Karl Auerbach wrote:
....
I have long suggested that any one who makes an inquiry into the whois data should be obligated to leave an electric "calling card" record that informs the data subject of the name, identity, affiliation, contact information, and asserted reason for making the inquiry. It seems only fair that if Mr. X is asking about you that you should be able to know who Mr. X is and why he's looking you up.
--karl--
We have a perfect world vs a real world scenario here. In theory the answer would be yes of course. In reality it may not be a good idea. We have three points of contact - the address for postal mail, the email address and the email address. If the postal address is used, be ready for a wave of complaints from the USA, also to a lesser extent Europe, that people are named in domain registrations for domains they never knew existed, some do not even known what a domain is. Of course the suggested may be accompanied by a message that if you do not known anything about this domain, please report it which would be great. The mileage on the telephone number may vary. International forwarding numbers from the UK to untraceable destinations are very popular. Likewise untraceable cellphones. Email addresses are a definite bad idea. I will explain: Right now we have a class of registrant that will register domains for nefarious purposes such as spamming, phishing, money mule websites etc. It is common knowledge (I believe so at least, but easily provable), that these registrants do not supply their real details. Remember, criminals love anonymity. In the process the registrant details are populated with details obtained from the internet, as the result of phishing attempts, stolen databases or other security breaches etc. The extent of this problem is rapidly escalating. Using the telephone or email contact details will simply alert a criminal that somebody is researching his activities. If Joe queried domain A registered to registrant X, domain B registered to Y, domain C registered to Z and X, Y and Z is the same person in real life using these domains for illegal purposes and he became aware of Joe querying his domains, he will disappear very fast or even retaliate is he could trace Joe (and he could most likely not use nice legal methods either). In theory in the perfect world, this party querying the whois would be a law enforcement agency. Real life dictates it will most likely be not be. I will not delve into the challenges the victims of cyber-criminals face. However, a postal mail would be a great idea - if the real X, Y or Z in the example above denies knowledge of the domain, the domain should be canceled. Of course once again the postage costs would be prohibitive and may form the basis of a DDoS attack for registrars and legitimate registrants (proxies, botnets etc), so this is also a bad idea. Currently the whois data entering the system is not verified or where it does take place, it is not really conclusive, that is the problem. Before the bogus whois issue is somehow fixed (while protecting innocent registrants), we cannot try and fix the other problems this causes. So reality dictates I have to disagree. Regards Derek