Prior to 2018 and the GDPR, you could go online to a registrar’s public WHOIS database to find out who registered a domain name.
Now, instead of searching the WHOIS database, in most cases you will need to submit a request to the registrar and ask that they disclose the identity and contact information for the domain name registrant.
You may go to the registrar’s website directly to submit a request, or you may do so through ICANN’s pilot Registration Data Request Service (RDRS) [ ICANN’s press release].
ICANN’s RDRS ticketing system is free to use, and sends your request to the participating registrar. It is then up to the registrar to decide how to handle your request.
ICANN’s Contracted Parties (the domain name registries and registrars) have provided a guide on the minimum information that should be included in your request; this includes:
In some cases, you may be able to find this information using the ICANN Lookup Tool.
Results will vary, and the publicly-available WHOIS data may provide limited information such as the registrant’s legal (or “organization”) name, its state, and its country.
This will also allow you to identify the registrar for the domain name, in which case you may contact them directly; you can also use the WHOIS lookup link on that registrar’s page if one is available.
Contact information can also sometimes be found on the website of the relevant domain name. There are also a range of services that help you conduct these searches, usually for a fee.
If the information provided by the registrar in response to a request is believed to be inaccurate, a complaint can be submitted using the ICANN WHOIS inaccuracy form.
Yes. It is possible to submit a UDRP complaint on a “John Doe” (or “unknown” registrant) basis.
In some cases, the registrar may not provide you with any WHOIS information, or the information you receive may only show a “privacy service” as the registrant.
ICANN requires registrars to provide registration data to UDRP providers. (Note also e.g., the ECO GDPR Domain Industry Playbook discussion of Articles 6(1)(f) “legitimate purposes” and 6(1)(b) “performance of a contract”.)
In this case, WIPO will ask the registrar to confirm the registrant contact details, and once provided, those can be used to amend your complaint – amendments may include the party names, substantive arguments, or your “mutual jurisdiction” election.
For example, if you discover that the registrant is a repeat cybersquatter you may wish to say this.
Equally, you may wish to withdraw your complaint prior to formal commencement (about 15%-20% of cases settle, in which case you also get a substantial USD $1,000 refund) if you discover that the registrant has a legitimate claim to the domain name – for example their personal name corresponds to the domain name.
Note that even if you choose not to amend your complaint, WIPO will use the registrar-confirmed registrant contact information to notify the case and to provide due process to the registrant.
Panels assess requests to consolidate UDRP cases along the lines articulated in section 4.11 of the WIPO Overview 3.0. This may evolve if panels are made aware of other indicators of common control.
If a case is filed based on a request to consolidate, but that request is denied by the panel, you would have to split the original case into separate cases.
Paragraph 4(j) of the UDRP mandates that “[a]ll decisions under this Policy will be published in full over the Internet, except when an Administrative Panel determines in an exceptional case to redact portions of its decision.” This includes party names.
By registering a domain name, (per the applicable terms and conditions), domain name registrants subject to a UDRP proceeding are bound by this provision.
Publication of party names in UDRP decisions is useful to the overall functioning of the UDRP in that it helps to explain the panel’s findings, supports jurisprudential consistency, facilitates the conduct of other cases as appropriate, and furthermore can be used to illustrate a pattern.
Normally the person asking to redact (exclude) their name from being included in a UDRP decision would submit a request during the case – whether in the formal response or even in a simple email.
If for some reason this is not possible [(e.g., in a case of claimed identity theft where your name was used by someone else to register a domain name)] any request to remove your name from a published UDRP decision, including the reason for your request, should be submitted to email@example.com for review.
What are the legitimate purposes for which WIPO uses registrant information in UDRP cases?
The legitimate purposes for which personal data are used by WIPO flows from the administration of cases under the UDRP – this includes, notably:
The categories of personal data necessary for the administration of a UDRP cases are: names, postal addresses, email addresses, telephone numbers and fax numbers. (A range of physical and information security protocols cover WIPO.)