Whois privacy vs. easy access

January 28th, 2004
By Jay Westerdal

Whois Privacy is very important to owners of domain names, they don't like their home address to be shared just because they own a domain name. ICANN the organization in charge of overseeing domain names has a rule that forces the domain registrar to release this information to anyone that asks for it. Certainly that is not a good rule; just because a person asks for your home address doesn't mean your domain registrar should release it.

The main reason domain owners want to hide their contact information is because their email address listed on the whois record can be used to spam. The only way to prevent spam is to hide the email address on the whois record or to shield the address with a spam-proof proxy email service.

The largest and most successful Whois website on the Internet is Name Intelligence's www.whois.sc (Whois Source) they aggregate whois records from all the registrars. The reason for their popularity is their Name Spinning suggestion tools and their detailed whois records that even include thumbnails of the website. The site currently has over 12,000 visitors a day and boasts 50,000 registered users. But with success as a third party whois provider comes hurdles. All the requests from the users on the website talk to registrars like Network Solution using just one channel. So registrars may assume that thousands of requests from one source must be a spammer trying to gather whois records. In most cases that would be a true statement, but not for a site like Whois Source.

Whois Source goes through a lot of effort to weed out Spammers from using their service. They track and make sure that only humans use their service, they compare user agent strings, and audit browsing habits. The tracking is so effective that most bots don't even get 3 whois records before they are terminated. Even heavy users don't trigger the robot alarms. But just to make sure, Whois Source requires authentication if someone does more then 25 whois records in a day. Even after authenticating if a user does more then 75 whois records they are required to enter a 5 or 6 character code before being allowed more whois records. The end result is that people doing 1 or 2 whois record searches get easy access, while bots get cut off quick, and heavy users get challenged to make sure they are really human.

One of Whois Source's greatest features, is that even if a robot got past all that security it would have to read an image to figure out email addresses. All email addresses in whois records are protected on whois source by turning ASCII into a gif image of the email address.

Most major registrars trust Whois Source and have checked out the security system they have in place, the result is a semi-universal whois service that can protect whois records from spammers but allow lite users easy access. But there are still some hold out registrars. Until those registrars trust whois source the site has a handy feature, it allows the users to see the last successful whois record if their current search failed due to a block by the registrar. Whois Source has a database of whois records going back 2 years.

The future of whois must change; Registrars should be forced to prevent spam. Running anti-spam email proxy servers and other methods of controlling spam are recommended. Name Intelligence and Whois Source encourage the domain industry to help in protecting whois security.