PRIVATE DOMAIN NAME REGISTRATION

Abstract

A service for protecting the privacy of domain name registrants while preserving the registrant's ability to directly change the registration information or transfer the registration. A domain name registration is created that reflects the registrant's actual identity but contains contact information that is entirely associated with a privacy service.

Description

BACKGROUND OF THE INVENTION

The Internet Corporation for Assigned Names and Numbers (“ICANN”) governs the registration of certain types of domain names on the Internet. It accredits registrars and promulgates policies on domain name registration. One of its policies mandates that each registrar maintain a publicly-accessible database (a “whois” database) that lists the name of, and contact information for, each of registrants for each domain name registered at that registrar. See ICANN Registrar Accreditation Agreement, Approved May 17, 2001, Section 3.3.

An example of a portion of a domain name registration record in a whois database is shown in FIG. 1. Registrant information 101 of domain name 102 includes the registrant name 103, postal mail address 104, telephone number 105. The administrative and technical information 106 includes the administrative contact name 107 and technical contact name 108, administrative contact e-mail address 109, technical contact e-mail address 110, administrative contact telephone number 111 and technical contact telephone number 112.

A registrant may wish to keep private certain of the information that is publicly available in the whois database, such as telephone numbers, e-mail addresses, mail addresses, etc. For example, publicly available e-mail addresses in the whois database are mined by SPAMmers. As a result, such e-mail addresses can receive substantial amounts of unsolicited commercial e-mail (“SPAM”). In response to the need to keep domain name registration information private, certain registrars offer services designed to shield such information.

One known domain name registration privacy service called SPAM Shield is offered by the registrar Dotster, Inc. The SPAM Shield service replaces a registrant's e-mail address in a whois record with a SPAM Shield e-mail address. E-mail received at the SPAM Shield address is filtered for SPAM before being forwarded to an e-mail address designated by the registrant. To further confound data miners, the SPAM Shield e-mail address in the whois record is changed every ten days.

Another known domain name registration privacy service is offered by Domains by Proxy, Inc. The registrant of a domain name subscribes to the Domain by Proxy service, which replaces all of the registrant's registrant, administrative and technical information in the whois entry for the domain name registration with Domain by Proxy information. FIG. 2 shows a comparison of publicly available whois information 201 and what is shown when the registrant subscribes to the Domains by Proxy service 202. Domains by Proxy is contractually bound to the subscriber to dispose of the domain name registration in accordance with the subscriber's instructions.

The Domains by Proxy service is described in International Patent Application numbers WO 2004/029821, “Proxy E-mail Method and System” and WO 2004/021203, “Method and System for Domain Name Registration and E-mail by Proxy.” The registrant essentially transfers the domain name registration to Domains by Proxy. The registrant thereby becomes a “subscriber” to the privacy service, which is contractually bound to act at the subscriber's behest as the registrant of the domain name.

When correspondence is addressed to the registrant of the domain name, the Domains by Proxy service offers to forward it to the subscriber. First class postal mail (other than legal notices), “junk” mail or other unsolicited communications (regardless of their mode of delivery) are discarded or returned to the sender by the privacy service.

Domains by Proxy creates an e-mail address that is accessible to the subscriber for each registered domain name (“DOMAIN_NAME”) of the format DOMAIN NAME@domainsbyproxy.com (the “DBP account”). E-mails received at each such address are either forwarded to the subscriber as-is; filtered for SPAM and forwarded; or discarded, as elected in advance by the subscriber.

When Domains by Proxy receives certified or traceable courier mail or legal notices addressed to the subscriber's contact information found in his domain name registration, it sends an e-mail message to the subscriber's DBP account. The e-mail message identifies the sender of the correspondence, the date Domains by Proxy received it, and a brief description of its contents. The subscriber is given seventy-two hours to decide whether to reject the correspondence or have it forwarded via overnight courier, facsimile, or both, at the subscriber's expense. Should the subscriber not respond to the Domains by Proxy e-mail message, Domains by Proxy attempts to contact the subscriber via telephone. If the subscriber does not respond and is unreachable, Domains by Proxy reserves the right to immediately reveal the subscriber's identity and/or cancel the subscriber's private registration service. In that case, the subscriber once again becomes the registrant of the domain name, and the whois directory reverts to displaying the registrant's true registration name and contact information, including the registrant's identity, postal address, e-mail address and phone number.

