Who is working on WHOIS?

ICANN met last week in Costa Rica, and the IETF meets next week in Paris. The one big thing these two meetings have in common is a nascent but significant push to replace the venerable WHOIS protocol, which lets one query a registry for information about the assignee of a network or the owner of a domain name. Cloudmark and other security vendors use this information to estimate the likely behaviour of a domain not seen before, such as affiliations to known good or bad registrants, registrars, nameservers, subnets, geographic regions, etc. WHOIS was an invention of the early Internet, back in days when humans maintained everything like network and domain assignments and everybody knew each other. It has not evolved gracefully with the rest of the Internet: From a technology perspective it doesn't support internationalization or robust syntax (a date reported by any two registries could be in any format you can think of), and WHOIS servers in general aren't built to operate at Internet scale. Policy-wise, there's not even a requirement that registrars provide it as a service in many cases, or that the data be practically useful. And big customers of these data face problems like query rate limits and obscured or even false information. What this means is that it's difficult or impossible for us to be precise in our evaluation of a new domain or IP address. We can't reliably determine who owns it, or whether it's affiliated with someone we do know about, or when it was assigned, registered, updated, or expired. This means we have to guess at some of these using heuristics. It would be far better if we could make these determinations based on reliable data from trustworthy registrars rather than just using observation and educated guesses. We could also tell for sure which registrar handled the data, so we can detect common registrars handling registrations by miscreants. But there's now some big pressure to change this. ICANN's administration has decided they want to see the current system replaced by something far more robust and reliable. Some RIRs (Regional Internet Registries, the folks that receive and then parcel out IP address blocks to local carriers) have deployed prototype systems that provide WHOIS data using RESTful concepts and a common, well-defined syntax. This huge modernization push will give us what we need to make proper use of WHOIS data, at long last. And the fact that this is voluntary on the network side is particularly exciting. What's more, recently several big domain name registrars have said they'd also like to come to the table on the domain name registration side. At the IETF, we're starting a working group that will produce a series of RFCs defining the upgraded service so that clients and servers alike can start to exchange information. Things like internationalization, consistent format, scalability, quality of service, etc., can all be addressed by the proposed new system. This would indeed be a very welcome development. Also coming up on the standards side: The progression of SPF, which has had Experimental status since its publication in 2006, to the Standards Track as the favoured email path authorization scheme; new developments in IPv6 standards and practices; best practices with respect to greylisting; a guide to safe handling of malformed mail; the evolution of email address internationalization; development of reputation services; and revision of HTTP. Although DMARC is certainly a hot topic as well, as we saw at the MAAWG meeting last month, it hasn't developed enough yet to warrant entry into the IETF realm, but that'll come along in time. There will soon be other announcements about DMARC and our involvement in it. Watch this space for updates on all the above as we make progress toward a safer standards-based messaging world.