8 ways you can use our bulk Whois API

Over the years, we’ve learned a lot about Whois and bulk Whois API. In some cases, we were the trailblazers with our groundbreaking research. However, most of the time, we were inspired by our clients, such as King and Wikimedia, and what they were doing with our APIs.

So why not share this with the world, and give developers ideas on using a Whois API? Here we go!

List of examples of how you can use a bulk Whois API:

  1. Build a domain availability checker (simple)
  2. Build a domain availability checker (advanced)
  3. Red-flag domain names in cybersecurity
  4. Build a domain expiry checker and catch expired domain names
  5. Perform large-scale research
  6. Protect against various infringement
  7. Spam people and businesses not with our bulk Whois API
  8. Manage your domain portfolio and domain monitoring
  9. Use domain checks in other advanced tools

You probably think WHOIS is this ancient querying technology with raw output. What good is that in today’s world where all the buzz is about self-driving cars, robots and Artificial Intelligence? Well, WHOIS may not turn your smartphone into a lunar lander, but in some scenarios, when combined with WhoAPI, WHOIS can be a powerful tool.

What is bulk WHOIS?

WHOIS is a protocol, most often used for querying databases that store information about owners of various Internet resources. This information can include: name, company name, state, country, address, phone number, email, city, and zip code. Other types of information can be queried, such as bureaucratic information (date of registry, date of expiry, designated domain registrar) and technical information (nameserver). Suffice it to say, WHOIS has been around since the dawn of the web and is a fundamental technology without which the web couldn’t function.

The entire story around WHOIS, their thick and thin models is reserved only for the real “WHOIS connoisseur,” so I will spare you the details in this blog post. But then again, if you plan to do this yourself, prepare to become one since there are all sorts of regulation changes ahead, like the one on .com, .net, and .jobs.

Why can’t I do that myself, WHOIS is easy?

In September 2017, there were over 331.9 million domain names across hundreds of TLDs and ccTLDs (country code top-level domain) across hundreds of domain registrars. If you are going to work with WHOIS data, the sheer scale of it can become somewhat of a problem if WHOIS isn’t your core business. I know this for a fact because many of our clients from around the world use WHOIS and often they get tired of getting blocked by the registrars, dealing with different outputs, and other time-intensive issues. Just think about it, formatting is sometimes completely different and it’s hard to get consistent data back. WhoAPI processes and filters that data to return it to you in a standardized way ( JSON or XML) that you can depend on.

How can I use bulk WHOIS data for my site?

Before we take you through examples of how our clients use WHOIS I have to address the elephant in the room. Spam. If you use WHOIS, you can get access to millions of email addresses making it easier to spam people. However, there are so many legitimate use cases benefitting everyone that banning WHOIS due to a few bad actors would be foolish. If anything, we can use WHOIS in preventing spam. So let’s go through several use cases that our clients have demonstrated during the five year period since we started our company. In short, we allow our clients to make WHOIS requests while we Parse the data and deliver it on a silver platter in less than a second.

With WhoAPI instead of getting a raw text file, you get machine-readable data, allowing your software to act and interact with this powerful information.

Bulk WHOIS API use cases

Previously I mentioned WHOIS could help in preventing spam. One of our clients just recently said to us that: ”The new product we built that uses WHOIS will stop phishing emails from sending users to fake websites.” If it could stop that, you can connect the dots on how it could help prevent spam.

  • Cybersecurity companies use our bulk WHOIS API in JSON for connecting domains with the same perpetrator (think; Phishing, Email spoofing, Fraud prevention).
  • Government agencies use our parsed bulk WHOIS API in tracking down criminals (think; child pornography, terrorism). Sure, it’s harder when owner details are fake, but WHOIS still helps.
  • Fintech companies and banks use WHOIS in XML for validating domain names, their age, emails (and their owners) so that they can provide security in payments.
  • Large brands use our bulk WHOIS API to find domain names that are squatting on their brand name and selling fake products on that website. With WHOIS they can find the owner and contact them or the accredited domain registrar or web hosting company in order to take down the infringing website.
  • SEO companies use our JSON WHOIS for finding great domain names that are about to expire. This advantage may change in the future, but currently, Google is giving a better position to older domain names with history.
  • Web hosting companies use our API as a backup for providing domain availability checks. Recently one or our customers was in the process of selling their company. They used our WHOIS API as a 3rd party confirmation that the client was still hosting his website on their servers, and that he was in fact a real user (verifying owner details).

On top of these seven use cases, we’ve also encountered email marketing companies, website builders, domain registrars, developer freelancers (build simple various domain tools), research companies and many other. Once again, these are not examples where a single person has to check domains manually. These are automated, usually red-flagged or white-flagged checks that are performed programmatically.

