Recent Posts
- Ask.com hits the market as Jeeves breathes his last
- ICANN throws a bone to its most stubborn new gTLD applicant
- Cops get special Whois access rights
- Identity Digital acquires another dormant gTLD
- Verisign to delete .name 3LDs and email addresses
- Four more deadbeat registrars face firing squad
- ICANN punts on Oman meeting decision
- DNSSEC claims another registry victim
- .music has competition as .mu repositions
- Over 100 new gTLD bids have already been announced
- 2026 new gTLD round has actually opened
- Nominet wants to fight shrinkage without self-abuse
- Verisign cranks up guidance as .com swells
- More Verisign bitchiness as .com price rise revealed
- Is a .tree gTLD very cool or very silly?
- The internet just got its first new TLD since 2022
- Kid-friendly domains could be reborn
- Shrinking .us TLD is up for grabs
- Namecheap saw 116,000 phishing attacks last year
- .io safe for now as Trump puts Chagos deal on ice
- Amazon sells three gTLDs to Identity Digital
- .radio’s new owners might have a fight on their hands
- WIPO doubles the speed of UDRP cases
- Amazon joining GlobalBlock
- Unstoppable buys 10 new registrars
- ICANN cleaning house, cans four more registrars
- ICANN to throw millions more at cheapo gTLDs
- Introducing Stringtel, my new free new gTLD tool
- GlobalBlock signs the two best deals it will ever get
- Seven registrars get terminated
- GoDaddy launches DomainMaxxing to optimize your domains
- .latino gTLD to launch soon
- Amazon readies .pay gTLD
- Nominet reveals first DNS tech funding recipients
- ICANN hit with tinfoil-hat lawsuit
- .pn relaunches — you’ll never guess what they say it means
- Unstoppable focuses on proper domains, admits crypto was “craze”
- ICANN boss: no plans to scrap Oman meeting
- China domains dip in 2026
- ICANN maps out new gTLD timeline
- War disrupts ICANN 85
- Namecheap abandons fight for .org price caps
- Identity Digital acquires another gTLD
- Seven dead registrars on the out
- Sav.com owner takes over .radio gTLD
- .com zone tops 160 million domains
- ai.com, the most-expensive domain sale ever
- .ai hits seven figures, raises prices
- Typosquatter gets two years in jail
- Epstein low-balled registrants to get his exact-match domain
- Epstein bought “mother” domains for Fergie while serving time
- Two former ICANN directors want back in
- Former ICANN director could lose control of ccTLD
- UK launches “police.ai”, but does it own the domain?
- Team Internet still in talks to sell off domains unit
- NamesCon returning to Miami in November
- “Mad Dog” politician registers nazis.us, redirects to Trump admin site
- “Lowest Price Guaranteed!” $48 .com registrar canned
- No RDAP? No accreditation
- Fifth-largest gTLD not dead after all
- Half of registrar’s domains are abusive, ICANN says
- Burr joins PIR after leaving ICANN board
- Refunds galore as gTLD losers finally bow out
- .goo terminated as search engine closes down
- GoDaddy to offer domain blocking to people who don’t have trademarks
- Happy new year expected for domain industry, says ICANN
- Salesforce to apply for a dot-brand
- Team Internet looking to break up
- Noss to leave Tucows corner office
- Rubens Kühl has died
- Sinha angry with Chapman’s firing as ICANN vice chair
- Glitch redux: ICANN screws up new gTLD security again
- CentralNic claims second-largest TLD migration ever
- DNS issue at Amazon takes out major apps and sites
- .io sales almost double over three years
- Amazon delays book and fashion gTLDs
- Lindqvist shuffles the exec deck
- GoDaddy launches “ultra-premium” domain marketplace
- .mobi to get a new rival in .mobile
- Bye-bye .boomer! Blockchain players abandon new gTLD plans
- Decades-old US registrar gets a spanking
- love.you sold in apparent five-figure deal
- Bogus harassment complaints could get you an ICANN ban
- ICANN slaps open-mic ban on conflicted lawyers
- Final GTFO warning for 19 failed new gTLD bids
- Nominet opens $500,000 fund for open source projects
- Com Laude buys larger rival Markmonitor
- Epik took down Charlie Kirk doxing site
- Number of subsidized gTLD bidders far lower than thought
- Another registrar goes AWOL
- gTLD loses its second-largest registrar after breach
- Com Laude buys Fairwinds
- Unstoppable wants to be a registry back-end
- Sixteen new gTLD bids could face the firing squad
- Registry to release one-letter domains tomorrow
- New ICANN funding rules will cost smaller ccTLDs more
- .ai rival lines up gTLD bid
- Team Internet lays off 200
- Sixteen more orgs vie for cheap gTLDs, but…
- So who’s registering sunrise domains these days?
