The SuperPuters Network


Unmasking Private Domain Name Registrations


AN INCREASING NUMBER of Internet domain name registration services now offer “private” (or “proxy”) registrations. Domain name registration requires an entry of contact information into the Whois database, which is available to the public via the Internet. Before the option of private registration was available, the required contact information always contained the registrant’s name and postal address, and the phone number and e-mail address of an administrative and a technical contact.1  
Public exposure of their contact information makes domain name registrants easy targets for unsolicited sales activity—such as e-mail and postal spam or telemarketing—and may even support criminal activity, including identity theft.
2   Today, by opting for private registrations, registrants can conceal their contact information from the public.

However, some private registrants are also attempting to hide acts of wrongdoing. Those who need the contact information to pursue legal claims must devise strategies to uncover it.

One of the forerunners of private registration services, and the most popular, is Domains by Proxy, Inc., which has been available to domain name registrants since 2003.
Affiliated with
4 (a registrar of domain names that is known for its controversial Super Bowl 2005 commercial 5), Domains by Proxy offers private registration by substituting its own contact information for that of the registrants.6   Thus, aspiring domain name owners may register a name with Domains by Proxy, which will publicly provide its own company contact information in the Whois database for the new registration while recording the identity of the true registrant only in the company’s internal records.

Other registrars have followed suit and are offering a similar service, sometimes doing so by advertising it as a “secure” or “hidden” Whois.
7 Even Network Solutions, a well-known registrar of several top-level domains,8   is now offering private registration.9

Unfortunately, private domain name registrations have also become a haven for cyber squatters and other trademark infringers. Indeed, the Web site of the World Intellectual Property Organization (WIPO) Arbitration and Mediation Center already lists 37 domain name decisions involving Domains by Proxy.
The National Arbitration Forum (NAF) lists at least five.
11   At least one other decision involving Domains by Proxy was published by the International Institute for Conflict Prevention and Resolution.12

No doubt there are many more of these cases, particularly because of the practice by some arbitrators of effectively “bouncing” complaints against private registration services
13  —that is, an arbitrator will require the complainant to amend the complaint when the named respondent does not match the domain name entry in the Whois database. In fact, enough concerns have been raised about private registration services that the Department of Commerce’s National Information and Telecommunications Administration (NITA) has shut down those services for .us domains, for which NITA is responsible.14

Cases filed in court involving private registrations are likely to fly under the radar because the true identity of an infringer generally will be ascertained at some point during discovery, and the pertinent complaint will be amended accordingly. Still, Domains by Proxy has already been named at least once as a defendant in a federal court case

Officially, “Domains by Proxy will not do business with nor protect [the] identity” of anyone who 1) transmits spam e-mail, viruses, or other harmful computer software, 2) violates the law, including trademark or copyright infringement, or 3) “engages in morally objectionable activities.”
16  However, rather than prophylactically inspecting the Web sites of each of its customers for infringement, Domains by Proxy suggests to civil complainants that they serve Domains by Proxy with a subpoena: “Upon the receipt of a valid civil subpoena, Domains by Proxy will promptly notify the customer whose information is sought via e-mail or U.S. mail.” Nevertheless, “if the circumstances do not amount to an emergency, Domains by Proxy will not immediately produce the customer information sought by the subpoena and will provide the customer an opportunity to move to quash the subpoena in court.”17  This policy clearly allows infringers to discontinue using one domain while registering or using another to continue the infringement— and complainants may find themselves chasing a phantom.

Piercing the Veil

A civil complainant needs a method for reaching an infringer other than the subpoena process, which gives the infringer a heads-up notice and time to move its activities to another location on the Internet. Fortunately for complainants, there is a way to ensure almost immediate disclosure of a domain owner’s true identity. This method is derived from a policy that appears common to private registration services: Once a legal process is initiated against a service, it will substitute its customer’s contact information into the Whois database in place of its own to protect itself from liability.

For example, in its “Domain Name Proxy Agreement,” Domains by Proxy states that “in its sole discretion and without any liability to the customer,” Domains by Proxy may “reveal [the customer’s] name and personal information” not only in cases involving claims of spamming, infringement, or morally objectionable activity, but also “to avoid any financial loss or legal liability (civil or criminal) on the part of Domains by Proxy.”

