Is WHOIS going to go away?

DaKnOb daknob.mac at gmail.com
Sat Apr 14 14:45:26 UTC 2018


Currently .eu and .gr domains do not have any whois records. .eu makes them available online, but .gr is under a much stricter privacy law in Greece, and makes no whois records available to anyone. 

This has been so for years, and I can tell you of a few things / observations about this, since I’ve had many domains with both TLDs.

First of all, anything that looks up for an e-mail in the whois records, just doesn’t work. That means that if you want a certificate for this domain, and you follow the traditional, manual, way, you either need a mail serve running there so hostmaster / postmaster / webmaster work, or the only way then is to add files. And that if you have something running on the base domain and you don’t just use this for subdomains.

Second, you never get any spam. If they can’t find your e-mail address, they can’t send you spam.

Third, it blocks legitimate uses of whois by people who need to know the identity of domain operators, such as abuse tracking projects, scam / phish projects, law enforcement, etc.

Finally, there are two ways to contact a domain owner. The first one is to look for a contact page in the website, if there is one. The second is to contact their registrar (the details of the domain registrar are available in the whois), and have them reach out to the owner on your behalf.

In my opinion, not all the information in the whois records should be there, from an individual point of view, but the all or nothing situation right now isn’t great. If I had to choose however, I would choose the no whois for now, over the other, more leaky one.

I personally believe a lot of people would agree, given the fact that there’s an entire market, and a plethora of domains using Whois Guard or in general whois masking tools, for free, or for a fee.

As far as abuse tracking goes, having whois available can help correlate websites, but only if the domain registrar allows only verified data to be added, whois masking is not used, or malicious actors only use the same data over and over. That last part may happen because the registrar does some verification, so it limits their choice of domain registrars.

P.S.: About the first thing, some CAs may e-mail the domain registrar’s e-mail (which is usually admin / support / IT) for domain verification, which I’m not sure if fine.. :-)



> On 14 Apr 2018, at 17:30, Rubens Kuhl <rubensk at gmail.com> wrote:
> 
> On Sat, Apr 14, 2018 at 11:21 AM, Filip Hruska <fhr at fhrnet.eu> wrote:
> 
>> EURID (.eu) WHOIS already works on a basis that no information about the
>> registrant is available via standard WHOIS.
>> In order to get any useful information you have to go to
>> https://whois.eurid.eu and make a request there.
>> 
>> Seems like a reasonable solution.
> 
> 
> GDPR and other privacy regimes apply to both port-43 and WebWHOIS.
> 
> Rubens



More information about the NANOG mailing list