down sev0?

Jeremy Chadwick nanog at
Sat Oct 28 06:12:18 UTC 2006

On Sat, Oct 28, 2006 at 12:39:31AM -0500, Chris Owen wrote:
> The spam I got was directly from  It came with a  
> return email address, pointed to a web site  
> and came from an IP address the resolved to * (I will  
> admit I didn't confirm the netblock belonged to them).  I've never  
> done any business with them and the spam was for a domain name  
> "renewal" for a domain registered elsewhere.  In other words, it was  
> a classic whois scrapped spam.

Some clarification: the information is probably not being "scraped"
via WHOIS.  You're not allowed to scrape via WHOIS.  Deceptive
companies who want to get around this simply buy the WHOIS records
(I should be more precise: the data that would appear in a WHOIS
lookup) from the registrar directly.

I can point you to an Email thread discussing this find, which
includes couple statements from OpenSRS's Product Manager (who in a
roundabout way admitted that anyone can buy their WHOIS database),
if you'd like.

This doesn't explain the spam, but it I really do not see any
purpose to buying a registrar's copy of customer WHOIS records
other than for mass-marketing.  This is bad business in general.

> As I've previously said, this isn't like its some sort of borderline  
> case where someone in one part of the company is doing something that  
> someone else doesn't know about.  These guys are pretty hard core.   
> I'd say I get 20-30 emails a year from them for various domain names  
> I'm a contact on.  I've also received USPS spam which is another  
> story but no less unethical since they are all these BS "renewal"  
> type letters.  They might not be "Domain Registry of America" but  
> they are hardly innocent.

I've mentioned this on NANOG before.  See the thread about why I
refuse to put legitimate contact information (Email contact information
is always valid; just not the address or phone number) in our
domain WHOIS records.  The DROA is half of the reason; the other
half is what I described above.

The entire situation is depressing, solely because ICANN is doing
absolutely nothing to try and stop this sort-of behaviour (both
what the DROA does, and registrars selling their customers' WHOIS
records to whoever bids the most for it).

| Jeremy Chadwick                                 jdc at |
| Parodius Networking               |
| UNIX Systems Administrator                   Mountain View, CA, USA |
| Making life hard for others since 1977.               PGP: 4BD6C0CB |

More information about the NANOG mailing list