Forgot your password?
typodupeerror
Spam The Internet

Detecting Anonymously Registered Domains 97

Posted by kdawson
from the may-i-tell-them-who-is-calling dept.
Spamresource.com has up a piece describing a new service that could be useful in evaluating the reputation of sites you deal with — anonwhois.org returns information on domains registered anonymously. It provides a DNSBL-style service that "is not a blacklist and wasn't meant to be used for outright rejection of mail." Only 619,000 domains are listed so far, but more are added as they are queried, so the database will grow more complete. Anonwhois.org seems to be a sister site to Spam Eating Monkey.
This discussion has been archived. No new comments can be posted.

Detecting Anonymously Registered Domains

Comments Filter:
  • by suso (153703) * on Tuesday March 02, 2010 @02:51PM (#31333368) Homepage Journal

    It provides a DNSBL-style service that "is not a blacklist and wasn't meant to be used for outright rejection of mail.

    Which of course means that in a year or two us mail administrators will start encountering mail servers that have been setup to reject mail based soley on them being on this blacklist.

    • by eldavojohn (898314) * <eldavojohn.gmail@com> on Tuesday March 02, 2010 @02:58PM (#31333486) Journal

      It provides a DNSBL-style service that "is not a blacklist and wasn't meant to be used for outright rejection of mail.

      Which of course means that in a year or two us mail administrators will start encountering mail servers that have been setup to reject mail based soley on them being on this blacklist.

      Yeah, I urge everyone to exercise caution here ... I looked at the stats [anonwhois.org] and was a little concerned about 123k domains (20%) being domains by proxy. I host a site as a hobby and enjoy tinkering with forums and the like on it. I also don't like the idea of someone looking up my home address via whois and showing up at my front door to complain about something someone said on one of these forums. As a result, I opt for my ISP to be my proxy on the registration of the domain. Now, I know you think that means I have something to hide but I just really don't want my address and name out there because all I would have to put there is my house address.

      Granted, my domain's not no the list and I'm not using it as a mail server (yet), I sympathize with hobbyists, non-profitable sites and people who value privacy. Keep that in mind if you're going to utilize this site as an auto-reject authority.

      • by masshuu (1260516)

        that is what PO boxes are for, unless i misunderstood something. They can still call you, but they can't drive to you.

        I have a domain thats been up for 4 and a half years, mild traffic, and i have yet to have someone call me or knock on my door.

        I have gotten spam mail about switching to another domain register and paying $60 a year for basic services, like DNS.

        • by brain159 (113897)

          In some parts of the world, PO Boxes are not particularly cheap and are absolutely not anonymous. In the UK they cost a bunch (I forget specifics, but it's waaay more than an extra $9 per year for each of the few domains I have set up with DBProxy), and ANYBODY can obtain the name and real-address of the owner simply by writing and asking the Royal Mail.

          That's right - no court order, no lawyer intervention, just ask. (There are some specific cases where that doesn't apply, but the general "there are dickhea

          • by masshuu (1260516)
            nothings gonna stop some crazy serial killer, but a PO box will still stop some idiot from knocking on your door because they can.
          • by RockDoctor (15477)

            In some parts of the world, PO Boxes are not particularly cheap

            From the Royal Mail website : "A PO Box® costs just £62.85 a year or £51.00 for six months."
            Not particularly cheap.
            Personally, at that sort of price I'd be tempted to persuade a big, old and ugly friend to give me a "care-of" service : all addresses "care of Big Ugly Bastard, [address]".
            Other providers ... £192 per year, another company won't say, a local provider £240/year. Not exactly a cheap option.

  • Stupid (Score:5, Insightful)

    by tgd (2822) on Tuesday March 02, 2010 @02:56PM (#31333438)

    In 2010, who *doesn't* use a "hiding" service for a domain? For fifteen years now you'd basically have to throw away any e-mail address on a domain, and get inundated with physical spam on any mailing address used.

    Black listing domains because the owner doesn't want to deal with jackass spammers and bulk mailers is just stupid.

    • Re: (Score:2, Funny)

      by Anonymous Coward

      In 2010, who *doesn't* use a "hiding" service for a domain?

      Many legitimate companies like to clearly indicate who they are. For example, IBM.com is listed as:

      Registrant:
      International Business Machines Corporation
      New Orchard Road
      Armonk, NY 10504
      US

      Administrative Contact:
      IBM DNS Admin dnsadm@us.ibm.com
      IBM Corporation

      • Re: (Score:3, Interesting)

        by Anonymous Coward
        Says the Anonymous Coward.
    • Re: (Score:3, Insightful)

      by Sir_Dill (218371)
      I second this

      This has to be the brainchild of a spammer or someone who hasn't been a domain owner for very long (if at all).

