Latest news of the domain name industry

Recent Posts

Registrars still not responding to private Whois requests

Kevin Murphy, October 18, 2018, Domain Policy

Registrars are still largely ignoring requests for private Whois data, according to a brand protection company working for Facebook.

AppDetex wrote to ICANN (pdf) last week to say that only 3% of some 9,000 requests it has made recently have resulted in the delivery of full Whois records.

Almost 60% of these requests were completely ignored, the company claimed, and 0.4% resulted in a request for payment.

You may recall that AppDetex back in July filed 500 Whois requests with registrars on behalf of client Facebook, with which it has a close relationship.

Then, only one registrar complied to AppDetex’s satisfaction.

Company general counsel Ben Milam now tells ICANN that more of its customers (presumably, he means not just Facebook) are using its system for automatically generating Whois requests.

He also says that these requests now contain more information, such as a contact name and number, after criticism from registrars that its demands were far too vague.

AppDetex is also no longer demanding reverse-Whois data — a list of domains owned by the same registrant, something not even possible under the old Whois system — and is limiting each of its requests to a single domain, according to Milam’s letter.

Registrars are still refusing to hand over the information, he wrote, with 11.4% of requests creating responses demanding a legal subpoena or UDRP filing.

The company reckons this behavior is in violation of ICANN’s Whois Temporary Specification.

The Temp Spec says registrars “must provide reasonable access to Personal Data in Registration Data to third parties on the basis of a legitimate interests pursued by the third party”.

The ICANN community has not yet come up with a sustainable solution for third-party access to private Whois. It’s likely to be the hottest topic at ICANN 63 in Barcelona, which kicks off this weekend.

Whois records for gTLD domains are of course, post-GDPR, redacted of all personally identifiable information, which irks big brand owners who feel they need it in order to chase cybersquatters.