In dealing with spam, I have encountered some despicable companies. However, one company that deserves special mention is the one calling itself "PacNames". PacNames appears to be a business partner of "Alex Rodrigez", and the deceitful tactics they have used to dodge prosecution (that I will outline here) are almost as criminal as those employed by "Alex Rodrigez". As I mentioned before, the registrars on the internet play a critical role in spam. Without registrars willing to sell domain names to people who partake in spamming activities, the spammers would never be able to host their domains by name.
PacNames has changed their information recently. There is nothing illegal about doing this - indeed, companies move around for varied reasons all the time. I share this WHOIS data just for the purpose of demonstrating one of PacNames' dodgy techniques.
> whois pacnames.com
Domain name: PACNAMES.COM
Registrar: PacNames
Referral URL: http://www.pacnames.com/
Domain Registrant: TOTALNIC-73552 (SUPPORT@PACNAMES.COM)
Technical Manager
PacDomains, Ltd. dba PacNames
42 Montgomeray Avenue
Murrays Bay
North Shore City nil nil
NZ
Telephone: +1.3033021400
Fax:
These are problems with this information. First, I will point out that the address and telephone number do not coincide. The telephone number corresponds to Boulder, Colorado (USA). The address provided is in New Zealand. This makes it difficult to tell where this company is actually located. Again, not necessarily illegal, but certainly dodgy.
More pertinent, though, is the address they gave in New Zealand. I contacted the chamber of commerce in North Shore City, NZ. They assured me that the address is valid. However, it is not a commercial address. This address exists in a residential area in their city. Also, no such business "PacNames" is registered anywhere in New Zealand. It appears that PacNames wants to create the image of existing in a different country than the one they actually operate in. This is a crime. It is called fraud.
Also supporting the possibility that PacNames may not actually exist in New Zealand is the location of their webserver. If one were to ping www.pacnames.com, you will receive a response from a system at the IP address 209.245.20.101. This address also resolves in Colorado. Similarly, email from their company is sent through a system "cats.aimhigh.net". This system is at an IP (63.253.101.134) owned by McLeodUSA, which is a telecom company operating in the USA (including Colorado).
A few things have changed for PacNames in the past few months. Probably most importantly is the change that can be seen by reading the InterNIC - Registrar List (sorted alphabetically). PacNames should fall between "Own Identity, inc.", and "pair Networks". But alas, they are not there. More specifically, they are not there anymore. PacNames used to be an accredited registrar. At some point recently, they have lost their accredited status. While this does not wholly prevent them from selling domains, it is somewhat a disgrace to lose your accredited status. Especially in the context of the very, very, long list of companies around the world that have accredited status.
PacNames has also changed their own WHOIS data. There is nothing inherently wrong about doing this. Again, companies do this all the time. Registrars, presumably less often. The current WHOIS data for pacnames (as of 18 march 2007):
> whois pacnames.com
PacNames WHOIS Server Version 1.1.0
Domain name: PACNAMES.COM
Registrar: PacNames
Referral URL: http://www.pacnames.com/
Domain Registrant: TOTALNIC-73552 (SUPPORT@PACNAMES.COM)
Technical Manager
PacNames Ltd
PO BOX 331533
Takapuna nil nil
NZ
Telephone: +1.3033021400
Fax:
Name Server: CATS.AIMHIGH.NET
Name Server: NS2.CAPITAL.HM
Now we see that the physical address for PacNames has changed. They have apparently now relocated their company to a PO box in Takapuna, NZ. I had to look up Takapuna on Wikipedia to realize that Takapuna is just a part of North Shore City, NZ. So it seems that their company didn't move far. How exactly one fits a web server into a PO Box I'm not sure. We also see that their phone number is still the same Colorado number.
I also included the Name Server references in this WHOIS data set. This data has nto changed, either, though it is interesting in its own right. I already mentioned the identity of "cats.aimhigh.net" before. The second name server was somehwat of an enigma for me. I had to look up the identity of the ".hm" country code on Wikipedia to find that it corresponds to two uninhabited islands off the coast of Madagascar. I guess equally as interesting of a question of how one fits a webserver into a PO Box is who is running DNS on an uninhabited island?
It appears that after losing their accredited status, pacnames is again on the ICANN list of accredited registrars. I have not been able to determine how they pulled this off. However, their own WHOIS data is incomplete; as seen above, they no longer include a postal code in their physical mailing address. ICANN has again been alerted to this.
I did a little further digging to figure out who pacnames really is. As seen from the WHOIS data, the domain "pacnames.com" was originally sold by the registrar "CAPITAL NETWORKS PTY". I looked around and found that this group is operating at the domain www.totalnic.net.au. There of course is nothing wrong with calling yourself one thing and having your domain name something else. However, I did find a couple of frustrating, and possibly fishy, things about "CAPITAL NETWORKS PTY".
First, the WHOIS data for "totalnic.net.au". It appears that the upstream registrar for their domain, ausregistry.com.au, prefers to only distribute the contact information via their web-based WHOIS. No problem. The more interesting part of the WHOIS for totalinc.net.au is in the nameserver part, which is obtainable from the command-line WHOIS:
Name Server: ns1.capital.hm Name Server: ns2.capital.hm Name Server: ns3.capital.hm
It appears that totalnic also likes to have their nameservers run on an uninhabited island. This is peculiar. Indeed, I have yet to find an ISP out there past Madagascar.
Equally interesting, though, is what I received when I tried to contact "CAPITAL NETWORKS PTY" via email. On their contact page, they list a contact email address "FOR PROMPT RESPONSE" of hostmaster@capital.net.au. Indeed, I received a very prompt response from this email address (less than 5 minutes elapsed):
The message that you sent was undeliverable to the following:
hostmaster@capital.net.au (530 Relaying not allowed)
So it appears that they list an invalid address on their web page for contact. The web-based WHOIS at ausregistry did give me another email address, though: ed@capital.net.au. However, this address returned the same response. It is no longer clear how one is supposed to contact this group.