WHOIS Privacy Protect -- What Spamfighters Think

As others have mentioned, a recent court ruling suggests that when accompanied with "intentional spamming," hiding who owns a domain behind a "privacy protect" service (such as Domains by Proxy) could mean that the sender is in violation of the CAN-SPAM law. But let's set that aside for a moment. Even if there wasn't a potential legal issue, do recipient systems and anti-spam groups find privacy protect to be a reputable practice? Let's ask a few smart anti-spam experts what they think.

I started by asking Steve Linford, CEO of international spam stopping group Spamhaus, if he found WHOIS to be a useful tool for tracking spammers. Very much so, he says. "WHOIS is one of the many tools we use and is especially useful to see what the spammer wants investigators to see about him." What does he think about privacy protected domains? "A cloaked WHOIS for example screams 'Spammer!' to us, just one look at a WHOIS containing words like 'Domains by Proxy, Inc.' or 'Moniker Privacy Services' is enough for us to SBL instantly in situations where we suspect the domain is involved in spam. Additionally, spam involving a domain whose WHOIS says it was only registered last week is almost a no-brainer SBL listing. Use of certain 'blackhat' or 'greyhat' Registrars, use of PO Boxes and addresses of rent-a-mailbox places are other give-aways that talk loudly to us about the intention of the domain owner, as are freemail addresses used as domain contacts. For Spamhaus investigators, WHOIS or sometimes the lack of WHOIS (such as using TLDs that do not have WHOIS servers) can often be a picture that speaks a thousand words."

AOL's Senior Technical Account Manager Annalivia Ford sees a lot of spam, blocks even more of it, and works with senders to re-mediate issues. She agrees that hidden domain ownership information is probably a sign that somebody isn't likely to be a good sender. "I look for obfuscated/privacy domain registrations -- in my experience there are very, very few legitimate businesses that hide their whois data. I also use WHOIS to see if the registered information looks even close to realistic. Sometimes I call to see if someone answers the phone, and what they say."

Steve Atkins is a founding partner with Word to the Wise, a California-based consulting company specializing in email issues. Steve's very active in the realms of spam fighting and email best practices. He writes, "If I see spam advertising a domain then one of the first things I'll do is look at the domain registration. If the domain is registered using a 'privacy protection' service such as Domains By Proxy then I immediately know that the domain owner knows they're doing something wrong, and they're the actual perpetrator. At that point I know that I don't need to contact the domain owner, instead I need to identify their various service providers (who is providing them with DNS, web hosting, email, domain registration) and contact them with either takedown requests or (if it's done as part of legal action) with subpoenas for information about their customer."

Steve says that it's pretty rare that somebody in engaging in these practices is a good guy. "While legitimate businesses sometimes do stupid things with their network and domain setup it's incredibly rare that they'll do the same sort of things as spammers accidentally -- if their network footprint looks like a spammer it virtually always means that they're doing something unethical that upsets people to the degree that they need to hide. If it's not email spam, it's often things like SMS spam, fake affiliate programmes, eBay or Paypal fraud, things like that."

There you have it. Even if hiding domain ownership info behind privacy protect doesn't raise any legal issues (and if you send email marketing or manage email lists, that's not for certain), you're not likely to make any friends out of anybody taking a look into your email practices. Yet another reason to make everything about your company and email practices as transparent as possible.

1 comment:

  1. A guy was using "whoisprivacyprotect" to hide himself. He was using Facebook to get users to click through his affiliate links by conning them into thinking they were getting large-value store vouchers. Have "Whoisprivacyprotect" responded in a responsible manner? No. They just sent me an email saying I could get a "Morrisons" store voucher by answering some questions... Trolling, perhaps...

    ReplyDelete

Comments policy: Al is always right. Kidding, mostly. Be polite, and you're welcome to join in, even if it's a differing viewpoint.