Privacy and Accuracy are two of the main WHOIS challenges .

Privacy: ICANN broadly required that the mailing address, phone number and e-mail address of those owning or administering a domain name where made publicly available through the “WHOIS” directories. The registrant’s (domain owner’s) contact details, such as address and telephone number, are easily accessible to anyone who queried a WHOIS server. However, that policy enables spammers, direct marketers, identity thieves or other attackers to loot the directory for personal information about these people.

Some domain registrars offer private registrations (also known as domain privacy), by which the contact information of the registrar is shown instead of the customer’s.The WHOIS requirements conflict with the General Data Protection Regulation (GDPR), effective in the European Union 25 May 2018, which places strict regulations on the processing and publication of personally identifiable information.

Accuracy: The best RDDS is useless if the information it contains is inaccurate and those maintaining the list are unable to enforce accurate information submission. ICANN can only require that every registrant of a domain name be given the opportunity to correct any inaccurate contact data associated with their domain. For this reason, registrars are required to periodically send the holder the contact information on record for verification, but they do not provide any guarantee about the accuracy of information if the registrant provided inaccurate information.