When you first register a domain, you’re required to provide a small amount of information to get it set up and running: things like your name, address, phone number, and an email address. This information is compiled into what’s called a WHOIS record, there’s no one central database of WHOIS records; instead your domain registrar keeps track of it, as well as other domain name registries and directories.
The Point of a WHOIS Record
The purpose of a WHOIS record isn’t just to know whether or not a domain is registered and who registered it, but when it’ll expire, and who to contact if you’re interested in buying it. This is also true if you believe someone has infringed on your trademark or copyright with their domain.
“…registrars and registries provide public access to data on registered domain names. Anyone can use the WHOIS protocol to search their databases and identify the domain name registrant.”—Internet Corporation for Assigned Names and Numbers (ICANN), 2017
Why Protect Your WHOIS Record
If you choose not to obscure your domain registration information, you’re leaving a lot to chance: domain hijackers could see your name and email address and see if your username or password have been in any Internet breaches. All they need is the right combination, and then they can take over your website and fill it with spam, or even hold it for ransom! I’ve had this happen to me, and it’s not fun.
I made the mistake of using the same username and password for most every service I signed up for (this was back before amazing password managers like 1Password existed), and hackers that claimed to be from Morocco defaced my website and held it for hundreds of dollars in ransom—way more than I, as a broke undergraduate, had at the time for my fan sites—not even an online business! Of course, because I used the same username and password in multiple places, the hackers had access to credit cards I used for domain hosting and registration, my bank account, my email…. It took me over three months of going back and forth with the FBI to get my online identity back, and there are certain hosts and registrars I refuse to use anymore because of the experience.
Even if you think someone won’t be interested in taking over your domain, your name, address, and phone number are all still valuable information for spammers of all stripes, including those who junk mail, telemarketers, and more. The more information you choose to obscure, the harder you make it for those same fraudsters to gain access to other private accounts, like your bank.
How to Protect Your WHOIS Record
Long story short: tons of personal information is required to get a website, but it’s up to you whether you want to protect that information. While attempts at replacing or reworking WHOIS have been made for years, none took off. Many domain registrars offer WHOIS “Guard” or “Privacy” services, but you shouldn’t need to pay for this service, especially considering nonprofit ICANN operates the WHOIS check service free of the oversight of any particular country’s government. My personal favorite registrar, NameCheap.com, offers WHOIS Guard for free. Instead of your name, address, email, and phone number, the record shows WhoisGuard Inc. information, and forwards any messages sent straight to you.
Below, you can see a short sampling of domain registrars (many of them also offer hosting) that offer some form of WHOIS Guard, privacy, or protection, including some pretty big name ones that CHARGE for the “privilege” of protecting your information. I’m not particularly a fan of passing business onto companies that look at privacy as an opportunity to make money instead of a business value, so I won’t link to those registrars.
|Cost for WHOIS Guard / Privacy (in addition to domain registration fee/renewal costs)
One thing to keep in mind is that while WHOIS protection is generally free with a good domain registrar, it’s not ALWAYS free. That’s because some domain extensions (like .co.uk, .us, de, and a handful of others) don’t permit WHOIS privacy. Some registrars also have different opinions on how much gets protected. For example, on Squarespace’s WHOIS Privacy Page, they say:
If your registrar is Squarespace Domains LLC, your state or province, country, and organization name (if one is provided) will show.—Squarespace WHOIS Privacy
If your registrar is Tucows, all fields of ownership information are hidden.