Policy No: 2014-07
Publication Date: 01/07/2018
Status: Current
1. BACKGROUND
1.1 This document sets out auDA's policy on the collection, disclosure and use of WHOIS data in the open 2LDs (asn.au, com.au, id.au, net.au, org.au) and the community geographic 2LDs (act.au, qld.au, nsw.au, nt.au, sa.au, tas.au, vic,au, wa.au).
1.2 auDA's Registry Licence Agreement and Registrar Agreement impose certain conditions on the registry operator and registrars in relation to the collection and use of WHOIS data. This policy operates to clarify some of those conditions.
2. WHOIS POLICY PRINCIPLES
2.1 The public WHOIS service is a standard feature of domain name systems around the world. The purpose of the WHOIS service is to allow users to query a domain name to find out the identity and contact details of the registrant. The WHOIS service is provided by the registry via a web-based tool and Port 43.
2.2 auDA has drafted this policy with the aim of striking an acceptable balance between:
a) the rights of registrants, under Australian law, in relation to how their personal information is handled;
b) the role of auDA to promote a competitive and efficient domain name industry; and
c) the interests of law enforcement agencies in accessing information about domain names for consumer protection and other public interest purposes.
3. COLLECTION OF WHOIS DATA
3.1 Data about each domain name registration is collected from the registrant by the registrar, and submitted to the registry in accordance with the procedural requirements of the registry. The WHOIS service displays a subset of the full registry data for each domain name (known as the "WHOIS data").
3.2 Under the Registrar Agreement, and in accordance with Australian privacy legislation, registrars must inform registrants of the fact that some of their personal information will be disclosed on the WHOIS service. Under the domain name licence agreement, registrants grant to the registry the right to disclose information for the purposes of maintaining the WHOIS service.
3.3 Due to the policy requirements in the .au domain, the WHOIS data that is collected by registrars at the time of registration is highly accurate and reliable. However, the integrity of the WHOIS database is undermined if the data is not kept up-to-date.
3.4 In order to maintain the integrity of the WHOIS database, registrants are required to notify their registrar of any changes to WHOIS data for their domain name(s) and the registrar must update the WHOIS database on receipt of new information from the registrant.
4. DISCLOSURE OF WHOIS DATA
4.1 The table in Schedule A lists the data fields that will be disclosed on the WHOIS service (web-based and Port 43) for all domain names in the open 2LDs.
4.2 In order to comply with Australian privacy legislation, the street address, telephone and facsimile numbers of registrants will not be disclosed.
4.3 It is necessary for the WHOIS data to include a contact email address for the registrant, for the purpose of contacting the registrant in relation to their domain name. The registrant does not have to nominate their own personal email address, but they must nominate an email address at which they can be contacted.
4.4 To address user concerns about privacy and spam, and in line with international best practice, auDA has implemented Image Verification Check (IVC) on the web-based WHOIS service. The purpose of IVC is to prevent or hinder unauthorised access to WHOIS data by automated data mining programs or scripts. For consistency, auDA has removed all email addresses from Port 43 WHOIS responses; users of Port 43 WHOIS will be referred to the web-based WHOIS service to access email addresses via IVC.
4.5 In the past, it was possible to use WHOIS to find out the creation and/or expiry date of a domain name. This enabled some members of the domain name industry to send unsolicited renewal notices to registrants with whom they did not have a prior business relationship, causing significant levels of customer confusion. As a result of these problems, auDA has determined that creation, renewal and expiry dates will not be disclosed on the WHOIS service.
4.6 Registrants who wish to check the creation or expiry date of their own domain name can do so through their registrar or reseller, or by using the centralised password recovery tool available on the registry website.
4.7 Third parties who wish to know the creation date of a particular domain name or domain names for the purpose of establishing rights in connection with a proposed claim under the .au Dispute Resolution Policy or other court proceeding, may lodge a request with auDA. The 'request for domain name creation date' form is available on the auDA website.
4.8 Registrants who wish to check what domain names have been registered using their details (eg. company or business name, ACN or ABN) may lodge a request with auDA. The 'request for domain name search' form is available on the auDA website.
5. USE OF WHOIS DATA
5.1 In the interests of protecting the privacy of registrants, the following activities are strictly prohibited:
a) use of WHOIS data to support an automated electronic query process; and
b) bulk access to WHOIS data (ie. where a user is able to access WHOIS data other than by sending individual queries to the database).
5.2 In order to prevent the abuses listed in paragraph 5.1, auDA will impose restrictions on the number of queries that a user can send to WHOIS (web-based or Port 43). The level of restriction will be clearly displayed on the WHOIS website. auDA may vary the restriction at any time.
5.3 auDA recognises that it may be necessary for law enforcement agencies to access the full record of a particular domain name or names as part of an official investigation. auDA will deal with requests from law enforcement agencies on a case-by-case basis.
SCHEDULE A
WHOIS FIELDS FOR .AU OPEN SECOND LEVEL DOMAINS
Field Name |
Field Description |
Domain Name |
Registered domain name |
Last Modified |
Date the domain name record was last modified (includes renewal, transfer and update) |
Status |
Status of the domain name (eg. “OK”, “pendingTransfer”, “pendingDelete”) |
Registrar Name |
Name of the registrar of record |
Reseller Name |
Name of the recorded reseller (if applicable) |
|
|
Registrant |
Legal name of the registrant entity (eg. company name) |
Registrant ID |
ID number associated with the registrant entity, if any (eg. ACN for company) |
|
|
Eligibility Type |
Registrant’s eligibility type (eg. “Company”) |
Eligibility Name |
Name used by the registrant to establish eligibility, if different from their own legal name (eg. registered business name or trademark) |
Eligibility ID |
ID number associated with the name used by the registrant to establish eligibility (eg. BN for registered business name, TM number for registered trademark) |
|
|
Registrant Contact ID |
Registry code used to identify the registrant |
Registrant Contact Name |
Name of a contact person for the registrant |
Registrant Contact Email |
Contact email address for the registrant |
|
|
Tech Contact ID |
Registry code used to identify the technical contact |
Tech Contact Name |
Name of a technical contact for the domain name (eg. registrar, reseller, webhost or ISP) |
Tech Contact Email |
Contact email address for the technical contact |
|
|
Name Server |
Name of computer used to resolve the domain name to Internet Protocol (IP) numbers (minimum of 2 name servers must be listed) |
Name Server ID |
IP number of the name server |
DNSSEC |
DNSSEC status (whether the domain name is signed or unsigned) |