What is Whois Privacy?

ICANN, the governing body for most Internet domain names, requires that the contact details of your domain name be publicly available. As a result, your contact information is stored on “whois” servers where your information is available to anyone with an Internet connection.

If you’re thinking that opens you up to potential identity theft and an influx of spam you’d be right. In fact, anyone who has registered a domain name knows that shortly after creating the domain, you are often inundated with spam, telesales, and junk mail.

Spammers set up automated robots that scrape whois contact records, gathering contacts and email addresses in order to advise you of your recent lottery win, advise you of your surprise inheritance, or help you to last for hours in bed.

There is a solution. In an effort to combat these pitfalls, some domain name registrars offer a service known as whois privacy or whois proxy, which will shield your personal information from the public whois database. Think of it like getting an unlisted phone number to avoid telemarketers. It’s often a very affordable service, costing less than the price of the registration itself.


What type of Whois privacy is available?

There are three main methods of whois privacy services available in the marketplace today:

Type of Whois Privacy How Users Contact You Comments
Completely anonymous – in this case your entire contact record is replaced with contact details provided by your registrar. Users have no way of contacting you from the whois record. This method is fine if you never want to be reached via whois but be careful – some online services confirm your identity by sending an email to your whois contact and this method will prevent you from receiving those emails.Your name and mailing address are made anonymous and your email address is replaced with something static such as YourDomain@YourRegistrar
Your name and mailing address are made anonymous and your email address is replaced with something static such as YourDomain@YourRegistrar Registrar either forwards email from YourDomain@YourRegistrar to your local email address or authenticates email requests before sending them on to you.

Postal mail forwarding depends on Registrar, usually for a fee.

The only issue with this method is that you are dependent on your registrar’s spam filtering techniques and if not handled correctly you could receive as much spam as you would have done had you not used whois privacy.
Your name and mailing address are made anonymous, your email address is set to something totally random such as 4fa0f9fdds@YourRegistrar and then that email address changes on a regular basis (e.g. every 24 hours). Registrar forwards email from RandomChangingAddress @YourRegistrar to your local email address via spam filters.

Postal mail forwarding depends on Registrar, usually for a fee.

This is preferred by many people because you’re reachable at any time, but if a spammer picks up on your email, it is filtered and spam will only last until the address is changed again.

Points to Note

  • Each registrar maintains the whois records for their own clients, whether on a local whois server, or at the registry level. For this reason, you can only purchase whois privacy from the same registrar where your domain name is registered.
  • There are several data storage services that scour the whois servers on a regular basis to store and distribute historical whois contact records from any given point in time. So, if you think you may want to protect your privacy at “any” point, it is recommended to get whois privacy from the day you register the domain name.
  • Most registrars provide the ability to turn whois privacy on and off, but surprisingly not all registrars turn it on by default. So, if you want to use the service, be sure to either check with your registrar, or check the whois record to make sure that it is active after your registration.
  • Before you commit to any specific registrar’s privacy service, find out how they will display the registrant (owner) name. There are some concerns in the marketplace when registrars list their own name or whois privacy service name, as it may legally change ownership of the domain. One method used by some registrars is to reference your entity without giving away your contact details, for example “Whois Privacy Service, Attn: YourDomain.com”


Whois privacy restrictions

Although most domain extensions are not currently restricted, not all domain names are permitted to use whois privacy, so don’t be surprised if your registrar doesn’t offer the service for the domain you register. For example, the .us registry, based on a US governmental law, require that the contact details reflect the actual owner/manager of the domain. Similarly, Nominet, the .uk registry only permits whois privacy for private owners, not businesses. On the other hand the Canadian registry for .ca, concerned about personal privacy no longer display contact details whatsoever.

Keep in mind that whois privacy is not a way to conduct criminal activity and expect anonymity. Most if not all domain name registrars that provide whois privacy also have clauses in their terms that state they would provide your real contact info to law enforcement agencies or other entities given a certain set of circumstances. Check your registrar terms for the specific rules.

Due to the nature of whois privacy where your postal address will be replaced by all registrars offering the service, you will not receive any postal mail, including legitimate mail. Although legitimate mail via your whois record is few and far between it could happen, and some registrars will even forward postal mail for an additional fee. Check with your registrar for further details.