WHOIS Policy (2025-11)

This document sets out auDA's policy on the collection, disclosure and use of WHOIS data in .au Direct, asn.au, com.au, id.au, net.au, org.au, gov.au, edu.au, and the state and territory namespaces (act.au, qld.au, nsw.au, nt.au, sa.au, tas.au, vic.au, wa.au). Clause 2.9 of the .au Domain Administration Rules: Licensing sets out the consent to the collection, use and disclosure of information that the registrant provides as part of the .au Licence Agreement with the registrar.

1.1 auDA's Registry Services Agreement and Registrar Agreement impose certain conditions on the registry operator and registrars in relation to the collection and use of WHOIS data. This policy operates to clarify some of those conditions.

2.1 The public WHOIS service is a standard feature of domain name systems around the world. The purpose of the WHOIS service is to allow users to query a domain name to find out the identity and contact details of the registrant. The WHOIS service is provided by the registry via a web-based tool, Port 43 and RDAP (Registration Data Access Protocol).

2.2 auDA has drafted this policy with the aim of striking an acceptable balance between:

a) the rights of registrants, under the Privacy Act 1988 (Cth), in relation to how their personal information is handled;

b) the role of auDA to promote a competitive and efficient domain name industry; and

c) the interests of law enforcement agencies in accessing information about domain names for consumer protection and other public interest purposes.

3.1 Data about each domain name registration is collected from the registrant by the registrar and submitted to the registry in accordance with the procedural requirements of the registry. The WHOIS service displays a subset of the full registry data for each domain name (known as the "WHOIS data").

3.2 Under the Registrar Agreement, and in accordance with Australian Privacy Act 1988 (Cth), registrars must inform registrants of the fact that some of their personal information will be disclosed on the WHOIS service. Under the domain name licence agreement, registrants grant to the registry the right to disclose information for the purposes of maintaining the WHOIS service.

3.3 Due to the policy requirements in the .au domain, the WHOIS data that is collected by registrars at the time of registration is highly accurate and reliable. However, the integrity of the WHOIS database is undermined if the data is not kept up-to-date.

3.4 In order to maintain the integrity of the WHOIS database, registrants are required to notify their registrar of any changes to WHOIS data for their domain name(s) and the registrar must update the WHOIS database on receipt of new information from the registrant.

4.1 The table in Schedule A lists the data fields that will be disclosed on the WHOIS service (web-based, Port 43 and RDAP) for all domain names in the open 2LDs.

4.2 In order to comply with Australian Privacy Act 1988 (Cth), the street address, telephone and facsimile numbers of registrants will not be disclosed.

4.3 It is necessary for the WHOIS data to include a contact email address for the registrant, for the purpose of contacting the registrant in relation to their domain name. The registrant does not have to nominate their own personal email address, but they must nominate an email address at which they can be contacted.

4.4 To address user concerns about privacy and spam, and in line with international best practice, auDA has implemented CAPTCHA (Completely Automated Public Turing test to tell Computers and Humans Apart) and rate limits on the web- based WHOIS service. The purpose of CAPTCHA and rate limits are to prevent or hinder unauthorised access to WHOIS data by automated data mining programs or scripts. For consistency, auDA has removed all email addresses from Port 43 WHOIS and RDAP responses.

4.5 In the past, it was possible to use WHOIS to find out the creation and/or expiry date of a domain name. This enabled some members of the domain name industry to send unsolicited renewal notices to registrants with whom they did not have a prior business relationship, causing significant levels of customer confusion. As a result of these problems, auDA has determined that creation, renewal and expiry dates will not be disclosed on the WHOIS service.

4.6 Registrants who wish to check the creation or expiry date of their own domain name can do so through their registrar or reseller, or by using the centralised password recovery tool available on the auDA website.

4.7 Third parties who wish to know the creation date of a particular domain name or domain names for the purpose of establishing rights in connection with a proposed claim under the .au Dispute Resolution Policy or other court proceeding, may lodge a request with auDA. The 'request for domain name creation date' form is available on the auDA website.

4.8 Registrants who wish to check what domain names have been registered using their details (e.g. company or business name, ACN or ABN) may lodge a request with auDA. The 'request for domain name search' form is available on the auDA website.

5.1 In the interests of protecting the privacy of registrants, the following activities are strictly prohibited:

a) use of WHOIS data to support an automated electronic query process; and

b) bulk access to WHOIS data (ie. where a user is able to access WHOIS data other than by sending individual queries to the database).

5.2 In order to prevent the abuses listed in paragraph 5.1, auDA will impose restrictions on the number of queries that a user can send to WHOIS (web-based, Port 43 or RDAP).

5.3 auDA recognises that it may be necessary for law enforcement agencies to access the full record of a particular domain name or names as part of an official investigation. auDA will deal with requests from law enforcement agencies on a case-by-case basis.