Take these steps to avoid headaches later.
The deadline to comply with the EU’s General Data Protection Regulation (GDPR) is quickly approaching. Domain name registrars are announcing changes and implementing them within the next few weeks. Here’s what you need to do as a domain investor to be prepared.
Transfer your domain names. If you have domain names that you might want to transfer to a new registrar within the next couple of months, do it now. If the personal information in Whois is obscured (as is likely), transferring many domains (including .com) will be hard.
We are likely to see a variety of approaches to handling transfers. The bottom line is that it might be difficult to move your domains between registrars post-GDPR, so do it now.
Add two-factor authentication and lock your domains. A lack of personal data in Whois is likely to increase domain theft and make it challenging to track down stolen domain names. Changes in how some registrars handle domain transfers could also increase the number of domain thefts.
Don’t take any chances. Make sure your security is up-to-date.
Download any Whois data you need. If you use a program like Watch My Domains, now is the time to pull in the latest Whois records about your domain names. This will be very difficult later this month.
Add context to stop an influx of UDRPs. Complainants currently investigate domain name owners before filing UDRPs (cybersquatting complaints). This allows them to determine if the owner might have a legitimate interest in the domain (e.g. a guy named Andrew owns a domain with Andrew in it) and potentially determine why they acquired the domain. This will be difficult without personal information in Whois.
You can do a couple of things to prepare. First, see if your registrar will let you opt-in to having your Whois info displayed. Second, consider changing the content of your parked pages to make sure they reflect a proper use of the domain.
On that note, be sure that people can contact you through your parked page. It will become difficult for them to reach you through your Whois record.
Get a subscription to historical Whois data. While GDPR is going to hurt DomainTools and DomainIQ in the long run, they will actually become more critical to your business for a least the short term.
When you buy a domain name, you’ll want to verify who owns it. If you can’t do that through the live Whois, looking at historical Whois information is going to be creditical.
Josh says
Andrew, started to get emails from Rar’s discussing the coming changes and an option being worked on to allow an “opt in” approach to keeping whois public. While this is fine and dandy for domainer’s who understand the importance of such an opt in, non domainers likely will not which makes buying very risky. I hope the RAR’s notify the advantage to all customers of an opt in. So far Moniker, Internet.bs and ??? have started sending email notifications of opt in, have we missed any others thus far?
Andrew Allemann says
Those are the two I have received.
JZ says
What an unnecessary pain.
Alan Dodd says
Andrew perhaps also taking an inventory close to the date would be a good thing so you have a starting “inventory” and track any there i.e. stock control
Opening stock
Less: deletes
Less: sales
Plus: additions
Closing stock*
= actual inventory
Kate says
In fact, there is no need for whois to transfer domain names. The auth code is enough. I routinely transfer domain names in.be, .fr, .nl and other extensions and it takes one minute.
The authorization E-mails are pointless.
Andrew Allemann says
I’m not sure how those TLDs work, but the issue with ICANN-regulated domains is that the losing registrar can’t deny the transfer even if they don’t get affirmative authorization from the existing registrant. If the losing registrar could send an email to you and didn’t transfer the domain until you clicked a link to verify, it would be fine. In fact, that’s how transfers used to work.
Domainer says
I would assume, if the transfer lock is on, the losing registrar should not release the domain. ????
Andrew Allemann says
Correct. As long as no one hacks into your account, that will protect you. Presumably they have to hack your account or your email to get auth codes.
Frank Michlick says
@Domainer: Most registries will not allow the registrar to initiate a transfer if the domain is locked (clientTransferProhibited)