You are here
This WHOIS Primer summarizes the key components of the WHOIS service, policy, and protocols. It takes into account the many contracts, specifications, standards, protocols, advisories, and policies that collectively describe the ICANN WHOIS program applicable to the collection, display, and use of gTLD domain name registration data.
This Primer is based on the obligations described in the 2013 Registrar Accreditation Agreement (2013 RAA), and the base new gTLD Registry Agreement (New GTLD Registry Agreement [PDF, 649 KB]), and in a few instances other registry agreements, as noted below. As not all registrars and registries are operating under the 2013 RAA or the New gTLD Base Agreement, their actual obligations pertaining to WHOIS may vary. Please refer to the language of the original documents for the text of the obligations related to WHOIS.
Introduction to WHOIS
The Affirmation of Commitments requires ICANN to "implement measures to maintain timely, unrestricted and public access to accurate and complete WHOIS information…" The WHOIS service is a free, publicly available directory containing the contact and technical information of registered domain name holders (referred to as "registrants"). Anyone who needs to know who is behind a website domain name can make a request for that information via WHOIS. The data is collected and made available by registrars and registries under the terms of their agreements with ICANN.
WHOIS is not a single, centrally managed database. Rather, registration data is held in disparate locations and administered by multiple registries and registrars. They set their own conventions for WHOIS service, consistent with the minimum requirements established in their ICANN contracts.
The term "WHOIS" refers to protocols, services, and data types associated with Internet naming and numbering resources beyond domain names, such as Internet Protocol (IP) addresses, and Autonomous System Numbers (ASNs). The WHOIS service includes WHOIS clients, WHOIS servers, WHOIS data stores, and WHOIS data (domain name registration records). Essentially, WHOIS can refer to any of the following:
The information that is collected at the time of registration of a domain name or IP numbering resource and subsequently made available via the WHOIS Service, and potentially updated throughout the life of the resource;
The WHOIS Protocol itself, which is defined in RFC 3912; or
The WHOIS Services that provide public access to domain name registration information typically via applications that implement the WHOIS protocol or a web-based interface.
These ambiguities inherent in the WHOIS label complicate efforts to shape the evolution of meta-data for Internet naming and numbering. To address this, ICANN has developed more precise terminology for gTLDs, including:
Domain Name Registration Data (DNRD) – refers to the information that registrants provide when registering a domain name and that registrars or registries collect. Some of this information is made available to the public. For interactions between ICANN accredited Generic Top Level Domain (gTLD) registrars and registrants, the data elements are specified in the current registry agreement and Registrar Accreditation Agreement. For country code Top Level Domains (ccTLDs), the operators of these TLDs implement local policy regarding the request and display of registration information.
Domain Name Registration Data Access Protocol (DNRD-AP) – refers to the elements of a (standard) communications exchange—queries and responses—that make access to registration data possible. For example, the WHOIS protocol (RFC 3912) and Hypertext Transfer Protocol (HTTP) (RFC 2616 and its updates) are commonly used to provide public access [PDF, 649 KB] to DNRD.
Domain Name Registration Data Directory Service (DNRD-DS) – refers to the service(s) offered by registries and registrars to provide access to (potentially a subset of) the DNRD.
Uses of WHOIS
Internet operators use WHOIS to identify individuals or entities responsible for the operation of a network resource on the Internet. Over time, WHOIS has evolved to serve the need of many different stakeholders, such as registrants, law enforcement agents, intellectual property and trademark owners, businesses and individuals.
