Whois

Blogs

Beyond WHOIS: Rethinking Domain Verification in a Post-GDPR World

May 08, 2025 2:41 PM PDT

The introduction of GDPR in 2018, and the subsequent tightening of privacy regulations around the world, was a necessary step toward protecting user data. Consumers gained critical rights over their personal information, and companies were forced to adopt stronger standards for how they collect, store, and use that data. However, one unintended consequence has been the erosion of access to domain registration information once easily available through WHOIS databases.

Beyond WHOIS: CircleID and Edgemoor Research Institute Second Event on ‘Filling the Gaps’

Mar 19, 2025 11:04 AM PDT

Experts at a CircleID and Edgemoor Research Institute webinar debated the challenges of domain registration data access in a post-GDPR world. Panelists explored the tension between privacy laws and legitimate data requests, the role of automation in disclosure decisions, and the need for a scalable, trust-based framework to balance compliance, cybersecurity, and enforcement interests.

Beyond WHOIS: Filling the Gaps

Feb 18, 2025 1:11 PM PST

Amid evolving privacy laws and rising cybersecurity threats, domain registration data disclosure remains a contentious issue. Beyond WHOIS: Filling the Gaps brings together experts to examine Project Jake's policy framework, aiming to balance privacy with legitimate access. Join industry leaders for insights on policy clarity, operational efficiency, and the future of domain name governance.

Beyond WHOIS: CircleID and Edgemoor Research Institute Inaugural Event on Balancing Privacy and Legitimate Data Needs

Feb 11, 2025 4:25 PM PST

The global debate over Internet privacy and security took center stage in a webinar hosted by CircleID in partnership with the Edgemoor Research Institute. The event marked the first in a series exploring the delicate balance between safeguarding personal data and ensuring legitimate access to domain name registration details. As governments, cybersecurity experts, law enforcement, and intellectual property holders grapple with the evolving regulatory landscape, Project Jake seeks to establish a framework that prioritizes policy clarity, efficiency, and adaptability.

Beyond WHOIS: Towards a New Framework of Internet Domain Registration Data Disclosure

Jan 20, 2025 3:31 PM PST

The collection and disclosure of DNS registration data have evolved chaotically, influenced by GDPR and other privacy laws. The system, while improving privacy, has enabled bad actors and raised costs for registrars and registries. Join experts at this event as they explore Project Jake's framework for balancing privacy with legitimate data needs, emphasizing policy clarity, efficiency, and adaptability.

Exploring the Impact of WHOIS Data Redaction on Unsolicited Emails

Dec 09, 2024 7:23 AM PST

In the digital age, personal data protection has become paramount, with regulations like the General Data Protection Regulation (GDPR) shaping global practices. One area significantly affected is the public availability of WHOIS data, a critical resource in the domain name system. WHOIS traditionally provided detailed contact information for domain registrants, but privacy measures have redacted much of this data in recent years.

Elizabeth “Jake” Feinler: The Mother of Whois

Dec 05, 2024 10:27 AM PST

Elizabeth "Jake" Feinler, known as the "Mother of Whois," transformed internet infrastructure as the ARPANET Network Information Center's lead. Her work in organizing data and pioneering Whois set the foundation for modern internet protocols. A trailblazer in technology, she championed inclusivity, mentoring women and minorities, while her legacy endures as a cornerstone of the digital age.

New Data on Domain Name Contact Availability and Privacy

Nov 22, 2024 8:22 AM PST

Nearly 90% of the internet's generic top-level (gTLD) domain names do not have identifying contact information in the Registration Data Directory Services (RDDS) system, according to a report by Interisle Consulting Group. A key finding of the report is the rapid growth of registrar-provided proxy service offerings and the inclusion of these services for both new and existing registrations.

NIS2 Article 28 Guidance: A Positive Step Toward Reducing DNS Abuse Across Europe

Oct 28, 2024 7:45 AM PDT

The European Union (EU) has set a high bar by tackling domain name system (DNS) abuse head on via government regulation and seems to have successfully resisted attempts to water down DNS stewardship obligations. Recent guidance from a key European Commission cooperation group (the NIS Cooperation Group) handling sections of the Network and Information Security Directive (NIS2) intends for a robust implementation of Article 28, which will go a long way toward helping to mitigate some of the longstanding problems that persist in the DNS.

