Each gTLD registry is mandated through its ICANN contract to provide its zonefiles.
The zonefiles list all published domain names, which is almost all domain names in the TLD, but not all: this excludes domain names without nameservers (a totally legit case, you can sometimes wish to protect a name without associating it with any online service), or domain names being "on hold" (the EPP statuses clientHold
or serverHold
that remove the domain names from publication).
You can do a search on CZDA to find the online platform that will enable anyone, for free, upon accepting a contract, to be able to grab any gTLD zonefile, that are updated each day.
So, it is very easy that way to get a list of domain names, if you do it 2 days in a row you can compute the difference and find the newly added domain names (which would basically be the newly registered domain names, with some exceptions for the reasons outlined on top), and then do whois queries to grab the contact data associated to these domains and then contact people.
Note that when you access the CZDA you are signing a contract that enforce some rules on what you can or can not do with the data. I am not sure that the activity described here falls into the acceptable case of the contract, but I am not a lawyer and this is extremely difficult to respect. Anyway, it is trivial technically.
ccTLDs most often do not provide access to their zonefiles. Some of them (like .FR) just provide each day the list of newly registered domain names. Which puts you back exactly at the previous step when you computed the difference of two zonefiles, and then enables you to contact people in the same way.
Also, and completely unrelated, if you read carefully the ICANN registrars contract (so again only for gTLDs) you will find inside a clause showing that the registrars have to sell their full database of names + contact data in some specific cases. This is costly ($10 000 per registrar!) but can also be a way to get the data.
A way to protect yourself against all of these solicitations is to register your domain names with privacy/proxy services so that your personal data never appears in whois output. This is offered by many registrars, and will become more and more the norm, due to new regulations about data privacy for individuals, like the GDPR in European Union.
9I have 3 *.com domains and 5 *.de domains... all with my full address, mail and phone number... never got a letter, mail or call... – Mischa – 2017-10-13T08:57:35.740
7
@MischaBehrend you're very lucky. As for davidgo: sign up for a separate/new Google account, and set up Google Voice on it -- do NOT forward the number to your actual phone, but just have it forward text/voice messages to the new email. Then use the new Google email and Voice # in your WHOIS data and you can still receive legit messages but now YOU get to choose when you have to sift through the crap. Also be prepared for the inevitable snail-mail spam: http://www.dcsny.com/technology-blog/idns-domain-registrar-scam/
– Doktor J – 2017-10-13T14:21:25.710I've had a solid handful of domains registered for decades with a number I've kept for that same length of time, and have yet to receive and unsolicited call regarding domain/web services. Then again, I don't know what magic Google Voice does to protect me from spam callers. – music2myear – 2017-10-13T23:49:18.163
1In my experience it's ramped up in recent years. Nowadays a new domain gets me maybe 25 phone calls and 50 emails in the following weeks. Web design, logo design, business advertising. – Matt Nordhoff – 2017-10-14T05:18:48.133
“How are they discovering the domain name registration?”
whois yourdomain.com
in any terminal, I guess. – Andrea Lazzarotto – 2017-10-14T10:31:15.9901@AndreaLazzarotto But any idea how they know to look up a domain that was just registered? – I say Reinstate Monica – 2017-10-14T17:27:18.967
Downloading and diffing the .com zone file on a daily basis, maybe? (Excludes domains with no nameservers, but good enough.)
– Matt Nordhoff – 2017-10-14T19:54:46.687