In the Domains by Proxy scheme, making changes to the domain name registration can be cumbersome because Domains by Proxy is the registrant, albeit contractually bound to act in accordance with the subscriber's instructions with regard to the domain name registration. Thus, the subscriber cannot directly make any changes to the registration or registration information, e.g., using the registrar's account management utilities. Rather, the subscriber must instruct Domains by Proxy to make any change, which Domains by Proxy must then carry out.

For example, transferring a domain name registration from a first registrar (a “Losing Registrar”) to a second registrar (a “Gaining Registrar) must be done by the administrative contact or registered name as shown in the whois record for the domain name registration. All accredited domain name registrars must comply with the ICANN Policy on Transfer of Registrations between Registrars, dated 12 Jul. 2004 (“ICANN Transfer Policy.”) The Policy states, “The Administrative Contact and the Registered Name Holder, as listed in the Losing Registrar's or applicable Registry's (where available) publicly accessible WHOIS service are the only parties that have the authority to approve or deny a transfer request to the Gaining Registrar. In the event of a dispute, the Registered Name Holder's authority supersedes that of the Administrative Contact.” ICANN Transfer Policy, Section 1.1. Ordinarily, transferring a registration is done directly by the actual registrant of the domain name.

Thus, only Domains by Proxy can transfer a domain name registration from a Losing Registrar to a Gaining Registrar. A subscriber wishing to do so must instruct Domains by Proxy to make the transfer, and provide the necessary information and authorization to Domains by Proxy. Alternatively, the subscriber can cancel its Domains by Proxy service and become the registrant for the domain name, and then transfer the domain name registration himself. However, in so doing, his registration information will become publicly available in the whois record for the domain name registration.

A better domain name registration privacy system would protect the registrant's sensitive information while allowing him to manipulate the registration (e.g., transfer, change registration information, etc.) directly, without proceeding through a privacy service.

SUMMARY OF THE INVENTION

In accordance with an embodiment of the present invention, each and every of the postal mail address, telephone number and e-mail address of a registrant in a whois record can all be changed to an alternate postal mail address, telephone number and email address, while the registrant name in the whois record remains the actual identity of the registrant. The alternate contact information can point to a privacy service, which can handle communications addressed to such alternate contacts on behalf of the registrant. This combination can maintain the privacy of the registrant contact information, while permitting the registrant to retain control over the domain name registration, because in this way, the actual registrant (rather than a proxy service) remains the legal registrant of the domain name registration. For example, the registrant can directly approve the transfer of the registration to a Gaining Registrar in accordance with the ICANN Policy on Transfer of Registrations between Registrars. A registrant can also make changes to the registrant information listed in the whois record directly through the domain registrar's account manager, without having to act through a privacy service.

BRIEF DESCRIPTION OF THE DRAWINGS

FIG. 1 shows a prior art embodiment of a whois record.

FIG. 2 shows a prior art comparison of whois records using Domains by Proxy.

FIG. 3 shows a system in accordance with an embodiment of the present invention.

FIG. 4 shows a method in accordance with an embodiment of the present invention.

FIG. 5 shows a whois record in accordance with an embodiment of the present invention.

FIG. 6 is an apparatus in accordance with an embodiment of the present invention.

DETAILED DESCRIPTION

In accordance with an embodiment of the invention, the whois record for a domain name registration is configured such that the registrant name reflects the true identity of the registrant, while the registrant contact information is entirely replaced by alternate contact information. As used herein, “contact information” includes postal mail address(es), e-mail address(es) and telephone number that are displayed in a whois record. A “contact” is an individual address displayed in a whois record, and can include a postal address, e-mail address and/or a telephone number. “Correspondence” is any communication addressed to any contact information.

The registrant's actual e-mail address can be replaced by an alternate e-mail address that can be changed periodically to defeat data miners. E-mail received at the alternate address can be filtered for SPAM and/or malicious code (such as viruses, worms, etc.) and then forwarded to an e-mail address designated by the registrant.

The registrant's postal address can be replaced by an alternate address, such as a Post Office Box maintained by a registrar. Postal mail addressed to the alternate address can be handled in accordance with any suitable regime, e.g., depending on the identity of the sender, the mode of delivery, the content of the correspondence, etc. For example, United States Postal Service (“USPS”) Certified™ and Express Mail® can be opened by the privacy service and forwarded to the registrant by a variety of methods. For example, such opened mail can be scanned and forwarded to the registrant's e-mail account electronically. Such mail can also be forwarded to a postal address designated by the registrant. Third Class and Bulk mail can be destroyed upon receipt, unopened. All other mail can be returned to the sender, unopened.

