What is WHOIS privacy protection?

Anyone who registers their domain with a domain registrar is required to submit contact information. This contact information may then be publicly accessible. If you want more autonomy, security and privacy when it comes to your data, you’ll need to take some steps to ensure domain privacy protection. Domain privacy allows you or your domain registrar to delete publicly available data about you or your business from the WHOIS entry on your domain.

What is domain protection?

Domain privacy protection refers to the possibility for anonymity and privacy when registering a domain. Anyone who registers a domain is required to submit various kinds of information in order to officially purchase the domain. That information includes personal data, business data and contact information. More specifically, some examples are:

  • Name
  • Email address(es)
  • Business address(es)
  • Phone number

So what’s the problem with that? The personal information that’s connected to a domain isn’t private. It’s openly available via the WHOIS database, unless the domain registrar or registrant took specific steps to ensure WHOIS privacy. With domain privacy protection, the information connected to your domain is anonymised or replaced with information from your domain or hosting provider. That way you can protect your personal or company data.

What is WHOIS?

Domains, along with their IPs and the personal/company data connected with them, are managed by the ICANN (Internet Corporation for Assigned Names and Numbers) in namespaces. In order to coordinate IP addresses and domain name servers (DNS), the ICANN has determined how domains can be registered. It also manages the assignment of DNS, IP and associated data under the umbrella of IANA.

When registering a domain, customers hand over personal data to registrars and registries, which are then publicly accessible via the WHOIS database. WHOIS is an internet registry that contains all the available information about a domain. The main reason this data is collected is to verify the legitimacy of each domain registration. WHOIS entries are meant to ensure that it’s possible to contact domain owners in the event of legal or technical problems or other issues.

The following information is part of a WHOIS entry in the WHOIS database:

  • Domain name
  • Domain registrar
  • DNS entries/DNS servers
  • Date of registration
  • Expiration date for domain registration
  • Information about the registration’s renewal date
  • Status of the domain
  • Admin-C and Tech-C
  • Contact information (email, phone number, address, name) for the domain owner

The scope and content of WHOIS information will vary depending on domain type/domain ending, as different registries might be responsible for different domain types. Due to the European GDPR, many WHOIS entries in the EU are automatically anonymised or are only revealed in response to legitimate inquiries. This is also the case in the UK.

What is a WHOIS lookup?

Anyone who visits a website or wants to get information about a domain can do a WHOIS lookup. A WHOIS lookup shows when a domain was registered and which person or company it was registered to. Depending on the scope of the WHOIS entry, there might also be contact information or personal data about the domain owner. Lookups are free and can be done using various domain administrators, including:

The advantages of WHOIS lookups include:

  • Checking and proving the legitimacy and uniqueness of a domain
  • Collecting information about a domain before registering a new one
  • Making it possible to contact domain owners in the case of technical or legal problems
Tip

Looking for a free and easy way to find out who a domain belongs to? Use the IONOS WHOIS Domain Lookup and get all the publicly accessible information about a domain.

How does the GDPR affect domain privacy?

The GDPR was introduced in Europe in 2018 and strictly regulates the processing, publishing and storage of personal data. But while it is an EU-based regulation, the GDPR has far reaching consequences for users and companies around the world. In the case of domain privacy, many registrars have made their processes GDPR compliant for everyone.

So what does GDPR compliance look like in the context of domain privacy? For one, it means that registrars are required to delete or anonymise personal data in WHOIS entries for top level domains (gTLDs and EU ccTLDs. It also applies to privacy in the context of domain management.

According to the GDPR, domain providers are required to delete personal data from publicly accessible WHOIS entries, unless a domain owner indicates otherwise. These days, many domain registries offer their own services for domain privacy protection. Those services include:

  • Anonymised forwarding addresses for WHOIS lookups
  • WHOIS entries about domain owners are replaced with information from domain provider or a third-party provider
  • Selected WHOIS privacy for selected domains
  • Two-factor authentication and private WHOIS management
Tip

For more security and privacy in domain registration, use a private domain from IONOS. We provide domain privacy protection from the get-go by entering our company data instead of your personal data in the WHOIS entry.

What are the advantages of having whois privacy?

When considering this question, it’s important to strike a balance between the benefits of WHOIS entries and better domain privacy. Having your information publicly accessible means that visitors to your site can approach you with questions or concerns. In general, it means that anyone is able to find out who owns a domain.

On the other hand, the advantages of whois privacy include:

  • Anonymising sensitive personal or company information
  • Preventing the misuse of publicly available contact data, e.g. in the form of spam or phishing
  • Preventing domain and identity theft
  • Enabling contact to domain owners using an anonymised forwarding address

Can WHOIS privacy be used for any top-level domain?

Whether domain privacy protection is possible will mostly depend on the domain provider. The terms and conditions should state whether domain privacy is an option or not. Domain privacy is not allowed when registrant is trading from the domain name, for example.

Note that for some domains, domain privacy is not allowed. This includes domains such as .us, .au, .it and .br. This means that you are required to enter your contact information when registering one of these domains and that that information cannot be anonymised or falsified.

For country-specific domains in the EU, the GDPR will apply to domain registration via registries like ICANN.

Tip

Benefit from comprehensive protection for your domain with Domain Security by IONOS. We offer reliable protection against unwanted access with two-factor authentication, DNSSEC encryption and official domain owner certification.

How to successfully implement domain privacy protection

If you want to take advantage of domain privacy protection when registering your domain, most domain providers offer this option without much of an increase in domain costs. Domain privacy protection with IONOS, for example, is simply a question of private domain registration. IONOS essentially acts as a middleman between you and the WHOIS database. So the personal data in the WHOIS entry will be filled with company data that don’t lead back to you as the domain owner. IONOS’s private domain registration is available for the following domain endings:

  • .com
  • .net
  • .org
  • .biz
  • .info
  • .name
  • .mobi
  • .cc
  • .tv
  • .mx
  • .com.mx