If you are the owner of a domain name I strongly recommend to consider using the anonymous option or purchase a whois guard or protection plan with the registrar. Some offer them for free, some offer them for a small fee. Because anybody can call the public WHOIS records and contact you by mail, phone, or even at home.

Both GoDaddy.com and Namecheap.com offer WHOIS protection for a small fee. I personally use NameCheap.com (excellent service and products) and use WHOIS guard service on all my domain names. I believe NameCheap.com is free the first year and then about four dollars per year. But if you read the following, probably totally worth it.

Here's the deal. If you have registered a domain you are required by the rules of the registrar to use your real and valid contact details. This includes your (company) name, address details, phone number and email address. The downside is that users (especially spammers and scammers) can later request these details that are listed on your WHOIS records. This is free, and very easy to do. As a result you might receive spam emails, and even more worrying scam emails. They have your full details so you can receive them through email, snail mail, or per phone. Something I am sure you wish to avoid.

What and how does this happen?

Every registrar on the web offers a whois lookup service and this is what is getting abused by these scammers and spammers. They request the details of the domain name, and it lists the registrant contact, administrative contact , and technical contact details. Let's take virb.com as example. In my unix terminal I query WHOIS virb.com and after a second I get the following details:

Administrative Contact:
Media Inc., Unborn domains@unbornmediainc.com
119 Braintree St.
Suite 603
Boston, Massachusetts 02134
United States
6179872324 Fax -- 6179872327

Which tells me who to contact for administrative questions regarding the virb.com domain name. That's all fine (not that I need that, but ok) What a spammer does next is send spam email to domains@unbornmediainc.com And a popular scam these days is that a scammer sends a 'fake' bill to these contact details. For example, charging for getting the domain premium listed on a directory. Of course, the company or owner of the domain never requested this service and the fine print on this fake bill reads 'this is not actually a bill'.

But why does it work? Simply because bigger companies or people with little knowledge of how things work on the web do not read the fine print and think this is a service that comes with the domain name and should pay.

So how does WHOIS protection work?

Companies where you can register your domain are starting to offer more and more this special whois guard protection to keep your real data in the records internally, but for the public they provide fake information to keep you anonymous and your privacy details protected.

For example, my domain vbulletin-fans.com is registered with namecheap.com and I use their whoisguard protection service. When I do a whois vbulletin-fans.com from my unix prompt I get the following:

Administrative Contact:
WhoisGuard
WhoisGuard Protected (28db75a2e3144af18a87b6bac164e373.protect@whoisguard.com)
+1.6613102107
Fax: +1.6613102107
8939 S. Sepulveda Blvd
8939 S. Sepulveda Blvd
Westchester, CA 90045
US

As you can see, a random email address is generated, and a whois guard address, phone number and name is used. Now I do not receive the spam emails, snail mails, fake phone calls, or scam bills.

And as an alternative I have means on my own web site for people who need to contact me and have a valid reason to do so.

Even if it costs about four bucks average per year, isn't it a value worth to avoid those annoying spam message and especially to protect yourself from those unexpected fake bills? I think it is, so I thought it would be nice to inform all my friends about it!

Where can I get this?

Basically the top 25 of domain registrars offer this service. Check out their web site. Personally I recommend namecheap.com.

Extra tip?

Yep, you can always enter fake info when you register, but remember that registrars do not allow this. A better alternative is to register a PO box and use that address for contact details and get a unique gmail account.