Public Comment: Draft Report on WHOIS Accuracy
Details here:
http://www.icann.org/en/announcements/announcement-3-15feb10-en.htm
In short, if all three accuracy criteria are strictly applied, i.e.:
- the address must be deliverable
- an independent linkage between name and address must be found; and
- the respondent must acknowledge ownership, AND confirm that all details are current and correct,
then only 23% of WHOIS records can be considered fully accurate.
With a slight relaxation of the criteria to:
- the address must be deliverable
- an independent linkage between name and address exists, or the WHOIS information enables us to track down the respondent, even if it was not possible to otherwise confirm a link between name and address
- the respondent must acknowledge ownership,
then the proportion of WHOIS records which are accurate more than doubles, to 46%, and only 6% fail on all three.
A sample of only 1419 records was drawn from the top five generic top level domains (gTLDs, covering .com, .org, .net. .info and .biz). Because there are many subtleties and provisos within the document, such as acknowledging the fact that getting a respondent to acknowledge ownership can be difficult when the respondent has an aversion to answering any questions for a survey (and how many of us have expressed a dislike of such phone calls), I recommend that if you are interested in WHOIS accuracy you should read the report in its entirety, rather than focus purely on the “23% of WHOIS records can be considered to be fully accurate”.
I think it is appropriate to quote the penultimate paragraph of the conclusion:
“There is no question that there are people who register domains without disclosing their full or real identity. While we didn’t find any cases where an identity had been stolen (that is, among the persons we contacted who had domains registered in their name, none denied having registered the domain), it would seem that, given the latitude that people have in choosing what information to provide when registering a domain name, identity theft may not be necessary; it is all too easy to enter any or no name, along with an unreliable or undeliverable address.”