2002-06 - WHOIS Policy

PDF version

Policy No: 2002-06
Publication Date: 02/05/2002
Status: Replaced by Policy No 2003-08

1. BACKGROUND

1.1 This document sets out auDA's policy on the collection, disclosure and use of WHOIS data in the open .au second level domains (2LDs). At the time of publication, the open 2LDs are asn.au, com.au, id.au, net.au and org.au.

1.2 Disclosure and use of WHOIS data in the closed 2LDs is determined by the relevant 2LD manager and approved by auDA.

1.3 auDA's Registry Licence Agreement and Registrar Agreement impose certain conditions on the registry operator and registrars in relation to the collection and use of WHOIS data. This policy operates to clarify some of those conditions.

2. WHOIS POLICY PRINCIPLES

2.1 The public WHOIS service is a standard feature of domain name systems around the world. The purpose of the WHOIS service is to allow users to query a domain name to find out the identity and contact details of the registrant.

2.2 auDA has drafted this policy with the aim of striking an acceptable balance between:

a) the rights of registrants, under Australian law, in relation to how their personal information is handled;

b) the role of auDA to promote a competitive and efficient domain name industry; and

c) the interests of law enforcement agencies in accessing information about domain names for consumer protection and other public interest purposes.

3. COLLECTION OF WHOIS DATA

3.1 Data about each domain name registration is collected from the registrant by the registrar, and submitted to the registry in accordance with the procedural requirements of the registry. The registry provides a public WHOIS service for all 2LDs under its control, which displays a subset of the full registry data for each domain name (known as the "WHOIS data").

3.2 Under the Registrar Agreement, and in accordance with Australian privacy legislation, registrars must inform registrants of the fact that some of their personal information will be disclosed on the WHOIS service. Under the domain name licence agreement, registrants grant to the registry the right to disclose information for the purposes of maintaining the WHOIS service.

3.3 Due to the policy requirements in the .au domain, the WHOIS data that is collected by registrars at the time of registration is highly accurate and reliable. However, the integrity of the WHOIS database is undermined if the data is not kept up-to-date.

3.4 In order to maintain the integrity of the WHOIS database: a) under the terms of the domain name licence agreement, registrants must notify their registrar of any changes to WHOIS data for their domain name(s); and b) registrars must contact their registrants at least every six months, to verify current data.

4. DISCLOSURE OF WHOIS DATA

4.1 The table in Schedule A lists the data fields that will be disclosed on the public WHOIS service for all domain names in the open 2LDs.

4.2 In order to comply with Australian privacy legislation, the street address, telephone and facsimile numbers of registrants will not be disclosed.

4.3 It is necessary for the WHOIS data to include a contact email address for the registrant, for purposes of contacting the registrant in case of technical problems with the domain name, or notifying the registrant that a complaint has been filed against them under the .au Dispute Resolution Policy. The registrant does not have to nominate their own personal email address, but they must nominate an email address at which they can be contacted at any time.

4.4 In the past, it was possible to use WHOIS to find out the creation and/or expiry date of a domain name. This enabled some members of the domain name industry to send unsolicited renewal notices to registrants with whom they did not have a prior business relationship, causing significant levels of customer confusion. As a result of these problems, auDA has determined that creation, renewal and expiry dates will not be disclosed on the WHOIS service. Registrants who wish to check the creation, renewal or expiry date of their own domain name can do so through their registrar or reseller.

5. USE OF WHOIS DATA

5.1 In the interests of protecting the privacy of registrants, the following activities are strictly prohibited:

a) use of WHOIS data to allow, enable or otherwise support the transmission of unsolicited communications to any person, by any means;

b) use of WHOIS data to support an automated electronic query process; and

c) bulk access to WHOIS data (ie. where a user is able to access WHOIS data other than by sending individual queries to the database).

5.2 In order to prevent the abuses listed in paragraph 5.1, auDA will impose restrictions on the number of queries that a user can send to WHOIS. The level of restriction will be clearly displayed on the WHOIS web site. auDA may vary the restriction at any time.

6. REVIEW OF POLICY

6.1 auDA has taken a minimalist approach to the disclosure of WHOIS data, on the basis that it is easier to expand the data set in future if necessary, than attempt to impose restrictions after the data has already been publicly available for a period of time. auDA will closely monitor the use of the WHOIS service, and hold a public review of this policy 12 months after implementation.

SCHEDULE A

WHOIS FIELDS FOR .AU OPEN SECOND LEVEL DOMAINS

Field Name Field Description
Domain ROID Registry code used to identify the domain name
Domain Name Registered domain name
Last Modified Date the domain name record was last modified
Registrar ID Registry code used to identify the registrar
Registrar Name Name of the registrar of record
Status Status of the domain name (eg. ok, pending transfer, pending delete)
Registrant Name of the registrant
Registrant ID ID number associated with the registrant, if any (eg. ACN for company)
Registrant ROID Registry code used to identify the registrant
Registrant Contact Name Name of a contact person for the registrant
Registrant Email Email address for the registrant
Tech ID Registry code used to identify the technical contact
Tech Name Name of the technical contact
Tech Email Email address for technical contact
Name Server Name of computer used to resolve the domain name to Internet Protocol (IP) numbers (minimum of 2 name servers must be listed)