Whois Misuse

Whois misuse refers to using public Whois data, such as registrants' contact and personal information, for "harmful actions such as spam, phishing, identity theft or data theft." Whois information includes these elements: the registered domain name, the nameserver(s) used, the registrar's name, when the registration was opened and when it will expire, the registered name holder's name and address, and the contact information for the administrative and technical contacts. Because of the sensitive nature of this information, it can be vulnerable to data mining, a type of Whois misuse, defined as searching through Whois entries in order to find valuable information to exploit.

Public Perception
The public perception of Whois misuse is negative and very widespread. Because of the believed frequency of Whois misuse, it is a fairly common practice to use privacy services or even False Whois to avoid such risks as identity theft, phishing, or spamming.

Outcome
The frequency of and dangers represented by Whois misuse make users hesitant to share real contact or personal information in the Whois database. Additionally, the practices that use Whois data for malicious purposes, like phishing, spamming, Domain Slamming, sending fake renewal notices or gathering information to instigate further attack on the domain or registrant detract further from a user's sense of security.

Historical Use
The Whois database is supposed to provide a means of contacting a website's registrant or its administrative and technical contacts if there are technical difficulties with the site or if illegal activity has occurred, among other things. Registrars are required to provide publicly either thin Whois entries (which consist of the identity of the sponsoring registrar, the registration status, and when the registration was opened and will expire) or thick entries (which have additional details like "the registrant’s contact information and designated administrative and technical contacts"). In the case of Whois misuse, the information provided by registrars and registrants in good faith is utilized by others for illegal or malicious purposes.

ICANN Policy

 * ICANN is currently conducting and reviewing multiple studies on the Whois database, including one on Whois Misuse. In addition, ICANN working groups and committees such as the Generic Names Supporting Organization (GNSO) and the Security and Stability Advisory Committee (SSAC) have studied and made recommendations for the Whois system.


 * A recent Whois misuse study conducted by Carnegie Mellon University found that "there is a statistically significant occurrence of WHOIS misuse affecting Registrants’ email addresses, postal addresses, and phone numbers" with 44% of registrants experiencing these kinds of Whois misuse. A different experiment in the study also found that Whois anti-harvesting techniques, which can be employed by the registry or registrar, are "statistically significant in predicting the potential of email address misuse." Email address misuse resulting from Whois misuse is 2.3x more likely to occur if anti-harvesting techniques are not employed.


 * The results of these and the other Whois studies may lead to changes in the Whois system. To read a working group report on a potentially new system to replace the current Whois system, see ICANN's Status Update Report: A Next Generation Registration Directory Service.


 * An update to the proposed Registration Directory Service (RDS) was discussed at ICANN Singapore by its Expert Working Group (EWP). The new RDS could differ from the current Whois system by only providing certain identifying elements to those who query the system. People with authorized access could then see additional contact and personal information while those without authorization would see more basic information. Additional discussion surrounded how this new system should protect privacy, security, and free speech while providing accurate information. The EWG is still collecting information on how changing the Whois system will affect the Internet community.

Legislation
There is no legislation that directly addresses Whois misuse, though some of the results of Whois misuse (phishing, fraud, identity theft, slamming or sending fake renewal notices, and spamming) do constitute illegal activity and can be addressed through legislation like the CAN-SPAM Act of 2003 or a civil lawsuit.

DNS Award
Awardees do not use public or private Whois information maliciously.

Additional Resources

 * View a full list of legitimate uses for Whois data
 * Review current GNSO Whois Studies, including the study conducted by Carnegie Mellon
 * Watch a video describing the proposed RDS.

Related Articles

 * False Whois
 * Whois Anti-Harvesting Techniques