Domain registrars warned on oversight

• Article
• Comments ()
• Click-2-Listen

By Shaun Waterman UNITED PRESS INTERNATIONAL

The nonprofit association that oversees Internet addresses says it will sanction two major domain registrars unless they fix flaws in their system for investigating shady Web sites.

The Internet Corporation for Assigned Names and Numbers, known as ICANN, sent formal breach notices Tuesday to two of the registrars that it accredits, giving them 15 days to fix the problem or lose their accreditation. The registrars - Swiss-based Joker.com and Beijing Innovative Linkage Technology Ltd., doing business as DNS.com.cn - lease out about 900,000 Internet addresses, known as domain names.

"We are sending a message in public ... that everyone needs to be vigilant," said Paul Levins, ICANN's vice president for corporate affairs.

ICANN Chief Executive Officer Paul Twomey told United Press International that if the companies lose their accreditation, there is a process for transferring the domains they had leased to other registrars.

"The registrants will be taken care of," he said.

ICANN's notices are the latest under a crackdown aimed at improving the accuracy of information about who controls domain names and the Web sites based there.

As part of the registration process, those leasing domain names from registrars — the registrants — are required to identify themselves and provide contact information in a huge Internet database at Whois.net.

But spammers and other criminals who use Web pages to sell counterfeit goods, steal identities or propagate malicious software rarely provide accurate Whois information and sometimes do not provide any at all, say Web security specialists.

"There are some domain registrars who facilitate criminal activities on the Web by turning a blind eye" to registrants who deliberately provide false or incomplete Whois information, said Garth Bruen of the anti-spam advocacy group KnujOn - "no junk" spelled backward.

He says a hard core of registrars rent most of the domain names that contain the Web sites advertised in spam e-mails — billions of unsolicited messages sent every year, mostly by so-called botnets of personal computers that, unbeknown to their owners, have been taken over by hackers and other cybercriminals.

Earlier this year, Mr. Bruen analyzed millions of spam e-mail messages forwarded by members of the public. He concluded that 90 percent of the Web addresses the spam advertised had been leased by just 20 registrars.

ICANN says that it has no authority to directly target spammers, counterfeiters and other criminals who register domain names and that the registrars it accredits are not required to proactively ensure the accuracy of their registrants' Whois information. But they are obliged to follow up reports about missing or incorrect Whois data, and the failure of Joker.com and dns.com.cn to do so is what led ICANN to issue the breach notices.

"The good registrars, which is the vast majority of them, welcome this enforcement," said Mr. Levins, adding that a recent audit had found that 850 out of 900 accredited registrars were complying with requirements to get accurate and complete data from registrants.