GoDaddy to Remove Public Whois Information

25

Yesterday morning, I was forwarded an ominous sounding email sent by GoDaddy to an industry colleague. The subject of the email was somewhat innocuous, “On May 18, 2020 we are retiring Privacy for Backorders.” The opening paragraph with details about the changes were concerning to me:

“We’re working on rolling out changes to better ensure your personal data is hidden in the public WHOIS database, for free. As part of that effort, we’re ending support for our Private Domain Backorder add-on product. We expect these changes to be live in early June.”

This sounded like GoDaddy was planning to make significant changes to how the company displays Whois records for domain names registered there, and that would have major implications for domain investors and GoDaddy customers.

I reached out to a representative from GoDaddy to ask about the email in order to get some clarity on what changes are being made to public Whois records. Paul Bindel, VP of Operations at GoDaddy Registrar, shared the following statement with me:

“Due to changing privacy regulations in the U.S. and around the world, GoDaddy is in the process of making some changes to align our offerings similar to what we did in GDPR regions.“

I believe the privacy regulations referenced in the quote are related to the California Consumer Privacy Act (CCPA).

For GoDaddy customers who are located in the “GDPR regions,” GoDaddy currently redacts a great deal of Whois contact information, including the email address, mailing address, and the phone number. Domain registrants with addresses in the United States have not had their Whois information redacted, but that is apparently going to change in early June.

This is going to have massive reverberations for domain investors, especially those who actively buy and sell domain names using Whois information for lead generation. With the anticipated changes, domain investors will no longer be able to search for a domain registrant’s email address on domain names registered at GoDaddy. It will be much more difficult for domain investors and other third parties to email a domain registrant with an offer to buy a domain name. Some of this may be mitigated in part by GoDaddy’s contact form on Whois records, but I am not sure if this is going to change as well. It was also be more difficult to perform due diligence and confirm ownership of a domain name.

Beyond the implications of making it more difficult to contact a registrant to buy or sell a domain name, I think this will also lead to an increase in UDRP filings. Businesses that are unable to use Whois records may be more inclined to file a “blind” UDRP not understanding if a registrant has legitimate rights to a domain name or not. In addition, the UDRP could be used as a means of contacting a registrant to buy a domain name when it becomes much more difficult to do so via Whois records.

I understand US-based domain investors who use GoDaddy will have the opportunity to opt-out of this and show their Whois information. I do not have any details about this at the moment.

When I learn more about the forthcoming changes, I will share an update.

25 COMMENTS

  1. “more inclined to file a “blind” UDRP”

    Does GD still charge a $29 fee to the domain owner when GD has to supply the whois data to the arbitration service. ???

  2. This is an interesting development. It seems Godaddy has a lot of things planned for this year. The new CEO is definitely being deliberate about running the company.

  3. GoDaddy charges $69 plus a 10% fee on top of the sales price for domain buying services. Open whois means they’re cut out because people can deal directly. Of course they can’t let that happen so they started to limit the output data and now won’t show anything. “Whois” as we know it, is getting killed because its design leaves no room for a middle man. Even tech guys that are 30 or younger are often clueless what I mean when I tell them details are in the whois. More money for GoDaddy on the back of domainers.

    Same thing happened to expired domains. 15 years ago ICANN regulations forced every expired domain through the deletion cycle and it had to become available again first come first served at reg fee. That was when ICANN still had some credibility left. Lots of domainers made decent money so of course registrars had to step in and lobby ICANN so they could keep these expired and deleted names and auction them off to whoever pays the most. Once again windfall profits on the back of domainers.

    What’s next?

    • ” registrars had to step in and lobby ICANN so they could keep these expired and deleted names” – please point out any evidence that this happened .
      The reality is registrars realized they could make money keeping the names , so they did , based on the same agreement that had always been in place. The rules always allowed it, the registrars just decided to make money off of it .
      There is not a backdoor deal behind everything

      • “ 3.7.5.3 In the absence of extenuating circumstances (as defined in Section 3.7.5.1 above), a domain name must be deleted within 45 days of either the registrar or the registrant terminating a registration agreement.”

        The ICANN EDDP based on the 2009 implementations.

        And then in contrast the GoDaddy FAQ rightfully stating that deleted and expired domains have to go back to the registry and become available for norm registration first come first served.

        “Auctioned Domain Names
        When a domain name’s registration expires, it goes back to the registry. Before valuable domain names expire and go back to their registry, registrars (like us) will try to sell the domain name through an auction. This gives interested buyers the opportunity to bid for the domain name before it goes back to the registry and is available for normal registration.”

    • I don’t believe there will be Whois privacy (or much of it) at GoDaddy after June. I believe virtually ALL domain name Whois records at GoDaddy will essentially be private by default as a result of this change.

      Not sure if I am misunderstanding you though.

      • I don’t think you are misunderstanding me, Elliot, because you are applying common sense and reasonableness. The problem is that so much of the time the reality is kafkaesque unreasonableness. E.g., common sense would lead one to assume we would now see the familiar “redacted for privacy” or something like that in place of information, such as what we already see at Enom or with Donuts, but in my life experience it would be safe to bet $100 that an exception would still be made for .us regardless and the whois would still be public along with a sprinkling of (easily debunkable) purported justification. I don’t even blame GoDaddy for this yet either – in advance of “the worst” – since this comes from “the top.” And do be sure to read the truth about .us in my comment at DNW.

