[dns-operations] Denying Whois DB by GeoIP

Doug Barton dougb at dougbarton.email
Sat Jun 10 14:06:05 UTC 2017

On 06/10/2017 02:10 AM, Jim Reid wrote:
>> On 10 Jun 2017, at 02:51, Doug Barton <dougb at dougbarton.email> wrote:
>> You might also consider the decades of research that has gone into demonstrating that spammers don't bother harvesting e-mail address from whois data. They have so many more cheap and easy sources that it's simply not worth it to them. Absent that as a motivation, one wonders what the benefit of rate-limiting whois data is in the first place.
> The benefits of rate-limiting whois lookups would be obvious if one had worked at a TLD registry.
> For instance, drop-catchers are known to make zillions of whois lookups to find out when domain names expire. Other scumbags in the registrar business do this to mount phishing attacks at renewal time. Now these botttom feeders could swamp the registry with EPP queries. But many don’t. They just use whois to harvest that data.

Rate limiting queries for the *same* domain in the scenario you describe 
is much different from rate limiting queries for *all* domains for 

Also, the entire system of expiring domains is a giant mess, and varies 
widely across registries. It also varies from the published policies for 
many of them, making matters worse.

The registries could solve this problem for themselves by returning the 
date and time in UTC when the domain will be available to register again 
in their whois response, then sticking to that consistently. But they 
don't do that, in part because it would prevent them from playing some 
of the games that they are playing now. So one must ask oneself, on 
whose shoulders does the responsibility for this problem really rest?


More information about the dns-operations mailing list