Wednesday, June 20th, 2018
A recent change to the WHOIS system, which creates a public record of domain-name ownership, will cause big problems for stopping pfishing and malware attacks and trademark infringements.
WHOIS provides contact information for someone who registers a domain name. It includes the individual’s name, company or organization if applicable, address, email address, and telephone number.
Until recently, you could access this information for free on the website of ICANN, the international organization that administers the domain-name system. Also, entities such as GoDaddy that sell domain names (called “registrars”) offer a free WHOIS database for domain names they sell.
As explained below, WHOIS information is important to cybersecurity professionals, trademark owners, journalists, and law enforcement officials.
Unfortunately, WHOIS information was almost totally wiped out on May 25, 2018 – the date the European Union’s General Data Protection Regulation (“GDPR”) went into effect. The GDPR created privacy rights for the online activities of individuals in Europe.
It caused ICANN and almost all registrars to redact from their publicly viewable WHOIS databases the names of individuals who register domain names and their contact information. The only information left is the name of the organization that registered the domain name (if any was provided), and its country, state, and city.
GoDaddy, the registrar market leader, appears to be the only significant hold out. It still provides full WHOIS information for domain names registered through it unless the registrant provides a European address.
How will this change impact businesses?
Cybersecurity has been weakened. Many Internet security professionals say open WHOIS information is critical to combating cybercrime, such as pfishing and malware. They use such information to track down and defeat threats.
Many cyber criminals use fake WHOIS information, but criminals often recycle fake information due to the high volume of domain names they operate. Such reuse provides helpful investigative leads.
Sometimes, but not usually, cybercriminals use a proxy service to hide their identities. When you register a domain name, usually the domain-name registrar will offer the opportunity to hide your identity by using the registrar’s contact information instead of yours in the WHOIS database. Registrars such as GoDaddy sell this proxy service as an add-on. (A cynic would say it kept WHOIS information available so it can keep selling its proxy service.)
Most cyber criminals don’t use proxy services and, even when they do, there often are gaps in proxy-service coverage in the history of the domain name that provide helpful information.
Spam may slightly decrease. Aside from increased privacy, GDPR supporters claim spam will be reduced because nefarious mass marketers use email addresses harvested from WHOIS to send spam.
ICANN found open WHOIS records produce some spam traffic, but a strong majority of spam results from other sources of email addresses. Unless you use an email address only to register a domain name and for no other purpose, you will get lots of spam because of those other uses.
Large-volume spam is a fact of life if you use email. People have adapted. Spam filters are ubiquitous. People are becoming savvy at spotting it.
Trademark infringements will be harder to nip in the bud. Trademark professionals use WHOIS records to protect their client’s trademarks – their business, product, and service names. For example, my law firm uses this information to send a warning email to anyone who registers a domain name confusingly similar to one of our client’s trademarks.
When someone starts a new business, one of the first things that person usually will do is register a domain name for a prospective website. If you send a warning email to that person immediately after they register a problematic domain name, you often can stop early prospective usage of a problematic trademark. Because of WHOIS redaction, it will be harder and sometimes impossible to send such early warnings.
What should you do in the wake of this WHOIS redaction?
• Increase your vigilance for pfishing and malware attacks launched from domain names that mimic the domain name of your business.
• If you police your trademarks against infringement by others, you’ll need a strategy for trying to punch through this WHOIS blinding so you can contact people who register problematic domain names.
• Unless you don’t want the public to know your identity, register your domain names through a registrar that publishes complete WHOIS information, such as GoDaddy. That will create some chance you’ll be contacted early if your domain name represents a trademark or other problem.
Written on June 20, 2018
by John B. Farmer
© 2018 Leading-Edge Law Group, PLC. All rights reserved.