'Whois protection service'

Joshua Brady somitho at gmail.com
Thu Jan 27 03:47:58 UTC 2005


On Thu, 27 Jan 2005 16:26:00 +1300 (NZDT), Mark Foster
<blakjak at blakjak.net> wrote:
> 
> Hi folks.

Hello Mark,

> Don't post a lot here but i'm figuring you folks will know more about this
> than my local NOG...

Glad to have you on NANOG.

> When investigating a host that spammed me today, I noted that when I
> whois'd the domain that the mailserver involved has forward/reverse dns
> pair for, the domain whois information comes up as follows:
> 
> Found crsnic referral to whois.enom.com.
> 
> Registration Service Provided By: Registerfly.com
> Contact: support at registerflysupport.com
> Visit: http://www.RegisterFly.com
> 
> Domain name: xmux.com
> 
> Registrant Contact:
>    RegisterFly.com - Ref# 14155933
>    Whois Protection Service - ProtectFly.com (14155933.fly at spamfly.com)
> 
> I'm unsure how appropriate it is to post anything more specific in the
> open forum, but i've never seen this before. Whats the deal with hiding a
> domain name owners true identity?
> Is this not simply yet another protect-the-spammers mechanism?

It will probably be called off-topic, flamed and dragged through the
mud, yet to answer your question. It is fully legit, yet it does have
its bad sides. I use it personally to keep prank callers from calling
me directly.

[soms at posche /]$ whois somsworld.com
[Querying whois.internic.net]
[Redirected to whois.godaddy.com]
[Querying whois.godaddy.com]
[whois.godaddy.com]

Registrant:
   Domains by Proxy, Inc.
   15111 N Hayden Rd., Suite 160
   PMB353
   Scottsdale, Arizona 85260
   United States

   Registered through: GoDaddy.com
   Domain Name: SOMSWORLD.COM
      Created on: 25-Aug-04
      Expires on: 25-Aug-05
      Last Updated on: 18-Jan-05

   Administrative Contact:
      Private, Registration  SOMSWORLD.COM at domainsbyproxy.com
      Domains by Proxy, Inc.
      15111 N Hayden Rd., Suite 160
      PMB353
      Scottsdale, Arizona 85260
      United States
      (480) 624-2599      Fax --
   Technical Contact:
      Private, Registration  SOMSWORLD.COM at domainsbyproxy.com
      Domains by Proxy, Inc.
      15111 N Hayden Rd., Suite 160
      PMB353
      Scottsdale, Arizona 85260
      United States
      (480) 624-2599      Fax --

   Domain servers in listed order:
      NS1.HITMANIT.COM
      NS2.HITMANIT.COM


> I followed up the chain - the authoritive DNS servers for the domain in
> question are hosts within a different domain, and this also has the same
> protection engaged....
>
> Is this old hat or something new? Is this still conformant to standard
> .com/net registrant rules and regs? (here in .nz, the registry information
> is required to be current and valid, and i've never seen a Registrar pass
> itself off as the owner of a domain before (at least in any legitimate
> situation))

It is all current information, and valid. I have gotten letters passed
through to me from godaddy. Its a perfectly legit situation. Yet in
your case it may not be, and it may be used to hide the person.

> Thanks in advance,
> Mark.

-- 
Joshua Brady



More information about the NANOG mailing list