March 16, 2026

What Is WHOIS? How to Look Up Domain Registration Info (2026)

WHOIS is one of the oldest protocols on the internet, providing public access to domain registration data since the 1980s. This guide explains what WHOIS is, what information it contains, how to perform a lookup, and how privacy regulations are reshaping domain transparency.

What Is WHOIS and How Does It Work?

WHOIS is a query-response protocol used to look up information about domain name registrations, IP address allocations, and autonomous system numbers. When you register a domain, your registrar submits your contact and administrative details to a public database maintained by the relevant registry (e.g., Verisign for .com, PIR for .org).

A WHOIS lookup queries this database and returns the publicly available registration data. The protocol operates over TCP port 43, though most people access it through web-based tools. The data returned depends on the registry, the registrar, and any privacy protections applied to the domain.

What Information Does WHOIS Contain?

A typical WHOIS record includes several categories of information:

Registrar information. The company where the domain was registered (e.g., Namecheap, GoDaddy, Cloudflare Registrar), including the registrar's IANA ID, abuse contact, and WHOIS server.
Important dates. When the domain was created, when the registration was last updated, and when it expires. These dates are critical for identifying newly registered domains (often used in phishing) and domains nearing expiration.
Nameservers. The authoritative DNS servers for the domain. This tells you which DNS provider the domain uses and can be verified with our NS Lookup tool.
Domain status codes. EPP status codes like clientTransferProhibited, serverDeleteProhibited, and redemptionPeriod indicate the domain's current lifecycle state and any transfer/deletion locks.
Registrant contact (if not redacted). The name, organization, email, phone number, and address of the domain owner. Due to GDPR and privacy services, this is increasingly redacted.

WHOIS Privacy and GDPR Impact

Before GDPR took effect in May 2018, WHOIS records were almost entirely public. Anyone could look up the name, address, email, and phone number of a domain registrant. This transparency was useful for law enforcement, cybersecurity researchers, and trademark holders — but it also exposed domain owners to spam, harassment, and social engineering attacks.

GDPR forced a fundamental change. ICANN required registrars to redact personal data from public WHOIS records for registrants subject to European data protection law. In practice, most registrars now redact personal information by default for all customers worldwide. Instead of real contact details, you typically see placeholder text like "REDACTED FOR PRIVACY" or the registrar's proxy email address.

Many registrars also offer optional WHOIS privacy protection (sometimes called "domain privacy" or "privacy proxy") that replaces your contact details with the registrar's privacy service information. Some registrars include this for free, while others charge an annual fee.

How to Do a WHOIS Lookup

Performing a WHOIS lookup is straightforward. Here is how to do it using Email Armory:

Open the WHOIS Lookup tool. Go to our WHOIS Lookup page.
Enter the domain name. Type any domain (e.g., example.com) into the search field.
Review the results. The tool displays the registrar, creation and expiration dates, nameservers, domain status, and whatever contact information is publicly available.

You can also perform WHOIS lookups from the command line on most operating systems using the whois command. On macOS and Linux, simply run whois example.com in your terminal. On Windows, you will need a third-party tool or can use our web-based lookup.

Common Uses for WHOIS Lookups

WHOIS data serves a wide range of purposes across different fields:

Domain research and acquisition. Before purchasing a domain, buyers check WHOIS to see when it was registered, when it expires, and who the current registrar is. This helps assess whether a domain is available for purchase or about to drop.
Cybersecurity and threat intelligence. Security teams use WHOIS to investigate suspicious domains in phishing emails, malware campaigns, and fraud schemes. Newly registered domains with privacy-protected WHOIS records are a common indicator of malicious intent.
Trademark and brand protection. Companies monitor WHOIS for domains that impersonate their brand. Identifying the registrant and registrar is the first step in filing a UDRP (Uniform Domain-Name Dispute-Resolution Policy) complaint.
Legal compliance and due diligence. Law firms and compliance teams use WHOIS as part of know-your-customer (KYC) and anti-fraud investigations to verify the legitimacy of businesses and their online presence.
DNS troubleshooting. WHOIS reveals the authoritative nameservers and registrar for a domain, which is essential when diagnosing DNS resolution issues. Combine it with our DNS Lookup for a complete picture.

