Home / Blogs

ICANN: WHOIS Back to Rathole #0

ICANN’s GNSO council had WHOIS on its agenda for today. The options on the table: (1) Accepting the outcome of years of policy development processes; (2) rejecting that outcome (again?), but calling for some kind of fact-gathering to feed into future policy work, in order to keep the space occupied; (3) acknowledging that there is broad dissent in the Internet community, and calling for a sunset on the WHOIS clauses in current agreements, as these clauses are not backed by community consensus any more.

Not very surprisingly, motions (1) and (3) failed; (2) was accepted; all that after lengthy discussion, with lots of procedural bells and whistles.

In practical terms, this means that the ICANN community’s attempt to come to consensus about WHOIS is over for now. It is pretty clear that there is indeed no WHOIS policy that that community can agree on without a change to the political environment that it is operating in; it is also clear that this is not due to a lack of factual knowledge or background research, but because of deeply divergent views on the issues. Maybe taking time out would help. Nevertheless, the GNSO (and ICANN as a whole) also suffers horror vacui: ICANN is, after all, the organization tasked with coming to consensus about these kinds of issues, and ICANN giving up means a big opening for others to step in.

Therefore, ICANN is now trying the “fact finding” excuse: We’ll hear that ICANN recognizes the importance of WHOIS policy making and the challenges ahead in this area, and hopes that new models in policy making (which look a bit like a return to very old models for policy making) and more gathering of factual information will help future policy development to yield results where none could be found before.

ICANN staff will be charged with the unenviable task of engaging on this fact-finding mission, again; similar missions happened ca 2001/2002 (anybody remember the WHOIS study?) and 2003/2004 (fond memories of using the ombudsman to get a meeting with staff). Staff will produce a report (I’d guess with some delay), which will then lead to terms of reference which will look a bit like the ones we wrote in summer 2003. The process will then restart. I don’t envy those who will be part of this particular round. I’m glad I’m out of this particular rathole.

For some more commentary and links, see Wendy Seltzer’s take in Deja Vu Day.

By Thomas Roessler, Mathematician

Filed Under


Suresh Ramasubramanian  –  Nov 1, 2007 4:09 AM

So whois remains in status quo?  Full whois, with the addition of weird and wonderful fakery, domain cloaking etc?

Well, better the mess you know than the mess you dont.

It is a state of affairs that neither the privacy tinfoil hatters (including the rabid ones like Milton) nor the enforcement or bust IP lawyers will like.

And that, I guess, is a very good outcome indeed.

To anybody who confidently expect results from this or any other icann meeting ..

1. There is no consensus and that is obvious

2. No consensus means you wont get a sunset clause coming in. All you will get is just what you got, a call for “further study” and pushing the issue way onto the back burner, with status quo maintained.

Color me completely unsurprised, and not very disappointed at all.

Larry Seltzer  –  Nov 4, 2007 2:05 PM

One outcome I expect from this is that private, unsanctioned privacy schemes will grow even faster. The biggest registrars all offer them; I bet before too long we start seeing price competition on them. My own registrar (pairnic) will only hide your e-mail address, but that’s most of what I want, to make it a little harder for me to get spammed.

Suresh, is this the mess you know or something else?

Suresh Ramasubramanian  –  Nov 4, 2007 2:12 PM

Larry Seltzer said:

Suresh, is this the mess you know or something else?

A very well known mess indeed. Some registrars are a favorite with spammers and also offer anonymous whois.

The media’s latched onto this - but not much I can find about this from a spam or security viewpoint other than this one:


Larry Seltzer  –  Nov 4, 2007 2:48 PM

The spam standpoint is that if my e-mail address is in whois someone’s going to harvest it and spam me. Consider what Network Solutions does instead; use a long complicated forwarding address and change it periodically so that it can’t have any life span in a spam database.  Why can’t this be allowed as part of the ICANN rules, even required?

Suresh Ramasubramanian  –  Nov 4, 2007 2:50 PM

If not from whois it will get harvested from somewhere else. There’s various opinions on how best to secure public posting addresses - expiring mail, web contact forms with captcha etc .. none of them are foolproof.

And none of them do much against the problem of active fakery of whois data for malicious / spam domains.

Comment Title:

  Notify me of follow-up comments

We encourage you to post comments and engage in discussions that advance this post through relevant opinion, anecdotes, links and data. If you see a comment that you believe is irrelevant or inappropriate, you can report it using the link at the end of each comment. Views expressed in the comments do not represent those of CircleID. For more information on our comment policy, see Codes of Conduct.

CircleID Newsletter The Weekly Wrap

More and more professionals are choosing to publish critical posts on CircleID from all corners of the Internet industry. If you find it hard to keep up daily, consider subscribing to our weekly digest. We will provide you a convenient summary report once a week sent directly to your inbox. It's a quick and easy read.

I make a point of reading CircleID. There is no getting around the utility of knowing what thoughtful people are thinking and saying about our industry.

Co-designer of the TCP/IP Protocols & the Architecture of the Internet



Brand Protection

Sponsored byCSC


Sponsored byVerisign

Domain Names

Sponsored byVerisign

IPv4 Markets

Sponsored byIPv4.Global

Threat Intelligence

Sponsored byWhoisXML API


Sponsored byDNIB.com

New TLDs

Sponsored byRadix