Re: Is WHOIS going to go away?

[DaKnOb <daknob.mac () gmail com>]

Currently .eu and .gr domains do not have any whois records. .eu makes them available online, but .gr is under a much 
stricter privacy law in Greece, and makes no whois records available to anyone. 

This has been so for years, and I can tell you of a few things / observations about this, since I’ve had many domains 
with both TLDs.

First of all, anything that looks up for an e-mail in the whois records, just doesn’t work. That means that if you want 
a certificate for this domain, and you follow the traditional, manual, way, you either need a mail serve running there 
so hostmaster / postmaster / webmaster work, or the only way then is to add files. And that if you have something 
running on the base domain and you don’t just use this for subdomains.

Second, you never get any spam. If they can’t find your e-mail address, they can’t send you spam.

Third, it blocks legitimate uses of whois by people who need to know the identity of domain operators, such as abuse 
tracking projects, scam / phish projects, law enforcement, etc.

Finally, there are two ways to contact a domain owner. The first one is to look for a contact page in the website, if 
there is one. The second is to contact their registrar (the details of the domain registrar are available in the 
whois), and have them reach out to the owner on your behalf.

In my opinion, not all the information in the whois records should be there, from an individual point of view, but the 
all or nothing situation right now isn’t great. If I had to choose however, I would choose the no whois for now, over 
the other, more leaky one.

I personally believe a lot of people would agree, given the fact that there’s an entire market, and a plethora of 
domains using Whois Guard or in general whois masking tools, for free, or for a fee.

As far as abuse tracking goes, having whois available can help correlate websites, but only if the domain registrar 
allows only verified data to be added, whois masking is not used, or malicious actors only use the same data over and 
over. That last part may happen because the registrar does some verification, so it limits their choice of domain 
registrars.

P.S.: About the first thing, some CAs may e-mail the domain registrar’s e-mail (which is usually admin / support / IT) 
for domain verification, which I’m not sure if fine.. :-)



> On 14 Apr 2018, at 17:30, Rubens Kuhl <rubensk () gmail com> wrote:
>
> On Sat, Apr 14, 2018 at 11:21 AM, Filip Hruska <fhr () fhrnet eu> wrote:
>
> > EURID (.eu) WHOIS already works on a basis that no information about the
> > registrant is available via standard WHOIS.
> > In order to get any useful information you have to go to
> > https://whois.eurid.eu and make a request there.
> >
> > Seems like a reasonable solution.
>
>
> GDPR and other privacy regimes apply to both port-43 and WebWHOIS.
>
> Rubens