Merit Network
Can't find what you're looking for? Search the Mail Archives.
  About Merit   Services   Network   Resources & Support   Network Research   News   Events   Home

Discussion Communities: Merit Network Email List Archives

North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: 'Whois protection service'

  • From: Joshua Brady
  • Date: Wed Jan 26 22:52:13 2005
  • Domainkey-signature: a=rsa-sha1; q=dns; c=nofws; s=beta; d=gmail.com; h=received:message-id:date:from:reply-to:to:subject:cc:in-reply-to:mime-version:content-type:content-transfer-encoding:references; b=fZsTyLhRQK2r3kqFBVg8p50ZJUmBXYsE4TpYP53lkxrXCNKnwg8OiCCHxM6419FK6cE+NmanE8u5LqBYits/Tu/N6jk2t9KhVw4owpLimB3C2s0AsyhL8zCoy+K71TluVfCaEc56zfhhYsJtqFwpK58cAdNDEBhZBrMt1MlL0lI=

On Thu, 27 Jan 2005 16:26:00 +1300 (NZDT), Mark Foster
<blakjak@blakjak.net> wrote:
> 
> Hi folks.

Hello Mark,

> Don't post a lot here but i'm figuring you folks will know more about this
> than my local NOG...

Glad to have you on NANOG.

> When investigating a host that spammed me today, I noted that when I
> whois'd the domain that the mailserver involved has forward/reverse dns
> pair for, the domain whois information comes up as follows:
> 
> Found crsnic referral to whois.enom.com.
> 
> Registration Service Provided By: Registerfly.com
> Contact: support@registerflysupport.com
> Visit: http://www.RegisterFly.com
> 
> Domain name: xmux.com
> 
> Registrant Contact:
>    RegisterFly.com - Ref# 14155933
>    Whois Protection Service - ProtectFly.com (14155933.fly@spamfly.com)
> 
> I'm unsure how appropriate it is to post anything more specific in the
> open forum, but i've never seen this before. Whats the deal with hiding a
> domain name owners true identity?
> Is this not simply yet another protect-the-spammers mechanism?

It will probably be called off-topic, flamed and dragged through the
mud, yet to answer your question. It is fully legit, yet it does have
its bad sides. I use it personally to keep prank callers from calling
me directly.

[soms@posche /]$ whois somsworld.com
[Querying whois.internic.net]
[Redirected to whois.godaddy.com]
[Querying whois.godaddy.com]
[whois.godaddy.com]

Registrant:
   Domains by Proxy, Inc.
   15111 N Hayden Rd., Suite 160
   PMB353
   Scottsdale, Arizona 85260
   United States

   Registered through: GoDaddy.com
   Domain Name: SOMSWORLD.COM
      Created on: 25-Aug-04
      Expires on: 25-Aug-05
      Last Updated on: 18-Jan-05

   Administrative Contact:
      Private, Registration  SOMSWORLD.COM@domainsbyproxy.com
      Domains by Proxy, Inc.
      15111 N Hayden Rd., Suite 160
      PMB353
      Scottsdale, Arizona 85260
      United States
      (480) 624-2599      Fax --
   Technical Contact:
      Private, Registration  SOMSWORLD.COM@domainsbyproxy.com
      Domains by Proxy, Inc.
      15111 N Hayden Rd., Suite 160
      PMB353
      Scottsdale, Arizona 85260
      United States
      (480) 624-2599      Fax --

   Domain servers in listed order:
      NS1.HITMANIT.COM
      NS2.HITMANIT.COM


> I followed up the chain - the authoritive DNS servers for the domain in
> question are hosts within a different domain, and this also has the same
> protection engaged....
>
> Is this old hat or something new? Is this still conformant to standard
> .com/net registrant rules and regs? (here in .nz, the registry information
> is required to be current and valid, and i've never seen a Registrar pass
> itself off as the owner of a domain before (at least in any legitimate
> situation))

It is all current information, and valid. I have gotten letters passed
through to me from godaddy. Its a perfectly legit situation. Yet in
your case it may not be, and it may be used to hide the person.

> Thanks in advance,
> Mark.

-- 
Joshua Brady




Discussion Communities


About Merit | Services | Network | Resources & Support | Network Research
News | Events | Contact | Site Map | Merit Network Home


Merit Network, Inc.