On Thu, 27 Jan 2005 16:26:00 +1300 (NZDT), Mark Foster <[EMAIL PROTECTED]> wrote: > > Hi folks.
Hello Mark, > Don't post a lot here but i'm figuring you folks will know more about this > than my local NOG... Glad to have you on NANOG. > When investigating a host that spammed me today, I noted that when I > whois'd the domain that the mailserver involved has forward/reverse dns > pair for, the domain whois information comes up as follows: > > Found crsnic referral to whois.enom.com. > > Registration Service Provided By: Registerfly.com > Contact: [EMAIL PROTECTED] > Visit: http://www.RegisterFly.com > > Domain name: xmux.com > > Registrant Contact: > RegisterFly.com - Ref# 14155933 > Whois Protection Service - ProtectFly.com ([EMAIL PROTECTED]) > > I'm unsure how appropriate it is to post anything more specific in the > open forum, but i've never seen this before. Whats the deal with hiding a > domain name owners true identity? > Is this not simply yet another protect-the-spammers mechanism? It will probably be called off-topic, flamed and dragged through the mud, yet to answer your question. It is fully legit, yet it does have its bad sides. I use it personally to keep prank callers from calling me directly. [EMAIL PROTECTED] /]$ whois somsworld.com [Querying whois.internic.net] [Redirected to whois.godaddy.com] [Querying whois.godaddy.com] [whois.godaddy.com] Registrant: Domains by Proxy, Inc. 15111 N Hayden Rd., Suite 160 PMB353 Scottsdale, Arizona 85260 United States Registered through: GoDaddy.com Domain Name: SOMSWORLD.COM Created on: 25-Aug-04 Expires on: 25-Aug-05 Last Updated on: 18-Jan-05 Administrative Contact: Private, Registration [EMAIL PROTECTED] Domains by Proxy, Inc. 15111 N Hayden Rd., Suite 160 PMB353 Scottsdale, Arizona 85260 United States (480) 624-2599 Fax -- Technical Contact: Private, Registration [EMAIL PROTECTED] Domains by Proxy, Inc. 15111 N Hayden Rd., Suite 160 PMB353 Scottsdale, Arizona 85260 United States (480) 624-2599 Fax -- Domain servers in listed order: NS1.HITMANIT.COM NS2.HITMANIT.COM > I followed up the chain - the authoritive DNS servers for the domain in > question are hosts within a different domain, and this also has the same > protection engaged.... > > Is this old hat or something new? Is this still conformant to standard > .com/net registrant rules and regs? (here in .nz, the registry information > is required to be current and valid, and i've never seen a Registrar pass > itself off as the owner of a domain before (at least in any legitimate > situation)) It is all current information, and valid. I have gotten letters passed through to me from godaddy. Its a perfectly legit situation. Yet in your case it may not be, and it may be used to hide the person. > Thanks in advance, > Mark. -- Joshua Brady