How the EU’s NIS 2.0 Can Help Solve the Challenge of Domain Name Registration Data Accuracy and Access

Sep 05, 2024 8:11 AM PDT

Over the past twenty years of my engagement in the ICANN multistakeholder process, one topic that has always been near and dear to me has been improving the accuracy and access to domain name registration data in a way that respects the legal rights of both registrants and requestors of registration data. Sadly, the glacial pace at which ICANN develops and implements policy has prevented a holistic solution to the problem.

Harmonizing WHOIS With NIS2 Article 28 - the Rubber Is About to Meet the Road

Jul 25, 2024 7:34 AM PDT

ICANN must act now to harmonize its domain name registration data (commonly known as WHOIS) policies with Article 28 of the European Union's Network and Information Security (NIS2) directive, first to adhere to applicable laws as it fulfills its oversight responsibilities and, second, to keep its word to the community to preserve WHOIS to the fullest extent possible under law.

Alternative Insights on Article 28 of the NIS2 Directive

Jun 12, 2024 10:41 AM PDT

On June 9 CircleID published an insightful article by Thomas Rickert entitled "Demystifying Art 28 NIS2." In that piece Thomas set forth two alternative interpretations of Article 28(6) of NIS2, and argued that TLD registries should not be required to maintain a separate database of the registrant data under NIS2. In my view, Thomas' approach is inconsistent with the remainder of Article 28, and would not achieve the goals of NIS2 to improve cybersecurity across the EU member states.

ICANN’s Registration Data Request Service: Open CSG Working Session at ICANN80

May 31, 2024 8:14 AM PDT

Now just more than a quarter of the way into the pilot program, ICANN's Registration Data Request Service (RDRS) again will be the subject of intensive discussions during the ICANN80 meeting in Kigali in early June. This includes further consultations hosted by the Commercial Stakeholder Group (CSG) and including registrars, data requestors and ICANN Org.

NIS 2.0 and Its Impact on the Domain Name Ecosystem

May 22, 2024 12:02 PM PDT

I recently appeared on the 419 Consulting podcast to discuss the European Union's NIS 2.0 Directive and its impact on the domain name ecosystem. I encourage all TLD registries, domain name registration service providers, and DNS operators to listen to the recording of that session which Andrew Campling has made available.

13th Registration Operations Workshop: Join Us Online on June 4th, 2024

May 20, 2024 12:57 PM PDT

As a member of the ROW Planning Committee, I am writing this post on behalf of the Committee and welcome all community members to join us on June 4th. We are celebrating ROW's 10th anniversary! A decade of collaboration and inspiration! Thank you to the incredible community that has fueled this journey!

View More

News Briefs

RDAP Replaces WHOIS: A New Era in Domain Name Data Management

  • Jan 28, 2025 11:00 AM PST
  • Comments: 0

NIS 2 Directive Set for Implementation with New Guidelines, But Concerns Remain

  • Sep 26, 2024 1:17 PM PDT
  • Comments: 1

ICANN Launches Global Service for Nonpublic Domain Name Registration Data Requests

  • Nov 28, 2023 11:44 AM PST
  • Comments: 1

Trump Admin Ramping Up Attacks on GDPR – Says It Helps Cybercrime, Threatens Public Health

  • Jun 30, 2020 6:30 PM PDT
  • Comments: 0

New Zealand’s Domain Name Commission Wins Appeal in Lawsuit Against US DomainTools

  • Jul 19, 2019 7:30 PM PDT
  • Comments: 0

Domain Registrars Given a Six-Month Deadline to Implement Registration Data Access Protocol (RDAP)

  • Mar 01, 2019 6:44 PM PST
  • Comments: 0

EU Should Not Be Setting US WHOIS and Privacy Policy, Says MPAA

  • Nov 20, 2018 3:48 PM PST
  • Comments: 0

Easy Access to ICANN, IP Address Data Beats Info on Encrypted Data, Says Telstra Cybersecurity Head

  • Oct 23, 2018 7:11 PM PDT
  • Comments: 0

New Zealand’s Domain Name Commission Wins Injunction in a Lawsuit Against DomainTools