      The parent has a VERY good point about scammers and spammers scraping whois for personal information to use for whatever nefarious purpose.

      Consider also that for the many people who register their own domains, the address listed is their personal physical address.

      Anyone who ISN'T using an anonymizer is opening the floodgates for scamming and spamming.

      • by Reziac (43301) *

        Some people are so anal-retentive that they just can't deal with an "invasion" of their personal space by something as disorderly as spam. So rather than deal with their own psych issues, they inflict 'em on the rest of us.

        Yeah, spam sucks; yeah, spammers should die horribly. But that doesn't mean everyone else should be forced to suffer MORE spam (or in some cases, a very real fear of exercising free speech) so that some people can have an utterly orderly universe.

      • by Cramer (69040)

        Domain registration doesn't ask for anything that isn't public knowledge already. All proxy services do is hide who actually uses the domain. By ICANN rules, the proxy owns the domain; they are the registrant. They can do whatever they please with "your" domain and you have little power to stop them. And of course, you have to pay for the service.

    • Re: (Score:3, Informative)

      by Necroman (61604)

      I use a PO Box for my domains and don't put my real name on anything I register. It at least keeps away most crap. For email, I always just list a GMail address now and they do a pretty good job filtering out any spam I may get through it.

    • Re: (Score:1, Insightful)

      by Anonymous Coward

      I don't use a hiding service. I've owned my domains for 10 years. My name, PO BOX, and phone number are all real. I can't really say it has been an issue.

      I realize the irony of posting as anonymous coward, but every time I create an account I get modded down as flame bait for being a m$ fan boy.

    • by Cramer (69040)

      I've had domains registered in public for many years. I get almost NONE of what you whine about. Yes, I've received some postal mail over the years -- mostly Register.com bullshit trying to scam away one's domain registration. I've received many orders of magnitude more junk mail (postal mail) from "mortgage insurance" crap, car warantee crap, various retirement related shit, credit card offers, and so on. Spam is next to nothing even though it's in the whois data and dozens of archived, searchable emai

  • What's the point? (Score:3, Insightful)

    by DJ Jones (997846) on Tuesday March 02, 2010 @02:59PM (#31333490) Homepage
    This is the dumbest thing since lawn darts. I can tell you who is listed anonymously just by looking at the standard whois database. There's only a handful of privacy companies that represent the majority of anonymous domains. If you could find their contact information then that would be useful.

    Congrats, you are the proud owners of a text parsing machine.
    • Yes, a human can look at the standard whois database. A mail server cannot easily do that. If you would RTFA, you would see that it is a DNS RBL that your mail server can query. Sure, you could write a script to do that, but if someone hits you with a spam run, you're going to get banned from the whois databases pretty damn fast.
  • Dumb idea. (Score:3, Insightful)

    by loxosceles (580563) on Tuesday March 02, 2010 @03:06PM (#31333590)

    I can't think of a good use for this flavor of dnsbl... too little correlation with anything that matters. A lot of privacy-conscious domain owners use private registration, and it has nothing to do with using the domain for spam or other nefarious purposes.

  • I'm not a spammer, so why should I be honest and publish my true whois info? Whenever I do, cold-callers bug me at 11pm for security systems, credit cards, and worse; if I leave for more than 5 days my mailbox gets so full of junk mail they stop delivering until I go downtown for it. And since I am not abusing anyone, no one has a concern about how to call me, except those that want to spam me -- am I truly the scum of the earth for hiding? Or why should I pay for a po box and answering voicemail for the

    • Use a proxy service. It's not fake info, but it adds a level or indirection.

      • by NNKK (218503)

        RTFA jackass, it's proxies that are getting listed.

        • Fair enough. Though marking down for using a proxy service (often provided by the registrar) seems like a really, really bad idea. My whois information isn't inaccurate, fake, or anonymous. It's closer to a pseudonym, since I can still be contacted easily.

          On the other hand, I've seen people putting in fake information. Then, you can't contact them at all. Shouldn't that be the problem?

    • Re:Fake whois info (Score:4, Informative)

      by thePowerOfGrayskull (905905) <marc DOT paradise AT gmail DOT com> on Tuesday March 02, 2010 @03:28PM (#31334008) Homepage Journal
      In order to avoid the overpriced fees for that, I just got a PO box and use an invalid phone number.

      10 domains at $9/yr each for privacy gives $90/year extra. A PO box costs $45 or so a year. For any more than 5 domains, it's cheaper to go the PO Box route.

      • by afabbro (33948)

        In order to avoid the overpriced fees for that, I just got a PO box and use an invalid phone number.

        10 domains at $9/yr each for privacy gives $90/year extra. A PO box costs $45 or so a year. For any more than 5 domains, it's cheaper to go the PO Box route.

