ICANN puts Whois on end-of-life list ICANN is proposing a goodbye to Whois, saying that data is often inaccurate and suggesting that some search fields should be restricted to “authenticated requestors”. Its discussion paper, here, says Whois is “broken”. The paper seems to suggest that one of the things that's “broken” the Whois system is the proliferation of …
As mentioned in the article already the data is predominantly useless as there's no guarantee that it was ever correctly filled up in the first place and most people I know just throw garbage in as spam bots are very well known to harvest whois data.
Plus removing whois also solves the problem of individuals monitoring the expiry dates of domains hoping to steal a domain name and subsequently demand ransom.
There's really no reason for whois to exist. If they're adamant on keeping it the output should be limited to "IsRegistered? [Yes/No]". Done. Finish. There's nothing else anyone else needs to know.
As it is Geographic gTLD registrars are notorious for having whois servers which don't even work in the first place. So we may as well just pack up and call it a day for everyone.
Also, I don't see the additional income of "whois privacy" ever covering up the cost of maintaining a whois server. And in the first place most people will just opt to enter garbage information rather than genuine information and then subsequently pay for "whois privacy".
Nuff said.
Really? Registration date is normally interesting if you get a spam e-mail from a domain - you can see if it was set up recently just for spamming and can safely be blocked or is a legitimate domain that has been hijacked. You can also pick up other interesting bits of info from whois if you're dealing with abusive registrations, although the proliferation of privacy services has undermined that to an extent.
Should whois evolve? Yes, absolutely. RFC 812 (obsoleted by 954, obsoleted by 3912) is way out of date for modern usage. However, saying all you need to know is if the domain exists or not is going too far the other way. If nothing else, DNS already tells you that.
Exactly. Even if the contact info is bogus or private, you can tell a lot from just the registrar id and the domain registration date (mail from young domains is more likely to be spam, certain registrars are more abuse-friendly than others, etc.) It would be very handy to have an automated way to query this information to help with spam filtering or greylisting. But from the sounds of it, ICANN wants to restrict this data to people who cough up money. Yet another nail in the coffin of the small-time email operator...
Its useful if that domain is unintentionally spewing spam and you need someone to yell at. I also use it to weed out bad domains (EG, of it was registered in the past month, then its unlikely its holding anything worth-while).
I just hope they set up a replacement with this kind of information at least giving out a 'Registered date' and 'Abuse contact' fields. Preferably having a confirmed-working email address for the abuse contact Even better would be 'You don't get an MX record for this domain if you don't validate your email address'.
As far as people getting my registration info, there isn't much I care about in there. someone could spam me all day long on my contact addresses and I don't give a shit.
I like whois. It allows me to find useful information about sites. It's also a major phone book for me, especially in cases where I don't know or remember the last name. That said, I think the number of people who put garbage in there is also a problem. Is it the responsibility of the registrar to police that? I don't know, but it's certainly a nuisance and if people had their domains taken away for violating the ICANN TOS, I'd be happy. Regarding spam bots, I haven't had a problem with that and I've religiously followed the TOS for some years now. Sure, whois should probably be updated, but let's not loose the good parts in the process.
The main use I make for WHOIS data is tracking down swine who lie in e-mail headers about their identities or pretend to be legitimate businesses in order to steal money. Whatever mechanism takes the place of WHOIS should at the very least make such spoofing impossible.
I moderate on several forums and I use "whois" to track down spammers (in order to ban their sorry arses) and to find out banned members who are trying to sneak back in. Both of those instances are certianly violations of the ISP's Terms & Conditions; that should be something ICANN should encourage people to use. Or maybe they want the cash pool of people registering new bogus domains so they can spam more freely.
I regularly investigate hacking attempts against my servers/networks and also investigate the sources of spam for the purpose of determining a) whether it is actually malicious/spam and b) in order to report such events to their ISP's.
How will we do this if their is no domain accountability?
At a time when internet integrity is policed by it's members, this seems like a pretty irresponsible move.
The article cites data add being a running cost for the poor registrars. Data is cheaper now than ever before, and the 1-2kb it takes to serve up a whois is probably close to the size of the http header the requester is sending to ask for it in the first place. What am I missing?
This post has been deleted by its author
My first thought is "Good riddance to the freeloading bastard".
Did you really mean to say "Removing WHOIS would let me my friend get away with copyright infringement on a commercial basis", because that's what it sounded like.
Wouldn't have worked anyway, because it's a tennis club, so it's got a real, physical location given on the website. (Incidentally, Getty embed a watermark into all images to ensure they can be easily identified. This survives physical printing, so forget 'print-screen' copy.)
If you're foolish enough to use a Getty image or any other clearly in-copyright, all-rights-reserved image without a licence - whether as a 'placeholder' or not - you deserve everything you get.
Just don't do it - if you want a placeholder, search one of the many free-for-commercial-use sites or take your own photo. Nobody forced you him to use a Getty image.
