WHOIS Before and After GDPR
Before the General Data Protection Regulation took effect in 2018, a standard WHOIS query would return the registrant's full name, email address, phone number, postal address, and organisation - all publicly accessible to anyone who asked.
GDPR changed that for EU registrants and, through a domino effect, for many registrants globally as registrars adopted privacy-by-default policies to reduce compliance risk. If you ran a WHOIS query today on a domain registered through a major registrar like Namecheap or GoDaddy, you would typically see redacted contact fields or proxy email addresses through privacy protection services.
This led many people to conclude that WHOIS data is effectively dead for business intelligence purposes. That conclusion is wrong.
What Data Is Still Available
The situation in 2026 is more varied than a blanket "WHOIS is private" statement suggests. Here is what actually persists in publicly accessible WHOIS records:
Domain-level data (almost always present):
- Domain name
- Registrar name and IANA ID
- Creation date, update date, expiry date
- EPP status codes
- Nameservers
Registrant contact data (availability varies significantly by TLD and registrar):
- Country code TLDs (ccTLDs) have historically operated independently of ICANN policy. Many - including
.in,.com.au,.co.uk,.ca,.us, and others - still publish full or partial registrant contact data for a significant portion of their registered domains. - Generic TLDs (gTLDs) like
.comand.nethave much higher privacy redaction rates, particularly through large registrars. However, smaller registrars, business registrations, and older domains frequently have unredacted data. - New generic TLDs (ngTLDs like
.io,.co,.app) have mixed policies. Many publish organization names and country codes even when email and phone are redacted.
Organisation registrations: Business and organisation registrants often have weaker privacy protection than individual registrants under GDPR, because GDPR applies to personal data of natural persons. Many commercial domain registrations - particularly older ones and those with business-facing registrars - retain organisation name, email, and address.
What the WhoisExtractor WHOIS Database Contains
The WhoisExtractor WHOIS Database is a pre-collected, structured dataset of WHOIS records delivered as zipped CSV files. It does not fabricate data or fill in redacted fields. What it provides is:
- Scale: Millions of records collected and structured so you can filter, segment, and export without running individual queries
- Freshness: The daily full feed is updated every day with newly registered domains and updated records
- Country segmentation: Country-specific databases exist for India, the United States, Australia, and other markets - each reflecting the registration data publicly available from those respective registries
- Historical depth: The archived dataset covers older registration records, useful for research and compliance screening
Each record in the CSV follows a consistent schema. Fields that are not publicly available for a given domain will be empty rather than guessed. For a full field reference, see Understanding WHOIS Data Fields in the knowledge base.
Practical Implications for Different Use Cases
Lead generation: Focus on country-code TLD databases (India, Australia, US) where contact data availability is higher. Filter for domains without privacy protection by looking for real email addresses rather than proxy addresses like [email protected].
Brand protection and monitoring: Domain-level data (creation date, registrar, nameservers) is available for essentially all domains regardless of privacy settings. This is sufficient to detect trademark-infringing domain registrations and track suspicious patterns. See the brand monitoring use case for more detail.
Cybersecurity and threat intelligence: Malicious actors rarely invest in WHOIS privacy. Registrant contact data for domains used in phishing, spam, and malware distribution is often fully public. Cross-referencing against the WHOIS database is a standard enrichment step in threat intelligence workflows. See the cybersecurity use case.
Compliance and due diligence: Historical ownership research uses the archived WHOIS database to trace domain ownership changes over time.
Using the Free WHOIS Tool for Individual Checks
For one-off domain checks, the free WHOIS Lookup Tool is the fastest option. Enter any domain and get the current registration record instantly - no account required.
For bulk research across thousands of domains, the database products and API are the right approach.
Getting the Right Dataset
The pricing page shows all WHOIS database options. If you are unsure which country or plan suits your research needs, contact the team with details about your use case and volume.
