On May 25, 2018, regulations went into effect that limit the amount of WHOIS information that is publicly available online. An article on our website provides background on that issue and the recent efforts by the Internet Corporation for Assigned Names and Numbers (ICANN) to address it. This article outlines some useful tools for dealing with domain name abuse in the meantime. Some key players include:
- GDPR. The General Data Protection Regulation—an EU-wide regulation, effective as of May 25, 2018, that established strict limitations on the use and publication of personal information, including the names, identities, and contact information of the registrants.
- Registrant. The person or entity that registers a domain name.
- Registrar. An organization accredited by ICANN that sells domain names to the public.
- Registry. An organization that manages domain names; it creates domain name extensions, sets rules for the domain name, and works with registrars to sell the domain names to the public.
- Temporary Specification. ICANN's Temporary Specification for gTLD Registration Data, effective as of May 25, 2018, which established temporary requirements for the maintenance and publication of information regarding the registrants for domain names.
With these in mind, some options for addressing domain name disputes include:
1. Use Intermediaries. Registrars, hosting providers, and internet service providers (ISPs) have the ability to contact the registrant. Some options include:
- Anonymous Email. Appendix A, Section 2.5 of the Temporary Specification requires registries and registrars to provide an anonymous email address or web form for each domain name, to enable third parties to contact the registrant. Sadly, though, there is no way to tell whether the message was received, so it can be an unsatisfying experience.
- Abuse@. Registrars are also required to maintain a designated email address where third parties can report abuse. When a registrar receives a complaint, it is required to "take reasonable and prompt steps to investigate and respond appropriately." (Registrar Accreditation Agreement, Section 3.18.1). We recommend using a friendly tone coupled with liberal quotes from the Registrar Accreditation Agreement. If the registrar does not take appropriate action, report it to ICANN.
- Request WHOIS Info. The current regulations require registrars to provide access to nonpublic WHOIS information when a third party requests access for a "legitimate purpose." An exception arises in cases where releasing the nonpublic WHOIS information (or a portion of it) would violate a serious interest or fundamental right of the registrant. When making such a request, we recommend providing ample information regarding yourself, the person or entity you represent (if any), and the basis for your request (e.g., trademark infringement). However, because there are no established standards for this process, many registrars will ignore or deny the request. If that occurs, report them to ICANN.
2. Scour the Website. In some cases you may be able to find the identity or contact information of the registrant on the website. Some places to look are:
- The "About" or "Contact Us" page;
- If the information is not currently available on the website, it is possible that it appeared on a page that was archived by the Internet Archive or some other service.
3. Investigate. Although we no longer have a robust, easily accessible WHOIS database, there is still considerable information available online. For instance, GDPR applies to individuals, not companies. If the registrant is a business, the WHOIS information should display the company's name. With that, you may be able to identify government filings for that entity, which will typically include contact information. In the alternative, every web-connected device, including the server where the website is hosted, is assigned a unique identifying number known as an "IP address." While there are likely a variety of unrelated, third-party websites hosted on that same server, that information will tell you who is hosting the data and where the data is hosted. Some useful tools include:
- The Site Info and WHOIS tools from CQ Counter;
- The WHOIS database of the American Registry for Internet Numbers;
- The Reverse IP and Reverse WHOIS tools available through ViewDNS.Info;
- The Daily Changes Monitor of DNS changes for domain names from Domain Tools; and
- The Blacklist Check to determine whether the mail server's IP address is associated with any email blacklists for spam or phishing from MXToolBox.
4. Review Archived WHOIS Data. A variety of companies collect archive copies of WHOIS data for most public websites, which you can access for a fee. Some options include:
- DomainTools: A subscription-based service providing risk analysis, investigation services, archival WHOIS data, and information to map online networks of criminal organizations.
- Whoisology: A subscription-based service providing access to current and historic WHOIS data and other information regarding connections between domain name registrants.
- Reg.com: A Russian domain registration website that maintains a large cache of archival WHOIS data that can be accessed relatively cheaply (no subscription required).
- SecurityTrails: A subscription-based service providing access to DNS records, historical WHOIS data, and other information regarding a domain or a domain name registrant.
- whoisxmlapi.com: A subscription-based service that provides domain research, monitoring, archival WHOIS info, DNS, and threat intelligence data.
5. Institute Legal Action. Lastly, you can obtain this information through legal action, such as a lawsuit against a DOE (unknown) defendant, an in rem action against the domain in the registrar's jurisdiction, or an action under the Uniform Domain Name Resolution Policy (UDRP) or Uniform Rapid Suspension System (URS). In either case, you will receive the registrant's information as a matter of course.
The approaches listed above are just a few of the many that are still available for dealing with domain name abuse while the issues with the public WHOIS database are resolved. Please note that we reference or provide links to third-party websites or services to give you ideas of how to find this information. We do not endorse, sponsor, support, or vouch for any of these companies, and we have no connection, affiliation, or other relationship with them.
The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.