Why are you hiding? What are you hiding?
By Neil Schwartzman
Senior Director, Security Strategy, Receiver Services
False CAN-SPAM WHOIS Information Ruling may have far-reaching impact
Mickey Chandler, over at Spamtacular notes a recent decision in a CAN-SPAM case which cites 18 U.S.C. § 1037 as one of the laws broken.
Specifically, the defendant had put false information into their domain registration, information displayed in the WHOIS record.
Mickey raises an interesting question – do domain privatization services like domains-by-proxy violate CANS-PAM?
Here is an excerpt from the law:
Whoever, in or affecting interstate or foreign commerce, knowingly–
(4) registers, using information that materially falsifies the identity of the actual registrant, for five or more electronic mail accounts or online user accounts or two or more domain names, and intentionally initiates the transmission of multiple commercial electronic mail messages from any combination of such accounts or domain names …
At Return Path Certification services, we have been long-standing supporters of complete and clear WHOIS records, and we don’t allow domains to have private registrations in place for mail sent over Certified IPs.
If you are proud of your email stream (and clearly you should be) then clarity in all aspects of your business should be the prevailing aspiration. rDNS should describe the mail stream and who you are as best it can. From headers shouldn’t be obfuscated. Subject lines proclaiming an easily identifiable branding. And, WHOIS information for all your domains in the email headers, and even the body text should be standardized, complete and entirely truthful.
Why? Well, the consequences of violating this clause in CAN-SPAM can be pretty dire, including large fines, and even jail time:
18 U.S.C. § 1037(b)(1).
A violation of section 1037 is a felony punishable by a fine, imprisonment for not more than three years, or both. Yikes!
We recommend you task your technical team with giving your WHOIS records a thorough review, to avoid any possibility of trouble in this area. Of course we also need to point out that we are not lawyers. You should always work with your legal counsel to figure out how rulings such as this affect your particular business.