Inundated by calls or emails after you have registered a domain? You are not alone – it happens to us too, just after the first few and the wonder of modern phones and mail filters you get a healthy block list and they disappear into the ether.
Have you ever wondered how or why this happens? Well, we have. We have also had a few calls and tickets on this recently – so lets get this out in the open.
First of all – let me assure you that we are not selling on your details.
The details for the Personal UK or non-anonymised other types of top-level domain (TLD) have a requirement to be displayed publically. The mechanism that delivers this is known as WHOIS. You can look these up any time you like either by using a web-based application, or a console tool if your Operating System (OS) supports it.
Sure – this is not news, however, this does not explain why when I register a new domain I get an influx of “website design best” emails and scripted call centre calls.
Digging deeper it becomes apparent that there are big data companies who have access to the root servers.
If you think about DNS as an upside down tree, at the bottom there is a server that handles say the UK domains or the COM or the GIFT, PUB, HOUSE, AIDS, NINJA, GURU and the list goes on forever these days for GTLD’s (Generic Top Level Domains). Each of these will have a list of subdomains. These may be domains, or they may be lesser TLD‘s such as .UK.COM or .ORG.UK for example. These lesser domains will have their own servers, and so this goes down and down until you have a bunch of servers delivering records on where to find your website on kittens.
Access to the Root Servers is a big deal.
It is a big deal because you can see all of the domains. All of them. No guessing, you have a list. Moreover, if you have a list, you can very quickly see when the list grows… as new domains are registered.
This data is then sliced and diced in a number of really rather amazing ways that allow you to see patterns and trends in the way you would expect big data to be able to inform. By Country, age group, gender, and then through trawling beyond that things down as far to versions of web service used, code used, page load times…. you know the kind of thing the internet was MADE FOR fickle ponderings such as “Where is the slowest Apache 2.4 web server, delivering predominantly green web pages, with DNS in the UK, but hosting abroad that was registered on a Wednesday between 2007 and 2009” … big data – concrete starting points, meta, and crawled data to a data scientist is gold – and what they produce is amazing to behold, however as with most things it can be used for good and bad.
Some of the customers of this kind of outfit (this is not a free service as you can imagine) will be using it plan capacity, make decisions, deliver better services, help out their customer base.
Some of the customers are going to use this for speculative cold calling – and this is the kind of scenario. While marketing is a necessary evil (speaking as an engineer) – it bugs us as much as you – and this is the kind of outfit that delivers this kind of data.
While not citing names here, the access they have is hard won, expensive, and they have visibility that – in one case, have data on over 220 million domains on their books. That is a fair wedge of data to delve into to answer your previously unanswerable questions.
What can be done about it. Nothing.
UK Personal registrations and WHOIS Privacy purchasers will be hidden from the prying eyes of WHOIS lookups – however from this – there is no undo, there is no fix this, it is the nature of the beast regretfully.
However – what is most important – while others may do, we are NOT selling your details on registration. Factual.
There the mystery ends.
Should you have any concerns over privacy of your personal data – do not hesitate to contact us, and should you have any questions regarding regulation and requirement – we should also be able to advise too: firstname.lastname@example.org, grab us in live chat, or pick up the phone and give us a call.
* Update 19/4/18, Phil Parry
GDPR is likely to see an end to all information being made publicly available in WHOIS, or certainly Personally Identifiable Information, which may go a long way to preventing this kind of abuse of the public WHOIS system. Many of the major registries including Enom and OpenSRS (the same company these days), and Nominet are likely to introduce a gated WHOIS. That said, most of these calls seem to originate in places that have, shall we say, little regard for the rule of law in other countries or regions, and are set up by organisations that can quickly disappear and re-emerge, phoenix like, and carry on doing the same thing.
I mention this as GDPR also includes clauses about retention of data, and I imagine that the data already harvested by most of these organisations is likely to be retained.
Something I’ve begun doing, which others may wish to consider, is using email aliases and phone numbers where I do register information, so that I still remain connectable, but I can choose by who, and what to do with those emails and calls. Something to think about while the whole privacy war rages on, as I suspect it will for some time to come.