You are here

History of WHOIS

WHOIS traces its roots to 1982, when the Internet Engineering Task Force published a protocol for a directory service for ARPANET users. Initially, the directory simply listed the contact information that was requested of anyone transmitting data across the ARPANET.

As the Internet grew, WHOIS began to serve the needs of different stakeholders such as domain name registrants, law enforcement agents, intellectual property and trademark owners, businesses and individual users. But the protocol remained fundamentally based on those original IETF standards. This is the WHOIS protocol that ICANN organization inherited when it was established in 1998.

On 30 September 2009, ICANN and the U.S. Department of Commerce signed an Affirmation of Commitments (AOC) which recognized ICANN as an independent, private and non-profit organization. With the transition to new ICANN Bylaws in 2016, the WHOIS obligations originally established by the expired AOC were replaced with new gTLD Registration Directory Service (RDS) obligations.

Based on existing consensus policies and contracts, ICANN remains committed to "enforcing its existing policy relating to WHOIS, subject to applicable laws. Such existing policy requires that ICANN implement measures to maintain timely, unrestricted and public access to accurate and complete WHOIS information, including domain name registrant, technical, billing, and administrative contact information." In addition, specific provisions for periodic reviews of WHOIS policy continue under the new ICANN Bylaws.

In 1999, ICANN began allowing other entities to offer domain name registration services. Registries are responsible for maintaining registries of top-level domain names.

Over the years, ICANN has used its agreements with registrars and registries to modify the WHOIS service requirements. These agreements set up the basic framework that dictates how the WHOIS service is operated. In addition, ICANN has adopted and implemented several consensus policies aimed at improving the WHOIS service:

  • WHOIS Data Reminder Policy (2003): at least once a year, registrars must email all domain name registrants and remind them to review and update their WHOIS data; for example, in case of a new cell phone number or changed business address.
  • The Restored Name Accuracy Policy (2004): If a domain name is deleted because it contained incorrect contact data, or there was no response to requests for information, the domain name must remain on hold until the domain name registrant provides updated and accurate WHOIS data.
  • WHOIS Marketing Restriction Policy (2004): This policy creates two changes to the Registrar Accreditation Agreement to try to bar use of the WHOIS data for marketing and re-use. Registrars must require third parties to "to agree not to use the [WHOIS] data to allow, enable, or otherwise support any marketing activities," and "not to sell or redistribute the [WHOIS] data" (with some exceptions).

In addition, ICANN continues to adopt new consensus policies to improve existing WHOIS services. Policies now undergoing implementation include:

Finally, ICANN organization works with registries and registrars to review and update as appropriate procedures related to WHOIS policy implementation, such as:

WHOIS is at the center of long-running debate and study at ICANN, among other Internet governance institutions, and in the global Internet community. The evolution of the Internet ecosystem has created challenges for WHOIS in every area: accuracy, access, compliance, privacy, abuse and fraud, cost and policing. Questions have arisen about the fundamental design of WHOIS, which many believe is inadequate to meet the needs of today's Internet, much less the Internet of the future. Concerns about WHOIS obsolescence are equaled by concerns about the costs involved in changing or replacing WHOIS.

WHOIS faces these challenges because its use has expanded beyond what was envisaged when its founding protocol was designed. Many more stakeholders make use of it in legitimate ways not foreseen by its creators. So ICANN has had to modify WHOIS over the years; the consensus policies on accuracy are a prime example, as well as the introduction of validation and verification requirements in the new form of Registrar Accreditation Agreement (2013 RAA).

There are other challenges to WHOIS, as well. As domain names have become an important weapon to combat fraud and abuse, ICANN's Security and Stability Advisory Committee recommended in SAC 38: Registrar Abuse Point of Contact that registrars and registries publish abuse point of contact information. This abuse contact would be responsible for addressing and providing timely response to abuse complaints received from recognized parties, such as other registries, registrars, law enforcement organizations and recognized members of the anti-abuse community. In 2014, registrars under the 2013 RAA were required to publish WHOIS data that includes registrar abuse contacts.

