Back
Tech

WHOIS in depth - What data fields are website owners using?

Olle Vastbinder
  • about 1 year ago
  • 7 min read

WHOIS is the best way to find out more information on who owns a domain. With a WHOIS query, you can get all sorts of ownership information on a website. These can be quite short, from just a name, e-mail and country of residence, to quite extensive information listing all details for an organization. The information in WHOIS can be used just to contact an owner. But it also has its uses in brand protection, combating spam and fraud and much more. Keep reading and learn all there is to know about WHOIS.

A short history of WHOIS

To understand how useful WHOIS is, it's good to first take a look at its origins. First, it's good to know WHOIS isn't short for anything, it is literally the question 'Who is'. WHOIS can be traced back to the beginnings of the internet when it was still called ARPANET. At that time, the network was almost solely used by research institutes and universities. Despite its relatively small size, a directory listing all owners was useful to get contact details fast and quick.

But as the internet kept growing, it was becoming more important that everyone was providing their data similarly. Only by ensuring everyone was supplying their information in the same way, it was possible to make it accessible to everyone. In the early 1980s, the WHOIS protocol was standardized. With just a simple query, everyone could now look up domains, people, and other information for any domain. Check the list below for the most common fields.

What information can you typically find in a WHOIS record?

  • The owner of a domain
  • The contact information for the domain owner
  • The registrar and its contact information
  • Creation, update and expiration dates for a domain
  • The technical and admin contacts for a domain

The protocol

To make any data useful, it is essential that it's organized following a standard, or protocol. That's why WHOIS is a protocol. A protocol makes sure everyone is using the same names for the same fields, so things don't get mixed up. A good example of the need for a protocol for WHOIS data is for when you want to know the date of registration for a domain. There are several dates mentioned for different aspects of a domain, such as registration, last change of ownership or when it expires. A protocol helps to prevent all those dates from getting mixed up and ensures you get the date for the information you require.

A simple graphic picture of an old computer
The WHOIS protocol dates back to the very beginning of the internet.

While the WHOIS protocol dictates how the information is shared, it can differ how much information there is available for a domain. Despite it being compulsory for every website owner to supply the information to their registrar, many fields are considered optional or are just outright ignored. Take a look at the list with all possible data fields in a WHOIS here

The most important and used fields

At Dataprovider.com, we currently get the data for the 12 most important WHOIS fields. But as we stated above, that doesn't mean each website will have entered their data in all those fields. When we dive into our data, we see that out of just over 134 million available websites, 117 million are using one or more of the 12 WHOIS fields we detect. That means 17 million websites do not have any information in their fields or are using names for their fields that do not follow the WHOIS protocol. Below, you can see the 12 data fields we track and the percentage of websites that gave an available response that are using that field. 

Bar graph containing the data for the most used WHOIS fields for available websites. The ranking is: 1. WHOIS creation date 82,81% 2. WHOIS expiration date 80,09% 3. WHOIS update date 79,03% 4. WHOIS IANA ISD 65,18% 5. WHOIS email address 63,93% 6. WHOIS country  63,93% 7. WHOIS name   57,13% 8. WHOIS organization 53,79% 9. WHOIS Address 52,15% 10. WHOIS zip code 50,56% 11. WHOIS City 50,56% 12. WHOIS phone number 50,52%
Ranking of WHOIS fields based on how often any information is shown in that field.

Website owners are still quite free to enter any information they want in their WHOIS and leaves room for website owners to be creative. They can even add their own fields or use slightly different names to describe a certain field. This way, you can end up with thousands of variations for the same field. As this can cause unclarity about the ownership of domains and who is responsible for them, the call for a new protocol has been going for some years now. That's why - in due time - WHOIS will be replaced by a standardized and machine-readable JSON format protocol called RDAP. More on that later in this blog.

Registrars are responsible

Whenever someone registers a domain, the registrars are required to provide identifying and contact information to be used in WHOIS. Not only is the registrar responsible for getting this information, but also for keeping it up-to-date. 

Despite the variety of WHOIS fields website owners can use, most websites only offer their basic contact information in their WHOIS. The key elements for most are the creation, expiration and last change dates, along with contact information like country, email address, name, and organization.

What is WHOIS useful for?

There are numerous cases where WHOIS data can play an important role. The reasons for requiring the information can differ. Maybe you want to buy a domain for your business, or you're just curious about who is behind a certain website. But there are also some more legal reasons for using WHOIS data. 

