At-Large, ALAC, et al, We wanted to follow up specifically on the issue of WHOIS access and add data to our previous column Who Is Blocking WHOIS?(http://www.circleid.com/posts/who_is_blocking_whois/) which covered Registrar denial of their contracted obligation to support Port 43 WHOIS access. Here, we will dig even deeper to reveal specific manipulation of the system. In one of the most egregious examples A Technology Company Inc has been blocking WHOIS access to their own operational domain, namesystem.com. Try doing a WHOIS look-up of namesystem.com and you will receive the message: "Sorry, Domain does not exist in the null system". However, even Internic records that namesystem.com is registered through NameSystem (http://reports.internic.net/cgi/whois?whois_nic=namesystem.com&type=domain). The odd thing is that all other WHOIS lookups work in whois.namesystem.com, it is just their domain which is hidden completely. ICANN terminated this Registrar and applaud them for it (http://www.icann.org/correspondence/burnette-to-prakash-25jun10-en.pdf), but they were terminated for non-payment of fees not blocking WHOIS access. We have in many cases linked Registrar malfeasance and WHOIS obfuscation to spam and illicit pharmacy traffic. Here we provide an excellent example. We pulled a random spam sample from our collection which advertized the site sekudsov[DOT]com which had no content except a link to highmedcenter[DOT]com. Highmedcenter is an illegal pharmacy sponsored by Visesh Infotecnics Ltd. d/b/a signdomains.com, and this is where the investigation ends because Visesh Infotecnics has turned off their WHOIS engine completely. Attempting to perform a look up on Highmedcenter produces this message: “Unable to connect to the specified registry whois.signdomains.com.” This has been the case for several days. We have filed a complaint about this with ICANN. http://www.knujon.com/news.html#06272010 In Belgium last week we presented these dire contractual breaches at the Whois Data Accuracy Study Workshop http://brussels38.icann.org/node/12495 and pointed out that we need to take a step back to see if it is even possible to get to the WHOIS records before we can even worry about their accuracy. Some Registrars have found a way to obfuscate WHOIS without completely blocking it, by providing a “domain lookup.” Domain lookups are not proper WHOIS services and violate multiple sections of the RAA():Zog Media, Inc. DBA Zog Names (zognames.com), Hosting.com, Inc., Add2Net Inc. (lunarpages.com), Bottle Domains, Inc. (bottledomains.com.au), Cheapies.com Inc. (cheapies.com), Domainz Limited (domainz.com), Nominalia Internet S.L. (nominalia.com), Sedo.com LLC (sedo.com), DomainSpa LLC (domainspa.com), Register4Less, Inc. (Register4Less.com), and Verelink, Inc. (verelink.com) all have failed to provide a real WHOIS web interface. Is this better or worse than the Registrars who have no look up at all or have buried it so deeply that Indiana Jones would not be able to find it? USA Webhost, Inc. (usawebhost.com), Verza Domain Depot BV (verzadomains.com), Premium Registrations Sweden AB (premiumregistrations.com), VentureDomains, Inc. (upc360.com), The Planet Internet Services, Inc. (theplanet.com), Digitrad France (digitrad.com), New Great Domains, Inc. (newgreatdomains.com), and Porting Access B.V.(portingxs.com) seem to have no web-based WHOIS. Are these examples better or worse than Alfena, LLC (alfena.com), NetRegistry Pty Ltd. (netregistry.com), and Autica Domain Services Inc. (autica.com) which do not supply a web WHOIS by direct the visitor to some other WHOIS utility at another site? One may complain that these Registrars are small-scale, possibly understaffed or disorganized, but we cannot say the same for NameScout, Network Solutions, eNom, Dotster, and Moniker/Oversee/Snapnames. What have these large Registrars done to obfuscate WHOIS? They have failed in their contractual obligation to provide bulk access: “3.3.6 In addition, Registrar shall provide third-party bulk access to the data subject to public access under Subsection 3.3.1 under the following terms and conditions: ... 3.3.6.1 Registrar shall make a complete electronic copy of the data available at least one (1) time per week for download by third parties who have entered into a bulk access agreement with Registrar. ... 3.3.6.2 Registrar may charge an annual fee, not to exceed US$10,000, for such bulk access to the data.” We asked NameScout about bulk access and they responded: “Unfortunately we don't offer this service.” We asked Network Solutions about bulk access and they responded: “Network Solutions does not sell bulk access to the Whois.” Perhaps eNom, Dotster, and Moniker/Oversee/Snapnames were the smart ones, they did not respond at all. As far as we are concerned they have all failed to comply with their contracts. What is really interesting is that many of the Registrars mentioned were sitting in the audience of the Whois Data Accuracy Study Workshop http://brussels38.icann.org/node/12495 and did not refute or respond to anything we presented. Another Registrar cited by us for obfuscation was Vivid Domains. It was published by domainincite.com that Vivid Domains own operational domain, vividdomains.com/, was up for sale on Sedo (http://domainincite.com/icann-registrars-domain-listed-for-sale-on-sedo/). It would be safe to say this Registrar has run to the hills but they are still listed as active by ICANN (http://www.internic.net/registrars/registrar-615.html). To quote DomainIncite: “not suggesting Vivid is dodgy, but these are the kind of clues I would use when deciding whether to give a registrar a wide berth.” We said it in the session and we will say it again. What we are seeing here is large-scale manipulation of the very fabric of the Internet for the gain of a few at the expense of the rest of us. Registrars large and small are failing to comply with the most basic conditions of their contract and so far this has slipped by ICANN. Full report: http://www.knujon.com/knujon_audit0610.pdf -Garth ------------------------------------- What is the Doomsday Book? http://knujon.com/doomsday Garth Bruen gbruen@knujon.com http://www.knujon.com http://www.linkedin.com/pub/4/149/724 Linkedin Group: http://www.linkedin.com/groups?gid=1870205 Blog: http://www.circleid.com/members/3296/ Twitter: @Knujon