Registrars not verifying contact information on domains?



According to a GAO report one of the reasons that phishing and scam websites are because of a lack of enforcement and policing by registrars of accurate contact information. According to their study over 5% of sites had been registered with false data. ~2.5% had been registered with incomplete information. These findings come from a random sample of 300 domain names that they then did lookups on the domains.


Brian at the SecurityFix suggests that the estimates may be low, because many scam/phishing sites may use registration data of identity theft victims and those may not show up as incomplete or false data (in other words, the name/address/phone checks out as valid, not necessarily indicating that THEY were involved in registering the domain.) That’s a good point. I suspect that if the registrars don’t get serious about making sure information is correct, then we might see other approaches. It would be nice if the registrars could regulate themselves in this matter.

One thing they could do is for the first 30 days of a domains life have a probationary period, send a postal letter to the address of the person registering and require them to enter a pin number (much the way Google verifies adsense participants…. sign up, get a postcard, go to website and enter pin number.) You certainly have to go through the ringer to prove you are authorized to deal with a domain to move it to another registrar….. (At least in my experience that’s been the case, especially if the company has changed hands.)

Related Posts

Blog Traffic Exchange Related Posts
  • How to Remove DefendAPC | DefendAPC Removal Guide DefendAPC is the latest variation on the Wini family of rogue antivirus. It is typically promoted via the use of trojans, malware and aggressive advertising. Once installed on the system it will run supposed scans of the system claiming that you have viruses on your system and that you have......
  • Bad week for Cisco, security headaches For starters, there was this advisory last week in response to a planned talk at a hacker convention on the possibility of a cisco router ipv6 exploit. The advisory detailed a LOCAL exploit and not the remote exploit that the talk was centered around. There was legal action against the......
  • Emails to abuse admins If you've read some of the earlier posts regarding phishing or junk emails. You've seen that I usually forward details to what's called an abuse admin to deal with the issue. I thought abuse@ was an address required to be active at any given domain (I've received some delivery failures......
Blog Traffic Exchange Related Websites
  • What is adsense for RSS feeds - Simplified Explanation! Useful Things to Take Into Consideration First things first. What is rss feeds?RSS (Rich Site Summary) is a format for delivering updated web content. Many news-related sites, weblogs and other online publishers syndicate their content as an RSS Feed to whoever wants it.Mostly in XML-based systems, it allows viewers who subscribe to the service to view......
  • Making Cash With E-Books Is Achievable If You Understand How To Do It Making cash online isn't that easy and internet marketers are always looking for ways to make more. You may possibly realize that there are plenty of people out there that actually purchase the new programs being released on a daily basis in an attempt to try to make more money.......
  • Collecting Social Security Benefits While Living Abroad You may be are curious about how living as an expat abroad (or traveling for an extended period) may effect your Social Security Retirement Benefits. Fortunately, the rules are not too complicated. First, we will assume that you will be collecting Social Security as a U.S. citizen. Given that, this......
www.pdf24.org    Send article as PDF   

Similar Posts


See what happened this day in history from either BBC Wikipedia
Search:
Keywords:
Amazon Logo

Comments are closed.


Switch to our mobile site