Currently .eu and .gr domains do not have any whois records. .eu makes them 
available online, but .gr is under a much stricter privacy law in Greece, and 
makes no whois records available to anyone. 

This has been so for years, and I can tell you of a few things / observations 
about this, since I’ve had many domains with both TLDs.

First of all, anything that looks up for an e-mail in the whois records, just 
doesn’t work. That means that if you want a certificate for this domain, and 
you follow the traditional, manual, way, you either need a mail serve running 
there so hostmaster / postmaster / webmaster work, or the only way then is to 
add files. And that if you have something running on the base domain and you 
don’t just use this for subdomains.

Second, you never get any spam. If they can’t find your e-mail address, they 
can’t send you spam.

Third, it blocks legitimate uses of whois by people who need to know the 
identity of domain operators, such as abuse tracking projects, scam / phish 
projects, law enforcement, etc.

Finally, there are two ways to contact a domain owner. The first one is to look 
for a contact page in the website, if there is one. The second is to contact 
their registrar (the details of the domain registrar are available in the 
whois), and have them reach out to the owner on your behalf.

In my opinion, not all the information in the whois records should be there, 
from an individual point of view, but the all or nothing situation right now 
isn’t great. If I had to choose however, I would choose the no whois for now, 
over the other, more leaky one.

I personally believe a lot of people would agree, given the fact that there’s 
an entire market, and a plethora of domains using Whois Guard or in general 
whois masking tools, for free, or for a fee.

As far as abuse tracking goes, having whois available can help correlate 
websites, but only if the domain registrar allows only verified data to be 
added, whois masking is not used, or malicious actors only use the same data 
over and over. That last part may happen because the registrar does some 
verification, so it limits their choice of domain registrars.

P.S.: About the first thing, some CAs may e-mail the domain registrar’s e-mail 
(which is usually admin / support / IT) for domain verification, which I’m not 
sure if fine.. :-)



> On 14 Apr 2018, at 17:30, Rubens Kuhl <rube...@gmail.com> wrote:
> 
> On Sat, Apr 14, 2018 at 11:21 AM, Filip Hruska <f...@fhrnet.eu> wrote:
> 
>> EURID (.eu) WHOIS already works on a basis that no information about the
>> registrant is available via standard WHOIS.
>> In order to get any useful information you have to go to
>> https://whois.eurid.eu and make a request there.
>> 
>> Seems like a reasonable solution.
> 
> 
> GDPR and other privacy regimes apply to both port-43 and WebWHOIS.
> 
> Rubens

Reply via email to