A sender list can be maintained for each registrant. The sender list can include classes of senders with forwarding instructions. For example, for postal mail, the sender list can include a “scan and forward” class; a “forward in hard copy” class; etc. The privacy service can determine what action to take with regard to a piece of correspondence based upon the class to which the sender belongs. Examples of an entry in a sender class include the full name and address of a sender; the name only of a sender; the corporate affiliation only of a sender; a geographic origin indicator of the sender (e.g., a zip code, a state, a street name, etc.) For e-mail, the sender list can include a sender email address (e.g., phillipz (iacme.com); a sender domain (e.g., forward all e-mail from acme.com); etc. For telephone forwarding, the sender lists can include originating telephone numbers, which can be obtained using known caller-ID technology; originating area codes, etc. If sender information for a given received communication is not included in a sender list, then a default rule can be applied, e.g., block the attempted communication with the registrant. The sender list can be implemented automatically by storing it in a database that can be automatically queried upon receipt of an e-mail or telephone call.

Similarly, a registrant can designate a code (e.g., a number) that is correlated to a rule specifying the action to take with regard to the correspondence. Such a code can be included in the postal address (e.g., attn: 14535); in the subject line of an e-mail; entered through a telephone keypad at the prompting of an Interactive Voice Response (“IVR”) system; etc. The rule associated with a code can be “forward immediately”; “forward via first class mail”; “forward via overnight courier”; etc.

The alternate telephone number displayed in the whois entry can be answered by an answering service that instructs the caller how to contact the registrant. For example, the answering service can instruct the caller to contact the registrant via a given e-mail address; a postal address; etc. The provided e-mail and/or postal addresses can be alternate addresses, such as those displayed in the whois record. Alternatively, an incoming telephone number can be forwarded using call-forwarding technology, e.g., if the incoming call originates from a number that the registrant has instructed to be forwarded to a given number. The originating number can be detected by the privacy service using caller-ID technology.

The privacy service in accordance with the present invention can be offered by a domain name registrar directly, or by a privacy service provide in conjunction with a domain name registrar. A registrant can cancel the privacy service at any time, in which case the alternate contact information in the whois record will be changed to the registrant's contact information.

An embodiment of a system in accordance with the present invention is shown in FIG. 3. A registration server 301 is coupled to a privacy server 302 and a privacy database 303. The registration server 301 can receive from an applicant 304 a request to register a domain name using a privacy service in accordance with an embodiment of the present invention. The registration server 301 can collect the applicant's 304 name and contact information, and then can register the domain name (the applicant 304 thus becomes the registrant 304) with the registrant's name and alternate contact information. A record including the registrant's 304 domain name, name, contact information and privacy services preferences can be stored at privacy database 302. The registrant's 304 preferences can include a sender list, correspondence forwarding options, alternate registrant contact information (i.e., alternate addresses at which the registrant 304 can be contacted directly), an indication as to whether the registrant 304 has elected to have the domain name registration automatically renewed, payment information (such as a credit card number), etc.

The registration server 301, privacy server 302 and privacy database 303 can each be implemented in a different computer, can be implemented in two computers, or a single Computer. The functions performed by each can be implemented in any way so as best to suit the needs and capabilities of the implementer.

Privacy server 302 can include a SMTP e-mail server 305 that serves as the destination address for e-mail messages sent to an alternate e-mail address maintained by the privacy service, as well as computer software for scanning e-mail messages and their attachments to determine if an e-mail message is likely to be SPAM or if it contains malicious code. When an e-mail message is received at the e-mail server 305, the privacy server can query the privacy database 303 to determine the forwarding instructions of the registrant. If the registrant has indicated that no e-mail messages are to be forwarded, then the received e-mail message can be deleted. If the registrant has provided a forwarding e-mail address, then the e-mail server 305 can scan the e-mail. If the e-mail server 305 determines that the message is not SPAM and does not include malicious code, then the received message can be forwarded to the registrant in accordance with the registrant's instructions. If SPAM or malicious code is detected, then the message can be deleted. A message with a summary of deleted e-mail messages directed to the alternate e-mail address of the registrant can be periodically sent to the registrant.

Privacy server 302 can also include a telephone server 306 adapted to receive telephone calls directed to the alternate telephone number for a domain name registration. The telephone server 306 can include an answering service that plays a pre-recorded message directing the caller to contact the registrant via other means. It can also include an Interactive Voice Response (“IVR”) system for collecting further information from a calling party and then directing the calling party to alternate contact means, such as postal mail or e-mail. The telephone server 306 can also include call forwarding hardware and software. Upon receiving an incoming call, the telephone server 306 can query the privacy database 303 and obtain a forwarding telephone number for incoming calls to a registrant's alternate telephone number. The telephone server 306 can forward a call to another number.

