ICANN confirms GoDaddy Whois probe
ICANN is looking into claims that GoDaddy is in breach of its registrar accreditation contract.
The organization last week told IP lawyer Brian Winterfeldt that his complaint about the market-leading registrar throttling and censoring Whois queries over port 43 is being looked at by its compliance department.
The brief note (pdf) says that Compliance is “in receipt of the correspondence and will address it under its process”.
Winterfeldt is annoyed that GoDaddy has starting removing contact information from its port 43 Whois responses, in what the company says is an anti-spam measure.
It’s also started throttling port 43 queries, causing no end of problems at companies such as DomainTools.
Winterfeldt wrote last month “nothing in their contract permits GoDaddy to mask data elements, and evidence of illegality must be obtained before GoDaddy is permitted to throttle or deny port 43 Whois access to any particular IP address”.
It’s worth saying that ICANN is not giving any formal credibility to the complaint merely by looking into it.
But while it’s usual for ICANN to publish its responses to correspondence it has received and published, it’s rather less common for it to disclose the existence of a compliance investigation before it has progressed to a formal breach notice.
It could all turn out to be moot anyway, given the damage GDPR is likely to do to Whois across the industry in a matter of weeks.
Is it just me or does the Winterfeldt IP Group logo look like a newspaper hat?
https://allfortheboys.com/storage/080111_2521.jpg
Looks a bit more like the Night King’s crown to me.
Any registrar can throttle requests; bulk access is permitted in RAA, but Domain Tools hasn’t asked (or paid) for it.
As for masking data elements, why bother at this point when GDPR enforcement will already mask them anyways ?
Rubens…. Registrar=>Registrar whois queries operate on a different channel designed for transfers. They are saying that the whois channel designed for transfers was being throttled to the point where no transfers out of GoDaddy could occur to the other registrar. This is against ICANN policy since those queries should be pushed through.
They didn’t mention transfers. You and kd did.
This complaint to ICANN came at the same time that Namecheap complained to GoDaddy about throttling transfers so there is little doubt (to me anyway) that this complaint came from Namecheap.
@Rubens wtf are you talking about?
No one has to ask for bulk access and of course no one has to pay for it.
Also we are talking with the current rules. Not the ones that may or may not come into effect in May 25th or whenever or the interim model or some other model in 2019 or 2020.
Read the RAA. 3.3.5 says:
3.3.5 In providing query-based public access to registration data as required by Subsections 3.3.1 and 3.3.4, Registrar shall not impose terms and conditions on use of the data provided, except as permitted by any Specification or Policy established by ICANN. Unless and until ICANN establishes a different Consensus Policy, Registrar shall permit use of data it provides in response to queries for any lawful purposes except to: (a) allow, enable, or otherwise support the transmission by e-mail, telephone, postal mail, facsimile or other means of mass unsolicited, commercial advertising or solicitations to entities other than the data recipient’s own existing customers; or (b) enable high volume, automated, electronic processes that send queries or data to the systems of any Registry Operator or ICANN-Accredited registrar, except as reasonably necessary to register domain names or modify existing registrations.
Note high volume automated queries are not covered, they are excepted.
For some registrars, like GoDaddy 3.3.6 applies:
3.3.6 In the event that ICANN determines, following analysis of economic data by an economist(s) retained by ICANN (which data has been made available to Registrar), that an individual or entity is able to exercise market power with respect to registrations or with respect to registration data used for development of value-added products and services by third parties, Registrar shall provide third-party bulk access to the data subject to public access under Subsection 3.3.1 under the following terms and conditions:
3.3.6.1 Registrar shall make a complete electronic copy of the data available at least one (1) time per week for download by third parties who have entered into a bulk access agreement with Registrar.
3.3.6.2 Registrar may charge an annual fee, not to exceed US$10,000, for such bulk access to the data.
3.3.6.3 Registrar’s access agreement shall require the third party to agree not to use the data to allow, enable, or otherwise support any marketing activities, regardless of the medium used. Such media include but are not limited to e-mail, telephone, facsimile, postal mail, SMS, and wireless alerts.
3.3.6.4 Registrar’s access agreement shall require the third party to agree not to use the data to enable high-volume, automated, electronic processes that send queries or data to the systems of any Registry Operator or ICANN-Accredited registrar, except as reasonably necessary to register domain names or modify existing registrations.
3.3.6.5 Registrar’s access agreement must require the third party to agree not to sell or redistribute the data except insofar as it has been incorporated by the third party into a value-added product or service that does not permit the extraction of a substantial portion of the bulk data from the value-added product or service for use by other parties.
Note that even for the registrars that might be compelled to provide bulk access, and I don’t if ICANN made good to their part of asking an economic analysis of Godaddy and Tucows for instance, they might charge up to 10,000 dollars per annum for providing such bulk access.
So in summary, who wants bulk access has to ask for it, and might be asked to pay for it.
So now we follow the current RAA rules or the future GDPR amended RAA?
1. We are playing with words here. Bulk access is permitted but high volume access may not be permitted.
What is high volume?
2. ICANN has never “determined” so no one has to pay for data yet.
If ICANN has never determined, it means that no registrar is obliged to provide bulk access, not even if the requesting party is willing to pay USD 10k a year.
GDPR will only change which fields are output in WHOIS, no matter if a single access or bulk access. Paying for bulk access doesn’t make GDPR less applicable to the bulk data provided.
It’s a problem. GoDaddy has done this and similar for years, which is a huge pain for the industry. GoDaddy should not be allowed to mask simple whois queries so easily. It hampers transfers. It is not friendly for other registrars who require and need access to it!