nanog mailing list archives

Re: 'Whois protection service'

From: Joshua Brady <somitho () gmail com>
Date: Wed, 26 Jan 2005 22:47:58 -0500


On Thu, 27 Jan 2005 16:26:00 +1300 (NZDT), Mark Foster
<blakjak () blakjak net> wrote:


Hi folks.


Hello Mark,

Don't post a lot here but i'm figuring you folks will know more about this
than my local NOG...


Glad to have you on NANOG.

When investigating a host that spammed me today, I noted that when I
whois'd the domain that the mailserver involved has forward/reverse dns
pair for, the domain whois information comes up as follows:

Found crsnic referral to whois.enom.com.

Registration Service Provided By: Registerfly.com
Contact: support () registerflysupport com
Visit: http://www.RegisterFly.com

Domain name: xmux.com

Registrant Contact:
   RegisterFly.com - Ref# 14155933
   Whois Protection Service - ProtectFly.com (14155933.fly () spamfly com)

I'm unsure how appropriate it is to post anything more specific in the
open forum, but i've never seen this before. Whats the deal with hiding a
domain name owners true identity?
Is this not simply yet another protect-the-spammers mechanism?


It will probably be called off-topic, flamed and dragged through the
mud, yet to answer your question. It is fully legit, yet it does have
its bad sides. I use it personally to keep prank callers from calling
me directly.

[soms@posche /]$ whois somsworld.com
[Querying whois.internic.net]
[Redirected to whois.godaddy.com]
[Querying whois.godaddy.com]
[whois.godaddy.com]

Registrant:
   Domains by Proxy, Inc.
   15111 N Hayden Rd., Suite 160
   PMB353
   Scottsdale, Arizona 85260
   United States

   Registered through: GoDaddy.com
   Domain Name: SOMSWORLD.COM
      Created on: 25-Aug-04
      Expires on: 25-Aug-05
      Last Updated on: 18-Jan-05

   Administrative Contact:
      Private, Registration  SOMSWORLD.COM () domainsbyproxy com
      Domains by Proxy, Inc.
      15111 N Hayden Rd., Suite 160
      PMB353
      Scottsdale, Arizona 85260
      United States
      (480) 624-2599      Fax --
   Technical Contact:
      Private, Registration  SOMSWORLD.COM () domainsbyproxy com
      Domains by Proxy, Inc.
      15111 N Hayden Rd., Suite 160
      PMB353
      Scottsdale, Arizona 85260
      United States
      (480) 624-2599      Fax --

   Domain servers in listed order:
      NS1.HITMANIT.COM
      NS2.HITMANIT.COM

I followed up the chain - the authoritive DNS servers for the domain in
question are hosts within a different domain, and this also has the same
protection engaged....

Is this old hat or something new? Is this still conformant to standard
.com/net registrant rules and regs? (here in .nz, the registry information
is required to be current and valid, and i've never seen a Registrar pass
itself off as the owner of a domain before (at least in any legitimate
situation))


It is all current information, and valid. I have gotten letters passed
through to me from godaddy. Its a perfectly legit situation. Yet in
your case it may not be, and it may be used to hide the person.

Thanks in advance,
Mark.


-- 
Joshua Brady

Current thread:

'Whois protection service' Mark Foster (Jan 26)
- Re: 'Whois protection service' Joshua Brady (Jan 26)
- Re: 'Whois protection service' Valdis . Kletnieks (Jan 26)
  - Re: 'Whois protection service' Mark Foster (Jan 26)