- Cloud gTLD gets launch dates
- Governments say new gTLD program “credibility” at stake
- NIXI planning doomed new gTLD bids
- AI experts replace Chapman on ICANN board
- RDRS may not be dead
- Single-letter .com lawsuit thrown out of court
- Golding challenges McCarthy for Nominet board seat
- Three applicants qualify for cheapo gTLDs
- Blockchain crisis looming for new gTLD next round
- Two more dot-brands leave Verisign for GoDaddy
- ICANN looking at new bulk reg rules
- Reseller loss hits Tucows’ DUM but not revenue
- GoDaddy counts cost of losing .co deal
- Wine producers worried about new gTLDs
- Goodyear tires of its dot-brand
- Team Internet loses Radix to Tucows
- ICANN’s “review of reviews” kicks off
- Huge registrars flee from RDRS
- Namecheap loses attempt to bring back .org price caps
- Registrar shamed for alleged crypto abuse neglect
- Poblete’s ICANN board seat safe
- .com off to strong start in Q3
- .my is growing like crazy
- ICANN settles $77 million sexual harassment suit
- Chinese domain spikiness ends in first half
Cops get special Whois access rights
Law enforcement agencies will be able to get access to private Whois records in under 24 hours under ICANN policy introduced yesterday, but the powers are toothless for now.
ICANN has updated its Registration Data Policy to add a section handling “urgent requests” for Whois data, normally redacted in the public RDAP databases due to privacy laws and ICANN policy.
Normally, registrars have as much as 30 days to respond to disclosure requests, but they will only have 24 hours when the request relates to “circumstances that pose an imminent threat to life, of serious bodily injury, to critical infrastructure, or of child exploitation in cases where disclosure of the data is necessary in combatting or addressing this threat”.
Because it’s a formal Consensus Policy, it’s already binding on all contracted parties.
But it’s currently pretty useless. The policy only requires the fast disclosure when the requestor is an “authenticated” law enforcement agency, and as of today ICANN has no mechanism to authenticate LEAs.
Figuring out how to authenticate requestors has been under discussion privately in the Governmental Advisory Committee’s Public Safety Working Group for some time, with ideas about domain-based authentication being floated.
But it seems the real work will be carried out by the GNSO Council’s forthcoming Supplementation Recommendations on the EPDP Phase 2 working group, which will be tasked with revisiting earlier, subsequently rejected, work on Whois access.
The pencilled-in deadline for that working group to reach recommendations is January 2027, a lot faster (but critics say less democratic) than a full-blown Policy Development Process, which would take years.
No RDAP? No accreditation
ICANN has terminated its contract with another registrar after the company failed to implement RDAP, the Whois replacement protocol.
US-based Brennercom will be de-accredited January 28, according to a published ICANN Compliance notice.
The headline infraction is the fact that Brennercom failed to migrate to RDAP, but as is often the case the registrar owes ICANN money and has failed to publish some administrative details on its web site.
ICANN will now move Brennercom’s registered domains to a different registrar under its usual transition process.
That shouldn’t take long. While Brennercom’s web site claims to have handled customers with thousands of domains in their portfolios, my records show it has never had more than 133 domains under management. Right now, it has about 40.
Huge registrars flee from RDRS
Ten notable domain registrars have abandoned ICANN’s pilot Registration Data Request Service, substantially reducing its usefulness.
In June, 10 accredited registrars pulled their support for the voluntary service, which is designed to give law enforcement, IP owners, and security researchers an easier way to request unredacted Whois records.
