At 14:18 3/21/98 -0800, Randy Bush wrote:
I think that this is a really important issue. Thanks for bringing it up.
Who should have access to whois contact information and its misuse.
I put my data in there for use by folk with net ops problems. My understanding is this is the purpose for which whois data have always been given.
Correct. The stated purpose of WhoIs (in all it's guises) is to provide contact information for a domain. This information is supposed to be publicly available to provide a way for a user or other sysadmin to contact the domain owner/technical people. Thus, if you have a misconfigured mail server that's bouncing all "postmaster" mail, I can email your tech or zone contact to let them know, or place a phone call, or whatever. That's why several RFCs require correct contact data to be in WhoIs. The misuse aspect has come about because spammers (primarily) have bots that will harvest all the addresses in WhoIs and send them their drivel. Many people, because of this abuse, want to NOT have their email address listed in WhoIs...but that defeats the good purpose of the database. Probably the best way to handle this right now is to use a role account in the registration and put spam filters on that account. It's important to read mail to that account, though, because in the trash could easily be something important. So far, MOST (but not all) of those (that I've seen) arguing vehemently for complete anonymity in WhoIs and/or having no valid contact data are those persons trying to hide their identity because they are engaging in Net abuse of one form or another. There are a few, though, that are just privacy fanatics with no special agenda. Spam: it's not just for breakfast anymore.... Dean Robb PC-Easy On-site computer services (757) 495-EASY [3279]