How to keep your Domain details private

by Domains Direct 2 min read
IRPO example WHOIS record

When you register an NZ Domain you must provide contact information that includes: your name, address, phone number, and email address. This information forms part of your Domain name's record, which can be publicly accessed through the WHOIS service. While your details can't be searched for (e.g. by email address), anyone querying your Domain can view those corresponding records.

This was obviously a concern for many private nameholders who wanted to comply with the requirements but also wanted to protect their sensitive details - especially in the age of rampant identity theft. Many private nameholders were registering bogus details in an attempt to hide contact information, however this was in breach of policies.

On November 28, 2017 the Office of the Domain Name Commissioner (DNC) introduced an opt-in privacy option, IRPO (Individual Registrant Privacy Option), for personal registrations. This allows private nameholders to withhold some details from being visible in the public WHOIS. As of March 28, 2018 all NZ registrars were required to offer the service.

The service was introduced to allow nameholders to protect their personal address and phone number from being accessed publicly, however their name, email, and country is still visible so as to allow legitimate contact.

IRPO example WHOIS record

Nameholders are still required to enter true and correct details when registering their Domain, and in some instances information may be requested and disclosed under the Privacy Act 1993.

To enable the privacy option it's very important to establish what the Domain is used for. If it's for commercial or organisation use, it cannot be enabled, nor can be for individuals where any significant trade is undertaken.

If you're ineligible for the IRPO option you're still fairly well-protected by the DNC's restrictions on WHOIS. If querying a Domain from outside the DNC the information provided is limited and does not include any contact details. To access the full record requires using the DNC's own WHOIS service, which is protected with an anti-spam captcha, as seen below.

DNC restricted WHOIS record