After registering a new domain name, why do I get spam emails and calls?

Warren Rodrigues

Unfortunately, this has become a common occurrence and happens to almost everyone who register a new domain, with any registrar.

When you register a new domain name, a DNS zone record is created at a Top Level Domain Name Server, in order to point the domain name to the correct Domain-Level Name Servers. These DNS zone records need to be public in order for the internet to work. These zone records can be requested from companies that maintain them. For example, Verisign has a TLD Zone File Access Program.

There are malicious service providers who scrape these zone files to fetch a list of all newly registered domain names. After they have the list of domains, they can easily fetch the publicly available WHOIS contact information for each domain. This includes your name, address, phone number and email address. This information is then sold on a bunch of websites, which I'm not going to name here for obvious reasons.

The way I see it, there are three ways to deal with this:

  1. As per ICANN rules, you have to provide authentic contact details in order to register a domain name. Inaccurate details can lead to termination of your domain name. So, this is not an option to avoid this kind of spam. However, if you have a large number of domains, you could have a separate email address that is linked to all your domains. Remember, never use a throw-away email address when registering a domain, because your email address is what primarily controls your domain registration. Even if ICANN doesn't terminate your domain, you could lose your domain if someone else gains control of your email address. And / or if you don't have access to your email address in the future, it would be almost impossible to manage your domain name - change name servers, contact details, transfer the domain, etc.

  2. The second option is to purchase Privacy Protection when registering your domain name. This is an add-on service that masks your contact details with those of a third party service provider. This may be a good option for some of you. However, if you're running a business, remember that some customers may look up your WHOIS information to check that you're being transparent with your operations. If your contact details are masked, it usually looks suspicious.

  3. The only other option I can think of is to bear with this spam and report it. Report emails to your email provider by 'marking as spam'. Report spam calls and SMS messages to your phone provider. In India, there is a 'Do Not Disturb' app (more info here), set up by the Telecom Regulatory Authority of India (TRAI).

If you have any other suggestions on how to deal with this very annoying problem, please leave a comment below.

Please enable Javascript to view this site properly.