IEEE Access (Jan 2024)
WHOIS Data Redaction and its Impact on Unsolicited Emails: A Field Experiment
Abstract
The Internet Corporation for Assigned Names and Numbers (ICANN) mandates the disclosure of certain information regarding registered domain names. However, the European Union General Data Protection Regulation (GDPR) curtails publicly accessible information, including personally identifiable information (PII). It has been suggested that public disclosure of registration data leads to email spam, but no systematic academic study of this effect has been conducted. This study fills this gap by empirically assessing the impact of public PII disclosures on spam email volumes. Over a year-long field experiment, we registered 66 domain names with disclosed and undisclosed PII and analyzed incoming unsolicited email advertising. Our results revealed that, on average, domains with publicly disclosed contact information received 19.7 total emails per domain, compared to a mean of 4.2 for domains with undisclosed details. When focusing specifically on spam emails, domains with publicly disclosed contact information received 12.76 per domain, compared to only 0.12 for domains with undisclosed details. This significant increase in spam emails linked to public PII disclosures indicates a clear negative impact. ICANN stakeholders should consider these findings, recognizing the potential privacy implications and spam risks of disclosing domain contact information.
Keywords