Stakeholders use the WHOIS service for a variety of purposes, including to:
- Determine whether a domain is available
- Contact network administrators regarding technical matters
- Diagnose registration difficulties
- Contact web administrators for resolution of technical matters associated with a domain name
- Obtain the real world identity, business location and contact information of an online merchant or business, or generally, any organization that has an online presence
- Associate a company, organization, or individual with a domain name, and to identify the party that is operating a web or other publicly accessible service using a domain name, for commercial or other purposes
- Contact a domain name registrant for the purpose of discussing and negotiating a secondary market transaction related to a registered domain name
- Notify a domain name registrant of the registrant's obligation to maintain accurate registration information
- Contact a domain name registrant on matters related to the protection and enforcement of intellectual property rights
- Establish or look into an identity in cyberspace, and as part of an incident response following an Internet or computer attack- (Security professionals and law enforcement agents use WHOIS to identify points of contact for a domain name)
- Gather investigative leads (i.e., to identify parties from whom additional information might be obtained)- Law enforcement agents use WHOIS to find email addresses and attempt to identify the location of an alleged perpetrator of a crime involving fraud
- Investigate spam- law enforcement agents look to the WHOIS database to collect information on the website advertised in the spam
Under the ICANN contracts, WHOIS can be used for any legal purpose except to enable mass unsolicited, commercial advertising or solicitations, or to enable high volume, automated, electronic processes that send queries or data to a registry or registrar's systems, except as necessary to manage domain names.
Anyone wishing to register a domain name must provide contact and technical information for display in the WHOIS database; WHOIS data is actually a subset of the information due at the time of registration.
In turn, ICANN's agreements with registrars require them to provide public access to data on registered names. The 2013 RAA states that "at its expense, Registrar shall provide an interactive web page and, with respect to any gTLD operating a "thin" registry, a port 43 WHOIS service (each accessible via both IPv4 and IPv6) providing free public query-based access to up-to-date (i.e., updated at least daily) data concerning all active Registered Names sponsored by Registrar in any gTLD."
For the generic top-level domain (gTLD) registries, ICANN specifies WHOIS service requirements through the registry agreements [PDF, 649 KB]. Registries satisfy their WHOIS obligations using different services. The two common models are often characterized as "thin" and "thick" WHOIS registries. Although all new gTLD registries operate a thick registry, currently a few existing registries (such as .COM and .NET) operate a thin registry. A thin registry only includes data sufficient to identify the sponsoring registrar, status of the registration, creation and expiration dates for each registration, name server data, and last time the record is updated in its WHOIS data store. Thick registries maintain the registrant's contact information and designated administrative and technical contact information, in addition to the sponsoring registrar and registration status information supplied by a thin registry.
Because registration data connects individuals or organizations with domain names, registrants are required to provide accurate and reliable contact details. If the registrant knowingly provides inaccurate information, fails to update information within seven days of any change, or does not respond within 15 days to an inquiry about accuracy, the domain name may be suspended or cancelled.
For their part, registrars are required to comply with the new WHOIS Accuracy Specification. They must verify certain WHOIS fields such as email addresses or phone numbers and validate the presence of data as well as the format of email addresses, postal addresses and telephone numbers. Registrars are also obliged to send annual data reminder notices to registrants and to verify and validate changes to WHOIS data.
Registrars are obligated to perform these validation and verifications of these WHOIS data fields within fifteen days of the domain registration, inter-registrar transfer, or any change in the registrant. However, if a Registrar has already successfully completed the validation and verification procedures on the identical contact information, and is not in possession of facts or knowledge of circumstances that suggest that the information is no longer valid, then it is not obligated to re-validate or re-verify these WHOIS data fields.
Anyone can submit complaints of inaccuracies through ICANN's WHOIS data reporting system, and the RAA requires registrars to investigate claims of inaccuracy. Registrars must also re-verify and re-validate certain WHOIS data fields if they have any information suggesting that these WHOIS data fields are incorrect.
In order to verify and ensure the operational stability of registry services, as well as to facilitate compliance checks on accredited registrars, registry provide ICANN with weekly, specific up-to-date thin registration data [PDF, 649 KB]. Registries also are required [PDF, 649 KB] in exceptional cases, such as failure of a registry, to provide bulk access to thick registration data to ICANN.
Registrars and registries [PDF, 649 KB] are obligated to provide access to WHOIS data through registration data publication services. It must be publicly available in a specific format and on a designated "port" reserved for WHOIS data sharing (port 43), as well as on an interactive webpage. Port 43 access by registrars is required only for domain names registered in 'thin' registries. The data must include specific identification, contact and technical information.
