Access to Registrars' Data

Thomas Roessler <roessler@does-not-exist.org>
August 21, 2002


Access to registrars' data about domain name registrations is controlled by the Registrar Accreditation Agreement (RAA). This agreement is available in two versions from November 1999 (applicable to registrars accredited only for .com, .net, .org), and from May 2001 (applicable to registrars in .biz, .info, .name, and to electing registrars in .com, .net, .org). The rules on public access to these data can be found in section 3.3 (II.F) of the respective agreements.

Query-based Access

Availability of Data

Section 3.3.1 (II.F.1) of the RAA obligates registrars to provide, at their own expense, and to the public, web-based and port 43 query access to up-to-date (i.e., updated at least daily) data concerning all active Registered Names sponsored by Registrar for each TLD  in which it is accredited.  

Data elements

The agreement contains a provision which allows appendices for specific TLDs to modify this list of requirements; no of the existing TLD-specific appendices make any use of that provision.

Use of WHOIS data

Section 3.3.5 (II.F.5) of the RAA determines the possible use of the data made available through query-based whois.  This is expressed in terms of restrictions registrars may (or rather, may not) impose on data recipients.
Registrars may impose no restrictions besides those explicitly listed in the accreditation agreement or determined by an ICANN policy; until today, no such policy exists.
WHOIS data obtained by query-based WHOIS access may be used for any lawful purpose, with two exceptions:

Cross-registrar WHOIS / centralized database

Section 3.3.4  (II.F.4) of the RAA contains an obligation to registrars to cooperate in the establishment of a distributed, cross-registrar query-based WHOIS. Alternatively -  if the Whois service implemented by registrars does not in a reasonable time provide reasonably robust, reliable, and convenient access to accurate and up-to-date data  - it is the registrar's obligation to supply data from its database to facilitate the development of a centralized Whois database for the purpose of providing comprehensive Registrar Whois search capability.  

Bulk Access

Availability of Data

Section 3.3.6 (II.F.6) imposes the additional obligation on registrars to make the same data subject to query-based access available in bulk. Bulk data are made accessible for download at least once per week (3.3.6.1; II.F.6.a), for an annual fee of at most USD 10,000 (3.3.6.2; II.F.6.b).

Use of Bulk Data

Paragraphs 3.3.6.3-3.3.6.5 (II.F.6.c-II.F.6.e) of the RAA describe the contents of registrars' access agreements.  There are both conditions the registrar shall impose on data users, and conditions the registrar may impose on data users.  This implies that registrars may not impose any other conditions on the use of bulk WHOIS data.
The effectiveness of these provisions is, however, limited by section 3.3.7 (II.F.7) of the RAA until the earlier of either establishment of a new ICANN policy on bulk access to WHOIS data, or demonstration, to the satisfaction of the United States Department of Commerce, that no individual or entity is able to exercise market power with respect to registrations or with respect to registration data used for development of value-added products and services by third parties.

The possible provisions of registrars' bulk access agreements are these:

Opt-out Provision

Section 3.3.6.6 (II.F.6.f) of the RAA provides that registrars may establish an opt-out policy; note that this is not mandatory.  This opt-out policy - if established - is limited to individual domain name holders, and it only covers bulk acess for marketing purposes (except spamming, which is forbidden anyway - see above).  The opt-out cannot be limited to third parties' marketing use of registration data: If registrants opt out of marketing use, Registrar may not use such data subject to opt-out for marketing purposes in its own value-added product or service.
It should be noted that this provision is stated as an explicit allowance to registrars.  This implies that registrars may not establish any other policies with respect to the availability of WHOIS data.  WHOIS data provided for bulk access (and supposed to be used for any non-marketing purpose) must be complete.


Information for Registrants

Section 3.7.7.4 (II.J.7.b) contains registrars' obligation to inform registrants about the purposes and intended recipients (or categories of recipients) of any personal data collected from the registrant.  Personal data are defined, in section 1.6 (I.G) of the agreement, as data about any identified or identifiable natural person.