When you register a domain name, you are required to provide contact information - your name, email address, mailing address, and phone number. By default, much of this information ends up in a publicly accessible database called WHOIS. For most business owners and individuals, this is a significant privacy risk that is easy to address.
What Is WHOIS?
WHOIS is a protocol and database system that allows anyone to look up registration information for a domain name. The intention was to provide accountability and make it easy to contact domain owners for legitimate reasons - reporting abuse, negotiating a purchase, or resolving technical issues.
In practice, WHOIS data is heavily scraped by spammers, marketers, domain squatters, and more malicious actors. The same public record that lets a legitimate party contact you also exposes your personal information to anyone with an internet connection.
What Information Is Exposed Without Privacy Protection
Without domain privacy protection, a WHOIS lookup on your domain typically reveals:
- Your full legal name (or company name)
- Your email address
- Your mailing address
- Your phone number
- The date the domain was registered and when it expires
- Your registrar information
This information is available to anyone using a WHOIS lookup tool - no account required. Services like who.is and lookup.icann.org make it trivial to retrieve.
Risks of Exposed WHOIS Data
Spam: Your email address in WHOIS will be scraped and added to spam lists. Many domain owners report a noticeable increase in junk email after registering a domain without privacy protection.
Phishing attacks: Knowing your name, domain registrar, and expiry date allows scammers to craft convincing phishing emails - for example, fake renewal notices that redirect you to fraudulent payment pages.
Targeted solicitation: Marketing agencies, web design firms, and SEO companies routinely scrape WHOIS data to cold-call and cold-email new domain registrants.
Physical security: For individuals registering domains from a home address, having that address publicly available is a genuine personal safety concern.
Domain hijacking: Exposed contact information makes social engineering attacks against registrar support teams easier - an attacker who knows your details can be more convincing when impersonating you.
How Domain Privacy Works
Domain privacy protection (also called WHOIS privacy or ID protection) replaces your personal contact details in the WHOIS record with proxy information provided by your registrar. Your name, address, phone number, and email are swapped out for generic contact details that route to your registrar.
Legitimate inquiries to the proxy address are forwarded to you by the registrar. Your personal information stays private while still maintaining a way for authorized parties to reach you if needed.
.CA Domains and CIRA Privacy Policy
Canadian .ca domains are managed by CIRA (Canadian Internet Registration Authority), which has its own privacy policies that differ somewhat from the generic ICANN rules for .com and other generic top-level domains.
CIRA does not publicly display full registrant contact information for .ca domains in the same way that ICANN-governed domains do. Registrant name and province are typically shown, but full address and phone number are not exposed to the public by default. This provides a degree of baseline privacy for .ca domain holders.
That said, domain privacy add-ons are still available for .ca domains and provide additional protection by masking even the registrant name and province.
Why dotCanada Includes Privacy Protection
dotCanada includes WHOIS privacy protection with domain registrations because we believe protecting your personal information should not be an optional add-on. When you register a domain with us, your contact information is shielded from public WHOIS lookups from day one.
Enabling domain privacy costs nothing extra and eliminates the spam, solicitation, and phishing risk that comes with exposed WHOIS data. There is no reason not to use it - and for anyone registering a domain from a home address, it is genuinely important for personal safety.
If you have an existing domain and are unsure whether privacy protection is active, check your registrar account settings or run a WHOIS lookup on your domain to see what is currently visible.
