Security researchers are lauding ICANN for making improvements to the process by which it gathers and investigates reports of improper Whois domain registration data.
Experts have increasingly highlighted ICANN's lack of enforcement of its Whois policies as a primary catalyst in allowing shady registrars to support nefarious customers, including malware infection sites and illegal pharmacies.

While ICANN has long required registrars to verify their customers' Whois information via its Registrar Accreditation Agreement (RAA), the lack of an expeditious process by which researchers and law enforcement officials could report suspicious domains has made it hard for anyone to move quickly to have registrars who are not doing so brought to task for it, at least in any speedy manner.

Now, ICANN has created both a new, centralized portal for people to log reports of suspicious Whois registrations, and promised that new "processes have been put in place to assess registrar compliance with RAA Whois inaccuracy investigation requirements."

The revamped Whois Data Problem Report System (WDPRS), the first update of the policy since 2002, has "a number of advantages over the previous system," ICANN officials said.

New aspects of the WDPRS include:

•More detailed information captured from complainants to assist registrars in investigating Whois inaccuracies
•Duplicate reports regarding the same domain name are not accepted by the system
•Reports concerning domains already on hold are removed
•Greater capacity has been introduced to allow for bulk submissions of reports

The primary reason why the old system wasn't working was because it simply wasn't designed to handle the volume of complaints that are being logged these days, ICANN admitted.

"In 2002, approximately 24,000 Whois inaccuracy reports were filed using the WDPRS. In 2008, over 200,000 reports [were] filed since [March 1]," the governing body said.
Critics are likely to question what took ICANN so long to move its feet and update the process, but researchers are happy that changes have finally arrived.

"I hope that the new tool and processes will prove valuable in fighting back against badware," said Maxim Weinstein, blogger for the Harvard-based Stopbadware.org effort.

Other researchers such as Garth Bruen of KnujOn, who has been on ICANN's case to improve its policy are also likely satisfied that the group's response has finally come.

In November '08, Bruen opined in a blog:

"So many of the problems we are experiencing on the Internet (spam, phishing, counterfeit product traffic, malware distribution, network intrusions, online fraud, etc.) are enabled by secrecy within the service provider community, specifically among certain registrars. In any other industry, this would be intolerable. Unfortunately, there is no provision in the RAA that requires a Registrar to disclose their location. Several unscrupulous companies have taken advantage of this fact by deeply burying their location information and misdirecting the public to dead ends and red herrings. Consumers who complain to Registrars often find themselves ignored or even abused by Registrar staff."

In theory it would seem like ICANN's improvements could make a difference, if it indeed allows them to be more responsive to potential abuse. But only time will tell if ICANN's new Whois system will result in fewer shady domains and unlawful registrars.

Let's hope so.

Matt Hines has been following the IT industry for over a decade as a reporter and blogger, and has been specifically focused on the security space since 2003, including a previous stint writing for eWeek and contributing to the Security Watch blog. Hines is currently employed as marketing communications manager at Core Security Technologies, a Boston-based maker of security testing software. The views expressed herein do not necessarily represent the views of Core Security, and neither the company, nor its products and services will be actively discussed in the blog. Please send news, research or tips to SecurityWatchBlog@gmail.com.