At present, web-based WHOIS queries may be performed through the websites of ICANN accredited registrars and registries, most regional Internet registries, and third party WHOIS client providers. The agreement between a gTLD registry operator and registrar may, if approved by ICANN in writing, state alternative requirements for that gTLD. Also, under certain market conditions, the registrar may be obligated to provide bulk access to WHOIS.
Data available depends on whether a registry is "thick" or "thin". Only a few registries that existed prior to the new GTLD program are "thin," (such as .com and .net). Thin registries do not include registrant contact details. For thin registries, registrars provide the specific registrant contact information.
ICANN specifies Service Level Agreements related to the performance and acceptable downtime of the registrar & registry's [PDF, 649 KB] WHOIS services. This includes downtime for maintenance, planned outages or system failures, and performance response times to Internet user queries.
Reseller Related Obligations
To the extent that a reseller is involved in facilitating a registration of a domain name, registrars are obligated to comply with all WHOIS obligations.
Obligations of Licensors of Domain Names
Licensors of domain names also have responsibility for the actions of licensees. Any registrant that licenses use of a domain name to a third party is responsible for providing its own full contact information and for providing and updating accurate technical and administrative contact information adequate to facilitate timely resolution of any problems that arise in connection with the Registered Name. A registrant licensing use of a domain name is liable for harm caused by wrongful use of the domain name, unless it discloses the current contact information provided by the licensee and the identity of the licensee within seven (7) days to a party providing the registrant reasonable evidence of actionable harm.
ICANN requires registrars to submit an electronic copy of the registrar's database, which includes WHOIS data, to a reputable escrow agent on a schedule, under the terms, and in the format specified by ICANN.
Registries are required [PDF, 649 KB] to deposit domain name registration data, along with other registry data, in escrow, with an escrow agent.
The RAA specifies that if the WHOIS service implemented by registrars does not provide reliable and convenient access to accurate and up-to-date data, ICANN may set up a centralized database.
In response to the WHOIS Review Team's recommendations, ICANN has committed to creating a centralized look-up tool that will interface with the WHOIS databases of registrars and registries to simplify and make the WHOIS service more convenient for its users.
The format of responses must contain certain data elements and follow a semi-free text format. A list of the available data elements and directions about which ones are required/mandatory is included in the Registration Data Directory Services Specification to the 2013 RAA.
Internationalized Registration Data
At the moment, the current specifications do not include language or script requirements for input or output. Work is underway to internationalize WHOIS, and placeholders are included in the 2013 RAA and Registry Agreement [PDF, 649 KB] to incorporate for future rules being developed by IETF or the ICANN community.
Registries have the option to provide certain search functionality [PDF, 649 KB] for the WHOIS.
Registrars and registries must comply with applicable laws and government regulations regarding the collection, display and distribution of personal data via WHOIS. If a registrar or registry encounters a conflict with local laws, ICANN has procedures in place for reviewing and considering those situations.
Privacy/ Proxy Services
Privacy and proxy services are for individuals and entities who wish to keep certain information from being made public via WHOIS.
There are two general types of these services:
- A Privacy Service lists alternative, reliable contact information, like an address or phone number, in WHOIS while keeping the domain name registered to its beneficial user as the registrant.
- A Proxy Service registers the domain name itself and licenses use of the domain name to its customer. The contact information of the service provider is displayed rather than the customer's contact information. The proxy service is responsible for providing accurate contact information adequate to facilitate timely resolution of any problems that arise in connection with the domain name. The proxy service accepts liability for harm caused by wrongful use of the name unless it promptly discloses the identity of the licensee to a party providing reasonable evidence of actionable harm.
Privacy and Proxy Services offered by Registrars or their affiliates are subject to additional obligations. These Privacy and Proxy Providers must disclose their Service Terms, publish an Abuse of Point Contact and meet Escrow Obligations.
