Re: GoDaddy deleting most ancillary registration contact information

[David Conrad via NANOG <nanog () lists nanog org>]

Barry,

On Jul 19, 2025, at 11:50 AM, bzs () theworld com wrote:
> On July 18, 2025 at 19:39 nanog () lists nanog org (David Conrad via NANOG) wrote:
> > My somewhat cynical answer: if you relied on domain (and likely IP address/ASN in the future) registration data, it 
> > might be worthwhile figuring out alternatives to that reliance.  Les cynically: pragmatically, given the vast 
> > majority of contact information these days points to privacy providers or is redacted, I’m unclear there will be 
> > significant impact — the data is already pretty useless.
> Even if 90% were useless it would still be of use, possibly
> critically, in the other 10% of cases and I don't think it's anywhere
> near 90%.

I’ve not done an exhaustive survey myself, but the “majority of contact information” comment was taken from my 
interactions with law enforcement and I believe it is the result of most if not all Registrars defaulting to “privacy” 
for registrations since GDPR was enacted.  However, since the law enforcement folks I deal with are mostly interested 
in current activities, e.g., phish/botnet/etc., it’s likely they focus on recently registered domains so there may be a 
selection bias. As such, I won’t argue the point.

> Particularly if one can consider legitimate "privacy providers" useful
> as they can be contacted, subpoenaed, etc. which you seem to count as
> being in the "useless" category.

As mentioned, ICANN still requires registrars to collect valid contact information, however that information is not 
provided to the public as it once was.  It is, of course, still subject to subpoena/court order (depending on 
jurisdiction, of course) and it’s theoretically possible, if you can make your case to the registrar, that they’ll 
provide registration information to you if you can demonstrate “legitimate interest” (at the registrar’s discretion and 
risk, of course).  

> Whatever happened to "if your registration data is fraudulent,
> obsolete, or incorrect you stand to have your registration canceled"?

AFAIK, it remains a contractual requirement despite ICANN undertaking a law suit in Germany to enforce it for admin-c 
and tech-c and losing (if interested, see 
https://www.afslaw.com/perspectives/the-fine-print/recent-lawsuit-icann-against-german-domain-registrar-highlights). 

However, this gets into an “interesting” (or “infuriating”, depending on your POV) discussion about what contact 
information “accuracy” means. ICANN Accredited Registrars’ view (which I provide without comment) is at 
https://rrsg.org/wp-content/uploads/2024/03/RrSG-Approach-to-Registration-Data-Accuracy-March-2024.pdf. 

> This seems like an admission that this policy was not enforced.


Not sure how you got there. Registrars (or their lawyers) will (have, and do) argue that they abide by the policy (see 
the Registrar’s position above). ICANN Contractual Compliance argues that they enforce the policy (see pretty much any 
statement by the head of ICANN CC). I have my opinions, but they’re not particularly relevant. Since GDPR, the flagging 
of inaccurate registration has unsurprisingly tanked, so it’s difficult for the public to determine if registration 
information is accurate or inaccurate (for whatever value of the variable “accurate" you want to use). Perhaps somewhat 
relevant, see sections 5.2 and 6.4 of 
https://www.icann.org/en/system/files/files/inferential-analysis-maliciously-registered-domains-08nov24-en.pdf, but 
that probably doesn’t help that much.

Regards,
-drc

Attachment: signature.asc
Description: OpenPGP digital signature

_______________________________________________
NANOG mailing list 
https://lists.nanog.org/archives/list/nanog () lists nanog org/message/VTC33LVNIQ6ZCHVXL3YLRFCTTDJ6TEHN/