Audit domain contact visibility with a risk model. Compare privacy services, redaction, and aliases quickly. Export results and act before your data spreads widely.
Select what is visible today. The score estimates privacy exposure from WHOIS publication, archives, and linking behavior.
This calculator uses a weighted risk score, then clamps the result to a 0–100 range.
| Rule summary | Points |
|---|---|
| WHOIS privacy disabled | +35 |
| Email visible | +18 |
| Address visible | +14 |
| Phone visible | +12 |
| Name visible | +8 |
| Historic WHOIS records archived | +10 |
| Linked to personal profiles | +8 |
| Website repeats contact info | +8 |
| Email alias/forwarder used | −8 |
| Registry redaction applies | −6 |
| Privacy enabled but PII visible | +10 |
| Risk level bands | 0–25 Low, 26–50 Moderate, 51–75 High, 76–100 Critical |
Sample scenarios show how common WHOIS settings affect privacy risk.
| Scenario | Privacy | Visible fields | Archive | Estimated score | Level |
|---|---|---|---|---|---|
| Personal blog domain | Disabled | Email, address, phone | Likely | 82 | Critical |
| Small business domain | Enabled | None | Unknown | 18 | Low |
| Portfolio with alias email | Enabled | Unknown | 41 | Moderate | |
| Long-held domain with history | Disabled | Name, email | Yes | 73 | High |
Visible WHOIS fields are the fastest risk multipliers in this model. Email exposure carries +18 points because it attracts spam, phishing, and account‑recovery probing. Address visibility adds +14 points due to doxxing and physical targeting. Phone exposure adds +12 points, reflecting SIM‑swap and social engineering routes. A visible name adds +8 points by improving searchability. If privacy is enabled but any field remains visible, a +10 misconfiguration penalty applies.
Registry behavior can change what is published, even when a registrar offers privacy. When registry‑level redaction applies, the score is reduced by −6 points, reflecting fewer disclosed fields in directory outputs. If redaction does not apply, +6 points are added to represent default publication. TLD category captures policy variance: country‑code domains add +6, new gTLDs add +3, and restricted namespaces subtract −2.
Time and repetition make privacy problems harder to reverse. Historic WHOIS archiving adds +10 points because older records may persist after updates. Domain age increases persistence in tiers: ≥5 years adds +4, ≥10 adds +8, and ≥15 adds +12. Identity linking is also modeled: connecting the domain to personal profiles adds +8, and publishing the same contact details on the site adds another +8.
Mitigations lower direct contactability and break correlation. Keeping privacy enabled contributes −5 points compared with being disabled, which adds +35. An email alias or forwarder reduces risk by −8 points and is often the highest‑leverage quick fix. If a phone must be listed, using a virtual number reduces traceability by −5 points. If an address must be listed, a PO box or virtual address reduces exposure by −5 points. Combined controls can deliver a 15–25 point reduction.
Use the calculator as a repeatable audit. Run a baseline score using a current public WHOIS lookup. Apply one control at a time and recalculate to measure impact. Export results to document changes after renewals, registrar moves, or policy shifts. Treat “High” and “Critical” as escalation triggers: remove exposed fields, rotate aliases, and recheck live output until the score stabilizes.
It estimates how easily someone can identify or contact the registrant using public WHOIS fields, policy exposure, persistence signals, and linking behavior, then scales the result to 0–100 for comparison.
Some registries publish fields by default, and some registrar settings only mask parts of the record. The calculator adds a misconfiguration penalty when privacy is on but any contact field remains visible.
Run a public WHOIS lookup from an independent source, capture the output, and tick only the fields you can actually see. Recheck after renewals or registrar changes, because templates and policies can shift.
Disabling public contact fields is the biggest win. Enabling privacy and removing a visible email typically drops the score quickly; pairing that with an alias or forwarder provides additional reduction without changing your operational inbox.
Yes. Organizations often receive more phishing, invoice fraud, and impersonation attempts. Individual registrants face higher personal safety risks, but business domains can still be exploited to reach staff, vendors, and customers.
Review at least quarterly and whenever you change registrar, DNS provider, or contact details. Reassess after incidents like spam spikes, credential alerts, or ownership transfers, because older records and cached outputs can reintroduce exposure.
Important Note: All the Calculators listed in this site are for educational purpose only and we do not guarentee the accuracy of results. Please do consult with other sources as well.