Fog Creek Software
Discussion Board




Preventing spam with domain registrations?

I'm planning to register some new domain names.  Years ago I used Network Solutions for one domain name, and the email address I used for registration was promptly flooded with spam.  When my email address changed, I just changed the registration to a fake email address.  I figured that if anyone legitimate wanted to contact me about the domain name, they could reach me at the (real) telephone number/street address I provided.  I've kept my new address virtually spam-free just by being judicious about giving it out and posting it online.

Now I want to register some new domain names.  I first looked at NetSol again, and their registration process has an option -- for $5/year extra -- for keeping the email address private.  I think charging for this is reprehensible.

I've also heard of other complaints about NetSol, so I'm looking at using another registrar instead.  (GoDaddy.com, in particular, has received lots of kudos on JoS.)  Are any of the other registrars particularly good at keeping email addresses private?  Or, should I just use a disposable/fake address for registration?

Robert Jacobson
Saturday, April 17, 2004

i've received almost no spam on my 'domain registration account', which i use for no other purpose. gandi is my registrar.

oddly enough, i have received a paper "your domain is about to expire, send us a check to re-register" letter to my listed address. this was of course a scam along the old "your listing in the yellow pages is about to expire, send us a check to re-register" line, where it's some yellow pages no one has heard of or uses, or in this case some weird registrar i'd never heard of.

still reccomend using a special address for this--you already own a domain, right? use 'domainregistration@yourdomain'.

mb
Saturday, April 17, 2004

Robert Jacobson, I don't know how easy it is to arrange, but you should be able to ask your domain registrar about the possibility of restricting all incoming emails to only those coming from their mail servers (ask them for the mail server ip address, my guess it's pretty static)... Registrars deal with thousands if not millions of registrants so I would not be surprised if this arrangement (or something like it) is already in place. Then from there just configure all incoming SMTP calls to deliver mail to your domain registration email address to receive the IP Guillotine if they don't have the right source ip.

There are mail services that will allow you to receive email for the first few days, and then reject them forever after, but they won't help your cause because you NEED to get updates from the domain registrars far after you have first signed up.

Li-fan Chen
Saturday, April 17, 2004

easydns.com has been great for us. They do DNS host as well as registration if you want.

Dan Maas
Saturday, April 17, 2004

Thanks guys... what I'm most concerned about is spammers harvesting my real email address from the whois data.  If it isn't possible to prevent that, I'll just go with a fake or munged email address.

Robert Jacobson
Saturday, April 17, 2004

The big registrars now offer registration privacy. The idea is that you pay a third-party a small fee, and they mediate between anyone who needs to communicate with you and you, filtering out spam. It fulfills the legal requirements of whois (which is that it's an accurate method of getting in touch with you) while reducing or eliminating unwanted harrassment. I've seen it going for $10 - $20 per year.

Dennis Forbes
Saturday, April 17, 2004

If you use a special e-mail account for the registration as suggested, you should have no real problems.  According to the results of this study:
http://www.cdt.org/speech/spam/030319spamreport.shtml
"Domain name registration does not seem to be a major source of spam"

I have what I feel are the most useful excerpts of the study here,if you don't like reading _really_ long reports.
http://www.afriguru.com/2004/spam-source.html

Best Regards

Seun Osewa (afriguru.com)
Saturday, April 17, 2004

The primary value of the registry privacy is actually psycos and stalkers rather than spammers - people who have a personal issue with whatever the website is about and look to personally take revenge.

.
Saturday, April 17, 2004

I have had a personal domain registered with Network Solutions for many years. The email address that I originally used as my registration contact address I had also used in a few newsgroup postings (back in the days before spam was a big problem) and I started getting a lot of spam at that address. I changed the email address for registration at Network Solutions 3 or 4 years ago to a unique email address for that purpose, and the only email I have received at that address is legitimate email from Network Solutions.

I have been more concerned with listing my home street address and telephone number in the domain registration, and I have always (with their permission) listed the address and phone number of my web hosting provider. They agreed to forward any postal mail, and it meets the requirement to be able to contact me. It's good that domain registrars have started to offer some privacy protection, but it's unfortunate that they see it as another way to make money or that in some cases a third party effectively owns your domain.

NSI customer
Monday, April 19, 2004

The only spam I get from having a domain registered (as far as I can tell) isn't to the email address on my domain registration, but to the generic postmaster@, webmaster@, admin@... type addresses.

They all go to a 'catchall' email account that I can stop, but since this only amounts to 3-4 a week, I don't bother.

RocketJeff
Monday, April 19, 2004

*  Recent Topics

*  Fog Creek Home