GoDaddy Will Start Masking Our WhoIs Info Jan 25th

[Ategy]

I just got the following email quoted below

For standard domain owners this is probably good ... but for domainers who want to be found via whois this is might be something we might want to be opt out of.

I'm thinking the real question is what will the searches actually see?

@Paul Nicks .. could you fill us in on the specific details of the change. Like what the searches will actually see, and some examples of "authorised" bulk searches.

Thanks

WHOIS masking starts January 25.

This service will block some of your contact details through automated access points.

We're always looking for ways to protect your information online. To help slow the flood of spam that can occur when you register a domain without privacy services, WHOIS masking of certain personal data will be turned on for all domains on January 25.

This service will limit a potential spammer's ability to access your first name, last name, email and phone number through automated means (also known as Port 43 access). We'll continue to publish full WHOIS details to users of our CAPTCHA-protected, web-based WHOIS system, as required.

Here's how to opt out:

If you still want your information to be available via automated sources of public WHOIS data, you can opt out anytime using one of these options:


• Call us at 866-938-1119.

• Send your request to [email protected]. We may ask for additional information for verification purposes.

Domain Privacy still matters.

While we hope this service will help cut down on spam calls and emails, because registration information is still made available publicly, Domain Privacy is still the best way to maintain anonymity online. WHOIS masking will only restrict spammers through automated bulk access sources.

To learn more, check out this help article:
https://ca.godaddy.com/help/masking...hared-via-whois-automated-access-points-27421

 

[Michael M]

I had recently posted this as well under News.... Maybe these threads should be merged?

https://www.namepros.com/threads/godaddy-whois-masking-starts-january-25.1059679/

From what I understand basically the general bot public, which would include domain whois archives, the information would be omitted or masked. I am not sure if they have deals with certain groups that would exempt them or not.

Of course one can still go to Godaddy's WhoIs web interface to receive full details. This is how most anyone looking at your domain will find you, so personally I don't believe I will opt out. (though if they whois through other registries, unless they are exempt, your information will be masked. Though in this situation there is a link provided that redirects to godaddy for full details)

 

[Brandworthy]

They've been gradually restricting access to bots for a number of months now. Most tools, DomainTools included, now has great difficulty getting data from automated WHOIS lookups.

TBH people who know how to get WHOIS already will probably figure things out fine even with this "masking". Reducing the amount of domain-related spam is probably a good thing for ethical domainers.

 

[Michael M]

They've been gradually restricting access to bots for a number of months now. Most tools, DomainTools included, now has great difficulty getting data from automated WHOIS lookups.

TBH people who know how to get WHOIS already will probably figure things out fine even with this "masking". Reducing the amount of domain-related spam is probably a good thing for ethical domainers.

Actually, most, if not all of the workarounds will no longer work with all that information masked.

Previously GoDaddy would block full details once it decided you were a bot, but still provide some details like name and organization. This could be cross referenced and the email and phone blanks could be filled in.

Or you could use many different IPs to avoid detection.

Neither of these methods will work anymore for the whois archives unless they are given some sort of exemption - which I don't think godaddy is going to do - if they are serious about really hiding the personal info.

Only real way to get the information - if they are as serious as they say in the email - will be to have a program crawl their site and solve the captcha.

 

[anantj]

For standard domain owners this is probably good ... but for domainers who want to be found via whois this is might be something we might want to be opt out of.

I think this is actually good for domainers. Whois is still available and accessible. Serious end-user buyers can access the whois via the web interface and reach out to domain owners. Spammers and data harvesters who use scripts/bots and other automated means will not be able to get it. Yes, they can still obtain the data manually but it is not going to be trivial, especially given the size of GD's domain pool.

It gives some amount of privacy without requiring whois privacy. The latter is still needed for those who want to completely hide their ownership for a domain.

 

[MapleDots]

Just add your domains as an alias in cpanel and toss up an index file. Set your name servers to your host and now all domains go to your website. Clients (prospective buyers) will now see what YOU want them to.

The address bar will show the website the client types in and if you add a simple google analytics code to your index file (homepage) you will see how many clicks on each domain as the referrer.

The system works fantastic and I never worry about whois or who sees what. You see what I want you to see including my contact number and email.

As a legitimate domaining business I need people at my webpage every single time one of my domains gets viewed. I base my selling price on how many times each domain is punched into the address bar per year.