  • Sep 13, 2018 2:40 AM PDT
  • Comments: 2

Special Interests Circulating Draft Legislation to Cut Short ICANN’s Whois Policy Process

  • Aug 29, 2018 7:07 PM PDT
  • Comments: 2

Former ICANN Senior Vice President Kurt Pritz to be Named Chair of Whois Group

  • Jul 16, 2018 7:11 PM PDT
  • Comments: 0

DomainTools Sued for Misusing New Zealand’s .NZ Domain Name Registration Information

  • Jul 12, 2018 6:54 PM PDT
  • Comments: 0

Anti-Phishing Working Group Proposes Use of Secure Hashing to Address GDPR-Whois Debacle

  • Jul 10, 2018 8:49 PM PDT
  • Comments: 0

European Data Regulators Throw ICANN Back to the Drawing Board for a Third Time on Whois Privacy

  • Jul 08, 2018 4:42 AM PDT
  • Comments: 0

ICANN Files Legal Action Against Domain Registrar for Refusal to Collect WHOIS Data

  • May 27, 2018 3:58 PM PDT
  • Comments: 1

Domain Name Registrars Ask ICANN for a “Moratorium” on Its New GDPR Policy

  • May 18, 2018 8:57 PM PDT
  • Comments: 1

A Short-Term Suspension of GDPR Enforcement on WHOIS May Be Necessary, Says U.S. Government

  • May 18, 2018 8:05 PM PDT
  • Comments: 0

ICANN Releases Temporary WHOIS Specification Plan for GDPR Compliance With Deadline Two Weeks Away

  • May 14, 2018 6:03 PM PDT
  • Comments: 1

ICANN CEO “Cautiously Optimistic” EU to Provide Clear Guidance for Domain Industry GDPR Compliance

  • Apr 05, 2018 1:19 AM PDT
  • Comments: 0

ICANN’s GDPR Compliance Model for Whois Unlikely to Be Implemented in Time for May 25 Deadline

  • Mar 28, 2018 7:50 PM PDT
  • Comments: 0
View More

Most Viewed

Network Solutions Responds to Front Running Accusations

  • Jan 08, 2008
  • Views: 158,234

North Dakota Judge Gets it Wrong

  • Jan 16, 2008
  • Views: 151,598

Help! My Domain Name Has Been Hijacked!

  • Jan 12, 2007
  • Views: 99,688

Fake Bank Site, Fake Registrar

  • Mar 28, 2012
  • Views: 76,901

Whois Privacy vs. Anonymity

  • Mar 24, 2005
  • Views: 76,638
View More

Most Commented

Fake Bank Site, Fake Registrar

  • Comments: 72
  • Views: 76,901

When Registrars Look the Other Way, Drug-Dealers Get Paid

  • Comments: 48
  • Views: 68,582

Who Is Blocking WHOIS? Part 2

  • Comments: 43
  • Views: 64,951

ICANN Complaint System Easily Gamed

  • Comments: 41
  • Views: 33,614

Domain Name Registrar Allows Completely Blank WHOIS

  • Comments: 34
  • Views: 67,240
View More

Industry Updates

Global Domain Activity Trends Seen in Q1 2025

Unlocking the DNS Strongbox of BADBOX 2.0

Unearthing the DNS Roots of the Latest Lotus Blossom Attack

Rounding Up the DNS Traces of RA World Ransomware

Tempering Tax Season Troubles with DNS Intel

Decrypting the Inner DNS Workings of EncryptHub

Tracing the DNS Footprints of REF7707

Igniting a DNS Spark to Investigate the Inner Workings of SparkCat

DNS Deep Diving Into 2025’s Up and Coming Ransomware Families

A DNS Investigation of SEO Manipulation via Bad Seed BadIIS

Malicious Ads Targeting Advertisers in the DNS Spotlight

Sneaking a Peek into the Inner DNS Workings of Sneaky 2FA

Unloading MintsLoader IoCs Using DNS Intelligence

DNS Spotlight: Rockstar2FA Shuts Down, FlowerStorm Starts Up

DNS Deep Dive: Peeking into Back Doors to Abandoned but Live Backdoors

View More

Participants – Random Selection

View More