The actual value, from a security standpoint, of using a proxy domain registrar?
Howdy, I am curious what others in the industry think on this topic. When one registers a domain they can put in their real information or they can use a proxy, like Go-Daddy's Domains By Proxy. Now, personally, I would prefer just to get a PO Box and put that address on my domain info instead of doing a proxy. I could also put down a phone number in the registration that just goes to my general business phone line which is just a DVR. So the question I have is this: What actual security are these proxy companies providing to the end-user? My company website has my real address, my real phone number, exec bio's and pictures of them yet upper management (and our marketing company) think using a proxy is a good thing. What's the difference between using a proxy vs using a PO Box except that a PO Box is cheaper? I'd just like to get thoughts from others to see what the general feeling is on this topic. Cheers, Mike
My opinion is that it's nothing more than a "value-add" for domain registrars. The domain registration fees these days have razor thin margins. So places like Godaddy and others offer these services to make up for their domains essentially being "loss-leaders". A lot of these places use scare tactics to convince domain buyers that "privacy" is essential, otherwise one would get spam, telemarketing calls and junk mail. Well, that's partly true, as some companies do scrape whois data. So does maintaining a P.O box, a phone number that goes direct to voice mail, as well as a separate "junk mail" email account cost you less than about $20 a year? I'm not sure, but having your number on the do not call list (if you are in the U.S) is free, receiving junk mail doesn't cost anything and neither does a hotmail/yahoo/gmail account. So, to get to my point, from a "security" standpoint my opinion is that domain "privacy" is of as much benefit as hiding under the covers of my bed if an attacker breaks into my home. On Wed, 2009-07-15 at 14:52 -0700, Mike Lyon wrote:
Howdy,
I am curious what others in the industry think on this topic. When one registers a domain they can put in their real information or they can use a proxy, like Go-Daddy's Domains By Proxy.
Now, personally, I would prefer just to get a PO Box and put that address on my domain info instead of doing a proxy. I could also put down a phone number in the registration that just goes to my general business phone line which is just a DVR.
So the question I have is this: What actual security are these proxy companies providing to the end-user? My company website has my real address, my real phone number, exec bio's and pictures of them yet upper management (and our marketing company) think using a proxy is a good thing.
What's the difference between using a proxy vs using a PO Box except that a PO Box is cheaper?
I'd just like to get thoughts from others to see what the general feeling is on this topic.
Cheers, Mike -- "Prediction is very difficult, especially about the future." Niels Bohr -- Ray Sanders Linux Administrator Village Voice Media Office: 602-744-6547 Cell: 602-300-4344
On Wed, Jul 15, 2009 at 03:13:26PM -0700, Ray Sanders wrote:
A lot of these places use scare tactics to convince domain buyers that "privacy" is essential, otherwise one would get spam, telemarketing calls and junk mail.
Well, that's partly true, as some companies do scrape whois data.
Not so much anymore. It's far more cost-effective and efficient for them to buy the data in bulk, and there are plenty of suppliers offering it. Now as to whether they're bad actors inside registrars, or registrars themselves, or folks who've cracked registrar security and helped themselves to the contents of their databases: who knows? But the bottom line is that the data's out there. ---Rsk
Mike Lyon wrote:
I am curious what others in the industry think on this topic. When one registers a domain they can put in their real information or they can use a proxy, like Go-Daddy's Domains By Proxy.
If you're using it for your business, the value is pretty slim. You probably want your business to be reachable by the public. Individuals, especially those using their domains to publish anything controversial, could benefit somewhat from the increased privacy. David Smith MVN.net
And that falls right into some of the scare tactic sales pitches the domain registrars use. "they can look up your domain and find your home address!" Heck, even a p.o box could leave someone open to a stalker, if said stalker is determined enough. so yes, I'll concede that point to a certain extent. On Wed, 2009-07-15 at 17:18 -0500, David E. Smith wrote:
Mike Lyon wrote:
I am curious what others in the industry think on this topic. When one registers a domain they can put in their real information or they can use a proxy, like Go-Daddy's Domains By Proxy.
If you're using it for your business, the value is pretty slim. You probably want your business to be reachable by the public.
