False whois data

If you see a domain with inaccurate or outright false whois data, you can do what’s known as a whois data problem report. The next time you see a spam site with whois info that’s registered by “Faux Nom” (French for “False Name”) you can go to http://wdprs.internic.net/ and report that domain. The site should have to correct the whois information, or at least change it. Just a quick tip for the next time you see a spam .com domain registered to 123 Main Street with a phone number of (555) 555-5555. ๐Ÿ™‚

29 Responses to False whois data (Leave a comment)

  1. Matt,

    If the Spam domain uses “private domain registration” then how can we find whether they have given correct details or not, and in such case where to report.

  2. actually,reporting false whois info, unless you are planning to sue is a complete waste of time.
    The whois name does not need to be accurate and ‘false name’ is a legitimate title providimg the contact address is valid.If its not valid, it only needs to be changed if there has been an attempt to contact via that address.
    It takes nothing to change the address to one that is valid and still not give the identity away.
    I am pondering how one of google’s top engineers is still flirting to with kindergarten spam techniques when spammers have gone beyond the phd level.:)

  3. Nope, doesn’t necessarily work.
    I reported a domain last year (I think it was) that had wiped its contact data. No change was made. A couple of months later I got an email from the system asking me to confirm that it was now fixed. Nothing had changed, the data was still blank. I replied with similar and haven’t heard anything since.
    From this example, at least, the system doesn’t work.

  4. I don’t get it. In what way is it positive to report people who are hiding their personal info? Why should people have to make their private info public? The main thing that whois info is used for is to give spammers an email address that they know is good (since renewing the domain requires a valid email) to spam.

    If manual reporting is effective against spam, I’d prefer to see a link to Google’s report spam page on each SERP. As long as you put a captcha on the report page, it should at least enforce that no machines are reporting any old site as spam.

    Or now that you’re adding personalization features and sitemaps, you have names and can attach those names to domains. So offer that link to “known” people. Then you can punish them if they abuse the report spam link.

    This should be a huge help against spam.

  5. internic is not much help here and the fact of the matter is they do have many much more serious offenses to correct such as stolen domains, etc.

    Domain information should be correct to deter fraud but the number registered is just overwhelming.

    There are also legitimate reasons why a registrant might not want name and address associated with a particular domain that are not necessarily fraudulant so the whole issue is very murky.

  6. JD, I’m not talking about domains that have private registration–just false information in the whois. I really liked your other suggestions..

  7. Why exactly would Google care about the whois information on a domain, whether it’s fake or real?

  8. Matt,
    You said you were’nt talking about domains that have private registration. As a side thought, I have always wondered if Google or other engines “penalize” a domain under a private registration service. Any insight as to this?
    Mike

  9. Anon, Michael: Those two questions are good. I’m quite certain that Google has a huge database of whois information on each domain that they use to identify spammers. If they find one spammer and can associate him with the thousands of other autogenerated domains, they can nuke a huge nest at once. It would be a big help to them if false information were not allowed.

    Matt: The reason your suggestion rubbed me the wrong way is that a personal friend of mine is an outspoken journalist. Her domain was hijacked and I directed her with some ideas and helped her get it back. She has to hide her physical address because her reporting is very controversial. And guess what her whois info is? 123 Main Street. I was really laughing when I saw your example because I had the literal example in front of me of a legit person.

    I would hate to see her domain reported just because she didn’t have the best information on private registrations. (I’d have given her a different suggestion than that if she asked me, but once she got back the domain she did the rest on her own without asking me. And I know better than to argue with a determined woman who thinks she knows how to handle things best ๐Ÿ™‚

  10. This is a very bad idea. If you care about your privacy I highly recommend you DO NOT enter valid details for your whois data. Not everyone has a P.O Box or Corporate address to hide behind. I gather you wouldn’t appreciate a hard core black-hat SEO turning up at your home with a blow torch and a pair of pliers to ask you a few questions about the latest algorithmic changes coming out of Google.

    Please reconsider or clarify your comments further.

    John Smith.
    123 Main Street
    Phone: (555) 555-5555.
    Fax: (555) 555-5555.
    email: john@example.com

  11. Well, JD, that’s great because then if I want to off my competition all I need to do is register a domain with their name on it, build a spam site, and voila. So simple that it mustn’t be true.

  12. Oh, and I wonder if actual businesses located at real 123 Main St addresses would qualify for class-action status. lol

  13. Matt, perhaps you can tell us what the “proper” way in Google’s eyes is to keep your information private when registering a domain?

