The dreamhost Whois fiasco, 2013 edition


#1

Hello. I suppose that all customers have received the same email from Dreamhost, so I’ll quote only the relevant part of it:

[quote]Please take a moment before October 14th to verify the accuracy of each of your domain’s contact information by selecting “Modify Whois!” at the Domains:Registrations section of the DreamHost Panel. We recommend that the correct domain owner be listed as the owner of the domain and not, for example, the webmaster or the person who created the account.

If you do not take action by October 14th, we will make the following changes to our INTERNAL Domain Registration and WHOIS records for domains that have private registrant information listed instead of legitimate information:

We will default our internal Domain Registration/WHOIS records to your current account owner email, address and phone number on file with DreamHost Web ID Central.

If a domain is set to Public, but is using any private registration information, we will enable Privacy service automatically. This will ensure that any messages intended for the domain owner will be forwarded properly while preserving your privacy.[/quote]

Well, when I do this, I find that for all of my domains that Dreamhost has an internal whois record for, the name/telephone/email/street-address are all correct, but the country is in all cases shown as Afghanistan.

I’m pretty sure that I have never entered ‘Afghanistan’ into the system as my country. Well maybe I could have done it once by mistake, but the chances that I entered ‘Afghanistan’ for every domain are negligible.

Which makes me wonder if Dreamhost has suffered a data loss incident and needs us to re-enter our data, but is trying to pretend it is just a call for routine maintenance. Which would be below the high ethical standards that one normally expects of Dreamhost.


#2

No, we have not suffered a data loss incident.

The emails that we sent out to some of our customers last night were a little bit vague on details; an improved version is being sent out to customers who didn’t receive the first one. The full text follows, if you’re interested; it should more or less explain things.


#3

So you just send this message because they told you to do it but no user has to care about it it seems.


#4

It seems like users need to care if they don’t want automatic changes made…


#5

That’s exactly it. Also, we need customers to check to make sure the underlying information is correct — since we haven’t verified this information in the past, some domains have parts of the privacy contact information listed where their real contact information is supposed to be (e.g, our records show the domain as belonging to “example.com Private Registrant”).


#6

Yes but it’s Dreamhost who put this in the whois, not individuals.

Your Email would be clearer if you would say:

You have nothing to do, we will write your contact details in the whois of your domains but nobody will see them because your domain will be set to private and only NSA and other people with good intentions will see it !

:slight_smile:


#7

So it is Dreamhost that screwed up, and they are trying to avoid admitting it.

They are referring to the information in their records as ‘not legitimate’ (first email), or ‘bogus’ (second email), to make it sound as though it is the customers who have been putting in bad data.


#8

It sounds more to me like dreamhost in the past didn’t care what info you created.

If you choose dreamhost private registration service it will read

example.com Private Registrant example.com@proxy.dreamhost.com
DreamHost Web Hosting
417 Associated Rd #324
Brea, CA 92821
US
+1.7147064182

So if a customer didn’t want it to read that way they would fill in there own “private registrant” information (perhaps to drop the dreamhost name and/or to use a different fictitious address.)


#9

LakeRat: Correct. Also, registrant information was sometimes picked up incorrectly during domain transfers — for instance, if a domain was transferred in with privacy enabled at the old registrar, the old privacy records would be picked up as the “real” information.


#10

I’m not following any of this, and I don’t think the email sent out is at all clear. I didn’t create the whois form saying

example.com Private Registrant
DreamHost Web Hosting
417 Associated Rd #324
Brea, CA 92821
US
+1.7147064182

Dreamhost created it. So why would I want to change it? I didn’t fill it in like that; Dreamhost filled it in like that. It’s no business of mine.

The whois info has my email correct, so Dreamhost can get hold of me if they want to. What else do they need?

If the purpose of the exercise is that we are supposed to change that info, the email should say so and explain why. If it isn’t, I don’t see the purpose of the email at all.


#11

I suggest the email might have been more clearly expressed as follows.

Dear Customers. ICANN has made us aware that we are supposed to be keeping ‘internal’ records for each domain registration, alongside the ‘public’ records which go into the ‘whois’. Also, they have made us aware that whereas the registrants are responsible for the accuracy of the public records, the registrar is responsible for the accuracy of the internal records.

Unfortunately, we have not until recently been keeping internal records. Now we have created an internal record for each domain registration, by merely initializing it with the information from the corresponding public record. This is fine, except when the public record is bogus (because the customer is evil) or when the public record shows our address (because the customer opted for private registration).

To cope with both those situations, on 14th October we are going to audit each internal record, and if anything looks unsuitable, we will simply update it with the details of the account holder (which we validated when you initially signed up). However, you have the opportunity to pre-empt this action by filling any reasonable information into your internal record before 14th October.

From the Happy Dreamhost keeping-ICANN-happy team


#12

I would update my whois data if the form would accept UK postcodes.


#13

Make sure that the country is set correctly. The form won’t accept a UK post code for a US address.

(If that isn’t it, please contact Support.)


#14

I checked that, but it still says it’s invalid :frowning:

Will contact support, thanks