Domain owners beware!

Your privacy has been bought & sold

Have you received a spam email entitled "20 Million Domain Name Records - Just $199!"?

If you own a domain and you wonder why you're getting more spam, junk snail-mail, and telemarketing calls than ever before, this is why. <...heavy sigh...>

If you supplied your home address when you registered your domain name, did you realize everything you put on the domain record is available online as public information? I'm amazed that single women and people with children at home put their home address on their domain record and then balk at giving this same information to websites... like online stores that have a legitimate need to verify their credit card. I mean, hello...!

However, it's gotten even worse than I expected. Now it's not just the email and mailing addresses that are being harvested. We've all started getting calls from telemarketers selling B2B services (business-to-business) too.

I used to have my business phone number on my domain record just in case my site was down (as 10% of the Internet is at any given moment). This way a prospect or customer could still reach me. But I own a lot of domains, and the calls I'm getting are usually hawking the latest snake-oil scheme.

Watch out for this scam: The telemarketer says you can buy keywords that will send people in droves directly to your website whenever they type that word in their browser. (It's a takeoff on the old RealNames program, which was something that Microsoft once built into its browser, Internet Explorer, where it stood a good chance of being used -- until MS decided to stop supporting it and put its partner, RealNames, permanently out of business. This latest RealNames-wannabe forces people to download a special browser plug-in, probably as a condition of being allowed to access free-MP3-sharing sites, and those cheapskates probably aren't the class of people you want to send to your site anyway!)

Now I supply my K7 fax number as the phone number on my domain record. It gives callers the option to either leave a voicemail or send a fax - both of which are sent to me by email. So far the telemarketers aren't bothering to leave a voicemail, so it works well.

Anyway, the point is that you have to be really really careful what information you put on your domain record these days. ICANN, the group which oversees the domain industry, requires registrars to collect truthful information -- technically you can lose your domain if you supply phony data, though I doubt it's ever enforced. Neither registrars nor ICANN have made any provisions for keeping your information from being used for mass-marketing purposes. Registrars are even allowed to sell or give the entire database of domain records to individuals who can demonstrate a legitimate need. It's not hard to see how easily the data then falls into the wrong hands.

STEPS TO SAFEGUARD YOUR PRIVACY

Go to your registrar's site (the place where you registered the domain) and use their Whois search box to view your domain record. This is the info your registrar provided to the central Registry, and they will usually show the most complete information.
Get a PO Box or other public mailbox or ask a friend to add you to their box.
Sign up for free fax/voicemail service at K7.net.
Get an email address that will be used ONLY on your domain record. It would be most prudent to use an email address from another domain, if you own more than one. If your Web host allows you to set up mail aliases, this is easy to do. Otherwise, use the email address that came with your dialup or broadband account, and don't give it out to anyone. This way you can temporarily stop the flood of spam in the future simply by asking your ISP to change your username (and delete the previous one with no mail forwarding).

It's important that you supply a valid address that you control -- don't use a Hotmail or Yahoo account for this. You can't count on free services being available at crucial times, and free email providers are notorious for rejecting mail when your box is full or deleting your account when you don't access it regularly. In addition, these accounts get so much spam that there's a real danger you'll accidentally something important by mistake. Use a good, valid address so that your registrar will be able to email you in the event someone tries to hijack your domain.
Note (1/12/05): GoDaddy.com allows you to set up a different email address for them to contact you. So I gave them the real address, and used "removethispartifyourenotaspammer-contactperson@websmithpro.com" on all my domain records. That address has been set up to automatically discard emails.
Log in to your registrar's site and modify your domain record with the new mailing address, phone number, and email address. Caution: DO NOT put your K7 number down as a fax number unless you want to receive junk faxes! This is not a required field anyway, so leave it blank. Legitimate people who want to fax you will try calling the phone number listed to get your fax number, and they'll find out the number is dual-purpose.

While you're logged in, see if your registrar offers a "high security" or "locking" feature for your domain. This will give it extra protection from domain hijackers.
Go to Google.com and type in your phone number. If it shows up with a map to your house (!!) you can request that Google delete it. Then call your phone company and ask for an unlisted AND unpublished number.
If you really want to keep your information away from prying eyes, find out if your registrar has a privacy upgrade option. It's usually an additional fee but I highly recommend you take advantage of it if you can afford to.
Please help me get the word out. Send this page to everyone you know who owns a domain name!