Help Center / mastery
WHOIS, RDAP, and Domain Privacy
WHOIS, RDAP, and Domain Privacy
Part 10 of 12 in the Domain Mastery series — Previous: How Domain Transfers Work
When you register a domain, certain information about the registration is made publicly accessible. WHOIS and RDAP are the systems that provide this access. Understanding how they work — and how your data is protected — is important for every domain owner.
What Is WHOIS?
WHOIS (pronounced "who is") is a protocol that lets anyone look up information about a domain registration. It has been in use since the early days of the internet.
When you run a WHOIS query on a domain, you can typically see:
- Domain name and registration dates
- Expiration date
- Registrar name and contact
- Nameservers
- Domain status codes
- Registrant contact information (may be redacted)
What Is RDAP?
RDAP (Registration Data Access Protocol) is the modern replacement for WHOIS. Since January 2025, RDAP is mandatory for all gTLD registrars.
| Feature | WHOIS | RDAP |
|---|---|---|
| Format | Plain text | Structured JSON |
| Protocol | TCP port 43 | HTTPS |
| Standardized output | No | Yes |
| International characters | Limited | Full Unicode |
| Access control | None | Supports authentication |
For most users, the difference is invisible — domain lookup tools use RDAP behind the scenes and display the results in a readable format.
What Information Is Displayed?
Always Visible
Regardless of privacy settings, these fields are always public:
| Field | Example |
|---|---|
| Domain name | example.com |
| Registrar name | Example Registrar, Inc. |
| Registrar abuse contact | abuse@registrar.com |
| Creation date | 2020-01-01 |
| Expiration date | 2027-01-01 |
| Last updated date | 2026-06-15 |
| Status codes | clientTransferProhibited |
| Nameservers | ns1.example.com, ns2.example.com |
| DNSSEC status | signed / unsigned |
May Be Redacted
Under privacy laws like GDPR, personal information can be protected:
| Field | Redacted? |
|---|---|
| Registrant name (person) | Yes |
| Registrant organization | No (legal entities are public) |
| Registrant street address | Yes |
| Registrant city | No |
| Registrant state/province | No |
| Registrant country | No |
| Registrant phone | Yes |
| Registrant email | Yes (or replaced with anonymized contact) |
| Admin/Tech contact details | Yes |
When a field is redacted, it typically shows "REDACTED FOR PRIVACY" in place of the actual data.
How Privacy Protection Works
There are several ways your personal information can be protected:
1. GDPR / Data Protection Redaction
If your registration is subject to GDPR (you're in the EU/EEA, or your registrar applies GDPR protections broadly), personal fields are automatically redacted. Most registrars now apply redaction to all registrations regardless of location.
2. Privacy / Proxy Services
Some registrars offer a privacy service that replaces your contact information with the privacy provider's details:
- Your name, address, phone, and email are replaced
- The privacy provider forwards legitimate contacts to you
- Your actual data is held by the registrar but not displayed publicly
3. Anonymized Email
Instead of showing your real email or redacting it entirely, many registrars provide an anonymized relay address:
Registrant Email: owner-abc123@privacy.registrar.com
Messages sent to this address are forwarded to your real email, allowing people to contact you without knowing your actual address.
Why Registration Data Matters
Even with privacy protections, registration data serves important purposes:
- Abuse reporting — Registrar abuse contacts are always public so issues can be reported
- Law enforcement — Authorities can request full data through proper channels
- Dispute resolution — UDRP and similar processes need to identify domain holders
- Technical troubleshooting — Nameserver and status information helps diagnose issues
Looking Up Domain Information
You can look up domain information using:
- ICANN Lookup — The official ICANN tool at lookup.icann.org
- Your registrar's website — Most offer a WHOIS/lookup page
- Command line —
whois example.com(available on most systems)
Data Accuracy Requirements
ICANN requires domain registration data to be accurate. As a domain owner:
- You're required to provide truthful registration data
- Your registrar will send annual reminders to verify your information
- Inaccurate data can result in domain suspension
- Keep your email address current — it's used for important notifications
What You Should Do
- Check your WHOIS/RDAP data — Look up your own domain to see what's public
- Enable privacy protection if offered by your registrar
- Keep your contact info current — Even if redacted publicly, it must be accurate in the registrar's system
- Monitor for unauthorized changes — Unexpected contact changes could indicate a security issue
- Respond to verification requests — Your registrar is required to verify your data periodically
Key Takeaway
WHOIS and RDAP make domain registration data accessible for legitimate purposes, but modern privacy protections ensure your personal information is not exposed to the general public. Keep your registration data accurate, use privacy services when available, and check your domain's public listing periodically.