Approximately 2.3 million domain names have been registered with obviously false information, such as (999) 999-999 for a telephone number or "XXXXX" for a postal zip code.
Another 1.6 million were registered with incomplete information, according to a report released yesterday by the US Government Accountability Office (GAO).
The GAO said individuals or organisations registering the names of their websites may have provided inaccurate information to domain name registrars to hide their identities or prevent the public from contacting them. The 3.9 million wrong or incomplete registrations represents 8.6 percent of the 44.9 million the agency was asked to check by Congress.
Contact information is made available online through a service known as Whois. Data accuracy in the Whois service can help law enforcement officials investigate the misuse of intellectual property and online fraud, as well as identify the source of spam and help Internet operators resolve technical network issues, the GAO said.
The GAO was asked to determine the prevalence of patently false or incomplete contact information in the Whois service for the .com, .org and .net domains. It was also asked to determine how much of the wrong information was corrected within a month of being reported to the Internet Corporation for Assigned Names and Numbers (ICANN), the regulatory group that oversees the Internet's technical infrastructure.
The GAO was also asked to describe the steps taken by the US Department of Commerce and ICANN to ensure the accuracy of contact data in the Whois database.
The GAO said it found 45 error reports in a random sampling of 900 registrations and submitted those 45 error reports to ICANN for further investigation. The GAO said it determined that 11 of those 45 domain name holders provided updated contact information that was not patently false within 30 days. One domain name, which had already been pending deletion, was terminated after the GAO submitted the error report. The remaining 33 were not corrected at all within that time frame.
It identified two tools intended to help reduce false contact information in the Whois database. The Internet Registry Information Service protocol, which provides tiered access to sensitive contact information, could be used to restrict public access to that information in the Whois database. That, in turn, could encourage individuals or organisations to submit more accurate information.
The other tool is Support Intelligence's Trust Factor screening product, which could be used to assess the validity of contact information against public information stored in commercial databases.
While both tools have the potential to help reduce false contact information, neither is widely implemented by registrars and registries, the GAO said.