Whois Harvesting - Are You A Target? Published: Apr 25, 2004
  • Rating


Companies have gone to a new low to drum up business by harvesting personal information on newly registered domains from the whois database. We were victims of these new unsolicited phone calls from Aplus.net

Companies have gone to a new low to drum up business by harvesting personal information on newly registered domains from the whois database. We were victims of this new marketing scam from Aplus.net

I just checked my messages and someone phoned me from Aplus.net about a domain name I just registered from NameCheap. I phone them up wondering if something had happend or perhaps they would like to buy the domain and I just got it before they could register it.
So I phoned them back to hear what they were after. To my suprise they want to offer me hosting services! I was furious! It was a telemarketing scandal!

Aplus.net is using the public whois records as their telemarketing database. They phone up new people from new domain name registrations from a whois list of new domains! When I asked the person on the phone how did you get my contact info? He's tried to avoid the question .......long pause.......... then replied, we use the public whois records!

I highly doubt that Aplus.net is the only company using the whois system to market products or services, even though they proudly display the ICANN logo on their website. The fact is that any company can use this database of contact information for whatever they like, including  unsolicited phone calls. This shows us that there is something very wrong in the way the whois system and domain registrations operate.

Why are these companies giving out the list of newly registered domains to third parties? Why isn't our private information being protected? Some companies now offer "private registrations" such as Godaddy which say "A private registration shields your personal information from public view; you control who reaches you and when", but of course this feature isn't included standard in your domain registration, you must pay for your domain registration and an additional $12 per year for the "private" feature. I think that the domain system should make your information private to start with, why do you need to pay extra for them to keep your personal information safe!? That's like going to buy groceries with your credit card, the clerk asks you, would you like to keep you credit card number "private" for an additional $10?

I can't beleive a company would go so low to mine the public whois records to find new clients. VeriSign recently did the same thing in a legal battle with Register.com. "This dispute centers on both Verio's end use of the WHOIS data and its use of the automated search robot. While Register.com acknowledges its obligation to provide public access to its customers' contact information, it has developed "terms of use" which prohibit third parties, such as Verio, from using the contact information for any mass marketing purpose - whether by e-mail, regular mail or telephone. Register.com also argues that the use of automated software to access the WHOIS database violates its terms of use and harms its computer systems."

The Internet Corp for Assigned Names and Numbers, which essentially regulates this part of the industry through its registrar contracts, mandates that registrars must require their registrants hand over their correct contact information at time of registration.

ICANN requires this information be published, but also forbids people automatically mining data from Whois for the purposes of spamming registrants. Register.com's Whois user agreement also forbids data mining for marketing purposes.

ICANN's rules were originally put in place in part to help intellectual property owners identify people they suspected of infringing trademarks. In 2000, so-called "cybersquatting" was a much bigger problem than it is today.

  • Rating


Related Articles

Comments (3)

  • Gravatar - DCASEY
    DCASEY 20:26, May 18, 2005
    http://aplus.net/ is the only one I've ever gotten a phone call (3, actually, though I asked every time to be taken off their list) from.<br />
    <br />
    I suggest using their own services to let them know that they are part of the problem - right in there with lowlife spammers of porn, meds and large dicks - and that you wouldn't consider using their services if they were the last provider on earth.<br />
    <br />
    I am a web developer with many clients and the one thing I will do is to tell all of them NOT to use http://aplus.net/ for anything.
  • Gravatar - mdx
    mdx 05:06, January 30, 2006
    I've had several as well, and since I won't answer the call, it's a pre-recorded British woman pitching theie services. I ran the phone number the calls originated from, and it goes to a "Veleka Predictive Dialer" - something telemarketers use. Since I believe telemarketing one's cellphone with pre-recorded messages is against the FTC Do Not Call regulations and carry a hefty fine, I'm going to look into having them fined. It won't do anything in the larger scheme of things, but.... On teh other hand, in a class action, if someone subpoenaed their outbound calls and determined which went to cell phones and multiplied that number by a $1,000 fine, things might get interesting....
  • Gravatar - Leo
    Leo 04:14, June 1, 2008
    I hate when this crap happens to my business. Guess what I do! I do the same thing to them. Use something like: <a href="http://www.tools.mywikiinfo.com/includes/whoislookup.php">http://www.tools.mywikiinfo.com/includes/whoislookup.php</a><br />
    <br />
    And do them the same favor 3-4 times.<br />
    <br />
    Regards,<br />

Add Your Thoughts

WebHostGear.com is a hosting directory, not a web host.

Copyright © 1998-2024 WebHostGear.com