A common question we get asked is, "I just bought a domain. How did a spammer get my email address and phone number?"

The short answer: No, Rebel didn't sell your personal information - we'd never do something so unethical and downright gross.

In fact, this unfortunate problem affects everyone in our industry. No matter what registrar you use to buy a domain, you can get hit by these spammers if you haven't enabled Privacy Protection on your domain names.

So what's the long answer? WHOIS.

Photo by John Schnobrich / Unsplash

What the heck is WHOIS?

Despite the fact that every letter is capitalized, WHOIS is actually not an acronym.

WHOIS tells you who registered a specific domain name.

WHOIS is regulated and administered by the Internet Corporation for Assigned Names and Numbers (ICANN). Every person or organization who purchases a domain name from any registrar is "required to provide accurate WHOIS contact data and maintain its accuracy throughout the term of the registration period."

Why does WHOIS exist? According to ICANN,

"As the Internet grew, WHOIS began to serve the needs of different stakeholders such as domain name registrants, law enforcement agents, intellectual property and trademark owners, businesses and individual users."

Essentially, it is for the safety and integrity of the Internet as a whole.

Unfortunately, as the Internet has grown, so have those who want to use the information that is publicly available on WHOIS to contact you and try to sell you something. If you've purchased a domain name from any registrar in the past, you've likely received spam emails or telephone calls from people trying to sell you web design, hosting, or any other number of services.

And we agree - it's annoying. It's frustrating. So we've made some important updates to our Privacy Policy to help combat this (you can read more about those changes here). We're also making big changes about what we share with WHOIS.

Photo by Rafal Jedrzejek / Unsplash

Protecting your personal information

As of May 25, 2018, we will automatically hide any identifying information about you from the public version of WHOIS. This means your name, email address, telephone number, and street address.

Your city and country will still be viewable. If you registered a domain as a company, your company name will still be viewable. As a domain registrant, it is your responsibility to keep your contact information up-to-date (check out the ICANN link above for more on that). As your registrar, we are required to remind you on a yearly basis to keep your info up-to-date.

If someone wants to contact you about your domain name, they now need to use our secure Message Delivery Form. This extra step means that the person contacting you will not have access to your email address or name, as their initial communication with you can only be done through the form. Once they initiate a message request through the form, we've implemented a second security step that requires them to verify from their own email address that they do, in fact, want to send a message to you. In other words, sending out tons of spam in one fell swoop is not really in their best interest - they'll only be spamming themselves.

Photo by This Guy / Unsplash

Do I still need Privacy Protection?

Privacy Protection is still a very valuable product, as this new redacted version of WHOIS doesn't necessarily hide your information from everyone.

Essentially, WHOIS has become gated - ICANN can and will let third parties access your personal information when they have what they deem to be a legitimate business reason to do so. However, with Privacy Protection enabled on your domain, your personal information will even be hidden from those who have access to the gated version of WHOIS.

Confused? Don't worry, we're here to help. Read more about WHOIS on our Help Center, read our updated Privacy Policy, or reach out to our awesome 24/7/365 Customer Support team.