What is WHOIS? A Developer's Guide to Domain Registration Data

When you register a domain name, a record of that registration is stored in a public database called WHOIS. Originally defined in RFC 3912, WHOIS has been the internet's domain registration lookup system for decades.

What does a WHOIS record contain?

A typical WHOIS record includes:

• Registrar — the company through which the domain was registered (e.g. GoDaddy, Namecheap, Google Domains)
• Registration date — when the domain was first registered
• Expiry date — when the registration expires
• Last updated — when the record was last modified
• Name servers — the DNS servers authoritative for this domain
• Registrant details — contact info for the domain owner (often redacted under GDPR)
• Status codes — e.g. clientTransferProhibited, serverHold

Why do developers use WHOIS data?

WHOIS data is useful in a surprising number of engineering contexts:

Fraud and risk detection

A domain registered yesterday is far riskier than one registered ten years ago. Fraud teams routinely check domain age before processing payments or approving accounts. Newly registered domains are a strong signal in phishing and fraud detection models.

Email security

Email security tools check the age and registrar of sender domains. A freshly registered lookalike domain (e.g. paypa1.com registered last week) is a strong phishing indicator.

Brand protection

Security teams monitor WHOIS records to catch domains that impersonate their brand shortly after registration.

Due diligence

Before acquiring a domain or entering a business relationship, it's standard practice to verify registration history.

How to query WHOIS programmatically

The traditional WHOIS protocol (port 43) returns unstructured plain text — every registrar formats it differently, which makes parsing painful. Modern alternatives include:

• RDAP — the modern replacement, returns structured JSON (covered in a separate post)
• API wrappers — services that normalise WHOIS output into a consistent JSON schema

With ResolvDNS, you get normalised WHOIS data in a single API call:

GET https://api.resolvdns.net/domain/stripe.com/whois
X-API-Key: zr_your_key

Response:

{
  "registrar": "MarkMonitor Inc.",
  "registered": "2009-09-22",
  "expires": "2026-09-22",
  "updated": "2024-08-07",
  "status": ["clientDeleteProhibited", "clientTransferProhibited"],
  "name_servers": ["dns1.p07.nsone.net"]
}

WHOIS privacy and GDPR

Since GDPR came into force in 2018, most European registrars and many US-based ones now redact personal registrant details. What you'll typically see instead is a privacy proxy service (e.g. "Domains By Proxy LLC") rather than the actual owner's name and address. Organisation names for corporate registrations are usually still visible.

WHOIS vs RDAP

RDAP (Registration Data Access Protocol) is the modern successor to WHOIS. It returns structured JSON, supports authentication for accessing redacted data, and is now the preferred protocol. ResolvDNS queries both, merging the results into a single normalised response.