        Hate to tell you this, but most registrars/hosters provide the service for free. I have a dozen or so domains, all use whois privacy proxy, and I've never paid a penny for it.

      • by Archon-X (264195)

        - Then you're using false WHOIS info, which is against ICANN policy. It seems you're agreeing with the GP - WHOIS data gets abused, there's a good reason to hide it.
        - Domain protection varies with registrar. .ca, for example - it's turned on by default.

        • - Then you're using false WHOIS info, which is against ICANN policy. It seems you're agreeing with the GP - WHOIS data gets abused, there's a good reason to hide it. - Domain protection varies with registrar. .ca, for example - it's turned on by default.

          The PO box is valid and real. Heck, sometimes I even check it. You got me on the phone number though - perhaps a better alternative would be an internet-based phone account, still cheaper. And yes indeed, I do think that there's a good reason to hide it. My point is that a PO box is just as anonymous as domainsbyproxy et al. It still allows you to give legitimate contact information, not worry about phone calls, and is cheaper than many commercial services dedicated providing that service.

          • by Archon-X (264195)

            Sounds like we're in accordance except for a few things. Other fringe benefits of having anonymised info:

            1- Easier to manage (data, versus physical drop box)
            2- The mailbox method isn't so anonymous: Say you have 10 domains, all with your PO box in the whois info.
            Say on one of your sites, you have your name / email. Suddenly, you've just revealed yourself as the person who owns all those domains.
            With domainsbyproxy / etc - you're one of x million people using it - anonymous :)

          • Do you expect me to pay $60 a year extra to rent the smallest sized PO box just for a domain I'm using for email? And my friend who does the same thing should pay as well?

      • by bloobloo (957543)

        If you register your domain through Dreamhost then you don't need to pay for privacy.

      • by fl!ptop (902193)

        use an invalid phone number

        If you do that you run the risk of getting reported to ICANN [internic.net].

    • by vlm (69642)

      Whenever I do, cold-callers bug me at 11pm for security systems, credit cards, and worse; if I leave for more than 5 days my mailbox gets so full of junk mail they stop delivering until I go downtown for it.

      Are you certain that's from domain registration? Nothing of the sort has ever happened to me, and I have not hidden my domain info.

      I got one or two "renewal notices" from DROA over the course of a decade, not much else.

      You can be certain by selective falsification and then watch the incoming physical spam. Slightly inaccurate spelling, etc.

      • by Bigbutt (65939)

        Yea, same here. I've had my main domain for 10 years now. I use a whois specific e-mail and occasionally get an e-mail from someone in China trying to convince me to get an equivalent Chinese domain for one of the 13 or so I run. I get more e-mail from some film guy trying to get one of my domains than the folks in China though. Every few months it's, "you're not using the domain, can I have it?" "Look dude, just because you don't see anything on port 80 doesn't mean I'm not using it." Heck now I can't eve

    • by Dredd13 (14750)

      I really don't know how this happens, to be honest. I've had domains (I own about two dozen) registered with my personal contact info, completely legitimate and valid, since....

      Created On:16-Jul-1996 04:00:00 UTC

      and I have yet to get a single cold-call on my personal phone number (listed in the WHOIS database).

      I'm not going so far as to say "you haven't", but my personal experiences owning my domain for 14 years do not match up with your fear.

  • Registered under Shell Company X owned by son/daughter of employee. Not anonymous, possibly fraudulent, but as if anyone's going to waste their time tracking every company contact down.
  • The next step is someone taking this too far and thinking "Great, I can incorporate this into my blacklists!" The problem here ist the underlying assumption that using anonymous registration makes you a spammer.

    While that is certainly a use for anonymous registration, there are a lot of us who register anonymously to avoid having our names and addresses unnecessarily exposed to spam and risk of identity theft.

    • The problem here ist the underlying assumption that using anonymous registration makes you a spammer.

      Using bittorrent makes you a pirate too.
      And being muslim makes you a terrorist
      and being old makes you wnat to have a nice (unfootprinted) lawn... etc.

    • by gencha (1020671)
      It doesn't make you a spammer. Just less trustworthy. Who people want to receive emails from is up to them. And if they decide they don't want emails from people who have registered their domain anonymously then so be it.
      • It doesn't make you a spammer. Just less trustworthy. Who people want to receive emails from is up to them. And if they decide they don't want emails from people who have registered their domain anonymously then so be it.

        I agree, except for the part where a single policy maker can prevent millions of people from receiving those emails. It's not like individuals always have a choice in this.

  • Jeebus (Score:1, Interesting)

    by Anonymous Coward

    This is just more kdawson FUD.

