The introduction of GDPR (yes, it’s GDPR) in 2018 was not without some controversy. They tightened many rules regarding the processing of personal data and also influenced the Internet domain registration system managed by ICANN. Recent research shows that the public availability of WHOIS data has a huge impact on the amount of spam messages received. What does this mean for domain owners?
WHOIS data is publicly available information about the owner of an Internet domain. They may contain, among others: name and surname, e-mail address, telephone number. Previously, this data was freely available, but GDPR forced ICANN to introduce the so-called temporary specification limiting the scope of published information. Despite this, the debate on the impact of GDPR on security and privacy continues. And I assume that after the results of these studies are published, it will be talked about again.
What does the research reveal?
A “field” experiment conducted by independent researcher Tobias Sattler provides the first comprehensive empirical data. The study included the registration of 66 domains, half of which had publicly available WHOIS data and the other half were secured in accordance with GDPR. The results are clear: for domains with public WHOIS data, the average number of messages received was 19.7 per domain, including 12.76 that met the criteria for marking as SPAM, while for domains with hidden data, the average number of messages was only 4.2, of which only 0.12 is SPAM. Application? Public availability of contact details increases the risk of receiving SPAM by up to 100 times!
What factors matter?
Domain extensions are of great importance here, because .com domains received the most SPAM (over 92% of messages in the experimental group). In turn, .shop domains did not record any. Domain registrars also matter – some have successfully restricted SPAM on their domains, suggesting that their practices may be influencing the exposure of email addresses to spammers. The type of data publication is also important – domains where only basic data was disclosed attracted less SPAM than those where full contact information was disclosed.
Publishing WHOIS data is a big risk. It’s not just about SPAM, but also about cyberattacks in general. Many domain registration companies offer services of hiding data in the database. By the way, it is worth approaching the issue of your own security on the Internet sensibly, ensuring good filtering of messages in your inbox and on the last line of protection, and making sure you do not click on anything you come across. And so the weakest link in security is always a person.
Read also: Uber with a fine of EUR 400,000. “For GDPR” there would be much more
Data protection in the WHOIS database means a significant reduction in spam, greater privacy and security, and a reduction in the risk of data misuse. However, there is the other side of the coin. Limited transparency in this area may make it difficult to identify domain owners in the event of abuse.
Research clearly shows that hiding WHOIS data is an effective way to reduce spam. In light of the growing number of online threats, the decision to hide data may be crucial for protecting privacy and security. This didn’t really surprise me – where there is data, there will be abuse. SPAM, on the other hand, is one of the oldest and still thriving ones.
Source: antyweb.pl
