What Is WHOIS?
WHOIS is a protocol and database system for querying domain registration information. It provides details about who registered a domain, when it was registered, when it expires, and which name servers it uses.
How WHOIS Works
When you perform a WHOIS lookup, the query is sent to the appropriate WHOIS server for the domain's TLD (top-level domain). The server returns registration data from its database, including the registrant's name and organization, registration and expiration dates, registrar information, name server configuration, and domain status codes.
The data is maintained by domain registrars and coordinated by ICANN (Internet Corporation for Assigned Names and Numbers) for generic TLDs.
Why WHOIS Matters
WHOIS is valuable for several purposes: investigating the legitimacy of a domain, checking domain expiration dates, verifying name server configuration, researching domain ownership for business purposes, and investigating phishing or spam sources. Security teams frequently use WHOIS data to assess the trustworthiness of a domain sending email.
WHOIS Privacy and GDPR
Since GDPR took effect in 2018, many registrars redact personal information from public WHOIS results by default. Additionally, most registrars offer WHOIS privacy protection services that replace the registrant's personal details with proxy information. This means WHOIS lookups may show limited information for privacy-protected domains.
Frequently Asked Questions
What information does a WHOIS lookup reveal?
A WHOIS lookup can reveal the registrant's name and organization, registration and expiration dates, registrar information, name servers, and sometimes contact details. Many owners use privacy protection to hide personal information.
Is WHOIS information always public?
Not necessarily. GDPR has led many registrars to redact personal data by default. Privacy protection services are also widely available to shield registrant details from public queries.