Registrars not verifying contact information on domains?



According to a GAO report one of the reasons that phishing and scam websites are because of a lack of enforcement and policing by registrars of accurate contact information. According to their study over 5% of sites had been registered with false data. ~2.5% had been registered with incomplete information. These findings come from a random sample of 300 domain names that they then did lookups on the domains.


Brian at the SecurityFix suggests that the estimates may be low, because many scam/phishing sites may use registration data of identity theft victims and those may not show up as incomplete or false data (in other words, the name/address/phone checks out as valid, not necessarily indicating that THEY were involved in registering the domain.) That’s a good point. I suspect that if the registrars don’t get serious about making sure information is correct, then we might see other approaches. It would be nice if the registrars could regulate themselves in this matter.

One thing they could do is for the first 30 days of a domains life have a probationary period, send a postal letter to the address of the person registering and require them to enter a pin number (much the way Google verifies adsense participants…. sign up, get a postcard, go to website and enter pin number.) You certainly have to go through the ringer to prove you are authorized to deal with a domain to move it to another registrar….. (At least in my experience that’s been the case, especially if the company has changed hands.)

Related Posts

Blog Traffic Exchange Related Posts
  • Scottrade announces compromise that put eCheck secure infromation at risk The securityfix is reporting that Scottrade, one of the larger online brokers, has announced details of a security compromise that has put a good deal of customer information at risk. It looks as though it is related to the eCheck Secure service for transferring data from personal bank accounts to......
  • Emails to abuse admins If you've read some of the earlier posts regarding phishing or junk emails. You've seen that I usually forward details to what's called an abuse admin to deal with the issue. I thought abuse@ was an address required to be active at any given domain (I've received some delivery failures......
  • Microsoft Outlook - duplicate email messages Part II This is part II, click here for part one of the saga... Okay, so I revisit to install Microsoft Office 2003 SP2 and hope that solves it. Somewhere along this time, I had also found a suggestion of removing the entire mail PROFILE and creating a new one. *(The theory......
Blog Traffic Exchange Related Websites
  • Outlining The Main Contrasts Between UK And US Web Hosting Website marketing is the current trend of modern business. It seeks to exploit online resources to reach out to the public. Websites are used to educate and relay specific information to internet surfers. The process of developing sites is a long one and requires a lot of planning and expertise.......
  • Some Delicious Links When I first heard about the website del.icio.us (yes, it was a clever domain name with 'icio' as the registered name within the top level .us) I looked a bit, and it seemed interesting, a way to track my bookmarks independent of what computer I'm on. But, until I started......
  • Simple Checks To Do Before A Website Launch Your website is your largest advertising resource and the only method for effectively communicating your ideas online. Your website could be about anything. If it is not giving your visitors what they want, then it does not have everything it needs. So that you will not shame faced, you should......
en.pdf24.org    Send article as PDF   

Similar Posts


See what happened this day in history from either BBC Wikipedia
Search:
Keywords:
Amazon Logo

Comments are closed.


Switch to our mobile site