9
votes
How accurate are whois records?
I attempted to purchase a domain this week without first using whois. The registrar's search function got stuck in an infinite load animation. I then checked the whois to find the domain was registered about 4 hours prior by a different registrar. Bad luck I guess but I can't help feeling paranoid that this was a domain front run.
My question is how much leeway is there for a registrar reporting the registration time?
In my experience, they are generally very accurate (as is most historic WHOIS data). A major reason for that likely being that, AFAIK, all Registrars are bound by the Registrar Accreditation Agreement which mandates that registration information be accurate and up-to-date, and the agreement also includes an Accuracy Program Specification that mandates information be verified and validated within 15 days of domain registration or any information changes. And AFAIK, if they fail to abide by the terms of that agreement, the Registrar risks losing their accreditation.
And while I can't speak to whether there were any shenanigans going on, the registrar's search function (if it was an availability check) likely queried the WHOIS data, so you probably did actually wind up using WHOIS indirectly despite wanting to avoid that. ;)
That being said, there's Njalla and services like that which help obfuscate the owner of a domain.
They however are not a registrar, they just act as a proxy to them.
So does that mean that a registrar could claim that a domain was registered 15 days earlier than it was?
To be clear I wasn't avoiding whois, rather spitballing ideas into the registrar's search function so that I could see the prices before committing to anything.
While it's certainly possible they could do that, that would very likely still violate the RAA's accuracy requirements (even if it was corrected within 15 days), so I highly doubt they would do that. And as far as front running, I also very much doubt that any reputable Registrar would actually risk doing that either, as the pathetically minuscule amount of extra money they could earn from front running domains would absolutely not be worth the risk of losing their accreditation, which would completely destroy their entire business.
I agree that it's a stupid thing to do, but GoDaddy (for one) definitely used to do it. As far as I know, no one with any authority to do something about it ever looked into it. Maybe no one is doing it these days, maybe they are.
I always suggest that, to be be safe, people search for domain availability via a neutral whois service and then register the domain at a registrar that doesn't have a lot of frontrunning accusations floating around.
ICANN SSAC Report on Domain Name Front Running - But to be fair, that was a long time ago (2008), and AFAIK they haven't looked into it again since. So I do agree that it's better to be safe than sorry, which is why I also always do my domain availability/WHOIS checks through reputable sources (usually the .org in charge of administrating the gTLD/ccTLD, rather than through any third-party registrars).
p.s. I would totally not be surprised if GoDaddy (or more likely some of their reps working behind the company's back) did and still do the occasional bit of DNFR; They are by far the scummiest and most unethical of the big Hosts/Registrars, IMO.
I have read on hacker news that some registrars do this intentionally. I don't know that anyone can prove that, though. Supposedly when this happens, they often relinquish the name a few days later, so check back next week and see if it's still gone.
Also, be aware that if you do use your real info for whois you will be targeted for a lot of junk mail. Not just email spam, but physical mail, too. My spouse was quite surprised when one day I received a credit card offer in the mail addressed to me and the wife of the husband and wife team that ran our ISP. It was because I was listed as the business contact and she was listed as the technical contact for my website in whois.
Well I didn't want to cast aspersions when it could just be bad luck but it was namecheap which is specifically named in that hacker news thread.
I've fallen victim to domain front running before. It was for a unique, 3-word-long domain that I had never uttered to a soul besides the registrar search form. It was painfully obvious that this wasn't just a case of bad luck. Super scummy thing for the registrar to do, but on the bright side I was able to just wait out the 5-day grace period and pick it up from a different registrar. It ended up being a relatively minor inconvenience in the end.
This was around 12 years ago or so, FWIW. The registrar was either GoDaddy or Register.com, I don't remember which (I've been burned by both of them and will no longer patronize either). My current registrar is Hover, which I endorse heartily.
Sorry I don't have an answer to your question about the veracity of WHOIS record timestamps. Pretty intriguing twist if these guys are forging those to look more believable. It was only 4 hours off? Did you account for timezone offset, etc.?