If you’ve been involved in online marketing for any length of time, you’ll soon discover that a growing number of online properties mask the domain registration data. Way back in the early days of the Web, when Network Solutions was the central registrar for the COM namespace (some DNS lingo for you there :), there was no such thing as WHOIS privacy, or domain privacy as it’s sometimes called If you wanted to register a domain name, you were required to submit your actual name, address, e-mail address, and telephone number for the relevant TLD database. But about the time .COM domain registrations were decentralized (actually it was a little later I believe), registrars started getting clever and added an option for registrees to mask their personal information in return for a small fee.

So is this “WHOIS privacy” feature truly private?

Well, yes and no. Yes, it will keep out most folks from knowing who is behind a website. . A WHOIS lookup against the relevant domain will reveal no personal information. Of course it will do nothing to deter law enforcement or the government from getting at your personal information. I hope you know by now that ISP’s and registrars are often given subpoenas to reveal who their customers are

But not only will it not stop government, it will often not stop the Internet power user either. A WHOIS lookup is just one tool in the bag of tricks to try and find out who owns a domain. Needless to say, there are other tools.

Here’s one for you… And while you may not think this so from reading this, I can’t tell you how many times I’ve seen the following method work. For some strange reason, oftentimes a marketer will protect the WHOIS data for his domain, but fail to protect that same WHOIS data for his nameserver domain.

While not true across the board, many of the more successful marketers and entrepreneurs will have a dedicated DNS server and domain name that houses DNS data for all of their domains. So while the WHOIS lookup for domain X will be protected, the domains that house the DNS servers for that domain will NOT have WHOIS privacy enabled! So it just becomes a matter of conducting the WHOIS lookup against domain X, finding the two DNS servers authoritative for domain X (from the record output), and then doing a WHOIS lookup against the DNS domains. Like I said, I can’t tell you how many times I’ve seen this discrepancy.

Another method that will give you an even greater chance of success is to perform a reverse IP lookup against domain X using a service like Domain Tools Reverse IP  (paid) or You Get Signal’s Reverse IP Domain Check  (free!). These sites basically crawl the web and note the IP address of the web server. They then simply match up the crawled domain names to the IP’s and start to formulate a datbase. Genius.

There’s one or two more methods I use to find out who owns a domain name, but I’ll save those for a later post… :)