Domain Privacy guard email services can be used to hide the real identity of the domain owner, along with the email address and other contact information. Here we take look into the different strategies for guarding your identity.
Guarding your email services can be pretty useful to prevent large domain exposures like we covered in these articles in the past: Exposing 3,450 Trump's Family domains, and Uncovering 5,707 Hilton Empire's Domain Names. In those cases we were able to explore their entire domain network with just their email address.
Domain Privacy guard email services are pretty common among Internet services today. These services are basically used to hide the real identity of the domain owner, as well as their email address and contact information.
WHOIS protection is to safeguard your privacy, which includes reducing identity theft, hiding your physical location, telephone number, email address, among other benefits, such as reducing the incoming marketing spam.
90% of the existing domain TLDs can be protected using guard email addresses provided by domain registrars. Only a few selected TLDs cannot use domain privacy services such as .CO.IN, .CO.NZ, .CO.UK, .IN, .JP, .US.
One of the most desired things, when you purchased a private domain registration, is the ability to hide your real email address. Instead, the domain registrar will show their own private email address.
Now, let's explore the most popular email schemes used by domain guard services.
Most common domain guard email address schemes
WHOIS privacy services always use a fake or dummy email address to protect your own. We started digging to see which were the most common domain guard email address schemes, and this was the result of some of the most popular whois guard service providers.
Gandi.net email address scheme, for example, is firstname.lastname@example.org. Example:
They seem to hash the original user's mail address somehow, or hash internal client data, which results in an email address like email@example.com, where "xxxxx" is a specific number for each customer.
Domain.com uses a different scheme, they use firstname.lastname@example.org as the private email used for contact information. Example:
Moniker.com, a popular domain registration, and WHOIS privacy provider, seems to be using this email address scheme: email@example.com. Example for n4n0.net:
As you can see in the following screenshot:
This random code changes every 14 days, so it will never be the same for future whois requests.
NameCheap.com, another popular domain registrar, seems to be using firstname.lastname@example.org, for example:
The random code changes from time to time, same as with Moniker.
CrazyDomains.com will also show a dummy email address to protect your personal email. Their email protection scheme will use email@example.com for Contact, Admin and Tech email address.
Above.com uses almost the same email scheme as domain.com, using firstname.lastname@example.org. For example
Hover.com will protect your information by hiding your name, address, phone, and email address. The email, in particular, is protected by their own privacy address:
Bluehost.com, on the other hand, seem to be using a generic email address email@example.com for all technical and administrative details of any of their protected domains.
iPage.com is an old web hosting provider who also offer domain registration services. Their WHOIS privacy service offers firstname.lastname@example.org as a private email address for your whois domain information.
In a future showcase, we will show you how this information can be used in order to expose this "private whois" to associate domains with their real owners and bypass the whois protection.
In the meantime, go ahead and start playing with SecurityTrails, explore DNS servers, IPs, domains, as well as WHOIS information.
If you find anything interesting inside popular domain email guard services like the ones mentioned here, remember: you can always apply for our popular [Data Bounty Program][bounty]!