It's a question that continues to plague the Internet Corporation for Assigned Names and Numbers (ICANN), domain name registrars, the U.S. Congress and several federal agencies: What's the best way to ensure the accuracy of domain name registration data?
It doesn't look like the answer will come anytime soon.
ICANN's Domain Name Supporting Organization Whois Task Force on Nov. 30 issued policy recommendations to ensure the accuracy of information contained in the Whois database, a directory that lists names and contact information of people who register domain names.
Although the report discusses ways to rapidly correct data determined to be inaccurate after a complaint has been lodged, it doesn't address proactive measures to screen out incorrect data during the registration process.
That issue, said Marilyn Cade, co-chairman of the task force, is something that still needs to be examined.
Despite repeated prodding by federal officials, who say law enforcers fighting fraud on the Internet rely on the accuracy of Whois data, most registrars have made little progress in determining the accuracy of registrants' information.
Registering a domain name is currently done on the honor system -- a registrant simply fills out an online form, and his domain name is automatically reserved for him. As such, the process is ideal for cybersquatters or other scammers looking to defraud businesses and consumers.
While ICANN mandates that registrars require registrants to provide accurate information, it doesn't force registrars to verify that information at the time of registration.
ICANN Vice President Louis Touton said that currently there isn't a feasible way to ensure the accuracy of Whois data on the front end.
Thomas D'Alleva, a spokesman for Baltimore-based BulkRegister.com Inc., implied that the registrars shouldn't be held accountable for checking the accuracy of data provided by people who register domain names.
"We're like a department of motor vehicles," he said. "If you give false information to a DMV, they'll still give you a driver's license."
BulkRegistry and other registrars have also said it would be too costly to implement a system to detect accurate information on the front end.
A spokeswoman for VeriSign Inc., a Mountain View, Calif.-based registrar, said the company implemented a real-time validation process to detect dummy data in a form's address field, such as listing 123-123-1234 as a contact telephone number, a practice often used by someone trying to perpetrate a fraud.
However, despite this technology, on Nov. 11, a scammer who set up a spoof eBay Web site that has since been taken down, was allowed to register the domain name Ebaylogin.com with VeriSign using 555-555-5555 as his fax number.
Last year, U.S. Rep. Howard Berman (D-Calif.), the ranking member of the Judiciary Committee's Subcommittee on Courts and Intellectual Property, warned ICANN that if registrars didn't take action to verify the contact information of their customers, Congress may step in and force them to.
Cade said the Whois task force doesn't advocate government intervention, adding, "The registrars need to understand that a little bit of self-governance will prevent a large amount of governance by government."