessarily want public. Anonymous registration makes this unnecessary.
    2. Many people have very very good reasons for not wanting to be associated with a website. Whistleblowers, pranksters, bloggers, etc, all could face serious legal or social repercussions if they data they make public is attached back to them. Many of my non-American customers would be arrested or sued for exercising nothing more than the freedom of speech that the rest of us are accustomed to.
    3. If this idea really takes hold, and ANONWHOIS lists are actually used to spam score email, real spammers will just find a registrar that doesn't enforce ICANN policy too strictly (Joker, GoDaddy, etc...), throw up fake data, and the list would be left penalizing honest people who simply don't want their name attached to their domain.
    • by Cramer (69040) on Tuesday March 02, 2010 @10:47PM (#31340146) Homepage

      Name, address, etc. are not exactly private information to begin with. The only thing they want ("need") hidden is their association with a domain. One court order and it's not hidden anymore. One hack, and none of them are hidden. In most respects, if they don't want to be associated with what they're doing, they probably shouldn't be doing it. (or should find some other venue.)

      And for the record, I don't know of any registrar who looks very closely at the registrant data. (even when it's pointed out to them.)

      • by StealthyRoid (1019620) * on Tuesday March 02, 2010 @11:48PM (#31340564) Homepage
        Well, not everyone's name is publicly associated with their home address, especially now that many people don't have landlines that would put them in the phone book.

        The "if they need anonymity, they're doing something bad" argument is a poor fallacy that's been exposed multiple times. It's the online version of "Well, if you're not doing anything wrong, why do you need privacy?" Why should someone who wants to write a blog about shady dealings at their work be forced to put themselves at risk? Or even just something that their bosses wouldn't like ? There's no intrinsic need for identity to be associated with the registration of a domain name.

        Yes, a court order can (in some cases) strip off the anonymity protections, but not all. For example, InvisiHosting doesn't require that a customer give us any personal information, we allow untraceable payments, and we delete logs daily, so even if a court order comes down, there's no guarantee that someone will be exposed. Still, that same argument applies to warrants to investigate a private residence, and I don't think you're arguing that everyone should just expose all their private behavior to the world, just because cops could go in their house if they're suspected of a crime. If someone's behavior doesn't even meet the laughable criteria for the cops to get a warrant, why should their identity be exposed to the world?

        As far as hacks go, that's not necessarily true. If a registrar gets hacked, that's a much huger deal than the stripping of anonymity from domains. If someone's hosting account gets hacked, there's no guarantee that there will be any personal info there, that's on the user. If the server they're hosted on gets hacked, same thing. Most hosts don't keep customer records on their hosting boxes.

        NetSol looks closely at registrant data.
        • by Cramer (69040) on Wednesday March 03, 2010 @02:04AM (#31341440) Homepage

          If they own any property (namely their house), then they most certainly do have their name publicly associated with their address.

          I would say there's no "intrinsic need" to hide one's identity either. As I said, if you don't want to be associated with what you're doing, you probably shouldn't be doing it. No one is "forced" to bad-mouth their employer. Whistle blowers have ways of doing so without putting their own lips on the whistle.

          I would certainly hope you guys have a good team of lawyers on staff. You're rolling a very dangerous set of dice if you think you can provide bulletproof anonymity. "we delete logs daily" is the surest way to get yourself thrown in jail. "untracable payments" *sigh* No. Such. Thing. It can be made very difficult, but given enough time and determination it can be chased down. (I'm not saying any LEO would go to the extraordinary lengths necessary.)

          NetSol looks closely at registrant data.

          Where "looks closely at" means they do any validation at all, then maybe. I've done business with those overpriced morons; no, they do not. They'll accept incorrect information and never care. They won't take complete nonsense like GoDaddy, but you most certainly can give them false information.

  • by Anonymous Coward on Tuesday March 02, 2010 @04:48PM (#31336272)

    Anonwhois.org whois data refers to SpamEatingMonkey.com

    SpamEatingMonkey.com whois information only has a PO Box as a real world (non email / non internet) contact address.

    The admin, technical and registrant contacts are all "SEM Admin" which refers to "admin@spameatingmonkey.com"

    This is anonymous in the real world.

    So basically they are saying that a PO Box is OK but listing your hosting company address is not.

    Anyone can go and set up a PO Box anonymously. If this takes hold then it will just force legitimate users to register PO Boxes. Spammers can do this too.

  • by Intron (870560) on Tuesday March 02, 2010 @06:27PM (#31337754)
    This is why my domain is registered with name and contact information: Bill Gates, Redmond, WA, 555-1212.
  • by griffinn (240043) on Tuesday March 02, 2010 @07:19PM (#31338454)

    This sounds a lot like the whois DNSBL service by rfc-ignorant.org, which has been around for much longer. Why do we need another one?

  • by Anonymous Coward on Tuesday March 02, 2010 @09:15PM (#31339506)

    I absolutely disagree! I know many private citizens, small personal sites, public people including A-list stars who are running their own websites and for obvious reasons don't want their registration information known to everyone, so they pay the $8.00 to make it private.

    It is a horrible idea to allow all contact data for a people that own a DNS to be accessed by any stalker who knows how to use terminal and "WHOIS".

    Do you really want your 18 year old daughter's registry information including her cellphone available to anyone who can sift it out because she happened to take a "how to make a website" class?
    Come on, there are many industrial and effective answers to fighting spam without using broad exclusion methods that will render a lot of false positives and expose a lot of information into the public that has no business being there.

The reason why worry kills more people than work is that more people worry than work.

Working...