Study Suggestion Number 14
Submitted By: [Redacted for privacy reasons] Topic: Quantify the extent to which the Whois database is used to facilitate illegal or undesirable activities, such as spam. Hypothesis: The Whois database is used only to a minor extent to generate spam and other such illegal or undesirable activities. How the hypothesis could be falsified: Produce data showing that the Whois database is a major contributor in generating spam and other such illegal or undesirable activities. Utility: The results would speak to the validity of the argument that modifications to Whois would be useful in deterring spam and other such illegal or undesirable activities. Type of Study Needed: We suggest a control/variable test comparing spam received at email addresses not published via Whois vs. spam received at email addresses provided as part of Whois records. Data that needs to be collected: A number of email addresses would be established. Half of those addresses (30) would not be disseminated. This would provide a control group. The remaining email addresses would be used to register domain names using a variety of registrars. These email addresses would be used for no other purpose. At the end of a 90-day period, the amount of spam in each inbox would be evaluated. It is, of course, possible that registering with some registrars produces more spam than registering with others. For this reason, information on the operation of each registrarâ??s Whois service should be collected, such as whether the registrar uses image challenge security measures on its web-based Whois or substitutes images for data in certain data fields (such as e-mail address). Population to be surveyed: See response to 6 above. Sample Size: Any number of email addresses could be compared as well as any number of registrars used. The number should be high enough to draw meaningful conclusions, perhaps 60 or 100 or more addresses. Type of Analysis: Comparing the volume of spam received by the control email addresses vs. the amount of spam received by the Whois contact addresses. In addition, the results for the Whois contact addresses should be sorted by registrar, to determine the effect of the use of security measures on abuse of Whois information.