  14. Great comments guys. I hope Matt rings in on some of these issues. John, I am definitely with you. I would highly recommend that no one ever has one shred of actual info in their whois data. This day in age, especially with identity theft on the rise, that info is precious and should be treated as such. Also, what if some nut just decides to come to your house and cause you harm because you used div layers instead of tables. ๐Ÿ™‚ I know its outlandish but believe it or not I have actually gotten death threats on domains. Good thing I had a Mailboxes Etc box listed as the address and a 800 phone number service for the number. My point is wackos are out there, and why would we ever make it easy for someone to find out where you live, work, etc.?

    Private registration seems like the way to go. Unless of course you get penalized in the engines.

  15. Anon,

    I’m pretty certain they do. I follow these things pretty closely. There was a long discussion in webmasterworld speculating if Google was going to become a massive ISP or if they wanted the data for the very purpose I mentioned.

    It’s not enough for you to nuke competition just by using the same name on one bad domain. Google uses lots of algos and are very careful and sophisticated about this stuff. They probably use tons of different methods and do an automated “score”. If the score is beyond a certain threshhold, it will get human review.

    And the type of stuff I’m talking about is not a one-off spam site. I’m talking about the guys who have an automated system registering thousands of domains a day and autogenerating content, probably a low enough number not to hit Google’s censors but large enough to link subtly to other sites in their network and their “target” site and get a Pagerank not too high but high enough to score well on their keywords. Let alone anchor link text. Not to mention email spam.

    If Google can detect a pattern in their domain registrations, they can nuke those guys out.

    Needless to say they are after big players. And those big players hurt the honest webmaster considerably.

  16. This is a mentality that I do not understand. Why is it okay to hide or provide false information on your site or in you whois records when you ask your customers to provide their “private” information without question? Come on guys, how can your customs know that you are safe, that you will not steel their identity, that you will not sell their information, that you will not suddenly land on their door step with a gun in your hand, or at the very least, send them spammy emails on your newest and greatest product or service?

    All of the possible dangers you try to protect yourself from are the same dangers your customers face every time they fill out an online order form, regardless of how secure your servers may be, or what legitimate safety authorization you say you have on your site. I talk to people every day who are afraid to use online services when it requires their credit card information and a valid email address. My advice is to always check the contact information against the whois information. If they don’t match, or the whois is private, don’t use their services. If they do match, give them a call and if you still have doubts, don’t use their services or buy their products. Never, ever give your “private” information to someone who hides theirs, ever!

    Now, I realize that there are no guarantees that you will not get scammed, which is as true in the physical business world as it is in the cyber world. The difference is the hidden or anonyms factor that the cyber world fosters. It’s a virtual playground for the bottom feeder scum of the world and allows some to say or do things they wouldn’t do otherwise. Without accountability our humanness fails and our animal nature takes over. It’s just the nature of the beast, one we all deal with in different ways.

    In the physical world you can not have (own) a business without accountability and in most cases, without a physical address. Otherwise you customers could not contact you for an appointment, or shop in your store, or buy your handmade product, or whatever else you are marketing. So, why is it okay to do it in the cyber world? Why is it okay for your customers to take the risk of giving you their “verifiable” information without you offering them your “verifiable” information? I really don’t get it.

    In hindsight: I see this is an old post and my comment may not be read or seen but since I’ve written it, I’m going to send it anyway. I’m not a SEO person, have very little knowledge of SEO, and I’m only speaking from a users point of view, which seems to have been completely forgotten by those in the ecommerce world.

  17. Old post or not, your comments have been, and will be, seen and read by very many people…

    Well said Gloria.

  18. Dear Gloria,

    1. WHOIS data is provided to the entire world, via a widely distributed database, with no benefit provided back to the listed web master. Customer data provided via an order form on one web site is not so publicly distributed, and the information was traded to enable a transaction benefiting the consumer. In some states, that web master is also bound by law and by contract to reasonably protect the consumer’s information.

    2. Customers are safe, except perhaps from the web site owner and the credit card company. A web site owner with a public WHOIS contact is not safe from any number of spammers and scam artists working the Internet, or political whackos, or religious zealots, or any other person even though the webmaster has never entered into any transaction with them. There is a very big difference.