Even with these modifications, there are calls in the community for improvements to the current WHOIS model. ICANN's Generic Names Supporting Organization (GNSO) explores these areas and works to develop new policies to address each issue, as appropriate. Over the last decade, the GNSO has undertaken a series of activities to reevaluate the current WHOIS system, and has sought to collect data examining the importance of WHOIS to stakeholders. At the request of the Council, ICANN organization initiated a series of WHOIS studies:

WHOIS Privacy and Proxy Services Abuse – This study examined the extent to which gTLD domain names used to conduct alleged illegal or harmful Internet activities are registered via Privacy or proxy services to obscure the perpetrator's identity. The National Physical Laboratory performed this study and delivered its results in March 2014.

WHOIS Registrant Identification – This study used WHOIS data and content associated with domain names to classify entities that register gTLD domain names, including natural persons, legal persons, and Privacy and proxy service providers. Using associated Internet content; it then classified entities using those domain names and potentially commercial activities. NORC at the University of Chicago performed this study and delivered its results in May 2013.

WHOIS Misuse [PDF, 1.2 MB] -- This study examined the extent to which public WHOIS data is misused to address harmful communications such a phishing or identity theft. The Carnegie Mellon University Cylab in Pittsburgh, PA, USA performed this study and delivered its results in December 2013.

WHOIS Privacy and Proxy Relay and Reveal [PDF, 1.23 MB] – This study assessed the feasibility of conducting an in-depth study into communication Relay and identity Reveal requests sent for gTLD domain names registered using proxy and privacy services. The Interisle Consulting Group in Boston, MA, USA performed this study and delivered its results in June 2012.

WHOIS Service Requirements Survey [PDF, 633 KB] – This study surveyed community members to estimate the level of agreement on WHOIS service requirements. A GNSO Working Group was assembled to create a survey and delivered its results in July of 2010.

Report on Domain Name WHOIS Terminology and Structure [PDF, 236 KB] – To clear up the confusion regarding the various meanings of WHOIS terminology, the SSAC conducted this study. The report, delivered in September 2011, recommended that ICANN transition to adopting new terminology to designate the different aspects of WHOIS. As a result, ICANN adopted new terminology to refer to aspects of the WHOIS system, including:

  • Domain Name Registration Data – Refers to the information that domain name registrants provide when registering a domain name and that registrars or registries collect.
  • Domain Name Registration Data Access Protocol – Refers to the elements of a communications exchange—queries and responses—that make access to registration data possible. For example, the WHOIS protocol (RFC 3912) and Hypertext Transfer Protocol (HTTP) (RFC 2616 and its updates) are commonly used to provide public access.
  • Domain Name Registration Data Directory Service – refers to the service offered by registries and registrars to provide access to the domain name registration data. This term is now often used interchangeably with Registration Directory Service (RDS).

In 2013, a series of recommendations were made by the first WHOIS Review Team (WHOIS RT) to improve the manner in which the WHOIS system at that time was being overseen by ICANN organization. Those improvements included development of a new Accuracy Reporting System (ARS) to proactively identify inaccurate WHOIS records and forward them to registrars for follow-up, to increase data accuracy, and to create accuracy metrics.

Also in 2013, ICANN formed an Expert Working Group (EWG) on gTLD Directory Services charged with finding ways to break the deadlock in the ICANN community over the usefulness and fate of the WHOIS system. In its Final Report (2014), the EWG recommended a paradigm shift to "a next-generation RDS that collects, validates and discloses gTLD registration data for permissible purposes only. While basic data would remain publicly available, the rest would be accessible only to accredited requestors who identify themselves, state their purpose, and agree to be held accountable for appropriate use." To learn more, see What's On The Horizon.

Last Updated: July 2017