I've never seen evidence that the public thinks that a public WHOIS will actually stop spam, as you put it. What I have seen factual evidence of is a) the public does not value the privacy of domain name registrants over access to a resource that may help them, or law enforcement on their behalf, solve problems of fraud; b) that the public believes, in a transactional environment, you're entitled to have some idea who you are dealing with.
 
Maybe, in a future where there are hundreds more domains, some could require a higher authentication bar for registrants and more usable public data to create environments where users are/feel more secure. In a sense, this has already happened (ask the general pbulic what their impressions are of a .com address vs. a .biz, or a .org, for example), but I don't get the idea that a lot of consumers know which domains to steer clear of. I hope that another organization I work with, StopBadware.org, might be able to present some data on "bad" domains where a lot of drive-by downloads of malware take place.
 
I can tell you, doing investigations, I have used WHOIS on many occasions to either assist a consumer or to make a recommendation to consumers about a Web site or business to avoid. It's imperfect, there are a lot of problems, and sometimes it's a dead end, but more often, it helps.
 
The ICANN's security committee people are working directly with the Anti-Phishing Working Group, and have discussed working with and briefing consumer organizations on that ongoing work and involving them in it. I also know the ICANN hierarchy has asked for further study of the spam/phishing/privacy and WHOIS debate. I would guess that Dave Piscitello of the SSAC would give a briefing on some of this on a teleconference and/or in person in LA if we were to ask.
 
Beau Brendler

From: John L [mailto:johnl@iecc.com]
Sent: Tue 10/16/2007 8:30 PM
To: RJGlass | America@Large
Cc: Brendler, Beau; NA Discuss
Subject: Re: [NA-Discuss] Getting the WHOIS word out to users

> If the public thinks having a public WHOIS will stop spam, #1 they're
> misled, #2 they'll support it.

Sorry to disturb the discussion by injecting some facts here, but last
week I was at a joint meeting in Washington of MAAWG, which is the where
the anti-abuse people from large ISPs all over the world meet, and LAP,
which is where civil and criminal anti-abuse law enforcement get together.
Real people at ISPs and law enforcement really use the current WHOIS,
crummy though it is, to figure out who's abusing their networks, track
them down, and more than you might realize, put them in jail.  They would
of course prefer if registrars made a nominal attempt to verify the junk
that their customers put into WHOIS, but the current WHOIS is way more
useful to them than no WHOIS at all, or the pessimal OPOC proposal which
puts an unverified alleged contact in front of the current unverified
info.

> There are technical solutions to spam

Man, that is so 1995.  If there were technical solutions to spam, don't
you think we would have solved it by now?  We have a bunch of technical
stuff in the pipeline to help authenticate real mail, but the approaches
to increasingly organized and criminal spammers are primarily social,
political, and legal, not technical.

R's,
John

***
Scanned