How to Perform a WHOIS Lookup and Read the Results

WHOIS is a public query protocol that returns registration information about a domain name, including who registered it, when it was created, when it expires, and which nameservers it uses. WHOIS lookups are essential for verifying domain ownership, investigating suspicious domains, checking expiration dates before a domain lapses, and troubleshooting DNS configuration issues.

Step 1: Enter the Domain in the WHOIS Tool

Open the Email Armory WHOIS Lookup and type the domain you want to look up (for example, example.com). Enter only the domain name without https://or any path. Click "Lookup" to query the WHOIS database. Results typically appear within a few seconds.

Step 2: Read the Registrar Information

The first section of the WHOIS results shows the registrar — the company through which the domain was registered. This includes the registrar name, their IANA ID, their abuse contact email, and their website URL. Common registrars include Namecheap, GoDaddy, Cloudflare, and Google Domains. If you need to report abuse or request a domain transfer, the registrar is your point of contact.

Step 3: Check Registration Dates

Three dates are critical in every WHOIS record:

• Creation Date — When the domain was first registered. Older domains generally have higher trust scores with search engines and email providers.
• Updated Date — When the WHOIS record was last modified. This changes when you update nameservers, contact info, or renew the domain.
• Expiration Date — When the domain registration expires. If the domain is not renewed before this date, it enters a grace period and may eventually become available for anyone to register. Set calendar reminders or enable auto-renewal to avoid losing your domain.

Step 4: Review the Nameservers

The nameserver entries tell you which DNS servers are authoritative for the domain. This is where all DNS records (A, MX, TXT, CNAME) are hosted. Common nameserver patterns include:

• ns1.vercel-dns.com / ns2.vercel-dns.com — Domain uses Vercel DNS.
• ns-cloud-*.googledomains.com — Domain uses Google Cloud DNS.
• *.cloudflare.com — Domain uses Cloudflare DNS (often indicates Cloudflare proxy is active).

If your nameservers are wrong, your DNS records will not resolve correctly, which breaks your website, email delivery, and all other services tied to the domain. Verify they point to the DNS provider where your records are actually configured.

Step 5: Understand Domain Status Codes

WHOIS results include one or more EPP (Extensible Provisioning Protocol) status codes that describe the domain's current state. The most common ones are:

• clientTransferProhibited — The registrar has locked the domain to prevent unauthorized transfers. This is a good security measure.
• clientDeleteProhibited — The registrar has locked the domain to prevent accidental or unauthorized deletion.
• clientUpdateProhibited — Changes to the domain's WHOIS data (nameservers, contacts) are locked and require unlocking through the registrar.
• serverTransferProhibited — The registry has placed a transfer lock, often applied during the first 60 days after registration or a transfer.
• redemptionPeriod — The domain has expired and been deleted by the registrar. It can still be recovered for a fee during this period (usually 30 days).
• pendingDelete — The domain is about to be released back to the public pool. It can no longer be recovered by the previous owner.

Step 6: Check WHOIS Privacy

If the registrant contact section shows a privacy service (e.g., "WhoisGuard", "Domains By Proxy", "Contact Privacy Inc."), the domain owner has enabled WHOIS privacy protection. This replaces their personal name, address, phone number, and email with proxy details to protect against spam, social engineering, and identity theft.

WHOIS privacy is a legitimate and recommended practice for most domain owners. If you need to contact the actual owner of a privacy-protected domain, you can often reach them through the proxy email address listed in the WHOIS record, or by filing a complaint with the registrar for abuse cases.

Frequently Asked Questions

Is WHOIS data always accurate?

Not necessarily. ICANN requires registrants to provide accurate contact information, but many domain owners use WHOIS privacy services that replace their personal details with proxy information. Additionally, some registrants provide false data, though this can lead to domain suspension if discovered by the registrar.

What does the clientTransferProhibited status mean?

The clientTransferProhibited status code means the registrar has locked the domain to prevent unauthorized transfers to another registrar. This is a security measure that protects against domain hijacking. You must contact your registrar and verify your identity to remove the lock before initiating a transfer.

Can I look up who owns any domain?

You can perform a WHOIS lookup on any domain, but the results may be limited. Many domain owners use WHOIS privacy (also called domain privacy or ID protection), which hides their personal contact details behind a proxy service. GDPR regulations have also caused many registrars to redact personal data from WHOIS results for domains owned by EU residents.

Related Guides

• How to Check an SSL Certificate
• How to Check if Your Domain Is Blacklisted
• How to Set Up an SPF Record