A crowdsourced response to whois.spam
The calls are starting to die down now, and I only get 5 emails a day now, rather than 20. That's some comfort, I guess.
I've had to ensure the same process that most proud new domain owners endure. Calls from allegedly local numbers from offshore web developers, SEO services, social media marketers and app builders offering their services towards making my new domain the successful new venture that they assume i want it to be. Emails too. Many more emails than phone calls. In the week following the registration of three domains- one '.com' , one '.co.uk' and one '.xyz' - I was receiving around 20 emails a day, but a mere 5 or 6 daily calls.
Much has already been written on the issue of whois spam, and whether the balance between the integrity of the web and privacy. I would suggest that having a name and postal address would be sufficient in order to bring accountability to domain ownership and ensure that those with valid reasons for contacting you are able to do so. This adds a small cost to the contact process and avoid email spam and nuisance calls.
Domain registrars acknowledge this issue with the whois registration, and use it to promote their various domain privacy options, which often cost more than the domain itself. No doubt, on a day with 7 nuisance calls and having my inbox filled with dozens of spam emails, I would have told you that the price of these domain privacy packages was absolutely worth it. But then again, why should we have to pay a significant levy on the price of registration to avoid a form of harassment that is uninvited and entirely caused by an ill-considered public register policy.
So I wondered what I could do about it. How could I devise my own system that detected and filtered out spam and nuisance calls, while still providing full disclosure of ownership and a means to contact the owner with legitimate queries. So I wrote down patterns and wondered how i might address them. If I was to create a phone number and email address that served an as intermediary to my usual number and email address, what are the means by which I might be able to ensure that I might be able to filter out dubious connections and allow through correspondence I need to know about. Because the email address and phone number would only be used for whois publication, I might be able to apply customised filters that would be impractical to everyday email or phone call screening processes
Pattern | Problem | Solution |
---|---|---|
Calls often received without caller ID | This may suggest that the user is calling from a VOIP service or is actively obscuring their number. Although there may be legitimate reasons for doing this, it usually suggests that the caller has a reason for not wanting to reveal their identity | The phone number listed on the whois register would take the caller to an Interactive Voice Response system that would advise them that calls without caller ID are not permitted and that they should call back from a disclosed number |
Emails often come from public email provider addresses |
It's not without irony that people purporting to be web professionals send you their sales pitch from a gmail or hotmail account. Along with the fact that these emails rarely contain the name of the company or links to their portfolio, it indicates that the sender is aware that they are engaging in spam. |
The email system would add a greater level of scrutiny to email messages coming from these addresses. Senders would be sent a captcha image which they would need to respond to and confirm by email in order for their message to be received. This added burden makes blanket emails impractical. |
Emails contain similar keywords | Emails offering web services contain the same words and phrases. | A database can be easily created with keywords that indicate a sales email and this can be run against all incoming email to filter it appropriately |
So, I've created domainbeard.com, where I'm staging my fightback against whois spam. I have a IVR call system set up that leads all legitimate callers to a voicemail which alerts me to new messages by email, and i can pick up at any stage. I also have a dedicated email address which I've used in the registration of a few new domains. I'm monitoring and configuring an email system that necessitates validation and emails e senders a response requiring their action under certain circumstances. I'm just learning now, but I see a place for a new free service for all domain registrars to use that will alleviate the pain of whois spam.
Allowing legitimate correspondence
I figured I could not only create a system that filters out junk, but also identifies high priority calls and emails
Pattern | Solution |
---|---|
Calls from bonafide sources come from recognised numbers | A database of numbers can be built up of both known nuisance callers, and conversely of known domain regulators and legal bodies. This could rely on the reporting of users and be built up over time |
Emails from bonafide sources come from recognised email addresses | The same applies to email. A database of known spammers and known legitimate sources would be built up which would enable better filtering as time goes on. |
At the moment, I'm gathering data and experimenting with different approaches, but I'll be opening up Domainbeard to any domain registrant early in 2018 with a few main goals:
- Alleviate the pain of spam email and nuisance calls by providing an intermediary address and number specially configured to identify the legitimacy of sources
- Allow users to report on the legitimacy of callers and email senders to improve the filtering algorithm
- This can be used to save future email registrants from being bothered by known spammers
- It can also be used to build a case of evidence to provide to ISP and telephony providers in order to have the account of spammers stopped.
- Provide statistics and advice related to whois spam that is far more authoritative and quantitative than the anecdotes of a frustrated domain owner.
- To be free- given the enormous wealth of data that could be collected, its ability to improve the integrity of the web, and a common acceptance that people ought not be subjected to nuisance calls and emails, why should people have to pay for this?