Brief Description[]
When a domain name is registered, the registrant must provide the registrar of the domain name with valid and up-to-date contact information.
In theory, by looking up the domain name in any public whois database, anyone is supposed to be able to view this registration information, and thus contact the person or company that owns it.
Detailed description[]
Whois Information[]
The Whois Export and Exchange Format memo presents details about what elements of a domain must be able to be queried in the whois database as required by ICANN. Note that this memo only applies to TLDs under ICANN control.
required information for EPP domains under ICANN jurisdiction[]
1. Registrar objects.[]
The registrar object corresponds to a single registrar. It includes the following data:
Registrar ID (conforming to the IANA registrar-ids registry) Contact ID of Registrar Registrar Administrative Contacts Registrar Technical Contacts Registrar Billing Contacts Registrar URL Registrar Creation Date Registrar Last Updated Date
2. Contact objects.[]
The contact object corresponds to a single contact (whether registrant, administrative, technical or billing contact). The contact object includes the following data:
Contact ID Contact Name Contact Organization Contact Address, City, State/Province, Country Contact Postal Code Contact Phone, Fax, E-mail
3. Nameserver (host) objects.[]
A nameserver object corresponds to a single registered nameserver. The nameserver object includes the following data:
Name Server ID Name Server Host Name Name Server IP Addresses if applicable Current Registrar Name Server Creation Date Name Server Last Updated Date
4. Domain objects.[]
The domain object corresponds to a single Registered Name. Each domain object includes the following data:
Domain ID Domain Name Sponsoring Registrar Domain Status All contact information (including all details) with at least one each of: * Registrant * Administrative * Technical * Billing All nameservers associated with this domain Domain Registration Date Domain Expiration Date Domain Last Updated Date
Whois query protocols[]
The whois data must be made visible by clients (registrars) both via the web, and via a Port 43 Whois service.
Port 43 Whois service look-up options
| Option | Description |
| -- | Indicate the end of options. A subsequent string that begins with a hyphen on the command line is taken as a query string. |
| -a, --raw | Do not rewrite query according to configuration before sending to server. |
| -c file, --config=file | Specify a configuration file to use instead of the default /etc/jwhois.conf. |
| -d, --disable-cache | Disable reading and writing to the cache. |
| -f, --force-lookup | Force the lookup query to go to the host, even if it is available from the cache. |
| -h host, --host=host | Query the whois server on the specified host. Same as host on the command line. By default, queries the server in the environment variable NICNAMESERVER or WHOISSERVER if either is set; otherwise queries whois.internic.net. |
| --help | Print help message and exit. |
| -i, --display-redirections | Display every step in a redirection. The default is to display only the last step. |
| -n, --no-redirect | Disable redirection from one server to the next. |
| -p port, --port=port | Connect to the specified port. Same as port on the command line. Default is 43. |
| -r, --rwhois | Force use of the rwhois protocol, instead of HTTP or whois. |
| --rwhois-display=display | Request receiving rwhois servers to display the results in the specified display instead of the default. |
| --rwhois-limit=limit | Request receiving rwhois servers to limit the number of matches to the specified limit. |
| -s, --no-whoisservers | Disable built-in support for whois-servers.net. |
| -v | Verbose. Display the query before sending it to the server. |
| --version | Print version information and exit. |
Where to look up whois information[]
Open-source whois clients[]
- Whois for Linux: Download
- Gandi.net whois client: Download Information
- WP.CGI: Download Information
- WhoisCL: Information and download
Downloadable whois clients[]
If you use a version of Unix, you can query directly with the whois command. That will thwart those spammers that thought they were clever and made their nameservers reject connections by DNS Stuff. You can also install a command-line version of whois and dig under Windows, or a window-based GUI option Sam Spade for Windows.
Locate more whois clients in Spam Links' whois proxy tools list.
Online whois look-up websites[]
- DNS Stuff - this is a widely-used tool, which includes a whois look-up function (among many others).
Once on their web page, scroll down to get to the whois search engine. It is not necessary to join to use it, but joining offers additional benefits.
- iWhois - performs whois look-ups and returns summary or detailed information. It is more limited in range, because it covers very few country level domains (.hk .cd .au .fr etc)
More whois sites are listed in Spam Links' whois tools list.
International WHOIS sites[]
Use one of these if the whois information doesn't show up using the above methods
- DomainWhitePages : http://www.domainwhitepages.com/
- Argentina (ar) : http://www.nic.ar/
- Germany (de) : http://www.denic.de/en/whois/index.jsp
- Hong Kong: https://www.hkdnr.hk/whois/whois.jsp
- Japan : http://whois.jprs.jp/en/
- Moldovia (md) : http://www.register.md/
- New Zealand (nz) : http://www.dnc.org.nz
and
- Network Solutions : http://www.networksolutions.com/whois/index.jsp
Exceptions[]
In some instances the contact information of the registrant is hidden. This can happen if:
- The domain name is managed by a registry that has a policy against the public disclosure of contact information if the registrant is a private person. This is notably the case with .eu and .fr ccTLD.
- The domain name is registered to a company that in turn grants a license of use to the domain name to their customer. In this case, the contact information of the company is visible in the whois, and not their customer.
Examining Whois Information[]
Understanding contact details[]
There are two different types of whois contact types:
- Person
- Organization (company, association...)
This difference is known to the registrar, as the whois information is attributed a type. Usually, if the contact is a person, then the fullname field will appear on top, otherwise it will be the orgname field. You may be able to see this as either the "organization name" or "person" in the whois. As there is not necessarily any standard with regards to this, you may need to contact the registrar to request verification.
If the whois contact type is an organization, then the organization is the legal title holder. The name that accompanies this is simply the contact person at that organization. The contact person does not have any legal rights to the domain per se, they are just required to perform the function of being an identified contact person. Changing the contact in this event then is not like an owner change and may be done at any time and freely.
In privacy-protected whois databases (ex. EURID, AFNIC), if the whois information for a contact is a person, then the information will be hidden. If the information is that of an organization then it will be public.
Spammer whois profiles[]
Spammers almost always provide fake registrant information, mainly to avoid prosecution and to hide their real identities. They do this in three ways:
- Using randomly-generated contact information that appears to be correct, but is not
- Using the contact information of real people or companies, that they have no relation to
- Using totally fake information