Individuals, especially those using their domains to publish anything controversial, could benefit somewhat from the increased privacy.
David Smith MVN.net
-- "Prediction is very difficult, especially about the future." Niels Bohr -- Ray Sanders Linux Administrator Village Voice Media Office: 602-744-6547 Cell: 602-300-4344
I still think it's a huge waste of money. On Wed, Jul 15, 2009 at 3:34 PM, Ray Sanders < Ray.Sanders@villagevoicemedia.com> wrote:
And that falls right into some of the scare tactic sales pitches the domain registrars use.
"they can look up your domain and find your home address!"
Heck, even a p.o box could leave someone open to a stalker, if said stalker is determined enough.
so yes, I'll concede that point to a certain extent.
On Wed, 2009-07-15 at 17:18 -0500, David E. Smith wrote:
Mike Lyon wrote:
I am curious what others in the industry think on this topic. When one registers a domain they can put in their real information or they can use a proxy, like Go-Daddy's Domains By Proxy.
If you're using it for your business, the value is pretty slim. You probably want your business to be reachable by the public.
Individuals, especially those using their domains to publish anything controversial, could benefit somewhat from the increased privacy.
David Smith MVN.net
-- "Prediction is very difficult, especially about the future." Niels Bohr -- Ray Sanders Linux Administrator Village Voice Media Office: 602-744-6547 Cell: 602-300-4344
Not everybody charges for the service. Shop around. On Jul 15, 2009, at 3:37 PM, Mike Lyon wrote:
I still think it's a huge waste of money.
On Wed, Jul 15, 2009 at 3:34 PM, Ray Sanders < Ray.Sanders@villagevoicemedia.com> wrote:
And that falls right into some of the scare tactic sales pitches the domain registrars use.
"they can look up your domain and find your home address!"
Heck, even a p.o box could leave someone open to a stalker, if said stalker is determined enough.
so yes, I'll concede that point to a certain extent.
On Wed, 2009-07-15 at 17:18 -0500, David E. Smith wrote:
Mike Lyon wrote:
I am curious what others in the industry think on this topic. When one registers a domain they can put in their real information or they can use a proxy, like Go-Daddy's Domains By Proxy.
If you're using it for your business, the value is pretty slim. You probably want your business to be reachable by the public.
Individuals, especially those using their domains to publish anything controversial, could benefit somewhat from the increased privacy.
David Smith MVN.net
-- "Prediction is very difficult, especially about the future." Niels Bohr -- Ray Sanders Linux Administrator Village Voice Media Office: 602-744-6547 Cell: 602-300-4344
Mike Lyon wrote:
Howdy,
I am curious what others in the industry think on this topic. When one registers a domain they can put in their real information or they can use a proxy, like Go-Daddy's Domains By Proxy.
Now, personally, I would prefer just to get a PO Box and put that address on my domain info instead of doing a proxy. I could also put down a phone number in the registration that just goes to my general business phone line which is just a DVR.
[snip]
What's the difference between using a proxy vs using a PO Box except that a PO Box is cheaper?
As others have already said, it doesn't really provide any security. In addition, it makes the company doing it appear amateurish. One expects professional behavior from a company. There are certainly reasons one might choose to obscure the ownership of a domain, but none of them are sound business reasons. For the sake of your management, pick a few domains at random, do a whois on them, and print them out, as examples of grown up companies (I chose lockheed.com, microsoft,com, google.com, and revlon.com myself).
I'd just like to get thoughts from others to see what the general feeling is on this topic.
Just tell them no, in the most diplomatic way possible (lucky for them it's you and not me, since I am not always so diplomatic as I ought to be). As a quick aside, I did see someone advise you that you could use the fedgov do not call list for your phone, but if it's a business phone, you cannot. -- I tried being reasonable once. I didn't like it. Cats are smarter than dogs. You can't teach eight cats to pull a sled. Stupid is doing the same thing over and over and expecting different results.
In message <1b5c1c150907151452k52093694mc8b93538b4707f87@mail.gmail.com>, Mike Lyon writes:
Howdy,
I am curious what others in the industry think on this topic. When one registers a domain they can put in their real information or they can use a proxy, like Go-Daddy's Domains By Proxy.