If the registrant wants to modify any domain name registration information, the registrant can change the registrant name, or selectively or entirely replace any and all alternate contact information by using an account management tool 307 at the registration server 301. Similarly, the registrant can transfer the domain name registration directly by using the account management tool 307 at the registration server 301.

A privacy server system 400 in accordance with an embodiment of the present invention is shown in FIG. 4. Processor 401 can be coupled to memory 402, which can store privacy instructions 403 that can be adapted to be executed by processor 401 to perform the method in accordance with an embodiment of the present invention. For example, privacy instructions 403 executing on processor 401 can receive a request for private registration for a domain name from a registration server. The request can include the registrant's name and contact information. The executing privacy instructions 403 can cause the domain name to be registered with the registrant's name and entirely with alternate contact information. Processor 401 can be coupled to port 404.

The privacy server system can include e-mail server instructions 405 that can implement SMTP and can include e-mail scanning software that can detect SPAM 406 and/or malicious code 407. This can be implemented using the same processor 401 and memory 402 as the privacy instructions 403, or can be implemented on a separate processor and memory in communication with a privacy server processor 401 and memory 402. The e-mail server 404 can include query and forwarding instructions 408 that can query the privacy database (not shown) to discover forwarding e-mail addresses and other forwarding instructions, and can forward or delete e-mail messages. If a message received at the e-mail server 404 is discovered to be SPAM or contain malicious code, it can be deleted and not forwarded to the registrant.

The privacy server system can include telephone server instructions 409 that can receive calls made to a registrant telephone number, and can include an automatic answering service instructions 401 that deliver a message to each calling party. Telephone server instructions 409 can also include query/call forward instructions 411 that can query the privacy database (not shown) to obtain consult call-forward rules and obtain call-forward information, and then forward a call received at an alternate telephone number to a registrant telephone number. Telephone server instructions 409 can also include IVR instructions 412 that can gather additional information from a calling party. Telephone server instructions 409 can be implemented using the same processor 401 and memory 402 as used by privacy instructions 403, or may be implemented by a separate processor and memory in communication with processor 401 and memory 402.

An example of a portion of a whois record in accordance with an embodiment of the present invention is shown in FIG. 5. The actual name of the registrant is shown 501, while the contact information shown in the whois record is entirely alternate contact information 502. As can be seen from FIG. 5, the same technique in accordance with an embodiment of the present invention can be implemented for the administrative contact. That is, the administrative contact name 503 can be the actual name of the administrative contact (rather than some alternate contact information), while the rest of the administrative contact information is alternate contact information 504. Likewise, the technical contact name 505 can be the actual contact name, while the rest of the technical contact information can be alternate contact information 506.

FIG. 6 shows an embodiment of an apparatus 600 storing a data structure in accordance with an embodiment of the present invention. The apparatus includes a processor 601 coupled to memory 602 storing a whois record 603 that includes a registrant name 604 that is the actual name of a registrant of a domain name, an alternate postal address 605, an alternate e-mail address 606 and an alternate telephone number 607.

The above description is meant to illustrate and not limit the scope of the present invention, which is fully defined by the scope of the claims. Those of skill in the art will recognize that the above description includes examples of how the present invention may be implemented, and will understand from the above description how to implement other embodiments that are within the scope of the claims.

Claims

1. A method, comprising: creating, via at least one computing device, a domain name registration for a domain name requested by a registrant, the domain name being registered with a registrant name that is an actual name of the registrant and alternate contact information being entirely different from actual contact information of the registrant;generating, via the at least one computing device, an action list defined by the registrant, the action list including a plurality of predefined rules corresponding to a plurality of actions associated with correspondence received using the alternate contact information;identifying a particular action of the plurality of actions for a received correspondence based at least in part on an identified code within the received correspondence and the plurality of predefined rules, the identified code comprising at least one of at least a portion of a postal address, at least a portion of a subject line, or a number provided via a telephone keypad; andperforming the particular action with respect to the received correspondence.

2. The method of claim 1, further comprising receiving, via the at least one computing device, a request to register a domain name from the registrant.

3. The method of claim 1, further comprising storing, via the at least one computing device, the actual name of the registrant and the alternate contact information for the domain name registration.

