Ninety-seven percent of Whois records contain working email addresses and/or phone numbers, according to the results of an ongoing ICANN survey.
The organization yesterday published the second of its now-biannual WHOIS Accuracy Reporting System reports, a weighty document stuffed with facts and figures about the reliability of Whois records.
It found, not for the first time, that the vast majority of Whois records are not overtly fake.
Email addresses and phone numbers found there almost always work, the survey found, and postal addresses for the most part appear to be real postal addresses.
The survey used a sample of 12,000 domains over 664 gTLDs. It tested for two types of accuracy: “syntactical” and “operability”.
Syntactical testing just checks, for example, whether the email address has an @ symbol in it and whether phone numbers have the correct number of digits.
Operability testing goes further, actually phoning and emailing the Whois contacts to see if the calls connect and emails don’t bounce back.
For postal addresses, the survey uses third-party software to see whether the address actually exists. No letters are sent.
The latest survey found that 97% of Whois records contain at least one working phone number or email address, “which implies that nearly all records contain information that can be used to establish immediate contact.”
If you’re being more strict about how accurate you want your records, the number plummets dramatically.
Only 65% of records had operable phone, email and postal contact info in each of the registrant, administrative and technical contact fields.
Regionally, fully accurate Whois was up to 77% in North America but as low as 49.5% in Africa.
So it’s not great news if Whois accuracy is your bugbear.
Also, the survey does not purport to verify that the owners of the contact information are in fact the true registrants, only that the information is not missing, fake or terminally out-of-date.
A Whois record containing somebody else’s address and phone number and a throwaway webmail address would be considered “accurate” for the survey’s purposes.
The 54-page survey can be found over here.
UK police have stated an eyebrow-raising “guilty until proven innocent” point of view when it comes to domain name registrations, in comments filed recently with ICANN.
In a Governmental Advisory Committee submission (pdf) to a review of the Whois accuracy rules in the Registrar Accreditation Agreement, unspecified “UK law enforcement” wrote:
Internet governance efforts by Industry, most notably the ICANN 2013 RAA agreement have seen a paradigm shift in Industry in the way a domain name is viewed as “suspicious” before being validated as “good” within the 15 day period of review.
UK law enforcement’s view is that a 45 day period would revert Industry back to a culture of viewing domains “good” until they are proven “bad” therefore allowing crime to propagate and increase harm online.
The GAC submission was made August 13 to a public comment period that closed July 3.
The Whois Accuracy Program Specification Review had proposed a number of measures to bring more clarity to registrars under the 2013 RAA.
One such measure, proposed by the registrars, was to change the rules so that registrars have an extra 30 days — 45 instead of 15 — to validate registrants’ contact information before suspending the domain.
That’s what the UK cops — and the GAC as a whole — don’t like.
They have a point, of course. Criminals often register domains with bogus contact information with the expectation that the domains will not have a long shelf life. Fifteen days is actually quite generous if you want to stop phishing attacks, say.
The Anti-Phishing Working Group says phishing attacks have an average up-time of 29 hours.
Clearly, ICANN’s Whois accuracy program is doing little to prevent phishing as it is; a switch to 45 days would presumably have little impact.
But the number of domains suspended for lack of accuracy at any given time is estimated to be in the hundreds of thousands, and registrars say it’s mostly innocent registrants who are affected.
Verisign said this March that .com domains “on hold” grew from roughly 394,000 names at the end of 2013 to about 870,000 at the end of 2014.
In June 2014, registrars claimed that over 800,000 domains had been suspended for want of Whois accuracy in the first six months the policy was in place.
Verisign has boosted its reportable .com domain count by almost 750,000 by starting to count expired and suspended names.
The change in methodology, which is a by-product of ICANN’s much more stringent Whois accuracy regime, happened on Friday afternoon.
Before the change, the company reported on its web site that there were 116,788,107 domains in the .com zone file, with another 167,788 names that were registered but not configured.
That’s a total of 116,955,895 domains.
But just a few hours later, the same web page said .com had a total of 117,704,800 names in its “Domain Name Base”.
That’s a leap of 748,905 pretty much instantly; the number of names in the zone file did not move.
.net jumped 111,110 names to 15,143,356.
The reason for the sudden spikes is that Verisign is now including two types of domain in its count that it did not previously. The web page states:
Beginning with the first quarter, 2015, the domain name base on this website and in subsequent filings found in the Investor Relations site includes domains that are in a client or server hold status.
I suspect that the bulk of the 750,000 newly reported names are on clientHold status, which I believe is used much more often than serverHold.
The clientHold EPP code is often applied by registrars to domains that have expired.
However, registrars signed up to the year-old 2013 Registrar Accreditation Agreement are obliged by ICANN to place domains on clientHold status if registrants fail to respond within 15 days to a Whois verification email.
The 2013 RAA reads (my emphasis):
Upon the occurrence of a Registered Name Holder’s willful provision of inaccurate or unreliable WHOIS information, its willful failure promptly to update information provided to Registrar, or its failure to respond for over fifteen (15) calendar days to inquiries by Registrar concerning the accuracy of contact details associated with the Registered Name Holder’s registration, Registrar shall either terminate or suspend the Registered Name Holder’s Registered Name or place such registration on clientHold and clientTransferProhibited, until such time as Registrar has validated the information provided by the Registered Name Holder.
Last June, registrars claimed that the new policy — which came after pressure from law enforcement — had resulted in over 800,000 domains being suspended.
It’s an ongoing point of contention between ICANN, its registrars, and cops.
Verisign changing its reporting methodology may well be a reaction to this increase in the number of clientHold domains.
While its top-line figure has taken a sharp one-off boost, it will still permit daily apples-to-apples comparisons on an ongoing basis.
My assumption about the link to the 2013 RAA was correct.
Verisign CFO George Kilguss told analysts on February 5.
Over the last several years, the average amount of names in the on-hold status category has been approximately 400,000 names and the net change year-over-year has been very small.
While still immaterial, during 2014, we saw an increase in the amount of names registrars have placed on hold status, which appears to be a result of these registrars complying with the new mandated compliance mechanisms in ICANN’s 2013 Registrar Accreditation Agreement or RAA.
In 2014, we saw an increase in domain names placed on hold status from roughly 394,000 names at the end of 2013 to about 870,000 at the end of 2014.