[77612] in North American Network Operators' Group
Re: 'Whois protection service'
daemon@ATHENA.MIT.EDU (Joshua Brady)
Wed Jan 26 22:50:58 2005
Date: Wed, 26 Jan 2005 22:47:58 -0500
From: Joshua Brady <somitho@gmail.com>
Reply-To: Joshua Brady <somitho@gmail.com>
To: Mark Foster <blakjak@blakjak.net>
Cc: nanog@merit.edu
In-Reply-To: <Pine.LNX.4.56.0501271622130.30549@babylon.blakjak.net>
Errors-To: owner-nanog-outgoing@merit.edu
On Thu, 27 Jan 2005 16:26:00 +1300 (NZDT), Mark Foster
<blakjak@blakjak.net> wrote:
>
> Hi folks.
Hello Mark,
> Don't post a lot here but i'm figuring you folks will know more about this
> than my local NOG...
Glad to have you on NANOG.
> When investigating a host that spammed me today, I noted that when I
> whois'd the domain that the mailserver involved has forward/reverse dns
> pair for, the domain whois information comes up as follows:
>
> Found crsnic referral to whois.enom.com.
>
> Registration Service Provided By: Registerfly.com
> Contact: support@registerflysupport.com
> Visit: http://www.RegisterFly.com
>
> Domain name: xmux.com
>
> Registrant Contact:
> RegisterFly.com - Ref# 14155933
> Whois Protection Service - ProtectFly.com (14155933.fly@spamfly.com)
>
> I'm unsure how appropriate it is to post anything more specific in the
> open forum, but i've never seen this before. Whats the deal with hiding a
> domain name owners true identity?
> Is this not simply yet another protect-the-spammers mechanism?
It will probably be called off-topic, flamed and dragged through the
mud, yet to answer your question. It is fully legit, yet it does have
its bad sides. I use it personally to keep prank callers from calling
me directly.
[soms@posche /]$ whois somsworld.com
[Querying whois.internic.net]
[Redirected to whois.godaddy.com]
[Querying whois.godaddy.com]
[whois.godaddy.com]
Registrant:
Domains by Proxy, Inc.
15111 N Hayden Rd., Suite 160
PMB353
Scottsdale, Arizona 85260
United States
Registered through: GoDaddy.com
Domain Name: SOMSWORLD.COM
Created on: 25-Aug-04
Expires on: 25-Aug-05
Last Updated on: 18-Jan-05
Administrative Contact:
Private, Registration SOMSWORLD.COM@domainsbyproxy.com
Domains by Proxy, Inc.
15111 N Hayden Rd., Suite 160
PMB353
Scottsdale, Arizona 85260
United States
(480) 624-2599 Fax --
Technical Contact:
Private, Registration SOMSWORLD.COM@domainsbyproxy.com
Domains by Proxy, Inc.
15111 N Hayden Rd., Suite 160
PMB353
Scottsdale, Arizona 85260
United States
(480) 624-2599 Fax --
Domain servers in listed order:
NS1.HITMANIT.COM
NS2.HITMANIT.COM
> I followed up the chain - the authoritive DNS servers for the domain in
> question are hosts within a different domain, and this also has the same
> protection engaged....
>
> Is this old hat or something new? Is this still conformant to standard
> .com/net registrant rules and regs? (here in .nz, the registry information
> is required to be current and valid, and i've never seen a Registrar pass
> itself off as the owner of a domain before (at least in any legitimate
> situation))
It is all current information, and valid. I have gotten letters passed
through to me from godaddy. Its a perfectly legit situation. Yet in
your case it may not be, and it may be used to hide the person.
> Thanks in advance,
> Mark.
--
Joshua Brady
