Is This How DomainTools.com Legally Sells WhoIs Data?

For quite a while I’ve been interested in how DomainTools.com has been able to sell historical whois data and also their Registrant Search domain reports.

There is an another thread here that has recently picked up again on the issue for some background:

Here is how I think they can do it legally.

A person can buy access to a registrar’s whois database for no more than a $10,000 annual fee. (the terms are quoted below along with a link to ICANN’s site)

A couple of the restrictions (quoted below) are that you can’t mass query a registrar’s database using automated methods and you can’t redistribute, repackage or sell the data under certain circumstances…more on this later

Now for the how they can do it part (my theory anyway)

  1. Domain Tools is the largest and most frequently used whois service. So they have tons of people on a daily basis querying whois records for domains. When someone performs a search on their site, they grab the data from the registrar and make a copy of it for them selves.

This way they organically created their own massive whois database through legitimate non automated means completely within the guidelines of ICANN and they also are able to collect the historical whois data as well since new queries are made on the same domains all the time.

Of course I still find it hard to believe they don’t perform mass auto queries to registrar’s whois db but they could point to the fact they get tons of queries organically to shield themselves from this.

  1. According to ICANN:

3.3.6.5 Registrar’s access agreement must require the third party to agree not to sell or redistribute the data except insofar as it has been incorporated by the third party into a value-added product or service that does not permit the extraction of a substantial portion of the bulk data from the value-added product or service for use by other parties.

Pay special attention to the bolded part. What I get from this is that you can’t sell the data if you are selling a BULK portion of a registrar’s data but if you offer a 3rd party tool that only offers some of a registrar’s whois data you appear to be fine.

Sine Domain Tools sells reports on a domain by domain basis they are ok.

What it boils down to is that they are exploiting loopholes in ICANN’s rules to offer some of their services and it appears completely legal…technically.

Here are the details straight from ICANN:

3.3.6 In addition, Registrar shall provide third-party bulk access to the data subject to public access under Subsection 3.3.1 under the following terms and conditions:

3.3.6.1 Registrar shall make a complete electronic copy of the data available at least one (1) time per week for download by third parties who have entered into a bulk access agreement with Registrar.

3.3.6.2 Registrar may charge an annual fee, not to exceed US$10,000, for such bulk access to the data.

3.3.6.3 Registrar's access agreement shall require the third party to agree not to use the data to allow, enable, or otherwise support any marketing activities, regardless of the medium used. Such media include but are not limited to e-mail, telephone, facsimile, postal mail, SMS, and wireless alerts.

3.3.6.4 Registrar's access agreement shall require the third party to agree not to use the data to enable high-volume, automated, electronic processes that send queries or data to the systems of any Registry Operator or ICANN-Accredited registrar, except as reasonably necessary to register domain names or modify existing registrations.

3.3.6.5 Registrar's access agreement must require the third party to agree not to sell or redistribute the data except insofar as it has been incorporated by the third party into a value-added product or service that does not permit the extraction of a substantial portion of the bulk data from the value-added product or service for use by other parties.

http://www.icann.org/en/registrars/ra-agreement-21may09-en.htm

I think it is funny, that ICANN would enforce their rules against domain owners, but companies like Godaddy, that clearly violate ICANN rules are ignored.

These rules are ~ the same on all existing domain name registrars. So I do not think that domain name registrar changing will help.

AdmiralJ, exactly what I mentioned before, which is why I’m firmly against WHOIS privacy, most people don’t know the risks involved. :slight_smile:

The WHOIS information of the domain name is apparently legally who owns it so when one uses private registration, they technically don’t own their domain name.

Source: http://en.wikipedia.org/wiki/Domain_privacy#Litigation

If a person doesn’t trust their registrar, they should transfer. If they own a potentially very valuable domain name, they should setup a DBA through LegalZoom.com, get a P.O. Box, and just list that. That’s safer than using Private Registration, I think.

Sure, with a reputable registrar it should be fine. But I personally know people who went with Network Solutions, GoDaddy and others where their domains were “lifted” when it came to renewal (when they wanted to move away) and as the WHOIS privacy was in the registrars name they omitted any knowledge of the individual owning the domain at any point and basically booted them keeping the domain for themselves (selling ads on the space). :slight_smile:

Invalid WHOIS information can lead to your domain being taken away.

Do you have any references for this? Whois privacy with a reputable domain registrar should not lead to your domain being held hostage.

Such web sites must be suspended by web hosts :wink:

Recently I have seen tons of domains with suspended page because of wrong WhoIs info. ICANN is getting strict.

As domain name owner you MUST post correct information about yourself. :mad:

You do realise putting false information in that way is the web equivalent of criminal right? If caught you’ll have the domain taken with no refund or appeal.

I think that would be honest to request each domain name owner to identify them for sure instead of selling data for everyone.

You do realise putting false information in that way is the web equivalent of criminal right? If caught you’ll have the domain taken with no refund or appeal. :slight_smile:

Or it could be because the information is in the public domain, if it exists on a public medium to which anyone can have access and it’s un-copywritable (which that wouldn’t be), there’s no justification why the information cannot be used for commercial gain, even though most people would probably find it a bit underhanded. :slight_smile:

For quite a while I’ve been interested in how DomainTools.com has been able to sell historical whois data and also their Registrant Search domain reports.

This is paid information.

But if you want to protect your own domain name you need to buy domain name whois protection from your domain name registrar.

Whois guart protection is used against spam bots and other stuff. I have never heard that guarantee 100% privacy protection.
What if you host web site about terrorism there? In this case you must be found and discovered.
But in any way that is surprise for me as well why domaintools sells access. Not sure if they have those rights.

WHOIS Privacy is a crock anyway, the second you give your registrar permission to use their details instead of your’s you technically loose all lease rights to the domain. I know of plenty of cases where registrars have refused to allow clients to transfer their domains away to another provider and upon complaining to ICANN are responded to (from the dispute policy) that as the registrars name is in the WHOIS record (as registrant), they legally have all rights to it. It’s like signing the deeds to your house away to someone else in order to make the spammers think your mailing address is elsewhere… crazy if you ask me. :slight_smile:

I think any of us can write email to them and ask if they are allowed to do so. I’m guessing you are not the first person with this question.

Or input another set of valid contact data, albeit not all folks can afford their
own PO box or so.

thats why sometimes its just better to put incorrect info under the registrar. that’s the best way to protect yourself.

And possibly lose your domain name for violating your registrar’s agreement on
putting valid and complete contact information, albeit one can do that if they
can afford losing it.