Group says there could be many reasons spam hasn’t increased after GDPR.
Yes, spam is down since the date GDPR caused Whois records to go dark. But anti-spam group Spamhaus says there are many possible reasons for this, and not having Whois information is hampering its efforts.
The back story is this: anti-spam and internet security groups cautioned that domain name registrars hiding Whois information because of the EU’s General Data Protection Regulation could lead to more spam. Since the GDPR went into effect in May, however, spam volumes have actually gone down.
This has led some people to suggest that claims about the impact of hidden Whois records on spam were overblown.
In a blog post, Spamhaus says there are a number of possible reasons spam has dropped since Whois went dark:
1. Legitimate companies have purged their email lists to become GDPR compliant so there’s less “legit” spam.
2. Fewer domains are being flagged as spam because of no access to Whois data; anti-spam systems are flagging less spam as spam.
3. The natural ebb and flow of spam volumes.
4. Bad actors focusing on other types of illegal activity.
5. Few new top level domain specials, so domains are more expensive for spammers to churn through.
The organization says that it’s too early to draw any conclusions. But it also notes that a lack of Whois info is hurting its efforts to connect the dots between domains and spammers.
Spamhaus is a member of Coalition for a Secure and Transparent Internet, a group advocating for public Whois.
Points may be valid, but none of this is congruent to the claims made in the run up to May 25. Feels like a Doomsday cult walking back its predictions.
Richard Funden says
After their initial doom-calling was revealed to be overblown hyperbole that now try to change the narrative?
Let’s face it: The prophesied spampocalypse and abuse flash flood did not happen. Just like W2K: Lots of static, no substance.
John Berryhill says
“But it also notes that a lack of Whois info is hurting its efforts to connect the dots between domains and spammers.”
The lack of Whois info is also hurting the efforts of spammers to harvest email addresses.
Andrew Allemann says
That’s true. It would be great if there was a reliable forwarding email addressed in Whois that could forward legit email but screen out spam. Some registrars do a good job of this.
Registrars are working on this in different ways, but generally once an email address is exposed in WHOIS, it quickly fills up with junk. A contact/relay webform is a better approach.
Andrew Allemann says
I’d be ok with that