Team Internet is out, taking with it its registrars 1API, Internet BS, Key-Systems GmbH, Key-Systems LLC, Moniker, RegistryGate and TLD Registrar Solutions.
Newfold Digital exited with Network Solutions, Register․com, and PublicDomainRegistry․com.
The sum of all this is that there are now 78 participating registrars, compared to 88 at the end of May, and they now only represent 47% of all registered gTLD domains, down from 54%.
That’s the lowest level of participation since RDRS launched in late November 2023 and the first time it’s dropped below half of all registered gTLD domains.
Usage of RDRS has dropped to a whole new low. There were only 68 requests for Whois records in June, down from the previous low of 91 in March.
Perhaps counter-intuitively, the number of searches that resulted in “Registrar Not Supported” errors remained static at 16%, tying for the lowest ratio across the entire pilot to date.
ICANN’s Governmental Advisory Committee recently said it wants ICANN to consider making RDRS mandatory for all registrars.
Aug 7 Correction: this article originally erroneously stated that Corporation Service Company had removed one registrar and added another. In fact, the registrar in question had simply changed its name. I apologise for the error.
Registries have started shutting down Whois
Nominet seems to have become the first major registry services provider to start to retire Whois across its portfolio, already cutting off service for about 70 top-level domains.
Queries over port 43 to most of Nominet’s former Whois servers are no longer returning responses, and their URLs have been removed from the respective TLDs’ records on the IANA web site.
The move follows the expiration last month of ICANN’s contractual requirements to provide Whois in all gTLDs. Now, registries must use the successor protocol RDAP instead, with Whois optional.
A Nominet spokesperson tells us the shut-off, which affects large dot-brand clients including Amazon, happened after consultation with ICANN and clients on January 29.
TLDs Nominet was supporting under ICANN’s Emergency Back-End Registry Operator program are also affected.
The registry spokesperson said that the gTLDs .broadway, .cymru, .gop, .pharmacy, and .wales are still offering Whois, due to an interoperability issue:
“The sole reason for the retention of these gTLD WHOIS services is for interoperability with the Brand Safety Alliance (BSA) service integration, which does not yet support RDAP,” she said.
The BSA is the GoDaddy-backed project that offers the multi-TLD GlobalBlock trademark-blocking service.
Nominet’s flagship .uk is also still offering Whois, because Nominet discovered that some of its registrars were still using it, rather than EPP, to do domain availability checks.
The fact that a GoDaddy service and some .uk registrars still don’t support RDAP, even after a years-long ICANN transition plan, is perhaps revelatory.
I’ll admit the only reason I noticed Nominet’s Whois coverage was patchy was that I’d neglected to update one of my scripts and it started failing. Apparently I was not alone.
While RDAP can be fairly simple to implement (if I can do it…), actually finding each registry’s RDAP server is a bit more complicated than under the Whois regime.
All gTLD registries were obliged to offer Whois at whois.nic.[tld], and IANA would publish the URLs on its web site, but RDAP URLs are not standardized.
It’s not super obvious, but it seems instead you have to head over to IANA’s “Bootstrap Service” and download a JSON file containing a list of TLDs and their associated base RDAP URLs.
$3,000 to do a Whois lookup?
ICANN’s Registration Data Request Service cost hundreds, maybe even thousands, of dollars every time it was used in its first year, according to an analysis of official stats.
RDRS is the system designed to connect entities such as trademark owners, security researchers, and law enforcement with registrars, allowing them to request private domain registration data that is usually redacted in Whois records.
It’s running as a two-year pilot, in order to gauge demand and effectiveness, and its first full month of operation was December 2023.
ICANN has been publishing monthly transparency reports, including data such as number of requests and outcomes, and we know how much it cost the Org to develop and operate, so it should be possible to make some back-of-the-envelope calculations about how much each request costs the ICANN taxpayer.
The cost could range from about $300 to over $3,000 per request, even using some fairly generous assumptions.
RDRS cost $1,647,000 to develop, which is pretty much a shoestring by ICANN standards. Most of that was internal staffing costs, with some also being spent on external security testing services.
The total operational cost for the first 10 months was $685,000. Before ICANN publishes its calendar Q4 financials later this month, we could extrapolate that the first 12 months of operation was around $800,000, but let’s be generous and stick with $685,000 for this particular envelope’s backside.