For example, companies battling trademark infringements require the contact information to know where to send cease and desist or takedown notices. Or law enforcement wanting to take down websites with illegal content need the registrar information to close down domains. We've listed the main reasons why people use WHOIS data below.

Some general use cases of why and how WHOIS data is used:

  • Tracking availability of domain names
    See if a domain is actively used and maintained. Inactive domains or domains that might be nearing expiration can be interesting to acquire or keep track of. 
  • Finding trademark and brand infringements 
    Identify and take down domains with trademark infringements or stolen content. The contact information is key to determine where to send any communication. 
  • Discover domain or typo squatting
    Checking WHOIS records can help uncover these “typo squatters” or fraudulent domain owners attempting to capitalize on other brands. The registration information may point to someone with no obvious connection to the name, or the domain may have just been recently registered despite its resemblance to an already prominent site.
  • Law enforcement
    For law enforcement, WHOIS is essential in getting the right information to take down websites with illegal content and track down owners and registrars to do so.
  • Identify domain trends
    See and interpret trends in a registrant’s domain portfolio or changes in contact information over time. Great to spot trends.
  • Due diligence
    WHOIS is an essential resource for online research to assess the reliability of a domain and its contents. It plays a part in due diligence investigations.
  • Detect and prevent spam, malware, and phishing
    Uncovering details about registrants promoting illegal or dangerous content on their domains allows hosts to disable access or report the offenders to the proper authorities. Scrutinizing registration patterns across multiple dubious domains at once can also reveal wider spam or malware networks seeking to evade detection.
  • Public contact data gives a sense of trust
    If you can easily find ownership information for most domains. That can give a sense of trust, no matter if you are a casual user, checking news or doing online shopping, or a professional tracking down business opportunities. 

WHOIS and privacy

While the need for clear WHOIS data is apparent, it does pose some problems when it comes to privacy. Where WHOIS wants as much contact information as possible, privacy regulations can sometimes conflict with that.

Privacy regulations can prohibit the public listing of some or all contact details. In these cases, no or strongly limited contact details are listed. Although this information is left out of the public WHOIS record, the relevant contact details are kept by the Registry and Registrar. Only people with legitimate interest can get the details by contacting either the Registry or Registrar. In contrary to the above, some countries have made it mandatory to show all contact details in a WHOIS.

Pie chart showing the top 6 countries mentioned in the WHOIS Country field. The percantages are: US 38% / Iceland 8% / Canada 7% / China 7% / France 4% / Other 36%
The countries that are mentioned most in the WHOIS Country field.

Privacy service for WHOIS records

As WHOIS can be easily accessed by anyone, it's also available to spammers, scammers, and others out to misuse data. That's why not everyone wants their data listed in WHOIS. In these cases, privacy protection services can be used, although they are not allowed for all TLDs. These privacy services fill the necessary WHOIS data with unique but untraceable contact details, concealing the real identity of the owner. In the meanwhile, the privacy service itself does have your contact details and can forward any communication to you. These services are sometimes part of the registrars package, but for a fee, you can also enlist a separate WHOIS Privacy Service. 

But there are more ways people use to avoid their private data ending up in the public domain. When we check our data for on what people are using in their WHOIS name field, a whopping 53 million websites (40% of the total) are not listing a real name, but are showing some kind of privacy disclaimer. They use terms like 'redacted for privacy', 'hidden' 'not disclosed' and even 'Ano Nymous' in their WHOIS name field to prevent having to give their real name. 

WHOIS in the future

Despite its benefits, the WHOIS protocol will not last forever. New (privacy) regulations, technologies, and protocols will make the existing protocol obsolete. For a few years already, people have tried creating more modern substitutes, but all had their downsides and never made it. But with RDAP, a very likely successor is on its way. 

Registration Data Access Protocol

RDAP is an acronym for Registration Data Access Protocol. And just like WHOIS, its goal is to create a standard method in which domain ownership can be determined. But that's where the comparison ends. RDAP lists the data in a fixed, standardized and machine-readable JSON format. Using a fixed format, all fields for all users are the same, ensuring uniformity. The adaption of RDAP will probably become compulsory as of 2025 according to ICANN. That gives registrars time to adapt their systems to work and comply with RDAP.

RDAP will most likely mean the end of WHOIS, but it doesn't have to be, as both systems can exist together. But as that means that the data must be entered in both systems, it seems likely that the use of WHOIS will gradually die out.

Subscribe to our newsletter to stay in the loop about the latest insights and developments around web data.

Subscribe

Related Recipes