What it really comes down to is that WhoAPI gives you access to a huge database of names and addresses mapped to website domains with a price point as low as $16 / month that is easy to use. As we pointed out, there are many different use cases, so it really depends on what your particular use case is.

1. Build a simple domain availability checker

We wrote about building a domain availability checker a few times (here, here, and here in particular), so there’s no point in repeating ourselves. Suffice it to say with a Whois request you can check if a domain name is registered or not. With a bulk Whois API request, you can do it programmatically. This means that an application can check for available domain names without user input. Instead of manually checking Whois for each domain, the software can make thousands upon thousands of domain availability checks.

What do I mean by a simple domain availability checker? Well, you’ve seen such a checker each time you wanted to register a domain name. Web hosting companies like to build those in an attempt to get new clients. Why? Well, there’s no point in buying a web hosting service if you don’t own a domain name that you can attach to. Finding a good domain name is both an art and a science, but equally obvious is that you need a good tool to check domain availability. There are simple domain availability checkers where you type in the domain name, and the tool responds with one of two options. The domain is available for registration, and the domain was already registered. Additionally, the domain checker gives you the option to check Whois.

And then there are…

2. Build an advanced domain availability checker

Maybe you’ve seen these, and maybe you haven’t. Domain investors (individuals and companies into domain flipping) are especially attracted to these. The reason is obvious. Domain investors want to be ahead of the game and register domain names at lower prices and then resell domain names at a profit. Speaking of domain flipping and advanced domain availability checkers, I am no stranger to both. I have built an advanced domain availability checker and traded some domain names. So if you are new to this, and are not sure what these look like, let me explain by sharing a few examples.

Example of advanced domain checker

Example of an advanced domain checker

  1. Domain name spinners and domain name generators – These domain tools let you type one keyword, and the domain checker responds with hundreds of different TLDs and domain names. All these domain names are automatically checked and all proposed domain names on the list are available for registration
  2. Bulk domain checkers – These advanced domain checkers allow you to copy-paste or upload a humongous list of domains. For example, if you want to check half a million .com or .net domain names in one swoop this would be the tool that lets you do that.
  3. Keyword combinations – Let’s say you want a domain checker that allows you to quickly check keyword combinations on various TLDs. Just as the screenshot above shows, you could type geo keywords (Miami, LA, Boston, Dallas) in one box, and in the other box, you type in a profession (plumber, lawyer, attorney, banker).
  4. Artificial intelligence domain suggestion – Imagine a tool that generates brandable & memorable domain names using AI that are available for registration. Well, even if you are AI, it has to check domain name availability at some point. Being the artificial intelligence it is, it must check thousands of domain names, and a robust Whois API allows it to do just that.

3. Red-flag domain names in cybersecurity

One of the easiest ways to spot bad actors is to check domain age. You could do that with a Domain Age API but you can just as easily find out domain age from the “date created” part of the Whois API. When you check a domain name with Whois API, you get all sorts of data. One that’s particularly interesting in cybersecurity circles is the domain creation date. It looks like this:

Domain name creation date whois example "date_created": "2011-02-14 15:31:26",

Domain name creation date Whois example “date_created”: “2011-02-14 15:31:26”,

From there, you can determine if the domain name is very old or new. WanaCry was a good example where we learned that brand-new domain names are used in bad faith. You could stop your cybersecurity efforts there or use other data sources and information to create your own Domain Scoring system and rate domain names. Guess where else you can find domain names and where you can use this technique. Well, in emails. An email address consists of a name and a domain name. YourName@DomainName.com. If you are rating domain names, you can also rate and filter emails based on data collected by Whois API, SSL API, or any other API.

4. Catch expired domain names

If you are looking for available domain names that have some SEO juice, then obviously, at some point, you will have to check if any of these millions of domain names are available for registration. Since you can’t check these domain names one by one, you will use some Whois API or Domain Availability API variation. Expired domain names are still very popular in SEO circles because they give some reputation (through backlinks that still point to this expired domain name).

These backlinks and reputation in the Google index make it easier to rank on Google. Some of these domain names will bring referral traffic and can be sold in the aftermarket.

webmaster.ninja Domainwatch example

webmaster.ninja Domainwatch example

There are a few different ways you can catch an expired domain name. Sometimes there are many potential new owners, so you will have to drop-catch the domain name. At other times, the domain name will expire and become available for registration. Let’s say you build a tool that finds these valuable domain names, and you want to check if they are available for registration. You would need a Whois API to do that check in the end.

5. Perform large-scale research

I’ve already mentioned in the beginning that WhoAPI was behind some fascinating research. We found that all four-letter .com domain names were registered (all 456,976). In other research, we also found that out of the 456,976 four-letter .net that we checked, there are still 177,717 four-letter .net domain names available for registration. Checking all those domain names would take forever if we didn’t use a Whois API. Imagine checking almost a million domain names manually.

