In article <email@example.com>,
Zonk <firstname.lastname@example.org> wrote:
> Posted by Zonk on Thursday December 08, @01:01PM
> from the seekrit-webmaster-conspiracy dept.
> bakotaco writes "According to research carried out by the US
> Government Accountability Office (GAO) many domain owners are hiding
> their true identity. The findings could mean that many websites are
> fronts for spammers, phishing gangs and other net criminals. The
> report also found that measures to improve information about domain
> owners were not proving effective." From the article: "The GAO took
> 300 random domain names from each of the .com, .org and .net
> registries and looked up the centrally held information about their
> owners. Any user can look up this data via one of the many whois sites
> on the net. The report found that owner data for 5.14% of the domains
> it looked at was clearly fake as it used phone numbers such as (999)
> 999-9999; listed nonsense addresses such as 'asdasdasd' or used
> invalid zip codes such as 'XXXXX'. In a further 3.65% of domain owner
> records data was missing or incomplete in one or more fields."
> To discuss this matter further, please go to:
> [TELECOM Digest Editor's Note: As the official Keeper of the Records,
> ICANN was asked for a comment on this report, but they refused any
> discussion of it. PAT]
"Figures don't lie, but liars can figure." The last line of the cited
report is a particularly egregious example of this. One of the domain
owner fields is a for a 'fax' number for contact. If you don't have a
fax then, *of*course*, that field is going to be 'incomplete' -- or
filled with some registrar 'default', recognizably *invalid*, data --
e.g. (000) 000-000, or (999) 999-999. The '5.14%' number is similarly
suspect, _if_ the 'phone numbers' examined include the 'fax phone
And, unless the GAO restricted the check to domains registered to
addresses in the USA, 'defective' and/or 'missing' *ZIPCODE* data is
to be expected. Even Canada doesn't have _ZIP_ codes. that said, I
figure that this one is a gratuitous error on the part of the person
writing the review of the GAO report, rather than a procedural flaw in
the GAO analysis.
That said, I expect the GAO report did find evidence of real problems
in the registration process. Too much 'trust', and not enough
'*trust*but* *verify*'. For U.S.A. based addresses, there is simply
no excuse for accepting a registration where the street address and
"postal code" do not match. The USPS has an on-line look-up tool
where the full ZIP+4 can looked up for any particular address. Now,
admittedly, some addresses may have multiple ZIP+4 codes -- e.g. my
building has distinct zip+4 for each of several groups of residents,
_and_ a 'catch all' ZIP+4 that is valid for any address in the
building. I think there may be yet another '+4' that identifies
'some/any building on this block'.
A number of other countries have similar publicly accessible tools for
validating addresses, postal codes, and/or the combination thereof.
The fact that registration services do -not- make use of things like
that to make even a 'minimal' attempt to keep the database 'clean'
*is* an outrage, and an abomination, no doubt about it.