WhoIs misuse is the usage of public WhoIs data, which include the registrants’ personal and contact information, for “detrimental purposes such as spam, phishing, identity theft or data theft”.
WhoIs misuse refers to the damaging acts that have the potential to exploit contact information obtained from the WHOIS database. Damaging acts may include generating spam, misuse of personal information, identity theft, harassment, stalking, financial loss, data abuse, phishing scam, and other exploits that are a part of cybercrime.
WhoIs information takes into account certain elements which include the registered domain name, the registrar’s name, the server used, the date of registration, the expiry date, the registrant’s address and contact information for administrative and technical purposes.
Due to the sensitivity of such information, personal data can be vulnerable to data mining – a type of WhoIs misuse. This type of misuse searches through the WhoIs entries to find valuable information for exploitation.
It has been observed that WhoIs anti-harvesting techniques, employed both at the Registry and Registrar level, have played a significant role in reducing the possibility of WhoIs misuse. Let’s identify the most common Anti-Harvesting Techniques that have been effective in reducing misuse.
Common Anti-Harvesting Techniques
- Rate Limiting: Rate Limiting prevents bulk searching and data mining of the WHOIS database. This is typically done by limiting the number of queries that can be submitted within a certain time frame. Once the mandated limit is reached, search results may not be returned due to temporary blacklisting. Sometimes only selected information may be returned. This is one of the most common anti-harvesting techniques used by registrars.
- CAPTCHA: Many registrars make people initiate any web process through a CAPTCHA challenge. This is done in order to cease automated collection of domain name records whenever a WhoIs query is entered.
- Privacy or Proxy Services: These services keep the individual’s contact data out of the WHOIS database. Instead, it uses the registrar’s or the third party’s contact information. Some of the proxy services screen all the received messages before sending them to the registrant. Such a service significantly reduces the number of spam messages received by a registrant. This is a more effective approach in reducing spam as compared to protective methods such as CAPTCHAs or rate limiting. Many popular registrars offer privacy or proxy services.
- Blacklisting: Temporary or permanent blacklisting stops users from exploring a registrar’s WhoIs database when using a specific IP address or domain name. Permanent blacklisting is typically applied in case the user is suspected of frequent WhoIs misuse.
Know about WhoIs misuse & work to prevent it from happening.