    3. I agree with those customers of yours who are afraid to use online ordering systems. However, I am often also afraid to drive on the New Jersey Turnpike during business hours – it is proven to be unsafe. Yet, in our practical world, many shoppers are probably better off trusting most apparently legitimate web site owners, and I simply have to be as careful as I can be when driving the turnpike if I want to function in this society. It is not a perfect world.

    4. The customers who do what you describe – enter into private transactions with anonymous vendors – are making an error. That has nothing to do with the anonymous merchant. Just as a merchant can elect to sell goods above the suggested retail price (and some consumers will buy), a merchant can chose to operate anonymously. The drug dealer on the corner is an example of such an anonymous operator in the physical world. So is the flea market seller in many cases. People do buy from anonymous sources, on line and off line.

    I applaud your consideration of this issue of anonymous WHOIS data, but I found virtually all of your thought points to be incorrect. I view that as the primary problem we have today: few web masters support a fully pubic and accurate WHOIS requirement unless they have a commercial incentive to do so (like Google’s engineers) or they are ignorant of the facts. n addition, very few consumers seem to understand their own responsibility for selecting reliable vendors, especially when they shop for price. The best work we can do is educate web masters and consumers.

    Fortunately, Matt Cutts provides an opportunity to feedback such information on his blog. Otherwise, his commercial Google perspective would be the only perspective.

  19. You can’t be serious, John. How are the customs safe? A web site owner can sell their information to a single spammer that will escalate into hundreds of spam emails in no time or max-out a credit card in flash and then disappear into cyber-space, never to be heard from again … and you think my thoughts are incorrect? And you are assuming that every “vender” resides in the US, where their are laws that are supposed to protect consumers. How faulty is that assumption? I would not make such assumptions, especially if I can not verify the sites owner.

    Very few consumers seem to understand their own responsibility for selecting reliable vendors, especially when they shop for price. The best work we can do is educate web masters and consumers.

    And how do you purpose to educate consumers on how to choose a reliable vender? How can they know a venders reliability, especially when said vender has chosen to be anonyms? And what does an apparently legitimate web site owner look like? The word “apparently” is a clue, no?

    You can take your same analogy of the turnpike and attach it to webmasters supplying accurate whois information and having to “deal” with what that entails instead of asking their potential customs to “deal” with their anonymity and buy or use their services on a “trust me, I’m legit” concept. Give me a break! That’s beyond my ability to comprehend. I will continue to warn users about web sites that do not provide verifiable contact details. That is educating the public.

    BTW, John, I am a webmaster and web site owner and very aware of the so-called dangers of having my whois info public. I’m also aware of how to circumvent those dangers without hiding who I am behind an anonyms whois service. Any web site owner should get “educated” on how to protect themselves and not expect their customs to just “trust” that they are for real while asking them to provide their personal information, including their credit card information.

  20. Gloria,

    Thanks for the reply. I hope you are still watching.

    I said customers are safe except from the consequences of dealing with the vendor. I contrastd that to being exposed to the entire public via WhoIs. I also suggested that dealing with unknown vendors is always a risk.

    I will continue to warn users about web sites that do not provide verifiable contact details. That is educating the public.

    That’d be great. But will you still lump together anonymous vendors and vendors who don’t enter accurate/complete whois data, as you did above? I happily put my name and phone number on my sites, but not in my whois. That doesn’t make me untrustworthy at all. I suggest it shows I am less of a risk than others, since I pay attention to risk management.

  21. John, yes I will continue to lump all anonymous whois owners with anonymous website owners. If there is a physical address and a phone number on the site, I would encourage people to check to be sure it’s legit before using the sites services or purchasing anything.

    Personally, if I can not verify the site’s owner via the whois, which often gives me more info for researching their credibility, I will not use their services or buy their products. I’d go elsewhere. There’s just too much competition to not find a site offering something I might want that will supply legit whois info.

    I work on a few major web directories and my research, which is extensive, has shown me that most who use anonymous whois services, have something to hide. The percentage of those who don’t have anything to hide is minuscule in comparison to those who do. There are other ways to find who owns a site but the average Internet user will not go that far to research a site’s owner, nor should they have to.

    I also predict that the major web directories will be using whois info to verify ownership, which is already happening on a small scale in specific categories but will become a bigger focus in the future. Those choosing to use an anonymous whois services or simply do not provide full whois info, will not get listed. I look forward to the day that happens. It will save me an enormous amount of time dealing with directory spammers/abusers and make the directories more useful to the average users.

    I suggest it shows I am less of a risk than others, since I pay attention to risk management.