        Otherwise I hope you’re right, but would like to see it at other registrars too for .us, not just GoDaddy.

  4. >an exception would still be made for .us regardless

    Each ccTLD is free to set their own policies for their domain extension, and AFAICR the dotUS regisry does not allow for privacy/proxy services to be used for their domains.

    Registrars could lose their ability to manage .us domains, and registrants can have their domains cancelled for “hiding” the details

    • Sounds like someone didn’t read my DNW comment. Well thank you for stating what we’ve already known and what the problem is since 2002. Perhaps you’ll also explain why you bothered to do that someday too.

      Now I suppose I’m not out on a shaky limb in surmising in your case that it’s pointless to mention how GoDaddy is going to own the .us registry, since you will doubtless refer to the bright line of separation between GoDaddy and Neustar that is AFAIK the current plan. (I just made up AFAIK on the spot to match your AFAICR, but turns out it’s in use.)

      I can see it now, can’t you? “We really want to have it say “redacted for privacy” for .us domains in order to protect American citizen and business privacy needs, but our subsidiary Neustar won’t let us. There’s nothing we can do and our hands are tied.”

      • PS – And in case you didn’t get the idea, when I said this comes from “the top” I wasn’t referring to any registry.

      • I do believe it’s about far more than that i.e. something the people at “the top” consider far more important, but I don’t want to go into that here right now.

        As far as the NEXUS requirement goes, seems pretty apparent the people at “the top” as well as the registry neither really care; that it’s considered trivial by comparison to what is probably the real reason for so amazingly denying and depriving American citizens and businesses of something the world has done nothing but continually increase recognition of the importance of since 2002; and the importance of which (privacy), as an option, is a no-brainer the size of the US itself; nor does NEXUS really get enforced to begin with, though I’m sure a sprinkling of actions do occur here and there.

        Also a no-brainer the size of the USA itself: there is no legitimate reason to deny the right and option of whois privacy to begin with, and certainly no reason which is meant to serve the interests (and rights) of the American people. Whois information is nothing but data in a database, and virtually anyone who knows anything about IT at all knows there is nothing about data in a database that prevents duly authorized entities like government and law enforcement from accessing data in a database if it is ever the case that any duly authorized entity feels it necessary to do that.

  5. Don’t they charge like $10 for privacy won’t this hurt their revenues, especially from corporate clients who buy this service?

  6. I certainly hope there is an opt out option. At the very least people who want to buy domains from investors can look up the whois of those who opt out but it seems more and more whois is dying a slow death which is not a good thing for anyone except those who want to pay for privacy.

  7. Look on the light side guys. Atleast we won’t be swamped by whois spammers anymore. Buyers will also be forced to do direct type-ins to search and see if the domain is for sale. They can then contact the sellers though sites like dan or afternic.

  8. I don’t think investors should get salty if there’s an option to opt-in to the public display of WHOIS/RDAP data at the per domain level. Note I didn’t say ‘opt-out’? Anyway, for me it’s mostly a benefit as I use privacy on 98% of my names which means I need to transfer out to avoid paying the excessive amount Godaddy charge for it.

  9. None of this really matters, just make sure the domain forwards to a lander with contact info. As a domain investor that is the best way to assure someone can contact you directly. You can still list the domain in several marketplaces but with the lander the odds are the end user will contact you directly and thus cutting out the commission fee.

    In the end if everyone does that godaddy will be more hurt by that with a reduction in marketplace sales.

    PS I Agree with the statement that by hiding contact info godaddy stands to make more money from their buyer service. $60 per inquiry is not chump change.

    • Sure, if you are all set with your portfolio or if you do not buy domain names in private, this is most likely not a big deal as long as your “for sale” landing pages are set up.

      However, this is a bigger deal for investors who are actively buying or trying to buy domain names.

      If you are an investor who wants to buy a domain name registered at GoDaddy, but it is 1) not listed for sale anywhere and 2) does not have an active website or landing page that would offer any information about the owner, it would be more difficult to buy the domain name in private. Perhaps GoDaddy will keep the contact form allowing people to get in touch with a registrant, (https://domaininvesting.com/godaddy-whois-contact-domain-registrant/) but that is unknown to me.

      • I have been used to this for quite while. Most of the .ca registrants are hidden and CIRA has long ago implemented a contact form to domain owners. I have purchased a number of domains that way. If I don’t hear back I assume they are not interested. As long as Godaddy does similar and has a contact form I don’t see this as being a significant problem.

  10. For my latest GD-acquired domain, whois info can only be seen via GD own whois; all other services show only the country/state and keep the rest private (I didn’t buy whois privacy, obviously).

  11. Two thoughts here:

    – Free WHOIS privacy at Anonymize.com — anyone can use it at any registrar. If you use Epik.com, it is integrated right into the registrar UX as a default setting.

    – New worldwide WHOIS repository coming online at WHOQ.com. It is designed to also work for Blockchain domains and Alt domains so that verified owners can be reachable.

    The Godaddy policy looks Draconian designed to keep domain owners from being able to be reachable other than through their anointed marketplaces. Shocking. Fortunately, there are counter-measures.

Leave a Reply