While there were 7,871 registered requesters at the end of November 2024, they had collectively only submitted 2,260 requests over the same period.
Only 2,057 of those requests had been closed at the end of the period, and only 23% of closed requests resulted in registrar approval and data being fully handed over to the requester.
That works out to 474 approved requests in the first year.
With the most-generous assumptions, $685,000 of ops costs divided by 2,260 requests equals $303 per request.
If we only count approved requests, we’re talking about $1,445 per successful Whois lookup equivalent.
But we should probably switch to an envelope with a larger rear end and include the $1.6 million development costs in our calculations too.
If we factor in half of those costs (it’s a two-year pilot), we’re looking at about $666 per request or $3,181 per successful request in the first 12 months.
If the system was more widely used, the per-request cost would of course fall under this calculation, but there’s no indication that usage is significantly on the increase just yet.
These are only the costs incurred to ICANN. Registrars on one side of the service and requesters on the other also bear their own costs of working with the service.
Dealing with RDRS is not the same as doing a Whois lookup. You have to deal with a much lengthier form, add attachments, make a reasoned legal case for your request, etc. It eats work-hours and staff need to be trained on the system.
It may seem that $3,181 to do a Whois lookup is too expensive for the ICANN taxpayer.
And maybe it is, if it’s being predominantly used to assist (say) Facebook’s trademark enforcement strategy.
But if those Whois lookups help law enforcement more quickly nail a gang of fentanyl dealers or child sexual abuse material distributors, maybe the costs are more than justified.
At the end of November the number of requests from law enforcement was 15.6% of the total, while IP holders accounted for 29.7%, ICANN stats show.
ICANN’s board of directors will decide towards the end of the year whether the RDRS pilot has been successful and whether it should continue indefinitely.
Whois officially died today
Domain registries and registrars are no longer obliged to offer Whois services as of today, the deadline ICANN set for formally sunsetting the protocol.
It’s been replaced by RDAP, the newer Registration Data Access Protocol, which offers a more structured way to deliver domain ownership information.
Under ICANN’s standard Registry Agreement and Registrar Accreditation Agreement, January 28 marks the end of the RDAP “ramp up period” and the moment Whois becomes purely optional.
I expect many registrars will offer Whois and RDAP in parallel for a while, so ingrained in internet architecture is the older protocol. Likewise, the term “Whois” will likely be used colloquially to refer to RDAP for some time.
The data delivered by RDAP is not substantially different to that delivered by Whois, and those who access Whois via a web interface, such as ICANN’s lookup.icann.org, probably won’t notice any difference.
The main headaches will likely be experienced by those using custom software to access Whois over port 43, who may find they have to tweak their code to parse incoming RDAP responses instead.
Importantly, the switch to RDAP does not mean users will get data that was already redacted in Whois. Privacy laws such as GDPR apply equally to RDAP.
The only way to obtain private data is contacting the relevant registrar, directly or via ICANN’s Registration Data Request Service, and crossing your fingers.
ICANN’s private Whois data request service goes live
ICANN has this evening gone live with its service that enables anyone to request private Whois data on any gTLD domain.
The Registration Data Request Service lets people request contact information on registrants that would otherwise be redacted in the public Whois due to laws such as the GDPR.
The press release announcing the launch seems to have come out an hour or two before the service actually became accessible, but it’s definitely live now and I’ve tried it out.
The system is defined largely by what it isn’t. It isn’t an automated way to get access to private data. It isn’t guaranteed to result in private data being released. It isn’t an easy workaround to post-GDPR privacy restrictions.
It is a way to request an unredacted Whois record knowing only the domain and not having to faff around figuring out who the registrar is and what their mechanisms and policies are for requesting the data.
After scaling back the extremely complex and expensive original community recommendations for a post-GDPR Whois service, ICANN based the RDRS on its now decade-old Centralized Zone Data Service, which acts as an intermediary between registries and people like myself who enjoy sniffing around in zone files.
The RDRS merely connects Whois data requestors — the default settings in the interface suggest that ICANN thinks they’ll mostly be people with court orders — with the registrars in charge of the domains they are interested in.
