Whois Harvesting - Are You A Target? Published: Apr 25, 2004

• Rating

  4/5

Companies have gone to a new low to drum up business by harvesting personal information on newly registered domains from the whois database. We were victims of these new unsolicited phone calls from Aplus.net

Companies have gone to a new low to drum up business by harvesting personal information on newly registered domains from the whois database. We were victims of this new marketing scam from Aplus.net

I just checked my messages and someone phoned me from Aplus.net about a domain name I just registered from NameCheap. I phone them up wondering if something had happend or perhaps they would like to buy the domain and I just got it before they could register it.
So I phoned them back to hear what they were after. To my suprise they want to offer me hosting services! I was furious! It was a telemarketing scandal!

Aplus.net is using the public whois records as their telemarketing database. They phone up new people from new domain name registrations from a whois list of new domains! When I asked the person on the phone how did you get my contact info? He's tried to avoid the question .......long pause.......... then replied, we use the public whois records!

I highly doubt that Aplus.net is the only company using the whois system to market products or services, even though they proudly display the ICANN logo on their website. The fact is that any company can use this database of contact information for whatever they like, including  unsolicited phone calls. This shows us that there is something very wrong in the way the whois system and domain registrations operate.

Why are these companies giving out the list of newly registered domains to third parties? Why isn't our private information being protected? Some companies now offer "private registrations" such as Godaddy which say "A private registration shields your personal information from public view; you control who reaches you and when", but of course this feature isn't included standard in your domain registration, you must pay for your domain registration and an additional $12 per year for the "private" feature. I think that the domain system should make your information private to start with, why do you need to pay extra for them to keep your personal information safe!? That's like going to buy groceries with your credit card, the clerk asks you, would you like to keep you credit card number "private" for an additional $10?

I can't beleive a company would go so low to mine the public whois records to find new clients. VeriSign recently did the same thing in a legal battle with Register.com. "This dispute centers on both Verio's end use of the WHOIS data and its use of the automated search robot. While Register.com acknowledges its obligation to provide public access to its customers' contact information, it has developed "terms of use" which prohibit third parties, such as Verio, from using the contact information for any mass marketing purpose - whether by e-mail, regular mail or telephone. Register.com also argues that the use of automated software to access the WHOIS database violates its terms of use and harms its computer systems."

The Internet Corp for Assigned Names and Numbers, which essentially regulates this part of the industry through its registrar contracts, mandates that registrars must require their registrants hand over their correct contact information at time of registration.

ICANN requires this information be published, but also forbids people automatically mining data from Whois for the purposes of spamming registrants. Register.com's Whois user agreement also forbids data mining for marketing purposes.

ICANN's rules were originally put in place in part to help intellectual property owners identify people they suspected of infringing trademarks. In 2000, so-called "cybersquatting" was a much bigger problem than it is today.