Whois "Study"

["Michele Neylon :: Blacknight" <michele@xxxxxxxxxxxxx>]

Resending, since this seems to have gone AWOL 


While this study probably has some merit, I'm having difficulty understanding 
exactly where that merit actually lies.

There are over 100 million gTLD domain names currently registered. 

To draw any "meaningful" conclusions about anything related to the current 
corpus of domain names would require a sample set significantly larger than 
that chosen. 

While it may be possible for a statistician to rationalise their choices I 
would be wary of making any definitive statements about WHOIS based on this 
sample.

With respect to the study's methodology ...


"We explored with ICANN the possibility of using IP address and Maxmind.com to 
assign countries to all domains prior to sample selection in order to avoid 
this additional stage of sampling, however once we checked the country 
assignments using those sources against actual country as recorded in a sample 
of WHOIS records we found too many inaccuracies."

IP addresses are NOT assigned by country. They are assigned firstly by region 
ie. RIPE, ARIN etc., and then to AS numbers, which have no direct correlation 
with countries. We, for example, are members of RIPE. That does not, however, 
mean that all our IP assignments are going to be mapped "easily" to Ireland. If 
we assign an allocation to a client from Portugal, then the IP address' 
assignment would reflect that clearly in WHOIS. 

The only case where Maxmind, or a similar service, would "fail" is if the IP 
block being queried were a very recent one and considering that Maxmind update 
their database every few days even that assertion is probably inaccurate.

The methodology for verifying physical addresses may work fine in countries 
with an easily "mappable" postal address system, but my own home address would 
probably fail their checks, as would a lot of Irish residents.

Using phone numbers to validate contacts is fine, however expecting to be able 
to do a lookup is not. It's 2010. Many people rely primarily on their mobile 
phone for day to day use, and most of our staff, for example, wouldn't even 
have fixed lines in their homes. And of course there are no public directories 
of mobile phone numbers.

In any case until such time as gTLDs adopt a saner approach to WHOIS that 
respects individuals' right to privacy this "problem" won't go away.

A criminal is never going to provide valid WHOIS data and in many of the cases 
I've seen will quite happily produce perfectly valid WHOIS data - just not 
their own

Regards

Micheel

Mr Michele Neylon
Blacknight Solutions
Hosting & Colocation, Brand Protection
http://www.blacknight.com/
http://blog.blacknight.com/
http://mneylon.tel
Intl. +353 (0) 59  9183072
US: 213-233-1612 
UK: 0844 484 9361
Locall: 1850 929 929
Direct Dial: +353 (0)59 9183090
Fax. +353 (0) 1 4811 763
-------------------------------
Blacknight Internet Solutions Ltd, Unit 12A,Barrowside Business Park,Sleaty
Road,Graiguecullen,Carlow,Ireland  Company No.: 370845