Similarly, Network Solutions’ Service Agreement provides that “if any third party claims that the domain name violates or infringes a third party’s trademark, trade name or other legal rights, whether or not such claim is valid” or “if any third party threatens legal action against Network Solutions that is related in any way, directly or indirectly, to the domain name, or claims that [the customer is] using the domain name registration in a manner that violates any law, rule or regulation, or is otherwise illegal or violative of a third party’s legal rights,… Network Solutions has the absolute right and power, as it deems necessary in its sole discretion, without providing notice and without any liability to [the customer] whatsoever, to (a) reveal to third parties the contact information provided by [the customer] to Network Solutions in connection with the account for the applicable domain name, and (b) populate the public WHOIS database with the registrant’s name, primary postal address, e-mail address and/or telephone number as provided by the customer to Network Solutions….”

One can infer that private registration services appear to have no interest in becoming entangled in legal proceedings because of the conduct of their customers. To avoid the risk of liability, a service therefore will generally opt to disclose the heretofore private contact information of their customers as soon as a third party initiates legal steps against the service. In practice, this means that once a lawsuit or other proceeding—such as an arbitration proceeding under the Uniform Dispute Resolution Policy (UDRP) of the Internet Corporation for Assigned Names and Numbers (
ICANN)20  —is initiated against a private registration service, the service will generally drop the customer like a hot potato and “populate” the Whois database with the true registrant’s information. A service generally will react in the same way to a cease and- desist letter directed at it. Hence, an infringer’s attempt to hide behind a private registration will be short-lived as long as the infringer’s conduct provides a good faith basis for a claim against—or a cease-and desist letter directed toward—the private registration service used by the infringer.

Legal Ethics

Generally, as long as there is a good faith basis for a claim against the hiding infringer— based, for example, on infringing content or activity at an IP (Internet Protocol) address corresponding to the registered domain name—there is also a good faith basis for a claim against the service provider, which appears in the Whois database as the “Registered Name Holder” of the suspect site.
21 Indeed, the purpose of the Whois database is to publicly provide accurate contact information for registered domain name holders.22

In fact, UDRP dispute resolution service providers
23   often require that the respondent’s contact information listed in a complaint match the Whois database entry for the domain name in dispute. For example, when a UDRP complaint is filed with the NAF, the NAF normally will reject it if the listed contact information of the respondent does not match the Whois database entry of the disputed domain name. However, private registration services often move very quickly to substitute the contact information of the registrant into the Whois database upon receipt of a complaint. Thus the Whois database entry already may be updated by the time the case coordinator of the dispute resolution provider attempts to verify that the contact information provided in the complaint matches the Whois entry of the disputed domain. The updated information results in the complaint being bounced, and the complainant generally is required to file an amended complaint using the substituted information.24

Some arbitrators have condemned the post complaint substitution of Whois data by private registration services as “cyber flying” and have held services liable.
Also, in an apparent effort to combat cyber flying, the NAF has revised its supplemental rules, effective January 1, 2006, to define the holder of a domain name registration as “the single person or entity listed in the Whois database registration information at the time of filing of the Complaint….”
26   Notwithstanding this effort and other similar actions that may be taken by arbitrators, it appears for now that private registration services will proceed with their practice of switching information when they are named and potentially liable, and in doing so they will reveal hidden infringers.

Targeting the private registration service rather than seeking the identity of the hidden registrant by subpoena is an appealing strategy because of the issue of timing. A subpoena will delay disclosure of the registrant’s contact information while giving the hiding registrant a head start on choosing other means to conduct the disputed activities. Moreover, a complaint or letter directed at the service requires no notice to the hidden registrant. It is, after all, the service that is the listed holder of the allegedly infringing Internet domain in the Whois database. The private registration service may or may not inform its customer but has usually already revealed the customer’s identity before the customer can hide again.

