sven30 Posted January 28, 2018 Share Posted January 28, 2018 We're looking into developing a whmcs hook that changes the customer's email, phone number and address of a domain name whois contact info. So for instance, a customer goes and orders a hosting package using standard whmcs cart with a domain name. They create an account and checkout and pay and the hosting/domain is setup. Typically the default contact information they signup with (like name/email/address/phone etc.) transfers to the domain contact whois registrar as the registrant/admin/etc contact. We're trying to protect our customer's contact info by using decoy information we've set in place. So for instance, domain@ourdomain.com, PO Box, and 803-220-xxxx would replace the customer's real information just in the whois contact fields right before sending to the domain registrar at purchase (in the background). But preserve their actual contact info for the whmcs client billing account after purchase. It's sort of a poor mans whois privacy we're providing. Lately our customers have been getting blown up with spam and robocallers right after a domain purchase and blaming it on us and they don't want to pay the extra ID protect fee so we thought this would be a fine alternative. The email/address/phone are all legit and would go through us and we would then auto and or manually relay any valid correspondences to the domain owner. Anyway, let me know what it might take to create a hook to do this or if it's even possible to do economically. It feels like it would just be a matter of changing those 3 contact fields that send to the registar only and that's about it. Link to comment Share on other sites More sharing options...
bear Posted January 28, 2018 Share Posted January 28, 2018 You seem to be asking to make yourself the whois registrant contact for all domains purchased through you? That makes you the owner, and not them, legally speaking, and will cause all sorts of problems. In my opinion, that's not only not legal, but incredibly inadvisable. Explain it to the person buying domains from you that domain whois details are readily and easily harvested at the registrar level, and beyond your control. Explain further that the fix is to order whois protection at the time of registering. Make it a sales pitch for the paid protection, find a registrar that includes it for free; but at the least, have that explained in your FAQs. Don't just put your info on them, please, no matter your motivation. 1 Link to comment Share on other sites More sharing options...
sven30 Posted January 28, 2018 Author Share Posted January 28, 2018 10 minutes ago, bear said: You seem to be asking to make yourself the whois registrant contact for all domains purchased through you? That makes you the owner, and not them, legally speaking, and will cause all sorts of problems. In my opinion, that's not only not legal, but incredibly inadvisable. Explain it to the person buying domains from you that domain whois details are readily and easily harvested at the registrar level, and beyond your control. Explain further that the fix is to order whois protection at the time of registering. Make it a sales pitch for the paid protection, find a registrar that includes it for free; but at the least, have that explained in your FAQs. Don't just put your info on them, please, no matter your motivation. I had a feeling someone would bring this up. Which is why I was reluctant to post this publicly. So here's the deal, these customers still have ownership over their domain names, we just control all the spam/junk/malicious stuff that goes in between so they don't get it. I don't know of any registrars (good ones anyway) that offer whois protection for free otherwise we'd use them. We have this in our marketing and terms that they own the domain name no matter what 100%. In fact we want to get it to a point where they have their own unique email forwarder that automates the filtering more. This past year it's been a different case for our new domain customers. The complaints were off the hook bc Robocallers have been unnaturally aggressive and spammers have been too as well as household junk mail. All about web design service so our customers blame us for causing it. These are mainly happening with new domain sign ups. So instead of charging them another $10 / year ($8 cost to us), we thought we'd just do this included service and it seemed like a quick fix to pursue. Honestly it's not much different than what the registrars are doing with whois privacy protection. They're replacing the customers contact info with something else to protect the customer. Link to comment Share on other sites More sharing options...
bear Posted January 29, 2018 Share Posted January 29, 2018 (edited) 6 hours ago, sven30 said: Edited January 29, 2018 by bear Link to comment Share on other sites More sharing options...
bear Posted January 29, 2018 Share Posted January 29, 2018 (edited) Tried quoting your post, and this community software is just awful and wouldn't let me quote and respond outside of your quoted text. Namesilo is a registrar that gives free whois protection. As for the ownership, in the eyes of the registrar and the law, it's the registrant that owns it. If your name is on it, you own it. It doesn't matter if you have a paper that says they do, since in any dispute that won't matter. Edited January 29, 2018 by bear Link to comment Share on other sites More sharing options...
brian! Posted January 29, 2018 Share Posted January 29, 2018 15 hours ago, sven30 said: Honestly it's not much different than what the registrars are doing with whois privacy protection. it really is - whois privacy doesn't change the ownership of the domain, it just hides those registrant details from WHOIS... in your suggestion, you're effectively registering the domains in your name (or seemingly pretending to use the client's details but substituting your own in the background), no doubt with the best of intentions, but it's a very bad idea - it could lead to all sorts of legal issues down the road that should be avoided... not the least of which would be who owns the domains if your business ceased trading. buying whois privacy is relatively cheap (or free), so it's a better solution than your original idea. additionally, with GDPR coming into force in a few months time, that may have an effect on whois privacy - but I suspect even if your clients are EU individuals, they'd still need WP to ensure those details are totally hidden publicly. Link to comment Share on other sites More sharing options...
othellotech Posted January 29, 2018 Share Posted January 29, 2018 >>I don't know of any registrars that offer whois protection for free Several of us offer it for free, although now ICANN believe they can control privacy/proxy services, accredit and charge them thousands of $ per year (as wee as set policies on how they work, who they much give data to etc) it's unlikley any registrar will be able to (or allowed to) operate a free version moving forward. However part of the policy will be to force registrars to stop dealing wit unaccredited proxy services (like you're describing you are planning) - so essentially all registrars will be banned from dealing with you and you'll lose the ability to register or manage domains. So it's a case of use your registrars version, or nothing Link to comment Share on other sites More sharing options...
Recommended Posts