More than 5% of the net's most popular domains have been registered using "patently false" data, research shows.
Phishing gangs use websites to make scams look plausible
A US congressional report into who owns .com, .net and .org domains found that many owners were hiding their true identity.
The findings could mean that many websites are fronts for spammers, phishing gangs and other net criminals.
The report also found that measures to improve information about domain owners were not proving effective.
The research was carried out by the US Government Accountability Office (GAO) to assess the accuracy of information about domain owners.
The GAO took 300 random domain names from each of the .com, .org and .net registries and looked up the centrally held information about their owners. Any user can look up this data via one of the many "whois" sites on the net.
The report found that owner data for 5.14% of the domains it looked at was clearly fake as it used phone numbers such as (999) 999-9999; listed nonsense addresses such as "asdasdasd" or used invalid zip codes such as "XXXXX".
In a further 3.65% of domain owner records data was missing or incomplete in one or more fields.
Extrapolating from what it found, the GAO suspects that owner information for 3.89 million of the 44 million registered .com, .org and .net domains is fake in at least one respect.
Increasingly whois data is being used by law enforcement and security companies to find out who is running a website involved in spamming or some other scam.
The GAO said there were many different sorts of sites on the domains with incomplete or false ownership data that included search engines, porn sites and consulting services. Many domains had no website associated with them.
As well as looking into owner information, the GAO also investigated the procedures for correcting fake data.
The Internet Corporation for Assigned Names and Numbers (Icann) has the role of overseeing the net's domains and recently attempted to tighten up the policing of owner data.
However, the GAO found of the 45 reports on dodgy domain data that it submitted to Icann, 33 were unchanged after 30 days. Of the others, 11 were corrected and one domain was deleted.
The GAO recommended that more effort be made to verify the information by domain owners and that greater use be made of commercial software tools to check who runs a website.