When you register a domain, you are required by ICANN to give registrars up-to-date personal information such as name and contact information, which is then required to be displayed publicly.
While there is no official Whois directory, the public output that registrars are required to display acts as a vast address book for domains. Each Whois record contains details on the registrant (.e.g. you), registrar (e.g., Namecheap), name servers, expiry date, and so on. Your information includes your name, address, email, and phone number.
This information is a vital resource if any issues should arise regarding your domain, such as from ownership confirmation. ICANN requires that it is shared publicly by default (unless you are protected by the GDPR, but more on this later).
Sharing your registrant information publicly has many drawbacks. The largest being that anyone can find your information online and use it however they please, including to spam you.
If you want to make sure your personal contact information is not made available to the public, one choice you can make is to use a domain privacy service.
So how important is domain privacy and what does it mean for you? Let’s dive right in.
If you’ve just purchased a new domain name and are keen to get building your brand on the web, you may be wondering, is domain privacy needed?
Anyone who owns a website, whether it’s for an organization, a business, or for a hobby, is required by ICANN (and also by registries not governed by ICANN) to provide accurate and full contact information for their domain. By default, this information is required to be made public.
Registered domain names can be entered into any free-to-use Whois search tool, and anyone can retrieve the Whois information that has been made public. So, if your personal information is not protected, they will retrieve it.
All of your personal information is laid out, left wide open for unsolicited marketing and sales contacts, spam, and may allow your domain to get hijacked.
Enter domain privacy protection, a service that keeps your contact information anonymous by replacing real contact information with that of the privacy service and randomly generated email addresses.
The simple act of registering a domain triggers a number of requirements in how your personal information (contained in Whois) is treated, including publication of your information (as mentioned above) and required sharing with third parties. Here’s what happens today.
You may have heard about the General Data Protection Regulation, otherwise known as GDPR. Created in the European Union, the law is designed to protect the personal data of the people who are in the EU, and has set rules on how personal data information is collected, used, and stored.
The GDPR has affected the publication of domain Whois information. Customers covered by GDPR have their information protected by “redacted” Whois. This means that, instead of your personal information, the public display for your domain will state “redacted for privacy” (or something similar.) Registrars have the option (but not obligation) to extend redaction to other domain customers, unless specifically prohibited by a registry.
However, even if your information is redacted for privacy, while it’s protected from the public, it will still be available to the registry. In fact, quite a number of registries require registrars to automatically send them this information. This means that your personal information is further shared (aka “onward sharing”) and you need to review every registry with whom you have a domain to understand how they will process and potentially share your personal information. The only way to prevent onward sharing with a registry is to have a privacy or proxy service.
But, did you also know that with many privacy or proxy services, registrars are required to share your information with them? In other words, your information is still subject to onward sharing and, likewise, requires you to review this party’s privacy practices. Using a privacy / proxy service that requires your information may reduce the number of third parties who get your information (by eliminating sharing with registries), but it doesn’t eliminate it.
At Namecheap, your privacy is a core value. Notably, our domain service provider does not require customer information. This data remains with Namecheap, and our customers only need to understand our policies, rather than multiple policies.
Here at Namecheap, we offer domain privacy for every customer, on every eligible domain.
So what is private registration for a domain name and what does it look like?
The example above shows how your contact information appears when you have domain privacy protection with Namecheap. This means that it’s much harder for people to reach you by looking you up in the Whois records (if you’re not already covered by GDPR) — a privacy protection service masks your identity.
You may find that some domain registrars charge for domain privacy protection. Here, customers will find that our domain privacy service is free for life as we believe in going that extra mile and making sure that our customers are protected.
We want our customers to know exactly what will or will not happen with their personal information and strongly believe in upholding privacy standards.
If you’re considering whether private domain registration is worth it, let’s go over the reasons why you benefit.
1. Protect your personal information
Identity theft is a serious problem online, and personal information is needed when registering a domain name. If someone were to gain access to this data, it could cause serious problems for you or your business. Whois protection conceals this information. Domain privacy is necessary to help prevent your data from getting into the wrong hands.
2. Prevent unsolicited marketing outreach
Listing your contact information alongside your domain invites unwanted attention from salespeople, spammers, telemarketers, and fraudsters. Some individuals scan the Whois database for contact information, trawling newly registered websites in particular. Soon after registration you may be targeted with emails and calls about trying to offer online marketing, SEO, making domain privacy protection worth getting just to avoid such communications!
3. Minimize spam
Private registration for a domain name is necessary if you want to protect your email, and cut down on unsolicited emails from spammers. Your domain registrar will include an alias email in place of your own within the Whois database cutting down the likelihood of phishing emails. Such phishing emails (attempting to obtain your sensitive information, usernames, passwords, etc.) won’t reach your true email if you use domain privacy protection.
4. Greater control over your personal information
With domain privacy protection in place, your personal information will not be subjected to onward sharing, keeping it safe and secure.
It depends on what you are trying to protect and who you are trying to protect it from. As mentioned, WHOIS will stop automated address harvesters from getting their hands on your details, but a focused attacker would find indirect ways to ascertain who the real owner is.
Let’s imagine you run a business. If your business address is already listed on your website, there’s no need to hide your details from the Whois database, as it’s already out there for anyone to find.
If you run a blog about your family life that you share with people all over the world, you will most likely want to keep your address hidden, and need privacy protection for your domain name to achieve this. Given that with Namecheap, domain privacy costs nothing, it’s worth having for peace of mind.
Although Whois privacy service is available for almost all domains, some are unavailable due to registry restrictions.
Currently, this includes .ca, .ch, .cn, .co.in, .co.uk, .com.au, .com.es, .com.sg, .de, .es, .eu, .fr, .gg, .id, .in, .is, .law, .li, .me.uk, .net.au, .nl, .nom.es, .nu, .nyc, .org.es, .org.au, .org.uk, .paris, .sg, .to, .uk, .us, .vote, .voto, and .xn--3ds443g domains.
Privacy protection may already be in place for certain TLDs, or restrictions may be in place for specific geographic locations.
Take .us, for example. In 2005 the National Telecommunications and Information Administration requested that all registrants must make their contact information public. This was to help make sure that .us registrants followed the requirements, such as that they must be a US citizen or resident, when registering their domain.
It’s easy to add Whois privacy to your domain name. The process varies between registrars but there are just two ways to add it, at registration — or after.
Here’s how to hide Whois information at Namecheap:
Once you’ve found your dream domain name, domain privacy will be added as default. If you want to remove it, you will receive a pop-up warning that removing domain privacy will make your information public and by proceeding, you are giving explicit consent to Namecheap to do this.
If you remove privacy protection when you register a domain, don’t worry, you can always change your mind and add it at a later date. However, if you have the option to apply privacy from the get-go, do so. If you don’t apply privacy upfront, your information will be available to the public. There are tools available that allow people to find previously listed domain ownership data, transfer history, and historical sales records of a domain.
If you remove the protection that Namecheap offers, and your current domain is getting spammed, you should get domain privacy. Email and phone spam will be greatly reduced if you have privacy protection in place.
We believe you can’t put a price on things like security or privacy, so domain privacy is FREE for the life of your domain. Make your domain information private today!
This domain privacy service (from our chosen Whois privacy service provider Withheld for Privacy), is now free for everyone, keeping your personal data safe, for life.
With Namecheap’s domain privacy service, your confidential information is no longer available for public consumption, and it will no longer be unnecessarily shared. It's the best global domain privacy option you'll find anywhere, guaranteed.