The whois system is a database of who owns what for domain names. This system is open to the public and there are also services offered by registrars for privacy if one so chooses.

The problem with the Whois system, is the domain name owner can really put whatever they want in for the whois. Is this right? I say 100% NO! The biggest reason I see this as a problem is fraud. Anybody can put whatever they want for the whois for any domain. Anything! I could have one account at a registrar, with 50 different domain names in it, with different whois on every single one of them!

 So let’s say some hacker decides to put My Name, Address etc. on a whois for the domain THEY own. Then used that domain as an email and steals other peoples domains by hacking into a registrants account or spams people or any other bad thing with the domain name. After they are called out, the first thing people do is look at whois information… Since the real owner is Allowed access to what shows in the whois, they can put whatever they want in and if they are doing bad things, they are in no way going to display their own information!

Who do they blame if or when they catch anybody? Me? The hacker? or somebody else? 9 times out of 10 most people would say, they wouldn’t catch the bad guys. No shit! Why? It goes back to the whois for the domain name. If the system didn’t allow a registrant to edit the whois information and a verification was put into place WHEN a user creates an account at a registrar, there is no reason to allow that user to change any of the verified information in the whois.

This still can happen IMO and would take a little work from the registrars but NEEDS to happen. All can be done electronically or snail mail if one chooses. How would a registrar Verify a registrat? 2 or 4 Forms of verification~ (this may need some tweaking, but you get my point)

1.) You must provide a registrar a copy of a Valid State issued Driver Licenses/ State ID.  Information would be verified here using a system like this. If it’s a New Sign up, they would need to provide there ID number and last 4 digits of their social security only!

2.) A recent copy (2 months or newer) of a Utility Bill showing your Name, Address, City, State, Zip and Account Number. (Same if you are a business)

3.) A recent copy of a Telephone Bill (land line or cellular) showing your Name, Address, City, State, Zip and the Phone Number for that account. (Random calls will be placed for verification)

4.) The last 4 digits of your social security number.

The Whois would house the information provided once these things were Approved and you would become Verified. The whois will show Verified or Unconfirmed. If a user has whois privacy, they can still use this, but it will be Confirmed or Unconfirmed Privacy. Secondly, you (Account Holder) would not be able to update whois information at any point.

For a verified email address, you would have to use a domain name that is verified already with a registrar. If a change of address is needed, you would go threw the same process as your first approval.