Anyone who has used CZDS will recognize the interface, but the requesting process is longer, more complex, and requires accepting more disclaimers and Ts&Cs. That said, it’s not particularly confusing.
At first glance, it looks fine. Slick, even. I’ve used it to submit a test request with GoDaddy for my own Whois data, specifying that whoever deals with the request is free to ignore it. Let’s see what happens.
ICANN signs Whois’ death warrant in new contracts
Whois as we have known it for decades will be phased out of gTLDs over the next couple of years, after ICANN approved changes to its contracts at the weekend.
The board of directors signed off on amendments to the base Registry Agreement and Registrar Accreditation Agreement after they were approved by the requisite majority of registries and registrars earlier this year.
The changes outline how registries and registrars must make the move away from Whois, the technical specification, toward the functionally similar RDAP, the Registration Data Access Protocol.
After the amendments go into effect, contracted parties will have about 18 months to make the migration. They’ll be allowed to run Whois services in parallel if they wish after the transition.
People will in all likelihood carry on referring to such services as “Whois”, regardless, rather than the official replacement term “Registration Data Directory Services” or RDDS.
The RAA amendment will also require registrars to provide full RDAP output, rather than relying on “thick” registries to do it for them.
None of the changes affect how much personal information is returned for domain ownership lookups.
New ICANN contracts chart the death throes of Whois
Whois is on its death bed, and new versions of ICANN’s standard contracts put a timeline to its demise.
The Org has posted proposed updates to its Registrar Accreditation Agreement and Registry Agreement, and most of the changes focus on the industry-wide transition from the Whois standard to the newer Registration Data Access Protocol.
We’re only talking about a change in the technical spec and terminology here. There’ll still be query services you can use to look up the owner of a domain and get a bunch of redactions in response. People will probably still even refer to it as “Whois”.
But when the new RAA goes into effect, likely next year, registrars and registries will have roughly 18 months to make the transition from Whois to RDAP.
Following the contract’s effective date there’ll be an “RDAP Ramp-up Period” during which registrars will not be bound by RDAP service-level agreements. That runs for 180 days.
After the end of that phase, registrars will only have to keep their Whois functioning for another 360 days, until the “WHOIS Services Sunset Date”. After that, they’ll be free to turn Whois off or keep it running (still regulated by ICANN) as they please.
ICANN’s CEO and the chair of the Registrars Stakeholder Group will be able to delay this sunset date if necessary.
Most registrars already run an RDAP server, following an order from ICANN in 2019. IANA publishes a list of the service URLs. One registrar has already lost its accreditation in part because it did not deploy one.
There’ll be implementation work for some registrars, particularly smaller ones, to come into compliance with the new RAA, no doubt.
There’ll also be changes needed for third-party software and services that leverage Whois in some way, such as in the security field or even basic query services. Anyone not keeping track of ICANN rules could be in for a sharp shock in a couple of years.
The contracted parties have been negotiating these changes behind closed doors for almost three years. It’s been almost a decade since the last RAA was agreed.
The contracts are open for public comment until October 24.
ICANN adds another six months to Whois reform roadmap
ICANN says that its preparatory work for possible Whois reforms will take another six months.
The Operational Design Phase for the System for Standardized Access and Disclosure will now conclude “by the end of February 2022”, ICANN said this week.
That’s after the Org missed its original September deadline after six months of work.
ICANN program manager Diana Middleton said at ICANN 72 last week that ODP had been delayed by various factors including surveys taking longer than expected and throwing up more questions than they answered.
A survey of Governmental Advisory Committee members due September 17 was extended until the end of October.
But she added that ICANN intends to throw its first draft of the output — an Operational Design Assessment — at its technical writers by the end of the month, with a document going before the board of directors in early February.
SSAD is the proposed system that would funnel requests for private Whois data through ICANN, with a new veneer of red tape for those wishing to access such data.
The ODP is ICANN’s brand-new process for deciding how it could be implemented, how much it would cost, and indeed whether it’s worthwhile implementing it at all.
It’s also being used to prepare for the next round of new gTLDs, with a 13-month initial deadline.
The longer the current ODP runs, the greater the cost to the eventual SSAD user.
Recent Comments