RDAP: The Modern Replacement for WHOIS

Registration Data Access Protocol (RDAP) is the standardized successor to WHOIS, developed by the IETF and adopted by ICANN. While WHOIS has served the internet for over 40 years, it has significant limitations: no standardized output format, no authentication or access control, no internationalization support, and no built-in mechanism for differentiating data based on the requester's authorization level.

RDAP addresses all of these shortcomings. It returns structured JSON data instead of free-form text, supports HTTPS for secure queries, includes standardized response codes and error handling, and allows registries to implement tiered access — showing more data to verified law enforcement or security researchers while keeping personal information redacted for anonymous queries.

As of 2026, all ICANN-accredited registrars and gTLD registries are required to support RDAP. However, legacy WHOIS remains widely used, and most lookup tools (including ours) still query both protocols to provide the most complete information available.

Related Tools and Guides

WHOIS Lookup Tool — Look up registration data for any domain instantly.
DNS Lookup — Check all DNS records for a domain.
NS Lookup — Verify authoritative nameservers.
Domain Health Check — Comprehensive domain analysis including DNS, email authentication, and security.
How to Check DNS Records for Any Domain
What Is DMARC? A Complete Guide for 2026

March 16, 2026

What Is WHOIS? How to Look Up Domain Registration Info (2026)

What Is WHOIS and How Does It Work?

What Information Does WHOIS Contain?

A typical WHOIS record includes several categories of information:

Registrar information. The company where the domain was registered (e.g., Namecheap, GoDaddy, Cloudflare Registrar), including the registrar's IANA ID, abuse contact, and WHOIS server.
Important dates. When the domain was created, when the registration was last updated, and when it expires. These dates are critical for identifying newly registered domains (often used in phishing) and domains nearing expiration.
Nameservers. The authoritative DNS servers for the domain. This tells you which DNS provider the domain uses and can be verified with our NS Lookup tool.
Domain status codes. EPP status codes like clientTransferProhibited, serverDeleteProhibited, and redemptionPeriod indicate the domain's current lifecycle state and any transfer/deletion locks.
Registrant contact (if not redacted). The name, organization, email, phone number, and address of the domain owner. Due to GDPR and privacy services, this is increasingly redacted.

WHOIS Privacy and GDPR Impact

How to Do a WHOIS Lookup

Performing a WHOIS lookup is straightforward. Here is how to do it using Email Armory:

Open the WHOIS Lookup tool. Go to our WHOIS Lookup page.
Enter the domain name. Type any domain (e.g., example.com) into the search field.
Review the results. The tool displays the registrar, creation and expiration dates, nameservers, domain status, and whatever contact information is publicly available.

Common Uses for WHOIS Lookups

WHOIS data serves a wide range of purposes across different fields:

Domain research and acquisition. Before purchasing a domain, buyers check WHOIS to see when it was registered, when it expires, and who the current registrar is. This helps assess whether a domain is available for purchase or about to drop.
Cybersecurity and threat intelligence. Security teams use WHOIS to investigate suspicious domains in phishing emails, malware campaigns, and fraud schemes. Newly registered domains with privacy-protected WHOIS records are a common indicator of malicious intent.
Trademark and brand protection. Companies monitor WHOIS for domains that impersonate their brand. Identifying the registrant and registrar is the first step in filing a UDRP (Uniform Domain-Name Dispute-Resolution Policy) complaint.
Legal compliance and due diligence. Law firms and compliance teams use WHOIS as part of know-your-customer (KYC) and anti-fraud investigations to verify the legitimacy of businesses and their online presence.
DNS troubleshooting. WHOIS reveals the authoritative nameservers and registrar for a domain, which is essential when diagnosing DNS resolution issues. Combine it with our DNS Lookup for a complete picture.

RDAP: The Modern Replacement for WHOIS

Related Tools and Guides

WHOIS Lookup Tool — Look up registration data for any domain instantly.
DNS Lookup — Check all DNS records for a domain.
NS Lookup — Verify authoritative nameservers.
Domain Health Check — Comprehensive domain analysis including DNS, email authentication, and security.
How to Check DNS Records for Any Domain
What Is DMARC? A Complete Guide for 2026