WHOIS Servers Security

Many web-based and port 43 servers have controls to try to enforce the notices in their banner notices to prevent harvesting of the data.  These security mechanisms include those annoying CAPTCHA boxes and ip address limits.  However, most harvesters have long since learned how to circumvent these protections by doing things such as using many IP addresses to hide who they are.   Some registrars also “scramble” the fields so the output is not a set format to try to prevent harvesting but this is also easy to circumvent with some simple programming.

As a result, the “security” mechanisms only make it more time consuming and difficult for legitimate users to use the system.  Even though many groups have looked at the issue a full legal analysis of the legal authority behind how the whois system is operated never gets done.  Most of the rules are just legacy procedures back when the Internet was used by a few hundred people.