NordVPN Promotion

Home / Blogs

Exploring the Impact of WHOIS Data Redaction on Unsolicited Emails

In the digital age, personal data protection has become paramount, with regulations like the General Data Protection Regulation (GDPR) shaping global practices. One area significantly affected is the public availability of WHOIS data, a critical resource in the domain name system. WHOIS traditionally provided detailed contact information for domain registrants, but privacy measures have redacted much of this data in recent years.

My debut research paper, recently published in IEEE Access, investigates how these changes in WHOIS data accessibility influence unsolicited emails. Titled “WHOIS Data Redaction and its Impact on Unsolicited Emails: A Field Experiment,” the study examines whether reduced access to contact details curbs spam, phishing attempts, and other unwanted communications—or if spammers have adapted their tactics.

Key Findings

Through a controlled field experiment, the study reveals intriguing insights into the correlation between data redaction and the volume and type of unsolicited emails domain owners receive. While the intent of data redaction is clear—to enhance privacy and limit misuse—the actual outcomes are more nuanced than anticipated.

The findings contribute to ongoing discussions in the ICANN community and beyond, offering a data-driven perspective on the trade-offs between privacy and the operational needs of the Internet ecosystem.

Implications for Stakeholders

This research holds value for policymakers, registrars, and other stakeholders navigating the complexities of balancing data privacy with maintaining the functionality and transparency of the domain name system. By understanding how data redaction influences communication channels, we can better evaluate current policies and anticipate future trends.

Invitation for Dialogue

I hope this paper will spark dialogue and inspire further research into the evolving dynamics of Internet governance and domain management.

The full paper is accessible via IEEE Xplore: WHOIS Data Redaction and its Impact on Unsolicited Emails: A Field Experiment

I welcome feedback and collaboration from the CircleID community. Let’s continue exploring the challenges and opportunities in this ever-changing landscape.

NORDVPN DISCOUNT - CircleID x NordVPN
Get NordVPN  [74% +3 extra months, from $2.99/month]
By Tobias Sattler, Executive Advisor

Filed Under

Comments

A couple of follow-up questions for you Tobias Michael D. Palage  –  Dec 10, 2024 4:12 AM

Hello Tobias,

Congratulations on this publication and its contribution to the ongoing factual discussion of this critical topic. After my intial read of your paper a couple of questions jumped out at me, and I was wondering if you could answer them to help inspire future fact-based research in this area.

Question 1: How much did this research cost you out of pocket?  I did not see any indication in your publication about the cost of the domain name impacting your selection process. I think sharing the overall cost of your research would help inform and educate future research in this area.

Question 2: Can you share any research results you gathered in a database or spreadsheet?  Specifically, would it be possible to include the registration date for each domain? It was not clear from my initial read of your paper if you registered all these domain names at the same time or over some time. I apologize if I missed that disclosure, as I have not yet finished my first cup of tea this morning.

Question 3: Based on your experience, I wondered why you only included gTLDs instead of some more popular ccTLDs. 

Keep up the good work and research in this area.

Best regards,

Michael

Tobias Sattler  –  Dec 10, 2024 7:20 AM

Hi Michael,

Thank you for your thoughtful questions and kind words about my research. I am glad you found the study informative, and I am happy to provide some additional insights based on your inquiries.

Regarding the cost of the research:
I do not have an exact figure for the total cost of acquiring the domain names. Still, the expenses were relatively modest, especially given that some registrars offered promotional rates at the time. I estimate the total cost to be well under 500 EUR. While the price of the domains did not significantly influence my selection process, sharing this kind of context could help others plan similar studies, so I appreciate your suggestion.

On the registration timeline:
The domains were registered over two months, specifically in July and August 2022, and the field experiment ran for one year. Although I did not explicitly include the registration dates in the paper, I can understand how this information could be helpful for those looking to replicate or expand on the study. I will keep this in mind for future research.

Regarding the focus on gTLDs instead of ccTLDs:
You raise a valid point about ccTLDs, and they would certainly add an interesting layer to future studies. I focused on gTLDs primarily because the research centered on ICANN policies and their interaction with the GDPR. ICANN has jurisdiction over gTLDs but not ccTLDs. That said, exploring ccTLDs in future research would be worthwhile.

I will also email you about the dataset.

Thank you again for your insightful questions and your interest in the work. I appreciate the thoughtful feedback and look forward to continuing this important conversation in future research.

Best regards,
Tobias

gTLD / ICANN Accredited Registrar focus helpful data to combat fact-resilient hyperbole Jothan Frakes  –  Jan 8, 2025 5:01 PM

Tobias, first off, great report.  Not an unexpected result.  It aligns with a similar study done by the Security and Stability Advisory Committee - that the registration data gets misused.

My comment here is that I was very glad to see this focus on gTLDs.  We are seeing all too frequently where researchers or analysts introduce ccTLDs into reports, mixed in with gTLDs, as if they are all the same.

They are not at all the same. 

You point out correctly that ICANN does not have jurisdiction over ccTLDs.  The rules, policies, qualifications, costs, structures and operations can vary widely in ccTLDs, providing an entirely different set of abilities or contstraints that would be incompatible with the governance, policy or technical function inside of gTLDs.

There are fact-resilient parties in the ICANN community that often will pick ccTLDs with policies that best serve their narrow interests and include them in hyperbole, blurring distinctions of registrar in a way that ignores if that is a “reseller of a ccTLD” being called a registrar as opposed to meaning an “ICANN-Accredited Registrar”. 

Additionally, those parties mix the data on gTLD and ccTLD together, referring only to ‘TLDs”.  All of which gives the accuracy of calligraphy on a dune buggy crossing rugged roads at 80 kilometers per hour.

Your report isolating the specific subject region of gTLDs and ICANN Accredited Registrars helps steady the pen and get a better calibre of helpful data and facts.

Having fact-driven, neutral studies like yours are very helpful.

Tobias Sattler  –  Jan 9, 2025 12:50 AM

Thank you for your feedback, Jothan. I appreciate your acknowledgment of the report's focus on gTLDs, and I agree with your point regarding the distinction between gTLDs and ccTLDs. The differences in governance, policy, and operational structures are significant and should be treated separately in any analysis to ensure accuracy and clarity. Your comments reinforce the importance of maintaining precise and fact-driven approaches in these discussions.

Comment Title:

  Notify me of follow-up comments

We encourage you to post comments and engage in discussions that advance this post through relevant opinion, anecdotes, links and data. If you see a comment that you believe is irrelevant or inappropriate, you can report it using the link at the end of each comment. Views expressed in the comments do not represent those of CircleID. For more information on our comment policy, see Codes of Conduct.

CircleID Newsletter The Weekly Wrap

More and more professionals are choosing to publish critical posts on CircleID from all corners of the Internet industry. If you find it hard to keep up daily, consider subscribing to our weekly digest. We will provide you a convenient summary report once a week sent directly to your inbox. It's a quick and easy read.

Related

Topics

Brand Protection

Sponsored byCSC

Domain Names

Sponsored byVerisign

New TLDs

Sponsored byRadix

Cybersecurity

Sponsored byVerisign

DNS

Sponsored byDNIB.com

Threat Intelligence

Sponsored byWhoisXML API

IPv4 Markets

Sponsored byIPv4.Global

NordVPN Promotion