Educating Registrants about WHOIS
Benefits and Responsibilities Documents
Every registrar must publish on its website(s) and/or provide a link to the Registrants' Benefits and Responsibilities Specification.
Registrants' rights include:
Instructions that explain the registrar's processes for registering, managing, transferring, renewing, and restoring domain name registrations, including through any proxy or privacy services made available by the Registrar.
Registrants' Responsibilities include:
Providing accurate information for publication in directories such as WHOIS, and promptly update the data to reflect any changes.
WHOIS in Domain Name Management and Dispute Resolution Procedures
WHOIS is referenced to conduct specific functions related to the operation of domain names. For example, WHOIS is used to support the transfer or deletion of a domain name, or to facilitate trademark related administrative dispute resolution proceedings such as the Uniform Dispute Resolution Policy (UDRP) and the Uniform Rapid Suspension System (URS).
Under the ICANN Policy on Transfers Between Registrars, the authority to transfer a domain name is restricted to the administrative contact and the registered name holder in the WHOIS record. The gaining registrar must obtain a valid Form of Authorization (FOA) from either of these contacts.
If the transfer between registrars is contentious, the Registrar Transfer Dispute Policy allows a registry to examine the WHOIS evidence to determine if the transfer was properly authorized.
Sometimes registrations are deleted – such as in the case of false contact data or a non-response to registrar inquiries. Under the Expired Domain Name Recovery Policy, the Registrant at Expiration in the WHOIS record is offered a Redemption Grace Period of 30 days to request the restoration of a domain name. During this time, the registered domain name is disabled and cannot be transferred.
Under the Restored Names Accuracy Policy, following the restoration of the domain name, the domain name registration must be placed on hold until updated and accurate WHOIS information is provided.
Uniform Dispute Resolution Policy (UDRP)
- Identify the Registrant to be named in a UDRP Complaint as the respondent.
- Determine appropriate jurisdiction for any court proceedings related to a UDRP case.
- Determine whether the registrar has properly "locked" the registration. Once a UDRP complaint is received, the registrar must "lock" the registration to prevent any transfers as long as the complaint proceeding is pending.
New gTLD Uniform Rapid Suspension System (URS)
WHOIS is also referenced in trademark related complaints in new gTLDs under the Uniform Rapid Suspension System (URS) to:
- Identify the Registrant to be named in a URS Complaint as the respondent.
- Confirm URS Locking: upon initiation of a complaint, a Notice of Complaint is sent by the Provider to the addresses listed in the WHOIS contact information that provides an electronic copy of the Complaint, advises of the locked status, as well as the potential effects if the Registrant fails to respond and defend against the Complaint.
- Notice of Default: If there is a default decision, a notice of default is sent to the addresses listed in the WHOIS.
- Confirm a URS suspension: the WHOIS record is updated to reflect that the domain name may not be transferred, deleted or modified.
Updating or Modifying ICANN’S WHOIS Program
Changes to WHOIS can occur in a variety of ways. The Affirmation of Commitments creates three-year review cycles, and those reviews can lead to modifications of WHOIS Policy. Changes to WHOIS obligations can also be accomplished through the contract amendment clauses in the RAA and in each of the Registry Agreements. In addition, consensus policies created through recommendations developed by the Generic Names Supporting Organization (GNSO) as approved by the Board in accordance with the procedures under the ICANN Bylaws, can also change WHOIS obligations.
This summary is not intended to be comprehensive, but illustrative of the breadth of ICANN's WHOIS program. Please refer to actual contract terms, specifications, and policies for the definitive obligations. ICANN has posted a "Single Webpage for ICANN WHOIS-Related Policies and Provisions" as a resource to identify the location of these obligations. As noted above, this WHOIS Primer is based on the terms of the 2013 RAA and the New gTLD Base Agreement. Not all registrars or registries are bound by these form agreements, and as a result, the WHOIS obligations may vary from registry to registry, and from registrar to registrar, depending upon what version of RAA registrar is under. Please visit the accredited registrar listing to identify the contract version applicable to specific registrars.