WHOIS shows 'redacted for privacy': how to find the domain owner
· whois · rdap · gdpr · domain-ownership · privacy
whoisrdapgdprdomain-ownershipprivacyWhen a WHOIS lookup returns "REDACTED FOR PRIVACY" for the registrant name, email, and address, the data is not missing — it is deliberately withheld. Since the GDPR took effect in May 2018, ICANN's Temporary Specification (now the registration data policy) directs registrars to suppress registrant personal data from public WHOIS by default, and many owners also pay for a privacy/proxy service on top. The owner's identity is still on file at the registrar; the public record just no longer exposes it.
What WHOIS still shows after redaction
Redaction hides personal fields, not the operational metadata. A redacted record almost always still gives you:
- The registrar (e.g.
Registrar: NameCheap, Inc.) and its IANA ID, plus a registrar abuse contact email and phone. - Creation, updated, and expiry dates — useful for judging how established the domain is.
- The nameservers, which point you at the DNS/hosting provider.
- EPP status codes like
clientTransferProhibitedorclientHoldthat describe the domain's lifecycle and lock state. - Often an anonymized contact relay — a generated email or a registrar web form that forwards to the real owner.
Registrar: NameCheap, Inc.
Registrar Abuse Contact Email: [email protected]
Creation Date: 2019-03-14T00:00:00Z
Registry Expiry Date: 2026-03-14T00:00:00Z
Name Server: dns1.registrar-servers.com
Domain Status: clientTransferProhibited
Registrant Email: https://www.namecheap.com/domains/whois/...
RDAP is the structured successor to WHOIS
WHOIS is a plain-text protocol with no standard format. Its replacement, RDAP (Registration Data Access Protocol, RFC 7480–7484 and RFC 9082/9083), returns the same data as structured JSON over HTTPS and supports tiered/differentiated access — authenticated requesters such as law enforcement or accredited parties can be served more fields than the anonymous public sees. For most gTLDs you can query a registry or registrar RDAP endpoint directly:
curl -s https://rdap.org/domain/example.com
The public response is still redacted, but RDAP is the path through which authorized disclosure now flows, so it is worth knowing it exists.
Legitimate ways to reach the owner
You do not need the registrant's name to contact them. In rough order of effort:
- Use the registrar's relay or abuse contact. Email the anonymized address or fill in the registrar's contact-the-owner web form; it forwards to the real registrant.
- Look at the domain itself. The site's
/contactpage, footer, privacy policy, or an SPF/MX record pointing at a corporate mail provider often identifies the operator far faster than WHOIS would. - Request lawful disclosure. For trademark or abuse matters, a UDRP complaint or a documented legal/law-enforcement request compels the registrar to reveal the underlying registrant; ICANN's RDDS request system exists for exactly this.
Pulling the registrar, dates, status codes, and any relay contact in one place is the practical first step.
Run a WHOIS lookup on the domain →Further reading
- My domain expired but the site still resolves — why?
- Subdomain takeover via a dangling CNAME
- RFC 7480 — HTTP Usage in the Registration Data Access Protocol (RDAP)
- RFC 9083 — JSON Responses for the Registration Data Access Protocol (RDAP)