Proving Ownership After GDPR

23

GDPR has been in force for over a month, and it is creating some complications for domain investors. This afternoon, a friend emailed me to get some advice. His company is close to selling one of its domain names, but the buyer wants to confirm that the company owns the domain name. Because of GDPR, the Whois record shows “Data Protected” as the registrant. It’s challenging to prove ownership when the Whois information does not reflect this.

I made two suggestions to my friend, assuming that the buyer had contacted his company via the contact link on the landing page and the fact that he replied was not sufficient to the prospect. Here’s what I would do if I needed to prove ownership of a domain name:

1) Take a screenshot of the domain name in my registrar control panel. Take a second screenshot of the actual page where I can modify settings for the domain name.

2) Forward the domain name to a destination of the prospect’s choice temporarily (ie for a few minutes or hours).

I would also explain to the prospective buyer that I would sign a purchase agreement stating that my company is the registrant of the domain name and has the rights to sell the domain name. If necessary, and if the deal would be enough to justify additional costs, I might also reach out to a domain industry attorney to verify that my company owns the domain name.

GDPR is a pain in the you know what. Fortunately, there are still some registrars that show registrant information even with GDPR in force. People might consider this when deciding where to register their domain names if they aren’t based in Europe.

If you have other suggestions on how to prove that you’re the registrant of a domain name, I invite you to share them here. I am sure it could be helpful to other readers.

23 COMMENTS

  1. You just need to choose a Registrar which disclose Whois data, there are many around.
    Those Registrars give you the option to show Whois data, specifically asking for your permission to opt out from GDRP regulation.
    IMHO this is something that all serious Registrars should do.

    • If you need to prove ownership, move your domain to a Registrar which allows you to opt-out from GDPR and from 60-days lock, so that you can transfer it out immediately to the buyer.

    • I figure enom/tucows is using “data protected” so people CAN NOT easily transfer out. (I know there is a new transfer process that supposedly is more efficient. LOL)

      And, they truly shot themselves in the foot with their new pricing structure. It is amazing that enom is now more expensive to renew a domain than network solutions (special pricing).

    • Since May 25 you don’t need Whois data to transfer out.
      There is a new way which bypass sending the auth form.
      When ICANN’s new policies became effective on May 25, registrars implemented the new method of transferring domains without email validation.

    • Elliot,
      If buyer wants to make sure that the seller (your friend) is the Registrant then your friend can simply move the domain to a Registrar which allows both to disclose Whois and to opt-out of the 60 days lock.
      Usually you can speed up the transfer by manually approving it, so that in minutes you can show the full Whois to the buyer.

  2. Technically, all registrars need to allow you to opt-in to having your data displayed in Whois per the ICANN temp spec. But I don’t think that will happen anytime soon.

  3. I wouldn’t forward to a prospective buyer.

    Assuming that your names are not pointed to a default page (a reasonable assumption as many point to sedo, internet traffic, etc) –
    1. buyer checks whois in its current state (eg, pointed to sedo)
    2. seller then changes name server to default landing page
    3. buyer checks whois in its “new” state (eg, pointed to default landing page)
    4. once buyer confirms change (proving seller’s ownership), seller reverts to “old” state

  4. Lots of very good comments here, with pros and cons to each. I do however think moving your name(s$ to a registrar that discloses Whois info is a great route to take.

  5. Escrow concierge service for me. 2.5% and I don’t have to deal with any of it. Cost of doing business.

    I would never do a deal without it. I pay all fee’s and renew the domain for 5 years for client. Only talking 3% tops.
    Never lost a deal and never will with escrow dealing with transferring the name first.

    Donny M

  6. I’ve been wondering how Flippa.com is handling this. One way they prevent banned users from reentering their site is by looking at the domains whois.

  7. The standard ways are:

    1) upload a file with custom content that can be accessed via domain.com/verify.html (for example.
    2) add a txt record in DNS as mentioned above.
    3) add a custom meta tag to the homepage.

    For large purchase it may also be worth to get a Whois history via domaintools.

    • RE: upload a file with custom content that can be accessed via domain.com/verify.html (for example).

      Ah – an even simpler method than adding a TXT record!
      This is one of the (if not preferred) methods that Google uses to prove ownership.

      I had TX records in front of mind since I now routinely do it for listing on SEDO.

Leave a Reply