4. The method of claim 1, wherein the registrant retains control over the domain name registration.

5. The method of claim 1, wherein the alternate contact information includes an email address, and the method further comprises periodically changing, via the at least one computing device, the email address.

6. The method of claim 1, further comprising receiving, via the at least one computing device, the plurality of predefined rules from the registrant.

7. The method of claim 1, wherein the action list further includes a plurality of sender classes, individual sender classes corresponding to individual actions of the plurality of actions, and wherein identifying the particular action is further based at least in part on an identification of a particular sender class of a sender of the received correspondence.

8. The method of claim 1, further comprising determining, via the at least one computing device that the received correspondence includes at least one of SPAM or malicious code, wherein the particular action comprises deleting the received correspondence.

9. A system, comprising: a computer system comprising a processor and a memory; andinstructions executed by the computer system, wherein when executed, the instructions cause the computer system to at least: receive a request to register a domain name, the request being received from an applicant;create a domain name registration with a registrant name being an actual name of the applicant and alternate contact information that is different from applicant contact information associated with the applicant;receive correspondence using the alternate contact information from a sender;identify a forwarding action of the correspondence based at least in part on a sender class of the sender of the correspondence, an identified code within the correspondence, and a plurality of predefined rules, the identified code comprising at least one of at least a portion of a postal address, at least a portion of a subject line, or a number provided via a telephone keypad; andforward the correspondence according to the forwarding action.

10. The system of claim 9, wherein, when executed, the instructions further cause the computer system to at least store, in the memory, the actual name of the applicant and the applicant contact information, the applicant contact information being correlated with alternate contact information for the domain name registration.

11. The system of claim 9, wherein the correspondence is an email message, and wherein, when executed, the instructions cause the computer system to at least: determine that the email message is not SPAM;determine that the email message is free of malicious code; andwherein the correspondence is forwarded to a registrant e-mail address of the applicant contact information in response to the email message not being SPAM and being free of malicious code.

12. The system of claim 9, wherein, when executed, the instructions further cause the computer system to at least generate a summary of the correspondence, and the forwarding action comprises: deleting the correspondence; andsending the summary of the correspondence to the applicant using the application contact information.

13. The system of claim 9, wherein the sender class is one of a plurality of sender classes, and wherein, when executed, the instructions further cause the computer system to at least select the sender class from the plurality of sender classes according to at least one of a name of a sender, an email address of the sender, a sender domain, a geographic origin indicator of the sender, a corporate affiliation of the sender, or a telephone number of the sender.

14. The system of claim 9, wherein the alternate contact information corresponds to a privacy service, and when executed, the instructions further cause the computer system to at least: receive a request to cancel the privacy service from the applicant; andmodify the domain name registration to replace the alternate contact information with the applicant contact information.

15. The system of claim 9, wherein the applicant is a legal registrant of the domain name.

16. A computer-readable storage device storing instructions executable by a processor, wherein, when executed, the instructions cause the processor to at least: receive from an applicant a request to register a domain name;cause a domain name to be registered with a registrant name being an actual name of the application and with contact information that is entirely alternate contact information, the alternate contact information being different from actual contact information associated with the applicant;identify a plurality of predefined rules designated by the applicant, individual predefined rules of the plurality of predefined rules specifying a respective action associated with correspondence received indicating the alternate contact information;identify a forwarding action of the correspondence based at least in part on an identified code within the correspondence and at least one predefined rule of the plurality of predefined rules, the identified code comprising at least one of at least a portion of a postal address, at least a portion of a subject line, or a number provided via a telephone keypad; andperform the forwarding action associated with the correspondence.

17. The computer-readable storage device of claim 16, wherein, when executed, the instructions further cause the processor to at least: receive a request to modify the contact information from the applicant; andmodify at least a portion of the contact information in response to receiving the request from the applicant.

18. The computer-readable storage device of claim 16, wherein, when executed, the instructions further cause the processor to at least: identify one or more characteristics associated with a sender of the correspondence;select a particular sender class from a plurality of sender classes based on the one or more characteristics; andwherein the forwarding action is further based at least in part on the particular sender class of the sender.

19. The computer-readable storage device of claim 16, wherein the applicant retains control over the domain name registration.

20. The computer-readable storage device of claim 16, wherein, when executed, the instructions further cause the processor to at least generate a summary of a received correspondence, and the forwarding action comprising: sending the summary of the received correspondence to the applicant using the applicant contact information; anddeleting the received correspondence.