Now, personally, I would prefer just to get a PO Box and put that address on my domain info instead of doing a proxy. I could also put down a phone number in the registration that just goes to my general business phone line which is just a DVR.
So the question I have is this: What actual security are these proxy companies providing to the end-user? My company website has my real address, my real phone number, exec bio's and pictures of them yet upper management (and our marketing company) think using a proxy is a good thing.
What's the difference between using a proxy vs using a PO Box except that a PO Box is cheaper?
I'd just like to get thoughts from others to see what the general feeling is on this topic.
Cheers, Mike
The whois is for when you stuff up you DNS / WEB etc. There are lots of errors which are not visible except from a iterative resolver. The contacts should be reachable easily from anywhere in the world. They should be kept up to date. I don't know how often I've attempted to report a operational problem with DNS servers and delegations just to have the email bounce due to the data being out of date. Proxy services just add yet another layer that can go wrong. Mark -- Mark Andrews, ISC 1 Seymour St., Dundas Valley, NSW 2117, Australia PHONE: +61 2 9871 4742 INTERNET: marka@isc.org
* Mike Lyon:
So the question I have is this: What actual security are these proxy companies providing to the end-user?
You can register domains without alerting your competition that you plan to provide a particular service (which could be guessed based on the domain name). Or a merger is coming up, and you want to quietly get the domain for the new company name. OTOH, there doesn't seem to be a legitimate long-term use for business purposes. (In my view, the secondary domain market is not legitimate---online advertisers keep it alive to artificially increase conversion rates, essentially defrauding brand owners who are structurally unable to cope with this situation.) -- Florian Weimer <fweimer@bfk.de> BFK edv-consulting GmbH http://www.bfk.de/ Kriegsstraße 100 tel: +49-721-96201-1 D-76133 Karlsruhe fax: +49-721-96201-99
On Jul 16, 2009, at 4:27 AM, Florian Weimer wrote:
OTOH, there doesn't seem to be a legitimate long-term use for business purposes. (In my view, the secondary domain market is not legitimate---online advertisers keep it alive to artificially increase conversion rates, essentially defrauding brand owners who are structurally unable to cope with this situation.)
Don't be myopic about this. There are very legitimate business cases for these services. Example: I work for a VoIP provider that sells to large customers. Their customers sell to smaller customers that want to operate their own small scale VoIP business. No one 2 or 3 levels down knows who we are, and the people upstream want it that way. Sure, most have their own domain names, but maintaining that for SBCs and very small customers who don't have/want their own domain name (to check call logs, etc) simply isn't feasible (you can doubt this assertion, but unless you know the middle eastern VoIP markets you have no business doing so). Solution? Generic sounding domain name with private registration. Cheap. Effective. Done. Daryl
Example: I work for a VoIP provider that sells to large customers. Their customers sell to smaller customers that want to operate their own small scale VoIP business. No one 2 or 3 levels down knows who we are, and the people upstream want it that way.
Sure.
Solution? Generic sounding domain name
Right.
with private registration.
Wrong. Proxy registration just makes you look sleazy. Voxbone does just dandy as a VoIP wholesaler without proxy registration. What do they know that you don't? Some proxy registration is just stupid, e.g., there's proxy registration for betamax.com, but not for their brands such as voipdiscount.com, phonefreecalls.com, internetcalls.com, and nowcall.com. R's, John PS:
I am curious what others in the industry think on this topic. When one registers a domain they can put in their real information or they can use a proxy, like Go-Daddy's Domains By Proxy.
More food for thought: <http://blog.easydns.org/archives/247-Why-we-do-not-offer-Whois-masking-at -easyDNS.html#extended> ~JasonG --
participants (11)
-
Daryl G. Jurbala
-
David E. Smith
-
Etaoin Shrdlu
-
Florian Weimer
-
Jason Gurtz
-
Jeremy Hanmer
-
John Levine
-
Mark Andrews
-
Mike Lyon
-
Ray Sanders
-
Rich Kulawiec