When you register a domain, you’ll need to provide your personal contact information—including your name, address, phone number and email—to your domain registrar. Depending on your privacy settings, your registrar may then publish your information to the WHOIS database. WHOIS (short for “Who is responsible for this domain name?”) is a public domains directory that identifies who owns a domain, and how to contact them.
You can’t register a domain without providing contact details to your registrar. But it’s up to you whether or not that information gets shared with the general public. Many registrars now offer domain privacy (or “WHOIS privacy”), listing their contact information in place of your own.
WHOIS requirements and privacy concerns
With privacy best practices growing exponentially, we’ll help connect the dots on why contact information requirements exist—and what to expect as you register a domain.
Why registrars require you to provide your personal information
You’ve probably heard of ICANN, the international governing body for domain names. If you haven’t, it’s important to know that ICANN has the big job of ensuring the organization, stability, and security of the internet namespaces.
This is accomplished in part by requiring every domain registrar to collect—you guessed it—the personal contact information of every registrant and make those records publicly available through the WHOIS database.
The benefits of providing your personal information
Sharing your contact information with your registrar not only keeps you ICANN-compliant, it benefits you in other ways.
- You’ll be able to prove your domain belongs to you in the eyes of the domain authorities (like ICANN).
- Your registrar can contact you about account changes or other potential security breaches (whether you enable domain privacy protection or not).
- You’ll be easily contact-able if someone wants to pay you 1 million dollars (here’s hoping!) for your domain.
Can anyone conduct a WHOIS lookup and retrieve domain ownership information?
For better or for worse—yes. And they can do it quickly and for free shortly after you register a domain name.
WHOIS helps law enforcement agencies and lawyers to find accountable parties involved in illegal or abusive online activities. That being said, WHOIS searches are fueled almost entirely by those looking to purchase your domain, sell you something, or scam you.
How will my domain registrar safeguard my information?
If you opt for domain privacy, your registrar will use their own company contact information, and sometimes a randomly generated email address, instead of yours. They’ll still have your information, but those records will be safely locked up where prying eyes can’t see.
What other domain information is shown in a WHOIS lookup?
A WHOIS lookup will include details about a domain’s registrar, the name servers responsible for its functionality, its current status (whether it’s active or expired), the expiration date, and the date of the latest update. It will also show whether a domain is “locked,” which means it’s protected from unauthorized modifications. All of this information is publicly available through WHOIS.
The EU General Data Protection Regulation
In 2016, the EU adopted the GDPR, or General Data Protection Regulation, designed to better protect the personal data of people who are in the EU in terms of how information is collected, used, and stored. The GDPR applies to WHOIS data, meaning the word “redacted” is used in place of personal information. For the most part, European Union citizens do not need a WHOIS privacy service.
If you are covered under the GDPR, your personal information is still available to the registry with whom you have a domain, and possibly several other registries that require registrars to automatically send them your information. This is called “onward sharing,” and we encourage you to research how registries will share your personal information.
Weighing the benefits: Do I need domain privacy?
To absolutely no one’s surprise: it depends. Domain privacy is a useful protection tool, but the real divider is in the risk of losing authority over your own domain.
Reasons to use domain privacy
1. To dodge unsolicited and unceasing junkmail via your postal and email addresses from marketers and scamsters.
2. To steer clear of hacking attempts or identity theft from bulk solicitation to third parties.
3. To keep competitors out of your private business matters. Competitive intent is a different kind of hazard that counters your unique marketing strategy to capture your market share and disrupt your business.
Reasons not to use domain privacy
1. To prevent loss of authority. In the eyes of domain authorities like ICANN, whoever is listed in WHOIS is considered the owner of the domain. Some registrars allow you to add a text (TXT) record to your domain’s DNS zone file for the verification of true domain ownership, however.
2. To prevent a lack of transparency to your clients, who may want to further verify the legitimacy of who you are and where your business is located.
3. To avoid the cost of domain protection fees, which vary depending on your registrar.
4. To present contact methods front and center to domain buyers for owners in the business of buying and selling domains at a profitable price.
Avoid shady registrars that may sell your information
Bear in mind that domain registrars have all your personal information—they just aren’t placing it in the WHOIS record—so the privacy is a veneer. A rogue registrar who isn’t ICANN-accredited might protect you from casual onlookers, but then whip away that veil of privacy to another shady party when the price is right.
This is not to say that all registrars without ICANN-accreditation have bad intentions. It is to say that you should protect yourself.
ICANN accreditation is a verified mark of trust, and registrars are seen as more credible and secure in the domain name industry when granted this accreditation.
How can I get domain privacy?
Domain registrars can provide privacy protection to your domain during the registration process (or anytime after).
Following that cue, start by verifying that your registrar actually offers domain privacy before signing up. Once that’s confirmed, it should be simple to activate as you go through the process of purchasing your domain.
The process for enabling (or disabling) domain privacy varies depending on the registrar—but it’s usually something you can do in your own good time, and is as simple as toggling it to “on” in your account settings.
Your registrar should include domain privacy protection at no extra charge and not as an “add-on” cash-grab. Here at DomainRegistry, we include free WHOIS privacy with every domain registration.
Can I transfer to a new domain registrar without exposing my personal information?
The rules aren’t simple here, and there’s a likely chance you’ll have to disable your domain privacy during the transition and have that temporary “gap” in protection.
Even if your current and new registrars offer domain privacy protection—the transfer process can be convoluted, depending on the registrar. The initial transfer verification email process becomes precarious when the current registrar uses a generic or randomized email in place of the registrants true email, or when the new registrar can’t retrieve protected contact details without security risks.
What if I wait to add domain privacy?
The best time to consider domain privacy is while you’re registering your domain name. If you wait and enable privacy later on, prying eyes have access to tools that may locate your previously listed domain ownership data, as well as transfer history and past domain sales records.
But if you’re a current domain owner who’s just now learning about the existence of domain name privacy, adding it can still have benefits. Just be conscious of scammers who may be able to dig deep and uncover that archived information of yours.
Which top-level domains aren’t allowed to conceal my information?
Registry restrictions are in place for certain geographic locations, and a small group of domains, currently including:
.ca, .cn, .ch, .co.in, .co.uk, .com.au, .com.sg, .com.es, .es, .eu, .fr, .de, .gg, .id, .in, .is, .law, .li, .me.uk, .net.au, .nl, .nom.es, .nu, .nyc, .org.es, .org.au, .org.uk, .paris, .sg, .to, .uk, .us, .vote, .voto, and .xn—3ds443g.
Can I change my mind and turn off domain privacy?
Yes. Registrars can turn off your domain privacy if your needs change. Some registrars have this function available for you to manage yourself from your online account.
Besides registrar privacy services, what other ways can I keep my information off the record?
Instead of domain privacy protection services, some people delve deeper and enlist a third party proxy service. In this case, the registered name holder of record is the proxy service, and their contact information is shown on the WHOIS query—so the registrant’s information is concealed even from the registrar. ICANN won’t have any data other than that of the proxy service.
The rules around proxy services are constantly evolving. You can learn more and stay updated here at DomainRegistry.com.