Getty are simply a group of photographers who'd like to get paid for their work!
If you genuinely think photographers should just give away all of their work for free, then your acquaintance should be giving away his website design service as well.
Let me guess - he doesn't agree with that?
I agree with everything you say, apart from Getty is a "group of photographers wanting to be paid"
They are a major monopoly and use that power in an amazingly aggressive manner, take a look at the sports pages in any broadsheet and see who is supplying all their images compared to a few years ago, when there would be five or six agencies listed.
http://www.sxc.hu..... "Stock.XCHNG is under new management! Getty Images is proud to now wholly-own the world's best free stock site. SXC has a long history and a great community, and we're excited to grow with this unique site. We also have lots of expertise and experience to offer as industry leaders."... Free stock photography from Getty? How long before it isn't free....?
Getty as an organization is nowhere near the Saint you're describing. They've gone through many changes of hands, and clearly have debt collection vultures at the top. I'm not a web designer so I have no position here. My interest purely as a techy in understanding how Getty's Web Crawlers locate copyright works...
http://en.wikipedia.org/wiki/Getty_Images
'Controversial practices to enforce copyright'
"Getty Images caused controversy for its pursuit of copyright enforcement on behalf of its photographers. Rather than pursue a policy of sending out cease and desist" notices, Getty typically mails out a demand letter claiming substantial sums of damages to owners of websites which it believes are using their images in infringement of their photographers' copyright. Getty commonly tries to intimidate website owners by sending collection agents, even though a demand letter cannot create a debt."
ICAAN see it as something which makes them no money and it is known that people are not required to enter valid information as there is no regulatory body that could take action against people that fib.
A body such as......ooh, I don't know....maybe ICAAN?
I wonder if their Whois entry has valid details?
"Instead, the EWG recommends a paradigm shift..."
Why not just say:
"The data is inaccurate, so we're taking it away. Also, we're not making any money from it, so we don't like that you can access it."
Anytime I hear the words "paradigm shift", I immediately go into cynic mode.
It serves as at least a way to know who owns a domain, useful sometimes for legal reasons. As others have mentioned, it also serves to weed out spammers.
Really, the decision to axe Whois sounds as dumb as axing DNS altogether: what use is to have DNS if we can't know who's responsible for the domains? Also, ICANN seems to be forgetting that whois is also used for reverse DNS tracking: that's where we get who owns which net blocks. That's even more important...
This post has been deleted by its author
"Whois searches, on the other hand, don't yield income for the registrars."
There in lies the rub. So what, they're already being paid for the registration service. Whois is not value added service, it is part of the service that is already being paid for. IMHO.
ICANN has lost the plot. Quite some time ago to be fair.
"Instead, the EWG recommends a paradigm shift whereby gTLD registration data is collected, validated and disclosed for permissible purposes only, with some data elements being accessible only to authenticated requestors that are then held accountable for appropriate use."
In other words, they want to allow people who register domains to be able to hide that fact from the public. I don't think that's appropriate and I don't think it should be permitted.
To say that again: who registered any domain name *must* be public information. Anything else will just help slimeballs and swindlers. (And providing such information to the public should just be part of the cost of doing business for the registries: quit moaning that whois costs money.)
It goes without saying the the IP address part of whois is equally vital.
OK, so The Reg have tipped us off about this, but cane I find an address to email ? Well not in the limited spare bit of lunchtime I have available.
I'm with the above, Whois may have its faults, but IMO the proposed centralised system is more broken, and their assumptions & conclusions are faulty.
Firstly, providing Whois is simply a cost of running a registry. If the argument is that this cost is unreasonable, then what else shouldn't they have to provide ? And I really can't see any way that running something that's "just like whois but newer" plus "fund a share of some central body to duplicate the data" is going to significantly reduce operating costs - the registrar still has to collect the data, validate it (they are best placed as they are the only ones with customer contact), store it, and disseminate it.
If the complaint is that the data is rubbish, then that's "simply" a matter of enforcing existing policies/agreements. For those registrars who hold rubbish, give them some time to clean up and terminate anyone that doesn't. If they know there's a lot of rubbish, then they probably have a good idea who the guilty registrars are.
As for functions like "find out what domains I 'own", well wow - perhaps all the bookshops should get together to form a central registry so I can remember what I've bought ! If the end user is too stupid to keep basic records, then why should world+dog hold his hand for him ? There might be some argument for having such a feature available to law enforcement, but is that really sufficient reason to rip out a system and install la costly, bureaucratic, and fragile central system that won't serve end user's needs ?
IMO, the distributed system is best, for much the same reasons that we consider a distributed DNS system to be good. And besides, who wants to hand ALL registration data en-masse to the USA (well at least without tham having to do some snooping effort !) I guess that has to be part of the reason - to give the USA the power of veto over all domains, not just those held with US based registrars.
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2025
