What is WHOIS privacy protection?

Contents

Anyone who registers their domain with a domain registrar is required to submit contact information. This contact information may then be publicly accessible. If you want more autonomy, security and privacy when it comes to your data, you’ll need to take some steps to ensure domain privacy protection. Domain privacy allows you or your domain registrar to delete publicly available data about you or your business from the WHOIS entry on your domain.

What is domain protection?

Domain privacy protection refers to the possibility for anonymity and privacy when registering a domain. Anyone who registers a domain is required to submit various kinds of information in order to officially purchase the domain. That information includes personal data, business data and contact information. More specifically, some examples are:

Name
Email address(es)
Business address(es)
Phone number

So what’s the problem with that? The personal information that’s connected to a domain isn’t private. It’s openly available via the WHOIS database, unless the domain registrar or registrant took specific steps to ensure WHOIS privacy. With domain privacy protection, the information connected to your domain is anonymised or replaced with information from your domain or hosting provider. That way you can protect your personal or company data.

What is WHOIS?

Domains, along with their IPs and the personal/company data connected with them, are managed by the ICANN (Internet Corporation for Assigned Names and Numbers) in namespaces. In order to coordinate IP addresses and domain name servers (DNS), the ICANN has determined how domains can be registered. It also manages the assignment of DNS, IP and associated data under the umbrella of IANA.

When registering a domain, customers hand over personal data to registrars and registries, which are then publicly accessible via the WHOIS database. WHOIS is an internet registry that contains all the available information about a domain. The main reason this data is collected is to verify the legitimacy of each domain registration. WHOIS entries are meant to ensure that it’s possible to contact domain owners in the event of legal or technical problems or other issues.

The following information is part of a WHOIS entry in the WHOIS database:

Domain name
Domain registrar
DNS entries/DNS servers
Date of registration
Expiration date for domain registration
Information about the registration’s renewal date
Status of the domain
Admin-C and Tech-C
Contact information (email, phone number, address, name) for the domain owner

The scope and content of WHOIS information will vary depending on domain type/domain ending, as different registries might be responsible for different domain types. Due to the European GDPR, many WHOIS entries in the EU are automatically anonymised or are only revealed in response to legitimate inquiries. This is also the case in the UK.

What is a WHOIS lookup?

Anyone who visits a website or wants to get information about a domain can do a WHOIS lookup. A WHOIS lookup shows when a domain was registered and which person or company it was registered to. Depending on the scope of the WHOIS entry, there might also be contact information or personal data about the domain owner. Lookups are free and can be done using various domain administrators, including:

ICANN via the ICANN WHOIS LOOKUP service
The service WHO.IS at WHO.IS

The advantages of WHOIS lookups include:

Checking and proving the legitimacy and uniqueness of a domain
Collecting information about a domain before registering a new one
Making it possible to contact domain owners in the case of technical or legal problems

Tip

Looking for a free and easy way to find out who a domain belongs to? Use the IONOS WHOIS Domain Lookup and get all the publicly accessible information about a domain.

The GDPR was introduced in Europe in 2018 and strictly regulates the processing, publishing and storage of personal data. But while it is an EU-based regulation, the GDPR has far reaching consequences for users and companies around the world. In the case of domain privacy, many registrars have made their processes GDPR compliant for everyone.

So what does GDPR compliance look like in the context of domain privacy? For one, it means that registrars are required to delete or anonymise personal data in WHOIS entries for top level domains (gTLDs and EU ccTLDs. It also applies to privacy in the context of domain management.

According to the GDPR, domain providers are required to delete personal data from publicly accessible WHOIS entries, unless a domain owner indicates otherwise. These days, many domain registries offer their own services for domain privacy protection. Those services include:

Anonymised forwarding addresses for WHOIS lookups
WHOIS entries about domain owners are replaced with information from domain provider or a third-party provider
Selected WHOIS privacy for selected domains
Two-factor authentication and private WHOIS management

What are the advantages of having whois privacy?

When considering this question, it’s important to strike a balance between the benefits of WHOIS entries and better domain privacy. Having your information publicly accessible means that visitors to your site can approach you with questions or concerns. In general, it means that anyone is able to find out who owns a domain.

On the other hand, the advantages of whois privacy include:

Anonymising sensitive personal or company information
Preventing the misuse of publicly available contact data, e.g. in the form of spam or phishing
Preventing domain and identity theft
Enabling contact to domain owners using an anonymised forwarding address

Can WHOIS privacy be used for any top-level domain?

Whether domain privacy protection is possible will mostly depend on the domain provider. The terms and conditions should state whether domain privacy is an option or not. Domain privacy is not allowed when registrant is trading from the domain name, for example.

Note that for some domains, domain privacy is not allowed. This includes domains such as .us, .au, .it and .br. This means that you are required to enter your contact information when registering one of these domains and that that information cannot be anonymised or falsified.

For country-specific domains in the EU, the GDPR will apply to domain registration via registries like ICANN.

Tip

Benefit from comprehensive protection for your domain with Domain Security by IONOS. We offer reliable protection against unwanted access with two-factor authentication, DNSSEC encryption and official domain owner certification.

Global Domain Report 2026

Preregister for the Global Domain Report 2026 and join our mission through the domain universe.

Stay on top of AI!

How to protect your email address on your website from spam

Spam robots, so-called harvesters, consistently search the internet for e-mail addresses that can be used for unlawful advertising, phishing e-mails, and spreading viruses, worms, and Trojans. You’re recommended to have your contact details on your website, but how do you stop…

Security
JavaScript
Encryption

Rawpixel.comshutterstock

How can you increase password security?

Password security is often an underestimated measure in the fight against cybercrime. By choosing strong passwords, using password managers, regularly checking for leaks, and responding appropriately to breaches, you can protect your digital identity. Here, we’ll show you what to…

Data Protection
Security
Advice

What is Cybersecurity?

More and more dangers are creeping into the digital world. So it is no surprise that the issue of cybersecurity is gaining more and more weight and is taking a leading role in the fight against cybercrime. But how can you protect yourself from dangers on the network? And what is…

Security

What is WHOIS privacy pro­tec­tion?

What is domain pro­tec­tion?