On Thu, 27 Jan 2005 16:26:00 +1300 (NZDT), Mark Foster <blakjak@blakjak.net> wrote:
Hi folks.
Hello Mark,
Don't post a lot here but i'm figuring you folks will know more about this than my local NOG...
Glad to have you on NANOG.
When investigating a host that spammed me today, I noted that when I whois'd the domain that the mailserver involved has forward/reverse dns pair for, the domain whois information comes up as follows:
Found crsnic referral to whois.enom.com.
Registration Service Provided By: Registerfly.com Contact: support@registerflysupport.com Visit: http://www.RegisterFly.com
Domain name: xmux.com
Registrant Contact: RegisterFly.com - Ref# 14155933 Whois Protection Service - ProtectFly.com (14155933.fly@spamfly.com)
I'm unsure how appropriate it is to post anything more specific in the open forum, but i've never seen this before. Whats the deal with hiding a domain name owners true identity? Is this not simply yet another protect-the-spammers mechanism?
It will probably be called off-topic, flamed and dragged through the mud, yet to answer your question. It is fully legit, yet it does have its bad sides. I use it personally to keep prank callers from calling me directly. [soms@posche /]$ whois somsworld.com [Querying whois.internic.net] [Redirected to whois.godaddy.com] [Querying whois.godaddy.com] [whois.godaddy.com] Registrant: Domains by Proxy, Inc. 15111 N Hayden Rd., Suite 160 PMB353 Scottsdale, Arizona 85260 United States Registered through: GoDaddy.com Domain Name: SOMSWORLD.COM Created on: 25-Aug-04 Expires on: 25-Aug-05 Last Updated on: 18-Jan-05 Administrative Contact: Private, Registration SOMSWORLD.COM@domainsbyproxy.com Domains by Proxy, Inc. 15111 N Hayden Rd., Suite 160 PMB353 Scottsdale, Arizona 85260 United States (480) 624-2599 Fax -- Technical Contact: Private, Registration SOMSWORLD.COM@domainsbyproxy.com Domains by Proxy, Inc. 15111 N Hayden Rd., Suite 160 PMB353 Scottsdale, Arizona 85260 United States (480) 624-2599 Fax -- Domain servers in listed order: NS1.HITMANIT.COM NS2.HITMANIT.COM
I followed up the chain - the authoritive DNS servers for the domain in question are hosts within a different domain, and this also has the same protection engaged....
Is this old hat or something new? Is this still conformant to standard .com/net registrant rules and regs? (here in .nz, the registry information is required to be current and valid, and i've never seen a Registrar pass itself off as the owner of a domain before (at least in any legitimate situation))
It is all current information, and valid. I have gotten letters passed through to me from godaddy. Its a perfectly legit situation. Yet in your case it may not be, and it may be used to hide the person.
Thanks in advance, Mark.
-- Joshua Brady