You are here

Is the WHOIS Service a Source for email Addresses for Spammers? [SAC 023]

In the SSAC’s prior work on WHOIS (SAC 003, 2003), the Committee stated that "it is widely believed that WHOIS data is a source of email addresses for the distribution of spam." The US Federal Trade Commission conducted a study at approximately the same time. In Email Address Harvesting: How Spammers Reap What You Sow, FTC researchers reported that "email addresses posted in instant message service user profiles, 'WHOIS' domain name registries, online resume services, and online dating services did not receive any spam during the six weeks of [their] investigation."1 This SSAC study on WHOIS considers again whether the WHOIS service is a source of email addresses for spammers.

To accomplish this task, the SSAC conducted an experiment to see the effects of two services registrars now offer to protect registrant email addresses from publication and abuse. For the sake of brevity, these services are referred to as Protected-WHOIS and Delegated-WHOIS. For the study, SSAC registered and monitored email delivery to randomly composed strings as second-level labels in four Top Level Domains: COM, DE, INFO, and ORG. The domain names were registered in February 2007. The recipient chosen for the registrant email address for each of the registration records was also chosen randomly. These were neither used in correspondence nor published electronically in any form (web, IM user, online service...). Thus, the only practical vectors to obtain these specific email addresses other than brute force derivation (or guessing) was via a WHOIS service or through the registrar or reseller in whose database(s) the email address were stored. SSAC collected and analyzed all email messages delivered to these addresses for a period of approximately three months.

Based on the data collected, the Committee finds that the appearance of email addresses in response to WHOIS queries is indeed a contributor to the receipt of spam, albeit just one of many.

This report is narrowly focused on the relationship between WHOIS services and spam, and not on the broad set of issues related to spam. The Committee members involved in the WHOIS study do not believe that the WHOIS service is the dominant source of spam. The Committee did not conduct any work on the proportion of spam received as a result of email addresses appearing in WHOIS responses as compared to other methods of email address discovery.