Basically I show whois and never pay for privacy but even .ca domains in Canada now hide a good portion of whois by default. There is no fighting that, it will happen across the board as privacy becomes more important.

Everyone already has the best tools available, it's called your website. Does not matter what whois says if you have the information available via the address bar/website.

 

[Ategy]

Just add your domains as an alias in cpanel and toss up an index file. Set your name servers to your host and now all domains go to your website. Clients (prospective buyers) will now see what YOU want them to.
...

Am I the only one who looks at whois more than actual websites? Bad domainer habit I'm thinking? lol

 

[MapleDots]

I look at whois and the website. I like to see if there is a live site, if not then I go to whois. No use going to whois if there is a live site because the domain is in use and that would be a waste of time.

As domainers we use both but in most cases end users will punch the domain in the address bar first. If it is not used they try to register it and then they might get a surprise because it may say taken. They don't always realize that a domain can be taken and not have a webpage.

I try to think like an end user first and a domainer second. That has served me well.

 

[Michael M]

Putting a little more thought into it - you'd imagine Godaddy may possibly make some exemptions, otherwise there could be some major issues that arise. Such as - how will a marketplace verify ownership on an automated basis? Afternic, of course, wouldn't be affected - but what about Sedo and others?

If they do decide to make some exemptions on the masking, would they also exempt the big whois archive services? If they did exempt them - would that go against the purpose of GD's goal?

 

[Ategy]

@Michael M .. If you go to the help page, it does mention there will still be "authorised" access.
https://ca.godaddy.com/help/masking...hared-via-whois-automated-access-points-27421

I suppose those are the types of exceptions? But that's why I tagged Paul Nicks above .. just to get an idea of more of the specifics.

Obviously .. at the end of the day .. needing to go directly to GoDaddy for WhoIs also gets more eyes on GoDaddy ads and product offers. As well as gives them a better chance of getting a commission if you have your domains listed with them. So there definitely will be increased revenues for them .. although to be fair .. DEPENDING ON THE SPECIFICS .. I don't think that's the main reason.

I think there has been a rise in phishing emails from people claiming to be GoDaddy .. it really hurts their reputation more than anything else .. as well as clogs up customer service time (costing them a lot of money) .. I suspect that might be the primary motivation.

 

[carob]

Am I the only one who looks at whois more than actual websites? Bad domainer habit I'm thinking? lol

I don't have time to type in a bunch of addresses, I check whois in a terminal

https://www.reddit.com/r/commandline/comments/6taq3k/why_is_whois_showing_no_registrant_information/

Seems now GD are making that more difficult though, this command now returns limited info:
whois -h whois.godaddy.com "godaddy.com"

 

[Michael M]

I think the "people claiming to be Godaddy" is one of the main driving factors - of course the other benefits GD will receive I am sure are appreciated by them.

Excerpt from DNW:

GoDaddy files lawsuit to take down Whois spammers

GoDaddy has filed a lawsuit (pdf) in an effort to take down one of the groups that it alleges is spamming offers to domain name owners and pretending to be affiliated with the registrar.

 

[anantj]

Am I the only one who looks at whois more than actual websites? Bad domainer habit I'm thinking? lol

Nope you're not alone. 95% of the times, I look up whois before I even visit the domain/website

 

[anantj]

Putting a little more thought into it - you'd imagine Godaddy may possibly make some exemptions, otherwise there could be some major issues that arise. Such as - how will a marketplace verify ownership on an automated basis? Afternic, of course, wouldn't be affected - but what about Sedo and others?

If they do decide to make some exemptions on the masking, would they also exempt the big whois archive services? If they did exempt them - would that go against the purpose of GD's goal?

Txt records would help here.

 

[anantj]

I don't have time to type in a bunch of addresses, I check whois in a terminal

https://www.reddit.com/r/commandline/comments/6taq3k/why_is_whois_showing_no_registrant_information/

Seems now GD are making that more difficult though, this command now returns limited info:
whois -h whois.godaddy.com "godaddy.com"

I do the same and absolutely hate this behavior of GD... To add, it is further complicated by the fact that the captcha never shows up for me on Firefox which is my primary browser.

 

[Michael M]

Txt records would help here.

That or email validation...

(edit - wait.. email validation wouldn't work since they can't see the owner's email.)

