Posted in:

The future of WHOIS on WhoAPI

It’s been a while since the main focus in our company was WHOIS. And I’ve finally decided to break the radio silence. The main and only reason for now writing publicly about this earlier is because there just wasn’t a clear indication on how exactly the future of WHOIS landscape is going to look like after May 2018 and after the GDPR takes full effect.

Back in 2016 GDPR went live, and the world had 2 years to prepare. Those 2 years are up in May. This new law is going to make a huge impact on a lot of things. Here’s what I am going to focus in this post:

  1. WHOIS in general
  2. WhoAPI,
  3. You as a WhoAPI user (using only Whois API)

How will WHOIS change?

My personal opinion is that we were long overdue on a law like this. And that is all I will share from a personal standpoint. We had absolutely no vote in this change, but we will absolutely comply with this change. It still remains to be seen how exactly the WHOIS will look like after May 2018, so our software may change by then. Right now, we only have rumors and models of possibility.

Proposed Interim Models for Compliance with ICANN Agreements and Policies in Relation to the European Union’s General Data Protection Regulation

You can see in this PDF this is all about the private data in the WHOIS record. Although something like 20% of domain names have WHOIS privacy, and this number is growing, this is not enough. Too many people and companies use private data to spam and scam people. This is a far minority compared to the positive use cases, but nonetheless. If you are relying on WHOIS to get emails, names and phone numbers of domain name owners, your days are probably numbered.

How will WhoAPI change?

One thing is for sure, the future of WHOIS will change, and that will impact one of our APIs. WhoAPI isn’t just WHOIS. We’ve just revamped our Screenshot API, just last year we launched Domain Score API and this change will have absolutely no impact on our Domain Availability API. Besides, we have other APIs as well. We hope that it is clear to everyone that we are primarily an API company and not a WHOIS company. So what will the change be?

Our Whois API will go through some changes after we see the final model ICANN introduces, and how registrars respond to the growing concerns of the GDPR. GoDaddy made a clear statement to everyone how they will no longer tolerate querying their WHOIS servers. As I’ve already mentioned, if you are looking for emails and phone numbers (which WhoAPI was never about), it may become impossible to get that data in the future. If this data remains available (and I am speculating here) under one of the ICANN models, WhoAPI will impose a stricter application process for access to our WHOIS API.

How will this impact me as WhoAPI user?

If you are using any of our API’s beside Whois API, this will not impact you in absolutely any way. If you are using our Whois API, the impact will vary based on the data you are looking for, and based on the model of WHOIS (how WHOIS will look like) that goes live after May. Again, I am speculating, but, if you are using only information such as: domain registration dates, domain expiration dates, name of registrar, nameservers, there’s a good chance you will still be able to access this data. I base my speculation on the ICANN’s proposed model. And it’s just common sense (this is thin whois, and data isn’t considered private).

If you are using domain owner data that contains information such as: email, name, phone number, address, etc. there’s a good chance you won’t be able to access this data anymore.

It is too early to tell or to make guarantees, but if certain ICANN’s model is enabled, AND you have a legitimate positive use case, there’s a chance you might be able to get this data. And no, offering someone a website development just when they register a domain name is not a positive use case. Some of the positive use cases include cybersecurity, tracking down criminals and fintech.

Conclusion on the “future of WHOIS”

Consider this post an intro to the landscape changes that lie ahead. I will definitely write a follow-up post in the following months.  You can expect this to happen once we make a decision and publish the changes on our Whois API. (May 2018 at the latest).

Written by Goran Duskic

I am the founder and CEO at WhoAPI. Entrepreneur for more than a decade in the hosting and domain industry. Sold my previous company. 500 Startups and StartLabs alumni. Author of a white paper "Domain Disclosure: Dirty Dozen" and eBook "26 Fundraising Questions for Startups".

93 posts