What is WHOIS privacy?

Home / Everything About / Everything About Domains / What is WHOIS privacy?

WHOIS privacy is one of those settings that takes about 30 seconds to enable and almost never gets talked about until someone starts receiving spam at the email address they used to register their domain. By the time most brand owners notice the problem, their details have already been scraped and sold to mailing lists. This chapter covers everything you need to know to make an informed decision before that happens.

What is WHOIS?

WHOIS is the public database that stores registration information for every domain name on the internet. When you register a domain, the registrar is required to submit your contact details to this database. Those details are then publicly accessible to anyone who runs a WHOIS lookup on your domain name.

The system was designed in the early days of the internet as a way to identify who owned and operated domain names. At the time, the internet was a small, academic network and the idea of publishing that information publicly seemed reasonable. The internet has since changed significantly, but the underlying structure of WHOIS as a public record has remained in place.

What information is in a WHOIS record?

A typical WHOIS record for a registered domain contains the following information:

  • Registrant name (the person or organization that registered the domain)
  • Registrant email address
  • Registrant phone number
  • Registrant mailing address
  • Registrar name (the company the domain was registered through)
  • Registration date
  • Expiry date
  • Name server information
  • Domain status flags

The registrant email address is typically the most valuable piece of information for anyone scraping WHOIS data for marketing or malicious purposes. It is a verified, active contact point that the owner checks regularly. That makes it a target.

WHOIS lookups are free and take seconds to run. Anyone can look up the registration details behind any domain name using publicly available tools. There is no barrier to access and no logging of who has searched for what. If your details are in the public record without protection, they are available to everyone.

What does whois privacy do?

WHOIS privacy, also called domain privacy protection, replaces your personal contact details in the public WHOIS record with proxy contact information provided by your registrar. Instead of your name, email, phone number, and address appearing in the database, the public record shows the registrar's proxy address and a generated forwarding email address.

Any legitimate contact attempt made through the proxy email is forwarded to your real address. The registrar acts as a go-between. Your domain is still publicly registered, fully functional, and traceable to a real owner. The owner's identity is just protected from casual lookups and automated scraping.

Why does this matter?

The practical effects of leaving your WHOIS record unprotected fall into a few categories.

The most common is spam. Automated scripts scrape WHOIS records at scale, harvesting email addresses and feeding them into mailing lists. Domain owners with unprotected records regularly receive unsolicited emails from SEO agencies, web design services, domain brokers, and marketing platforms. Some of this is low-grade marketing noise. Some of it is more carefully crafted phishing.

Social engineering is a more serious risk. Someone who wants to gain access to your registrar account, your hosting, or your email platform does not need to hack anything if they can gather enough personal detail to impersonate you convincingly. Your name, email address, phone number, and mailing address, all available in a WHOIS record without privacy protection, give an attacker a significant head start. A phone call to your registrar's support team armed with those details is a common vector for account takeovers.

There is also the question of identity theft at a broader level. The combination of a name, email address, phone number, and physical address is exactly the kind of profile that feeds into automated login attacks and targeted fraud.

Unwanted contact from domain investors and brokers is a separate, lower-stakes issue that many brand owners still find disruptive. If you own a domain name that someone else wants, an unprotected WHOIS record makes it very easy for them to reach out directly.

What whois privacy does NOT protect you from

WHOIS privacy is not a way to hide your identity completely, and it is not a security product. Understanding what it does not cover is just as important as understanding what it does.

Your domain is still publicly registered

Enabling privacy protection does not hide the fact that your domain exists. The domain name itself, the registrar, the registration date, the expiry date, and the name server details all remain visible in the public record. Anyone who looks up your domain can still see that it is registered, when it expires, and which registrar holds it. They just cannot see your personal contact details.

Your registrar still holds your real details

The registrar has your actual registration information on file regardless of whether privacy is enabled. WHOIS privacy changes what is displayed publicly. It does not change what is stored privately. Law enforcement, ICANN dispute resolution panels, and courts can still require registrars to share your real registration information when needed. Privacy protection is not a shield against legal processes.

Privacy is not the same as domain security

WHOIS privacy protects your personal information from being publicly visible. It does not protect your domain from being transferred away, hijacked, or tampered with by someone who gains access to your registrar account. Those protections come from registrar lock, strong authentication, and two-factor sign-in on your registrar account. The next chapter covers domain security in full, including how to protect your domain from getting hijacked.

How to enable domain privacy protection

Enabling WHOIS privacy is straightforward at most registrars. The steps vary slightly depending on the platform, but the general process follows the same pattern.