Targeting the private registration service is completely ethical. A WIPO Arbitration and Mediation Center panel stated: “The [private registration service] cannot distance itself from the mala fides of the [hidden registrant]. If it chooses to act as a ‘front’ in these situations, it has to bear responsibility for what goes on behind it.”27

To quickly discover the identity of hidden domain name registrants, complainants should initiate a legal process against the private registration service rather than seek the hidden registrant’s identity by subpoena. Filing a court complaint or simply sending a cease-and-desist letter will generally accomplish this task. However, the often more costly UDRP complaint process seems to be the best way to discover the infringer’s contact information within a few days, because the registration service will normally try to swiftly modify the Whois entry before the proceeding officially commences and a case coordinator has verified the Whois data of the disputeddomain.

Filing costs vary among dispute resolution providers. WIPO’s Arbitration and Mediation Center charges $1,500 for the filing of a complaint, involving up to five domains, that will be heard by one arbitrator.
28   The National Arbitration Forum charges $1,300 for a complaint involving one to two domains that will be handled by an arbitrator.29 The Asian Domain Name Dispute Resolution Centre charges U.S.$1,000 for an arbitral proceeding involving one arbitrator and one to two domains.30  The International Institute for Conflict Prevention and Resolution requires the payment of a membership fee, which starts at U.S.$3,000 annually for law firms of 150 lawyers or less.31

See Internet Corporation for Assigned Names and Numbers (ICANN), Registrar Accreditation Agreement §3.3 (2003), available at
2  See, e.g.,
3  See
4  See
See, e.g., M. Wolk, Ad for GoDaddy Too Hot to Handle, at 7, 2005.
6  See
7  See  (offering "hidden Whois”) & “secure Whois”.
8  See, e.g., Spencer Ante, Network Solutions 'Complicated Name Game, at (Oct. 16, 2013).
9  See  see also
10 See (last visited Oct. 16, 2013).
11 See (last visited Oct. 16, 2013).
12 See (last visited Oct 16, 2013.)
13 See, e.g., Guru Denim, Inc. v. Partovi, Case No. FA445327 (National Arbitration Forum, May 6, 2005)(involving a domain name that had been registered usingthe Domains by Proxy private
      registration service, but the decision makes no mention of Domains by Proxy because the complaint was later amended to name thetrue registrant as the respondent).
14 See, e.g., GoDaddy Slams U.S. on Domain Privacy, COMPUTER BUS. REV. ONLINE (Mar. 4, 2005),

15 See Pfizer Inc. v. Domains by Proxy, No. 3:04cv741(SRU), 2004 U.S. Dist. LEXIS 13030 (D. Conn. July 13, 2004.
16 See
17 See
18 See Domains by Proxy, Inc., Domain Name Proxy Agreement§4, available at
19 See Network Solutions Service Agreement, Schedule H,§3 (emphasis added), available at
20 See ICANN, Uniform Dispute Resolution Policy (1999),available at
21 See ICANN, Registrar Accreditation Agreement§
22 See, e.g., ICANN, Registrar Advisory Concerning Whois Data Accuracy (May 10, 2002), available at
23 See A list of ICANN-approved dispute resolution providers can be found at . See ICANN, Rules for Uniform Domain Name Dispute Resolution
     Policy §1(1999), available at
24 See, e.g., InfoSpace, Inc. v. Brock, Case No. FA250831 (National Arbitration Forum, June 7, 2004)(finding that “at the time the complaint was filed, the WHOIS information for the disputed domain
      name listed the registrant as being ‘Domainsby Proxy, Inc.’ After the registrar, Go Daddy Software,Inc., was notified of the Complaint, the WHOIS information was changed…to list the registrant as
      respondent in this case.”). 
25 See, e.g., Dr. Ing. h.c. F. Porsche AG v. Domains by Proxy, Inc., Case No. D2004-0311 (WIPO Arbitration and Mediation Center, July 1, 2004). 
26 See National Arbitration Forum’s UDRP Supplemental Rules R. 1(d), available at  see also R.4(e) (emphasis added).
27 See Dr. Ing. h.c. F. Porsche AG v. Domains by Proxy, Inc., No. D2003-0230 (WIPO Arbitration and Mediation Center, May 16, 2003).
28 See
29 See National Arbitration Forum’s UDRP Supplemental Rules R. 17. The National Arbitration Forums Supplemental Rules.
30 See  &
31 See


Web Site Design & SEO by  SuperPuters  ©  copyright  SUPERPUTERS Inc.  1998-2012   All Rights Reserved