    I thought he was relegated to the night shift. Guess not.

  • by Digital_Quartz (75366) on Tuesday March 02, 2010 @03:34PM (#31334128) Homepage

    CIRA (the ".ca" registry) has a feature called "whois privacy" which hides the information of individuals who register domains by default. Only businesses get their information published in the whois database (by default - individuals and businesses can turn this on or off, although businesses need to provide CIRA with a good reason why they want their whois info hidden).

    • by jonbryce (703250)

      It is the same for Nominet, the .uk registry. I believe EU law requires them to do that.

    • by EvilIdler (21087)

      The Norwegian TLD has no privacy option - if you want to use the .no domain, you need valid contact details. There is no option for individuals, as you have to register a company to be allowed to buy .no domains anyway. That's why I recommend .com/.net/.org addresses for everyone (or some other TLD which isn't too suspicious-looking ;), since domain privacy is now part of the price anyway.

    • Doesn't that hurt the private registration companies?

  • Contact! (Score:2, Interesting)

    by caturday (1197847)
    Everyone who has brought up or agreed with any of the points raised here (private information protection, spammers lying, disclaimers not working, etc), please use the contact form on the anonwhois site to send them a message informing them that they're doing us all a disservice. Doubtful that we'll get anywhere, but you never know... Note: in the case that this is a front for spammers trying to farm information, you'll probably not want to associate your domain with this site in any way.
  • Reasonable idea (Score:1, Flamebait)

    by Animats (122034)

    That's a good idea. We do something like that at SiteTruth [sitetruth.com], where we down-rate commercial sites that don't have a real-world contact address on the site. We're looking at user-visible pages, though, not WHOIS. WHOIS data quality is too low.

    I'm all in favor of this sort of thing. But don't drop the messages silently; reject them during the SMTP session if you can, or send a mail bounce if you can't. There's much to be said for having a hard-ass attitude about this, but you have to handle the false posi

    • Rejecting during the SMTP session is a bad answer because IT ISN'T MADE TO BE USED AS A BLACKLIST. The whole purpose of the list is to gather statistics about how many domains have private whois info. Al Iverson is using it correctly to gather stats about domains. Also, don't trust SPF. Many legit sites don't use it or don't use it properly and spammers like to set "ip4:0.0.0.0/0" in their records.
    • by Darknight (8142)

      Also, quit whining that putting your real name on your WHOIS registration will get you annoying phone calls, threats, or whatever. I've had my real name and contact info on all my web sites and WHOIS information for a decade, and that's just not happening.

      Ah, so your logical conclusion is "Since it's never happened to me, it doesn't happen. Period". Brilliant, Sherlock.

  • I'm the owner of an anonymous hosting company, InvisiHosting.com, and I'd like to comment briefly on the distaste for anonymous domain registration.
    1. ICANN regulations require the listing of accurate data in a WHOIS record, with a threat of revocation if inaccurate data is not corrected. That means that anyone who has a domain name, who doesn't have a company to register it under, has to have their real name, address, email and phone number listed in the WHOIS record. While most registrars are pretty lax
    • by Cramer (69040)

      Name, address, etc. are not exactly private information to begin with. The only thing they want ("need") hidden is their association with a domain. One court order and it's not hidden anymore. One hack, and none of them are hidden. In most respects, if they don't want to be associated with what they're doing, they probably shouldn't be doing it. (or should find some other venue.)

      And for the record, I don't know of any registrar who looks very closely at the registrant data. (even when it's pointed out t

      • Well, not everyone's name is publicly associated with their home address, especially now that many people don't have landlines that would put them in the phone book.

        The "if they need anonymity, they're doing something bad" argument is a poor fallacy that's been exposed multiple times. It's the online version of "Well, if you're not doing anything wrong, why do you need privacy?" Why should someone who wants to write a blog about shady dealings at their work be forced to put themselves at risk? Or even
        • by Cramer (69040)

          If they own any property (namely their house), then they most certainly do have their name publicly associated with their address.

          I would say there's no "intrinsic need" to hide one's identity either. As I said, if you don't want to be associated with what you're doing, you probably shouldn't be doing it. No one is "forced" to bad-mouth their employer. Whistle blowers have ways of doing so without putting their own lips on the whistle.

          I would certainly hope you guys have a good team of lawyers on staff.

  • This is why my domain is registered with name and contact information: Bill Gates, Redmond, WA, 555-1212.
  • by griffinn (240043) on Tuesday March 02, 2010 @08:19PM (#31338454)

    This sounds a lot like the whois DNSBL service by rfc-ignorant.org, which has been around for much longer. Why do we need another one?

Machines certainly can solve problems, store information, correlate, and play games -- but not with pleasure. -- Leo Rosten

Working...