Technical

Domain WHOIS Guide: Finding Owner Information and Registration Details

By Corg Published · Updated

Domain WHOIS Guide: Finding Owner Information and Registration Details

WHOIS has been the standard protocol for looking up domain registration data since the early days of the internet. As of January 28, 2025, ICANN officially transitioned from WHOIS to RDAP (Registration Data Access Protocol) as the primary system for accessing generic top-level domain registration information. For domain investors, understanding how to extract useful information from both legacy WHOIS and modern RDAP lookups is essential for acquisition research, competitive intelligence, and due diligence.

The WHOIS to RDAP Transition

For over three decades, WHOIS provided domain registration data through a simple text-based protocol on port 43. The system was designed in an era before privacy concerns and data protection regulations transformed how personal information is handled online.

RDAP replaces WHOIS with a modern protocol that uses HTTPS (port 443) for encrypted data transmission, returns structured JSON data instead of unformatted text, supports internationalized content and multiple languages, provides differentiated access based on requestor authorization, and meets GDPR and global privacy regulation requirements.

ICANN’s official lookup tool at lookup.icann.org now uses RDAP as its backend. Third-party tools like Who.is and DomainTools have updated their systems to query RDAP endpoints. The practical difference for most users is minimal — you enter a domain name and receive registration data — but the underlying protocol is significantly more secure and standardized.

What Registration Data Reveals

A WHOIS/RDAP lookup returns several categories of information useful to domain investors.

Registration and Expiration Dates: The registration date tells you how old the domain is. Domain age correlates with value — a domain registered in 2002 carries more authority than one registered in 2023. The expiration date reveals when the current holder must renew, which is critical intelligence for backordering strategies on domains you want to acquire.

Registrar: Knowing which registrar holds a domain tells you which transfer process applies (each registrar has slightly different procedures), the likely security level (GoDaddy accounts have been targeted by social engineering; Cloudflare accounts have stronger 2FA), and the potential communication channel (some registrars offer direct buyer-seller messaging).

Nameservers: Current nameservers reveal whether the domain is actively hosted, parked, pointed to a marketplace landing page, or sitting on default registrar nameservers (suggesting the owner is not actively using it).

Status Codes: EPP status codes indicate the domain’s transfer and update eligibility. ClientTransferProhibited means the registrar lock is enabled. ServerTransferProhibited indicates registry-level lock. A domain with no transfer prohibition may be easier to acquire through standard processes.

Using WHOIS/RDAP for Acquisition Research

Before approaching a domain owner with a purchase offer, look up the registration data to assess the situation.

If the domain was registered recently (within 2-3 years), the holder may be a speculator who registered it with the intent to sell — approach with a direct offer through the WHOIS contact email or marketplace listing.

If the domain has been held for 10+ years without an active website, the holder may be a long-term investor (likely price-savvy) or a forgotten registration (potentially available at a reasonable price). Check the Wayback Machine for historical usage.

If the domain is about to expire (within 6 months) and shows no active use, consider placing a backorder through NameJet or Dropcatch rather than making a purchase offer. The holder may simply let it drop, and your backorder will catch it at auction for potentially far less than the owner would accept in a direct sale.

Privacy Protection and Its Implications

Most registrars now include free WHOIS privacy protection (Namecheap, Porkbun, Cloudflare, Dynadot). When privacy protection is enabled, the WHOIS/RDAP record shows the privacy service’s contact information instead of the actual registrant’s details.

For investors, privacy protection creates both obstacles and opportunities. When buying, privacy protection makes it harder to identify the actual owner and assess their likely price expectations. Contact through the privacy service’s forwarding email (available in the WHOIS record) reaches the owner but feels more formal and less personal than a direct approach.

When selling, privacy protection prevents potential buyers from researching your identity and estimating your price expectations. Some buyers view privacy protection as a signal that the owner is sophisticated, while others perceive it as an obstruction.

Bulk WHOIS Research

For portfolio-level competitive intelligence, tools like DomainTools, WhoisXML API, and SecurityTrails provide bulk WHOIS/RDAP lookup capabilities. These allow you to monitor registration changes on domains you are interested in acquiring, track when competitor investors are registering or dropping names, identify portfolio-level patterns (when a large investor drops multiple names, it often signals a category they are exiting), and research domain history across ownership changes.

For more on the technical aspects of domain management, see dns explained for domain investors. To understand what status codes mean for transfers, read how domain transfers work technically.

More in Technical

Domain Portfolio Backup Strategy: Disaster Recovery for Investors Domain Load Testing and Scalability: Preparing for Traffic Spikes Domain Redemption Period Explained: Recovering Accidentally Expired Domains Domain Migration and Redesign Planning: Moving Content Without Losing Value

View all Technical articles →