June 27, 2006 2:04 PM PDT

Whois data a key weapon in fraud fight, FTC says

The Federal Trade Commission has made a pitch for open access to Whois, saying the databases are a key weapon in its fight against spyware and other Internet fraud.

The agency on Tuesday called access to the Whois databases, which contain contact information for Web site operators, "critical to the agency's consumer protection laws." It was responding to a recommendation from a Internet Corporation for Assigned Names and Numbers committee to restrict use of the data to strictly "technical purposes."

The official statement comes after an address by FTC Commissioner John Leibowitz to a meeting of ICANN this week in Morocco, where he gave examples of how Whois data has aided the agency's attorneys and investigators in identifying perpetrators of Internet scams, spam and other illegal online activity.

"Whois databases often are one of the first tools FTC investigators use to identify wrongdoers," he said.

In one instance, the agency was able to stop seven companies sending sexually graphic e-mails without the legally required warning labels. Leibowitz said he was "uncertain" the agency would have been able to do so without unhindered access to Whois data.

"If ICANN restricts the use of Whois data to technical purposes only, it will greatly impair the FTC's ability to identify Internet malefactors quickly--and ultimately stop perpetrators of fraud, spam and spyware from infecting consumers' computers," Leibowitz said.

He did note the importance of an accurate Whois database, saying, "the Commission has advocated that stakeholders work to improve the accuracy of such information, because inaccurate data has posed significant obstacles in FTC investigations."

However, he added that even imperfect information has proved helpful. He cited cases in which the agency tracked down suspects using a range of phony registration names by matching contact information.

See more CNET content tagged:
Whois, agency, fraud, weapon, database


Join the conversation!
Add your comment
CallingID has a reliable domains owner database
The who is problem is addressed by our company, Callingid.
CallingID uses unique algorithms and multiple external sources to determine who is the real owner of every web site. When a site hides its identity using a privacy protection service it is automatically determined. If the site uses a faked identity CallingID detects it and warn users that go to that site that there is a problem. On the other hand legitimate sites get green light telling users who is the owner, that the owner of the site is real and where this owner is located. CallingID users reported that they doubled the usage of online banking and eCommerce since they know who they are dealing with and if it is OK to do business with the site owner.
CallingID is a free tollbar. It can be downloaded from www.callingid.com/download.aspx
Posted by yoramnis (1 comment )
Reply Link Flag
WHOIS Protection Services?
That wont solve the problem. Domain owners are using Whois Protection services to hide their identity for a small fee. A number of registrars offer this service.
Posted by 206538395198018178908092208948 (141 comments )
Reply Link Flag
Whois Research
There's a website called DomainTools.com that's been really useful for getting historical whois info.
Posted by timomy (22 comments )
Reply Link Flag
The issue is
That as long as this info is public to anyone, there's going to be reluctance to post it all correctly.

Since ANYONE can see it, it's a problem for spammers, and email address harvesters. Not to mention if someone wants to cause trouble, they can get all the info they need from the site.

There needs to be some kind of control over who can acess what. Because I don't want all that info about me loose on the web.
Posted by jsmith12 (24 comments )
Reply Link Flag
There's no real spam problem with addresses on WHOIS
During more than 3 years I received 68 spam messages on the addresses I post on the WHOIS record of my domain. (I changed that address three times during that period and I have them greylisted).

The real spam problem is not with the address published in the whois database but with generic addresses in the domain, that can receive lots of spam.

The real email address published on WHOIS just has to be real, but it doesn't have to be the same real email address you shared with your bank!
Posted by hadaso (468 comments )
Link Flag
WHOIS database and research-

We used the following website for our whois search:


Their database has a ton of accurate whois data and registrars. They provide 50 free look ups per ip. Their database download which we have a subscription is extremely useful for our studies. It's good place to start...
Posted by sarahg505 (1 comment )
Reply Link Flag

Join the conversation

Add your comment

The posting of advertisements, profanity, or personal attacks is prohibited. Click here to review our Terms of Use.

What's Hot



RSS Feeds

Add headlines from CNET News to your homepage or feedreader.