If you want to perform large-scale research, you need the power of an API. What kind of research could you conduct with a Whois API? Let’s see:

  • Determine which domain names were registered in the ’80s, ’90s, or some other timeframe
  • From your dataset, determine which domain names were registered in the last year, month, day
  • If you have a list of domain names, check which domain registrar is holding the most domain names
  • Find domain names that expire today out of millions of registered domain names.
  • Are there any X types of domain names that are available? Remember, we checked four-letter .com, four-letter .net, and short numeric .com domains
  • Which nameserver (and therefore web hosting company) is the most popular

Hopefully, you get the idea, and maybe there’s something you could check yourself. Let’s proceed with the next item in the line. Did you know that with a Whois API, you could…

Best ways to use a bulk Whois API

Best ways to use a bulk Whois API

6. Protect against various infringement

We wrote about that time we found some websites that were infringing on Adidas and RayBan trademarks. There were red flags on the websites, but a Whois search also helped confirm the infringement. In 2023 it’s harder to do it with our API (more on this in the next item) because we no longer include domain owner information. But even without that, you can spot the difference in Whois from a typical branded website such as adidas.com and niceadidas.com. Just compare the domain registrar, registration date, and nameservers. If there’s a suspicious recurring theme, then there’s a good chance the website is fake.

With a Whois API, it’s easier to check if any domain names are registered with your trademark name. And if any domain names are registered, you can get more information on them with a Whois request. It may not be the deciding factor, but it helps your investigation.

7. Spam people and businesses not with our Whois API

The fact of the matter is Whois contains ownership details. These include email address, name, postal address, and more. Theoretically, if you have a database of one million domain names, and you made a Whois request for every one of those domain names, you could potentially get an email and the owner’s name of every domain name. Having an email address with a name attached to it is equivalent to a gold mine for every email or newsletter campaigner. This wouldn’t fall under best practices, but unfortunately, spamming is the modus operandi for some.

With the launch of GDPR, the California privacy rights act, and Brazil’s General Data Protection Law, I (Goran Duskic – Founder and CEO of WhoAPI) made an executive decision in January 2018. I decided that we would no longer endorse spammers by sharing domain name ownership details. In all honesty, we didn’t lose many clients when we removed all contact details from our Whois API, but it didn’t make me feel better, and I slept better. I understand that our competitors have a better product because of this, but we are a very small company, and I don’t concern myself with market share.

whois example without domain ownership information

Whois example without domain ownership information

One potential problem is that attorneys, police, and journalists could use this information for good, but I don’t have the bandwidth to decide who gets to access this information and who doesn’t. I know some of you feel this is doing business with one hand tied, but I think this is the right decision. Maybe not a profitable one, but definitely a moral one. Besides, you can use a Whois API in other ways, such as…

7. Manage your domain portfolio and domain monitoring

I suppose it’s hard to comprehend why you would need to manage a domain portfolio or monitor your domain names if you own 5 domain names that are residing in your GoDaddy account. But unintentional domain expirations still happen. We’ve already established how important are expired domain names. Now throw in large corporations with hundreds or thousands of domain names registered with different domain registrars on different TLDs. It’s just cumbersome, and it’s hard.

A good Whois API can help you track not just your domain names, but any domain names.

You can track where these domain names are:

  • Hosted
  • Registered
  • Expiry date

Here’s an example of how this could look like.

Domain monitoring tool example

Domain monitoring tool example

8. Use domain checks in other advanced tools

Lastly, you could check domain names programmatically or within other advanced tools. I admit this would be similar to building a simple domain availability check, but it’s a bit different. With a simple domain availability check, that’s where domain name registration is front and center. Let’s say you are building a website with Squarespace or Wix. During that workflow, the system will offer you domain registration. But in other tools or services, let’s say expired domains, or domain name competitions, domain checks are secondary. First, you check if the domain name is worth anything (backlinks, for example), and then you check if it is available for registration.

Another example I can think of is a Whois lookup API or a brand-checking tool. The service checks trademarks, social media handles, and also domain names. Again, this could fall under an advanced domain checker, but advanced domain checkers are all about checking domain names, as explained before, whereas this domain tool has many other functionalities.

And that’s how you use a bulk Whois API

Did I miss any other potential use cases for a bulk Whois API? How are you using Whois? Do you prefer a domain age API or a Domain Availability API? How are you using those?


Goran Duskic has been the Founder and CEO of WhoAPI Inc. since 2011, a company that specializes in developing APIs, including the well-known Whois API. He started his career in internet entrepreneurship in 2006 and has co-founded several online businesses, including a web hosting company that he later sold. Goran's work primarily involves creating practical API solutions to meet technological needs.