Home / Blogs

At the Crossroads: The State of Domain Registration Data Services

The Internet's users rely on domain name registration information for vital purposes, including providing security, problem-solving, and legal and social accountability. The data is so important that users perform more than two billion WHOIS queries every day. ICANN has instituted new data policies over the last two years, and is also directing a migration to a new technical protocol, RDAP, that will replace WHOIS access in the near future. So at this critical juncture, how is it all going?

To find out, Interisle Consulting Group has performed a new study of the state of domain registration data access, "Domain Name Registration Data at the Crossroads." The report examines compliance with ICANN's current policies and operational standards. The investigation found widespread compliance and technical failures, leading to decreased basic access, and an erosion of reliability and predictability.

The report examines the practices of 23 registrars, which collectively sponsor more than two-thirds of the domain names in the generic top-level domains (gTLDs). The study answers five questions for each registrar:

  1. Does the registrar have a WHOIS service that functions properly and meets contractual obligations?
  2. Does the registrar have an RDAP service that functions properly and meets contractual obligations?
  3. Does the registrar comply with ICANN's current data handling and display policy, the "Temporary Specification for gTLD Registration Data"?
  4. Can Internet users always find information in the WHOIS and RDAP services that allows them to reach out to a domain contact?
  5. Does the registrar's contactability mechanism actually work? Is it possible to use the contact mechanism, and are the messages delivered to the domain contacts?

The study's findings include:

  • Registrars failed to meet the contractual obligations, and contactability goals in 40% of the cases studied. There were issues in an additional 16% of cases
  • A significant portion of the registrar industry is still not running reliable and compliant WHOIS services.
  • After one-and-a-half years, a significant percentage of registrars do not fully comply with ICANN's Temporary Specification.
  • A number of registrars mis-handle their obligations under GDPR.
  • Some registrars prevent people from reaching out to domain owners. Some registrars do not make the required contactability information available as required. Others have deployed procedures that make it difficult for people to contact their registrants. In some cases, the contactability mechanisms provided by registrars literally fail to deliver.
  • Some registrars constrain access to the non-sensitive domain registration data (the "public data set"). This set contains no personally identifiable information, so there is no privacy reason to protect it. Restricting access to it prevents its use for important and legally allowable purposes, such as cybersecurity.
  • RDAP services are not yet technically reliable enough for use. RDAP became mandatory for registrars and registry operators to provide in August 2019, but as of March 2020 the rollout is moving very slowly, and there are operational and compliance problems.
  • The problems raise questions about ICANN's compliance practices.

The study also provides examples of how these problems have real-life implications for security, stability, and trust on the Internet, including for detecting and mitigating cybercrime during the current COVID-19 pandemic. The report also provides a set of recommendations for positive change.

The report and data is available in an Executive Summary, the full report, and the registrar scoring table.

By Greg Aaron, President, Illumintel Inc.

CircleID Newsletter The Weekly Wrap

More and more professionals are choosing to publish critical posts on CircleID from all corners of the Internet industry. If you find it hard to keep up daily, consider subscribing to our weekly digest. We will provide you a convenient summary report once a week sent directly to your inbox. It's a quick and easy read.

I make a point of reading CircleID. There is no getting around the utility of knowing what thoughtful people are thinking and saying about our industry.

VINTON CERF
Co-designer of the TCP/IP Protocols & the Architecture of the Internet

Comments

Mitigation in full swing, everyone coming together to beat the cyber Covid-19 By Theo Geurts  –  Apr 01, 2020 12:20 pm PDT

Several volunteer efforts have been launched in the last few weeks to combat COVID-19 related cybercrime. Registrars and Registries are also involved. 
https://www.cyberthreatcoalition.org/
https://cti-league.com/

Join us!

Join us EU – and tear down By William Blackwood  –  Apr 07, 2020 11:29 am PDT

Join us EU – and tear down your Stasi GD(P)R Whois Wall.

Add Your Comments

 To post your comments, please login or create an account.

Related

Topics

Domain Names

Sponsored byVerisign

Cybercrime

Sponsored byThreat Intelligence Platform

Cybersecurity

Sponsored byVerisign

IP Addressing

Sponsored byIPv4.Global

Brand Protection

Sponsored byAppdetex

Whois

Sponsored byWhoisXML API

New TLDs

Sponsored byAfilias

DNS Security

Sponsored byAfilias