I haven't seen any comments on the recently released ICANN report concerning WHOIS privacy issues:

http://www.icann.org/gnso/issue-reports/whois-privacy-report-13may03.htm

What do you all think? Is it necessary for whois information to be publicly available?

I think this sums it up:
Non-Commercial Users – Place great emphasis on privacy of Whois data.

Commercial Users – Place great emphasis on accountability of uses of the Internet, and therefore on accessibility of Whois data for legitimate purposes.

Intellectual Property Interests – Stress the importance of ready access to accurate Whois data to support investigation of cybersquatting, copyright violations, and counterfeiting activities.

ISPs – Support ready access to accurate Whois data to facilitate resolution of network problems and sourcing of spam.

Registrars – View registrant data as an important business asset which should not be made available to competitors. (In this regard, registrars are largely aligned with resellers.) Registrars also receive complaints from registrants reporting that they have received unsolicited renewal notices, and other offers by phone, postal mail, fax, or e-mail targeted at registrants using the information available via Whois. However, registrars also need a mechanism to access the registrant data of competitors to confirm authorization of transfers. Registrars also bear the expense of providing registrar-level Whois service.

gTLD Registries – Registry operators bear the expense of providing registry-level Whois service, and may also view the aggregate data as an important business asset that should not be made available to competing registry operators.
As an end user, any email address I've used for domains has made that address unusable.

While I have searched whois records for contact information on companies or people for times when I had nowhere else to turn, I would highly encourage whois records being private. I have extensively gone through any site I've worked on and made sure nothing shows my e-mail address or those that I wish to keep and I still get garbage. I know people are leaching my information from whois records and right now there is nothing to stop them.

Do you list an administrative contact in your SOA records? My problem with keeping WHOIS information private is that there are times when I need to get in touch with a domain contact -- and whois is the easiest way to do that.

Now, if listing a technical contact in the SOA record is a common practice, then the argument for having that information in WHOIS is null...at least in my opinion :D.

If you're referring to records held by the state for running a business (not sure what SOA is referring to) then yes. However, I doubt that is common as you've mentioned. I can see the good reasons to have whois info public and of course preventing spam is a good reason to make it private. However the delete button helps that too. I guess I could go either way although I wouldn't be upset seeing them become private.

What do you think of registrars like Dotster that allow you to signup for a free service that hides the e-mail address? I use Dotster but I've never signed up for this myself. I'm just curious because all the other info must be legit except they put in some email@nocontact.com for the e-mail address if signed up for that feature.

Originally posted by markblair:

If you're referring to records held by the state for running a business (not sure what SOA is referring to) then yes. However, I doubt that is common as you've mentioned. I can see the good reasons to have whois info public and of course preventing spam is a good reason to make it private. However the delete button helps that too. I guess I could go either way although I wouldn't be upset seeing them become private.


SOA=Start of Authority, it is one of the records pulled by caching servers when they retrieve information about a domain. FYI: You do put a contact address in your SOA record:


vbind.com /home/allan#dig makinglifeharder.com SOA

; <<>> DiG 9.2.1 <<>> makinglifeharder.com SOA
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 53025
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 0

;; QUESTION SECTION:
;makinglifeharder.com. IN SOA

;; ANSWER SECTION:
makinglifeharder.com. 3600 IN SOA ns3.okihost.com. root.jude.okihost.com. 6 3600 600 186400 3600

;; AUTHORITY SECTION:
makinglifeharder.com. 3600 IN NS ns3.okihost.com.

;; Query time: 80 msec
;; SERVER: 66.150.197.3#53(66.150.197.3)
;; WHEN: Fri May 23 23:30:49 2003
;; MSG SIZE rcvd: 110


root.jude.okihost.com = root@jude.okihost.com (Hey, Jude -- sorry it is a Beatles thing, I couldn't resist). The question is, how often do you check that address :D?

Originally posted by markblair:
What do you think of registrars like Dotster that allow you to signup for a free service that hides the e-mail address? I use Dotster but I've never signed up for this myself. I'm just curious because all the other info must be legit except they put in some email@nocontact.com for the e-mail address if signed up for that feature.

I support it, as long as there is a way to get in touch with a technical contact to report a problem -- I have a domain for my son, brucie.us (yea, yea, yea he is gonna hate that when he is 10), and I sure the heck wouldn't want him to get any spam through it, so I will leave my information as the primary contact (of course we have a couple of years yet before he starts clamoring for an email address :)).

Originally posted by allan:
root.jude.okihost.com = root@jude.okihost.com (Hey, Jude -- sorry it is a Beatles thing, I couldn't resist). The question is, how often do you check that address :D?

Actually, jude.okihost.com is the server name that I'm on with OKIHost. If you were to send an e-mail to that address, I don't believe I'd get it. It's nothing I check so...

Originally posted by allan:
of course we have a couple of years yet before he starts clamoring for an email address

You wouldn't believe the fuss I started once when I sent an e-mail to all my family and friends stating that my then 1-year-old daughter had her own e-mail address. I told them it was alexandra@mydaddyisthegreatestintheworld.com :D I thought I was just being funny. BOTH of my in-laws added it to their address books and for months didn't understand why e-mail sent to it would bounce back to them. Too funny... :rolleyes:

Originally posted by markblair:

Actually, jude.okihost.com is the server name that I'm on with OKIHost. If you were to send an e-mail to that address, I don't believe I'd get it. It's nothing I check so...


Interesting -- that is pretty much what I suspected. I wonder how many people even know that they can put that information in their SOA record (hell, now I wonder how many people even know they have SOA records :)).

Originally posted by markblair:
You wouldn't believe the fuss I started once when I sent an e-mail to all my family and friends stating that my then 1-year-old daughter had her own e-mail address. I told them it was alexandra@mydaddyisthegreatestintheworld.com :D I thought I was just being funny. BOTH of my in-laws added it to their address books and for months didn't understand why e-mail sent to it would bounce back to them. Too funny... :rolleyes:

Moral of the Story: Make sure the mailbox is set up before sending the address to the inlaws :D.

I have found that there are a significant number of people who have been victims of identity theft, stalking and major spam problems base on the availability of personal data in whois.

I think that having whois information publicaly avalible is actually very handy for those who use it properly.

For instance yesturday I had to look up the information for the domain of the company a client of mine is buying out as they didnt know how to do get a hold of the information (side note: I do a lot of web design work and that is what I have been asked to do) and without the whois information I would not have been able to get in touch with the current designers and ask them to transfer the domain rights over to me - which they have done already (nice bunch of folks :D)

In any domain name I register I put in exact details but in the email address boxes i always use my enquiries account and in the telephone box i use my mobile (cell) phone, as for the address I simply put in my own address and I have enver had any problems with it.

This of course might be because I am form the UK but I am all for having WHOIS information avalible... however I can see the point that some people make of privacy so prehaps controlers of the WHOIS database should create a membership system and if you are not a member you only have access to limited info - eg. date domain expires and adminstrative contact.