In the wake of GDPR, public whois records are 100% redacted. There is lots of work going on to attempt to provide the data without violating privacy laws, but no one is there yet.
This came up because today I got email from Tucows asking me to verify and, if necessary, update my whois data. Now, Tucows is the registrar, so they know all of the data. But they sent me this
Gee, thanks. That’s so helpful.
I’ve talked before about reasons not to hide commercial domains behind whois proxies. Al found another one: if you use a proxies you cannot list your domains with abuse.net. Al has a good write up of whois, and why this is important. So go there and read it.
Read MoreI’ve talked about using privacy protection on domains in the past (here, here, here, here, and here). Short version (if you don’t want to check all the old links) is that privacy protection for commercial domains is bad, that’s what spammers do and legitimate email marketers should not hide domains behind privacy protection services. I still believe all of these things.
What I’ve never really addressed is that I think privacy protection services are appropriate in some cases and are a reasonable protective measure for individuals. Over on Spamresource, Al wrote up a great post today about whois privacy protection.
Sometimes people do need anonymity and privacy online. Trusting a registrar’s privacy protection service is probably not your best bet for that. Like Al, we’ve stood in as a “privacy service” for friends and colleagues. It was our name on the domain registrations, and we could contact the appropriate people as needed. They trusted us to forward only the important stuff and we trusted them not to do bad things. This trust doesn’t scale.
Privacy protection services are used by a lot of bad actors to hide their involvement. Companies and commercial entities are tarring their own reputations using privacy protection services.
No real pull quote here, all of Al’s points are too good. So go read the whole thing.
First thing this morning I got an email from a client that they were listed on the UCEProtect Level 3 blacklist. Mid-morning I got a message from a different client telling me the same thing. Both clients shared their bounce messages with me:
Read More