Domain privacy after GDPR

Table of Contents


This article explains how the GDPR (General Data Protection Regulation) law affects the information available about your domains after the law came into effect on May 25th, 2018.

WHOIS privacy

WHOIS is frequently used to fetch information about a domain. A WHOIS query usually returns information such as the person or organization that registered the domain, the expiration date, and the domain registrar.

WHOIS queries are useful to identify ownership of a domain. However, spammers take advantage of this public information to call and spam you with text and email messages. This is why most domain registrars provide WHOIS privacy. With WHOIS privacy, the information is masked by the registrar.

WHOIS after GDPR

With GDPR, even if you opt out of WHOIS privacy, your information is protected. This is great for avoiding spam, but it can make other tasks harder since a WHOIS query can no longer identify you as the owner of a domain.

This can be disabled, just contact support, and we’ll be happy to help. When you opt-in to disclose WHOIS data you will receive an email from info@domain-contact.org. This email will provide you with a link to modify your registration data disclosure settings. Here you will be allowed to select which data to display.

GDPR disclosure link

Certificate validation

Requesting an SSL certificate is a common task that requires proof of ownership of a domain. Our SSL certificates from Sectigo require an extra step to ensure the request is legitimate and comes from an authorized owner of the domain. Since the WHOIS public email address is now protected, there is no reliable way for Sectigo to contact you to verify the ownership of your domain.

In this situation we recommend one of the following options:

  • If your domain is already configured to receive email, you need to create at least one of the following email addresses to prove ownership:

      admin@your-domain
      webmaster@your-domain
      postmaster@your-domain
    

    Some email services let you create an alias email address, so you don’t have to monitor an extra inbox just for this.

  • If your domain is not configured to receive email, you can use our email forwarding feature and delete the forward once the certificate is issued.

Domain transfer validation

Some domain registrars require an extra step before initiating a transfer. They send an email to validate the ownership of the domain to the available WHOIS email address. Since the WHOIS email is now masked, you need to work with the new registrar to find an alternative to the email validation.