Whois—or Whoisn’t? The state of Whois for domains
Determining who owns a domain name used to be simple. The creators of the domain name system built a service called Whois that served as a phone directory for websites.
Whois displayed the phone number, address, email address and fax number (remember, this was a while ago!) of the contacts for the domain owner. The idea was that people could use this directory to contact site administrators if there was a problem with their domain or website.
Whois lived in that form for decades but has changed a lot over the past few years. This makes it more difficult to contact a domain owner, but there are still ways to get in touch.
The decline of Whois
A couple of things have led to the demise of Whois as it was once known.
First, people abused the system to send out spam. A few years ago, anyone who registered a domain without Whois privacy would be inundated with unwanted emails, phone calls, and text messages offering web services (logos, site design, etc.) for sale. Some of this information could also be used for identity theft. For these reasons, displaying personal information was less than desirable, and registrars devised systems to hide the information for their customers.
Second, countries (and now individual states) introduced privacy regulations that appear to ban publishing domain owner information online. The biggest of these regulations is the European Union’s General Data Protection Regulation (GDPR). After GDPR went into effect in 2018, most domain registrars started blocking access to at least the phone numbers, email addresses and physical addresses of most domains, even though the regulation does not apply to non-EU-citizens living outside of the EU.
Since the passage of the GDPR, more countries have adopted similar regulations. And The California Consumer Privacy Act, which gives consumers the right to know about the data companies collect about them, applies to many tech companies. These developments put privacy concerns front and center.
While domain owners could apply Whois privacy to their domains when records were public, many registrars provide this service by default now because of the privacy regulations.
Specifically, Namecheap offers free Whois privacy with all eligible domains. (Important note: some domain registries forbid Whois privacy. This includes .US domain names, which the U.S. government regulates.)
Getting in touch
The demise of public Whois information has made it much harder to contact the owner of a domain name. There are some benefits to this, such as eliminating spam. It also helps people who publish sites critical of governments, politicians and businesses maintain their anonymity.
But what if you want people to be able to contact you? Or if you want to contact the owner of a domain to see if they’ll sell it?
If you own many domains that are for sale, one way to make sure people can find you is to ensure the domains point to a webpage that has a way to contact you. This can be a simple landing page with a contact box.
Registrars will also allow you to opt-in to displaying your information publicly in Whois — but be ready for a deluge of spam if you do this.
If you’re on the other end of things and want to contact a domain owner, see if their registrar uses a Whois privacy service that includes email forwarding. For example, domains at Namecheap have rotating email addresses in Whois that forward non-spam messages to the domain owner.
For domains registered elsewhere, registrars sometimes include a contact form on their Whois page.
You can also try to find historical Whois records for the domain that were archived before Whois information was redacted. DomainTools sells data subscriptions or one-off reports with historical information about a single domain. DomainIQ is a subscription service with archived records.
It’s a privacy-focused world
The introduction of privacy regulations has helped domain owners protect their identities. This is mostly a good thing, but it makes it more difficult to contact a domain owner when you have a legitimate reason to do so.
Policy around Whois and privacy regulations is still changing, so stay tuned.
Learn more about Domain Privacy at Namecheap.
You might also be interested in Domain Vault, our most sophisticated security for domains. Domain Vault combines a Registry Lock with both human and machine verification elements so you benefit from both. Getting Domain Vault for your most valuable domains will ensure your DNS never changes without you knowing.