But when it comes to txt records, that is not always an option when you aren't using nameservers you are in control of. (such as using a landing page service) Of course you can always setup forwards, or manual A records to the service's IP - but that can be a pain the butt - especially if the service changes their IP or url structure.

Am I the only one who looks at whois more than actual websites? Bad domainer habit I'm thinking? lol

Nope you're not alone. 95% of the times, I look up whois before I even visit the domain/website

I think it is mainly just a domainer habit, and one that I do personally.

End users probably wouldn't notice this change for the most part.

 

[anantj]

But when it comes to txt records, that is not always an option when you aren't using nameservers you are in control of. (such as using a landing page service) Of course you can always setup forwards, or manual A records to the service's IP - but that can be a pain the butt - especially if the service changes their IP or url structure.

Yes it is a pain but it is a one time verification which is livable with. It is also extremely ironic that Afternic has so many issues with domain ownership verification. Previously verified domains go into review without any change of the domain settings (specifically whois) or they allow "superusers" to list domains without even verifying ownership.

I think it is mainly just a domainer habit, and one that I do personally.

End users probably wouldn't notice this change for the most part.

Agree on this point - I alluded to the same point in my first comment - end users will likely not see a major change

 

[Asfas1000]

People should be able to opt out of this.

 

[carob]

People should be able to opt out of this.

You can:

Here's how to opt out:
If you still want your information to be available via automated sources of public WHOIS data, you can opt out anytime using one of these options:

• Call us at 866-938-1119.

• Send your request to [email protected]. We may ask for additional information for verification purposes.

 

[anantj]

People should be able to opt out of this.

Why do you want to opt out of this? What is the harm that you forsee?

 

[Brandworthy]

They are also providing access on request to the data, so in the case of marketplaces like SEDO I expect they wont have problems with running automated ownership checks.

 

[Asfas1000]

Why do you want to opt out of this? What is the harm that you forsee?

So that buyers can find my WHOIS info. I could use a WHOIS privacy service if I needed this.

It also appears that this is against ICANN rules according to OnlineDomain.com :
https://onlinedomain.com/2018/01/12...iolates-icann-whois-rules-now-makes-official/

 

[Arca]

Maybe a stupid question, but if they block access to domain owners email through automated means, how will registrars send email confirmation to us when we transfer out from GoDaddy? I've often had trouble with transferring domains out of obscure dropcatching registrars where WHOIS was incomplete/missing/broken and could therefore not be obtain by the receiving registrar (so it appears that transfer emails are based on public WHOIS only).

Or is there a registrar to registrar connection/port where registrars can pull such info from for transfer purposes? Based on transfers that have been stuck for months on end in the past, where I had to wait for the registrar to sort out the public WHOIS, I haven't seen anything indicating that there is such a thing. Though I'm not familiar with the technicalities of this part of the domain transfer system, so perhaps somebody more knowledgeable about it can chime in.

I do the same and absolutely hate this behavior of GD... To add, it is further complicated by the fact that the captcha never shows up for me on Firefox which is my primary browser.

Also having a lot of trouble with their captcha. Would be great if they used another captcha service. Recaptcah seems to hate my browser or IP or something, because even if I click on the streetsigns and storefronts and car for 15 minutes I can't access GD WHOIS.

 

[anantj]

So that buyers can find my WHOIS info. I could use a WHOIS privacy service if I needed this.

Buyers can still find your whois. Your whois is not being hidden (privacy) or blocked. Automated whois information collection is being blocked

 

[anantj]

Maybe a stupid question, but if they block access to domain owners email through automated means, how will registrars send email confirmation to us when we transfer out from GoDaddy? I've often had trouble with transferring domains out of obscure dropcatching registrars where WHOIS was incomplete/missing/broken and could therefore not be obtain by the receiving registrar (so it appears that transfer emails are based on public WHOIS only).

Or is there a registrar to registrar connection/port where registrars can pull such info from for transfer purposes? Based on transfers that have been stuck for months on end in the past, where I had to wait for the registrar to sort out the public WHOIS, I haven't seen anything indicating that there is such a thing. Though I'm not familiar with the technicalities of this part of the domain transfer system, so perhaps somebody more knowledgeable about it can chime in.

The latter is the case. This was confirmed by @Joe Styler on another thread (I'll try to search for it and link to it from here)