Whois Privacy: Make Your Public Data Less Vulnerable

Andrew Allemann | October 20, 2016

4 min read

Do you get a lot of robocalls on your cell phone? How about unsolicited text messages offering you a logo for your new website? Is your spam folder overflowing with offers for SEO services? Do you wonder how in the world they got your contact information?

Whenever you register any domain name, you’re required by ICANN to create a record of who owns it. Because this information is public in the Whois Search Directory, it means that scammers and spammers have free access to the phone numbers and addresses of anyone who registers a domain name.

Namecheap offers free Domain Privacy to everyone who registers a domain with us. This ensures no one can find this information associated with your domain.

How Big is the Problem?

When registering a new domain name, you must include the owner’s name, physical address, phone number, and email address. This all becomes part of the ‘Whois record’ for the domain and is publicly available and searchable.

The privacy risk this poses is bad enough for businesses registering a domain, but it becomes even more of a problem for registrations that ask for your home address and telephone number.

Spam from Unprotected Whois Records

To give you an idea of the scope of the problem, let’s look at a handful of the emails I received based on my information in Whois.

Many of them may look familiar to you:

Fake domain name registration notices that try to get you to pay an inflated renewal fee or transfer a domain to another registrar
Phishing emails that entice you to give up your registrar username and password so thieves can steal your domains
Solicitations to buy domain names based on other domains you own
Web hosting offers for your newly-registered domain names
Pitches for SEO services
Warnings that someone is trying to register domain names similar to yours and asking for your permission. This is another way to try to fraudulently obtain your private account information.

Not only are these emails an inconvenience, but they often dupe people into buying unneeded services, further perpetuating spam and data misuse. Worse, people are frequently tricked into surrendering passwords and thereby having their domain names stolen.

What’s the Solution?

Fortunately, there is a simple way to keep your personal information out of the Whois database: Whois privacy.

There are two similar services that hide your personal contact information: Whois Privacy and Whois proxy.

Most services you will encounter are Whois Oroxy services. The proxy is the domain registrar (such as Namecheap.com), which registers the domain on your behalf. When Whois Privacy is selected, the proxy company substitutes its own contact information for the customers.

However, using Whois Privacy still allows for the transmission of legitimate contact requests. When someone needs to reach the actual owner of a domain, the registrar provides a unique email address that filters out most spam and lets through legitimate emails while still protecting the domain owner.

You also don’t have to worry about text messages and robocalls since the proxy’s phone number is substituted for yours.

Other forms of domain privacy

While you’re looking into protecting your personal details, you might want to protect your domain from unwanted DNS changes as well. Take a look at Domain Vault, Namecheap’s new product that combines several key security features for domains, including registry lock. It means only authorized persons can ever make changes to crucial settings for your domain, and when changes do need to be made, the person requesting them will have to go through levels of machine and human verification before they can.