Registrars not verifying contact information on domains?



According to a GAO report one of the reasons that phishing and scam websites are because of a lack of enforcement and policing by registrars of accurate contact information. According to their study over 5% of sites had been registered with false data. ~2.5% had been registered with incomplete information. These findings come from a random sample of 300 domain names that they then did lookups on the domains.


Brian at the SecurityFix suggests that the estimates may be low, because many scam/phishing sites may use registration data of identity theft victims and those may not show up as incomplete or false data (in other words, the name/address/phone checks out as valid, not necessarily indicating that THEY were involved in registering the domain.) That’s a good point. I suspect that if the registrars don’t get serious about making sure information is correct, then we might see other approaches. It would be nice if the registrars could regulate themselves in this matter.

One thing they could do is for the first 30 days of a domains life have a probationary period, send a postal letter to the address of the person registering and require them to enter a pin number (much the way Google verifies adsense participants…. sign up, get a postcard, go to website and enter pin number.) You certainly have to go through the ringer to prove you are authorized to deal with a domain to move it to another registrar….. (At least in my experience that’s been the case, especially if the company has changed hands.)

Related Posts

Blog Traffic Exchange Related Posts
  • Microsoft Outlook - duplicate email messages Part II This is part II, click here for part one of the saga... Okay, so I revisit to install Microsoft Office 2003 SP2 and hope that solves it. Somewhere along this time, I had also found a suggestion of removing the entire mail PROFILE and creating a new one. *(The theory......
  • Emails to abuse admins If you've read some of the earlier posts regarding phishing or junk emails. You've seen that I usually forward details to what's called an abuse admin to deal with the issue. I thought abuse@ was an address required to be active at any given domain (I've received some delivery failures......
  • Scottrade announces compromise that put eCheck secure infromation at risk The securityfix is reporting that Scottrade, one of the larger online brokers, has announced details of a security compromise that has put a good deal of customer information at risk. It looks as though it is related to the eCheck Secure service for transferring data from personal bank accounts to......
Blog Traffic Exchange Related Websites
  • Collecting Social Security Benefits While Living Abroad You may be are curious about how living as an expat abroad (or traveling for an extended period) may effect your Social Security Retirement Benefits. Fortunately, the rules are not too complicated. First, we will assume that you will be collecting Social Security as a U.S. citizen. Given that, this......
  • Finding the Best WordPress Plugins for your Blog WordPress originally saw the light of day in 2003, and is now being used on thousands of different websites in countries all over the world. WordPress is designed to be a simple open source blogging tool that can be taken advantage of in two different ways: You can either take......
  • What is adsense for RSS feeds - Simplified Explanation! Useful Things to Take Into Consideration First things first. What is rss feeds?RSS (Rich Site Summary) is a format for delivering updated web content. Many news-related sites, weblogs and other online publishers syndicate their content as an RSS Feed to whoever wants it.Mostly in XML-based systems, it allows viewers who subscribe to the service to view......
en.pdf24.org    Send article as PDF   

Similar Posts


See what happened this day in history from either BBC Wikipedia
Search:
Keywords:
Amazon Logo

Comments are closed.


Switch to our mobile site