Let's say I look up a domain on WhoIs and see that the Registrant Organization is Example Company. How sure can I be that the domain actually belongs to Example Company? Can a malicious actor just say they are working on behalf of Example Company when registering, or are there stringent checks?
Asked
Active
Viewed 119 times
0
-
1I'm not sure what the security angle is here. WhoIs is just a protocol to request data. What you are asking about is the integrity of the ***domain registration process***. And even if one could register a domain and say that you are from Google, then Google could prove their identity to the registrar and take valid ownership of the domain. What's the threat? – schroeder Jun 19 '20 at 20:01
1 Answers
1
You could technically file false WHOIS data on your own, and so long as no one on the whole Internet has a reason to contact you, it could go unnoticed for a long while.
However, the moment someone makes a good-faith attempt to reach you via the fake info and fails, things get very interesting indeed. If the contact attempt was for legal (e.g. trademark infringement claim) or technical (e.g. you somehow managed to create a domain resolution loop or something similar) reasons, it's a safe bet your registrar may be compelled to de-register your domain immediately. Since such a situation could arise at any time, your domain would be perpetually at risk, and you'd have no recourse...because you were not contactable.
EliteX
- 124
- 2