  1. Log in to your registrar account.
  2. Go to your domain management panel.
  3. Find the domain you want to protect and open its settings.
  4. Look for a setting labeled Privacy Protection, WHOIS Privacy, or Private Registration.
  5. Toggle it on.

In most cases the change takes effect within a few hours. Some registrars apply it immediately.

Is it free?

Many registrars now include WHOIS privacy at no additional cost as a standard part of domain registration. This became more common after ICANN introduced stricter data privacy rules in 2018, which required registrars to treat personal data with greater care. Some registrars still charge a separate fee for privacy protection. If yours does, check whether another registrar offering the same TLD includes it for free before assuming the charge is unavoidable.

If you registered your domain without enabling privacy and want to add it now, you can do so on most domains at any time after registration. Enabling it stops future exposure, though it cannot remove any data that was already scraped before the protection was turned on.

When you might not want WHOIS privacy

There are situations where making domain ownership publicly visible is the right choice, or at least a considered one.

Legal and trademark situations

If your brand name is trademarked and you want to establish a clear, public record of ownership, having your registration details visible can strengthen your position in a trademark dispute. WHOIS records are sometimes cited as evidence of who registered a domain and when. Using a proxy service, while fully legal, means the public record shows the registrar's details rather than yours. In most dispute resolution processes the real ownership can still be confirmed through the registrar, but some brand owners prefer to keep their details public for this reason.

Organizational transparency

Some organizations, government entities, and established institutions register domains under their full legal name and address as a matter of public accountability. Transparency about ownership is part of how they operate. That is a legitimate reason to leave registration details public rather than hidden behind a proxy.

B2B contact availability

Some domain owners prefer to be reachable through their WHOIS record for domain purchase inquiries or partnership contact. If you own a domain you would consider selling, keeping your email visible makes it easier for interested parties to contact you directly. The tradeoff is the spam and unsolicited contact that comes with it.

How WHOIS privacy affects domain transfers

Domain transfers require authorization from the registrant. The transfer process uses your real email address, the one on file with your registrar, regardless of whether privacy protection is enabled on the public record.

When you initiate a transfer, the authorization email goes to the real address stored in your registrar account. The proxy contact details in the public WHOIS record are not involved in transfer communications. This means privacy protection does not interfere with your ability to transfer your domain to a different registrar when you choose to.

If you are the recipient of a transfer, the same applies. Any confirmation or authorization code is sent to the email address associated with the real registrant account, not to whatever proxy is shown in the public record.

The chapter on what a domain transfer is covers how the transfer process works in full, including what authorization is required and how the process is confirmed.

WHOIS privacy and domain availability checks

When someone performs a WHOIS lookup to check whether a domain is available, they can see that a domain is registered even if privacy protection is enabled. The availability check returns a "registered" status, and the public record shows the proxy contact rather than the real owner.

This has no practical effect on availability checks. The domain is either registered or it is not. Privacy protection changes who the public record shows as the contact, not whether the domain appears as registered. The chapter on how to check if a domain name is available explains how WHOIS lookups work as part of the availability check process.

How WEMASY handles domain privacy

Domains registered through WEMASY include privacy protection as part of the registration. Your personal contact details are not exposed in the public WHOIS record when you register a domain through your WEMASY account. The domain management panel in your account lets you view and manage your domain settings, DNS records, and privacy status in one place.

If you bring an existing domain registered elsewhere, privacy settings are managed at your existing registrar. Connecting an external domain to your WEMASY site does not change how your registration details are handled at that registrar.

See what is included in each plan at WEMASY pricing.

Frequently asked questions

Does WHOIS privacy affect how my site ranks in search engines?

Can I enable WHOIS privacy on any domain extension?

Will legitimate contacts still be able to reach me through the proxy?

What happens to my privacy protection if I transfer my domain to a new registrar?

Is WHOIS data always accurate?

With WHOIS privacy covered, the next chapter moves into domain security. Protecting your personal details from the public record is one layer of protection. Protecting the domain itself from being transferred away without your knowledge or taken over through your registrar account is a separate and equally important set of steps. The next chapter covers how to protect your domain from getting hijacked and the specific settings to check at your registrar.

If you are still in the process of setting up your domain for the first time, the chapter on how to register a domain walks through the full registration process, including what to check and enable before your registration is complete. And if you want to make sure you hold your domain for the long term, the chapter on keeping a domain name permanently covers renewal strategies and what it takes to never lose your domain by accident.

DEVELOPMENT VERSION