    Really? That seems a bit convoluted since the only person you are protecting is yourself. I’m constantly amazed at how creative minds twist something around in order to fit it into their own agenda.

  22. I work on a few major web directories and my research, which is extensive, has shown me that most who use anonymous whois services, have something to hide. The percentage of those who donโ€™t have anything to hide is minuscule in comparison to those who do.

    Now Gloria that comment cost you your credibility. You have violated reason to support your “anonymus WHOIS is evil” position. I don’t care how old you are, your personal experience is not “extensive” in web terms. You have no factual basis for your assumption that those behind proxied WHOIS “have something to hide”, and by putting that forth you have shown your closed mind.

    In truth the best use of a WHOIS proxy is to hide the fact that the data behind it is not accurate. Plain and simple. It has nothing to do with hiding…nothing is being hidden behind the proxy. The proxy is simply stopping close-minded, presumptuous and perhaps prejudiced individuals from jumping to conclusions regarding the data they see in WHOIS.

  23. John, I do have factual basis and whether you believe me or not, I know what my experience has been. Yes, I am closed minded in regards to false and hidden WHOIS information based on my experiences with those who have something to hide, absolutely closed minded and so far I’ve only heard excuses for hiding behind a proxy.

    But please enlighten me. How is the proxy stopping close-minded, presumptuous and perhaps prejudiced individuals from jumping to conclusions regarding the data they see in the WHOIS? What presumptions and/or prejudice could possible be made from the WHOIS info? It’s far more likely for close-minded, presumptuous and perhaps prejudiced individuals to jump to conclusions without it, don’t you think? Or has the true meaning of this debate completely eluded you?

  24. I have not understood, how we come to know customer provided corrrect details, there is strict rules and regulation on registration of domain like ac.in, .edu, edu.in as we need to submite letterhead and address proof etc.. but there is no regulation on domain like .com, .in, co.in, .biz etc.. it is good we dont have such regulation as this will take more time to proceed customer request.

  25. Gloria, you are my hero ๐Ÿ™‚

  26. I know an Indonesia forum website xxxxxx.us who is spamming, pusblishing copyrighted material, ilegal porn stuff, hacked passwords and much more. That forum is using a .us domain name with totaly fake whois data. Does anyone knows how to report it? The link above is not for .us domain name…

    Any clue? Thanks…

    Harris

  27. While I feel that you should be able to register a domain for peronal use without spreading your contact information all over ther world any right to privacy goes out the window when you start using it for commercial purposes. Any business that can’t be conducted in the full light of day should be viewed with a high level of suspicion. When you register a domain name you enter into a contract that obligates you to provide and maintain accurate whois information (and pay a modest fee of course) in exchange for the ability to use that name. Part of cost of having a domain is having that information out in the public. If you don’t want to pay it don’t get the domain.

  28. I agree with Gloria on this issue, I have worked for the last 8 years in internet business, and have had many problems with typo-parkers who register similar domains, imitating my website, and as a result I am inundated with angry calls, claims, and e-mails from customers who were duped by these fake sites, and are furious that I “sold their information.”
    When, of course, I did no such thing.
    Of course, the whois information for these sites is always “666 hell st.” or “123 fake ave.” but reporting these sites to internic and their ISPs resulted in no action. As a result, these scammers can cause me and my customers unbearable stress, steal information, violate copyright, destroy the “brand” of my website, and remain completely private as they do it all.

    I understand the need for privacy, (I have an unrelated personal blog, for which I use a privacy service) but with p.o. boxes, privacy services, and other alternatives, there should always be a REAL PERSON at the end of the line who can be held accountable for the unlawful they do.

    Yes, my customers could protect themselves by comparing the whois information (though casual internet users won’t), but I have no way to protect myself/my customers/my brand from the scammers.

    If anyone is aware of any action I COULD take I would be grateful, but so far all attempts have been fruitless and frustrating.

    Cheers,
    Will

  29. I would love it if we had an update on this, re. Privacy settings. I have recently changed many of the domains I own to private after some worrying circumstances. The most recent is that someone registered a similar domain to my main web business (hyphen added) and used my personal name and address as the whois data. Then they displayed my website in a frame. No idea what they are planning, and I am trying to persuade enom to hand the domain over to my control (seeing that it is registered in my name!).

    What is most worrying is having my family home address public. If I had an office I would provide that address, but now I see threats and risks everywhere (proud father of 2 young boys). So domain privacy it is. Hoping this will not negatively affect my rankings, would seem unfair if it did.

css.php