When purchasing a domain name, you’re required to submit certain information like your phone number, full name and address, email address, and so on. This is required by your domain registrar on behalf of ICANN (Internet Corporation for Assigned Names and Numbers) to create transparency concerning domain name ownership. But this transparency comes at a cost, which we’ll discuss at length in this article as well as measures to protect yourself from the potentially harmful effects of having your personal data made public.
The personal data you submit when buying a domain is made public in Whois along with other data such as nameservers, expiry date, renewal date of domain, etc. Whois is a technical directory that can be used to look up information pertaining to any gTLD (generic top level domain) like .com, .net or .online, and that includes all of your submitted personal information as well. This can make you vulnerable to the actions of illegitimate data collectors, identity thieves and domain hijackers. This unless you opt for private Whois or private domain registration.
What is Private Whois?
ICANN requires you to maintain accurate and up-to-date information regarding your domains and the legal and contractual ownership of a domain name is tied to the information you submit during the registration process of a domain. This means that whoever is listed in the Whois as the owner of the domain is considered to have legal ownership of it. You could circumvent the requirement to provide your personal data by submitting someone else’s data instead of your own, but that person will be considered the rightful owner in case of a dispute. Even if you’ve paid for the domain, if you listed someone else’s data, in the eyes of the ICANN, the person listed as the registrant is the rightful owner of the domain.
When you register a domain, some providers allow you to choose an add-on service called private domain registration, also referred to as private Whois or domain privacy protection. This service will allow you to mask or hide your name and contact info by replacing it with generic information generated by your registrar, therefore making it unable for others to retrieve your personal information from the Whois database.
Different domain registrars will have different names for private domain registration – some call it domain privacy protection (e.g. A Small Orange), others refer to it as private Whois registration (e.g. HostGator), while other registrars call it domain privacy (e.g. BlueHost, GoDaddy) or Whois Guard (e.g. Namecheap). Prices for this service are also quite varied, so make sure you compare prices before you register a domain.
Why Private Domain Registration is Important?
While not all domains are allowed to have domain privacy protection (for example, the majority of country code top level domains are not allowed to have private Whois), gTLDs that are allowed to have it can benefit greatly from not having personal data end up in the hands of domain hijackers, data miners or hackers.
Here are three reasons why private Whois matters and why you should consider purchasing this service:
1. Protect your personal information
Identity theft is more common than you would think, and the numbers of identity theft cases are increasing. A skillful person could exploit that data published in the Whois database to the extent of engaging in identity theft. Since you would be weary to publicly share your personal information on social media or other searchable databases knowing that it can end up in the wrong hands, opting for private domain registration makes sure your data is kept safe and hidden in the Whois database.
Another reason why private domain registration is important is that it could protect the data of certain categories of people vulnerable to persecution. For example, if you own a controversial media outlet or a website advocating for the rights of immigrants or LGBTQ rights, a domain privacy service can protect data pertaining to the owners of such sites.
2. Prevent spamming and unwanted solicitations
Salespeople and telemarketers view the publishing of personal information like your phone number and email address as an open invitation for solicitation. In fact, several companies scrape Whois data for newly added information. If your email address is flooded with spam email and your phone keeps ringing off the hook with offerings of social media marketing, SEO, and other “unmissable” business opportunities, it’s a sign that your data has just been picked up by companies advertising their services.
Another thing you may want to be careful with if you don’t use private Whois are bogus “domain renewal” mails, which may pop up when your domain is approaching its expiration date. These will not help you renew your domain and instead they will trick you into thinking you’ve renewed your domain when in fact you didn’t. Make sure you exercise precaution when it comes to domain renewal notices.
To make sure your Whois data stays protected at all times, put your domain privacy service on auto-renewal.
3. Prevent domain hijacking
Domain hijacking used to be a bigger issue than it is today given that nowadays domain registrars lock domain transfers after they’ve been purchased. So, unless someone happens to get their hands on your account credentials, they are unable to transfer your domain. As the Whois protection service generates a dummy email address in lieu of your real email address, all domain transfer authorization attempt mails will be sent to the dummy address instead of your real address. In most cases, emails sent to the dummy address are not even forwarded to the owner’s real address. However, there are Whois protection services that allow you to set a custom address where the emails will be forwarded. It’s a good idea to have a valid address linked to the dummy one, because there might be legitimate reasons why somebody would want to contact you directly, e.g. spam reports, hacking reports, security vulnerabilities, etc. Usually, if they fail to contact you using the Whois listed email address, they will send the email to the hosting provider’s abuse department.
Are There any Downsides to Private Whois?
Apart from the yearly additional costs (which can vary from registrar to registrar) that you will incur for each domain you enable private domain protection for, there are no downsides to enabling a private Whois. However, if your domain was already registered once without such a privacy protection in place, your previously submitted data can still be public and searchable via tools that do historic searches for domain ownership history. Since publication of data pertaining to the owner of a domain is meant to promote transparency, not having your data listed in Whois may trigger some customers to question your reputation – are you really who and what you are claiming to be? In this situation, you have to weigh the pros of full transparency as opposed to the cons of having your data used for fraudulent purposes.
If you’re running an online shop, then you could set the Whois details to be the same as your company’s details, since you’re probably already required to have your contact information like company name and official address, phone number, etc. displayed anyway. There is no reason to hide your WHOIS information, as it might “scare” a few potential business partners away. It’s highly unlikely for a customer to look into your WHOIS information, but a potential business partner will certainly try to gather as much information about you as possible.
Where to Register Your Domain with Private WHOIS?
Most domain registrars will have the option to choose a domain privacy protection service when you register at them. BlueHost’s Domain Privacy service costs $11.99 per year per domain, but some of their shared hosting plans (e.g. Prime plan) – that also come with a free domain name – do offer this service for free. InMotion is another reliable domain registrar that gives you the option to enable Domain Privacy for your domain, and it costs $9.99 per year per domain. HostGator’s domain Privacy Protection feature is available for $12.95 per year per domain. As you can see, there are some differences in pricing, so you’ll have to compare providers to see whose deals are the best.