In a perfect world, domain name acquisitions are enabled by communicating such interest to the domain's registrant.
Ownership is verified through the public WHOIS database, which can be queried for contact information. This, at least, was its intended function before changes swept the domain industry a year ago.
The European Union passed the General Data Protection Regulation (GDPR) in 2016, and it was entered into force on May 25, 2018. A similar consumer privacy law has gone into effect in Cayman.
This far-reaching legislation affects—among other things—the way domain data is shared and displayed via the WHOIS protocol. ICANN is already pushing for the WHOIS replacement, working on the Registration Data Access Protocol (RDAP.)
But is this all about privacy concerns?
Domain privacy has been made feasible for 15+ years, via the availability of mostly paid proxy services, provided by domain Registrars. Currently, domain registrars such as Uniregistry, offer improved WHOIS privacy for free to their customers.
The problem with GDPR and its WHOIS data provisions is that it creates a layer that can be impenetrable when a domain's contact information is queried for the sake of acquiring it.
Simply put, when third parties wish to contact the domain's registrant, the task is herculean: the email can be hidden completely at the Registrar level, requiring to fill out a form that the Registrar relays to the registrant instead.
Just how much is the GDPR complicating the acquisition of domain names?
Some domains can be in active use for years, providing minimal contact information on a web site's pages, or none at all. Usually, that information was still available when querying the WHOIS.
Now, the GDPR gives the registrant the option to tweak the amount of contact information disclosed. The email, a quintessential communication tool, can be completely hidden, along with names and addresses.
Other domains are inactive, running on a pair of DNS servers that do nothing to resolve them to a web page. Some are set up in a way that MX records are the only active service, enabling email communication even when no web site comes up. To find out that information, one would have to query specific functions of a domain.
Domain investors that want to sell their domains can no longer rely on WHOIS use as a method of contact. What used to be a quick lookup of contact information, no longer works as expected.
What can be done to overcome this obstacle in communication?
Uniregistry.com allows its domain registrants the option of expressly authorizing the publication of their contact information if they want that information to be public. The underlyingly principle of GDPR is that personal information belongs to the person whose information it is. So, while the default option is not to publish registrant contact data, Uniregistry.com provides the ability for users to publish it if that is what they choose.
Another option is the development of domains into active web sites, with a contact form that enables direct contact. This approach is easy when a domain portfolio is relatively small, and the process is more difficult to scale up into the thousands.
Domain parking at PPC providers that offer the option to incorporate a contact form is the next best option.
At the Uni Market, domain portfolio holders can enable or disable PPC ads and can display various formats of a contact form with the option to solicit offers for the domain. They can also set a "Buy Now" price and thus send the domain through the checkout process.
On the flip side, when inquiring to acquire a domain name, the story can be completely different. Private domain registrants might choose to remain anonymous under the provisions of the GDPR, and they can even remain silent to inquiries sent via the Registrar contact form.
To overcome this dead-end, additional sleuthing and due diligence is necessary when seeking to acquire domains.
Aside from using search engines such as Google, social media platforms such as Facebook, Twitter, Instagram, along with professional networks such as LinkedIn, retain a trail of the domain's activities, even when the domain is inactive.
By searching through these resources, one can locate a domain's owner, managers, or officers, and establish contact in order to communicate their intentions further.
If a domain is inactive, it's still possible that it has email enabled. By using a tool such as gWhois, one can look up the MX records for clues.
Despite the sweeping effects of the GDPR, paid WHOIS data services such as DomainTools retain a plethora of domain information. Running a reverse IP check on a domain can reveal others that might be sharing that IP address. A reverse email check can achieve the same.
Privacy is not the only thing at stake.
Verifying domain ownership is now more complex than ever, and it complicates the ability of buyers to confirm that a domain is indeed in the hands of its legitimate owner. The obvious solution is to perform extensive due diligence on the domain's past history, locate its owner, and communicate directly—via phone, if possible—every aspect of the transaction.
Domain sales platforms such as the Uni Market, offer additional processes that verify a domain seller and can handle the transaction on behalf of both parties efficiently and transparently.
Conclusion: Buying and selling domain names has become more complex since the introduction of the GDPR.
WHOIS data privacy is a double-edged sword that can hinder domain acquisitions and sales. A smart approach is necessary to achieve successful growth under this new, demanding reality for the domain industry.