Spamhaus chimes in on spam-after-GDPR claims

Group says there could be many reasons spam hasn’t increased after GDPR.

Yes, spam is down since the date GDPR caused Whois records to go dark. But anti-spam group Spamhaus says there are many possible reasons for this, and not having Whois information is hampering its efforts.

The back story is this: anti-spam and internet security groups cautioned that domain name registrars hiding Whois information because of the EU’s General Data Protection Regulation could lead to more spam. Since the GDPR went into effect in May, however, spam volumes have actually gone down.

This has led some people to suggest that claims about the impact of hidden Whois records on spam were overblown.

In a blog post, Spamhaus says there are a number of possible reasons spam has dropped since Whois went dark:

1. Legitimate companies have purged their email lists to become GDPR compliant so there’s less “legit” spam.
2. Fewer domains are being flagged as spam because of no access to Whois data; anti-spam systems are flagging less spam as spam.
3. The natural ebb and flow of spam volumes.
4. Bad actors focusing on other types of illegal activity.
5. Few new top level domain specials, so domains are more expensive for spammers to churn through.

The organization says that it’s too early to draw any conclusions. But it also notes that a lack of Whois info is hurting its efforts to connect the dots between domains and spammers.

Spamhaus is a member of Coalition for a Secure and Transparent Internet, a group advocating for public Whois.