Skip to content

Why Yahoo Private Domain Registration Is Not Private

Why Yahoo Private Domain Registration Is Not Private published on 12 Comments on Why Yahoo Private Domain Registration Is Not Private

In short:

It’s not possible to either transfer or cancel a domain registered this way without making your personal information public. Yahoo’s description of the service is dishonest about this.

At length:

The WHOIS info for a domain using Yahoo’s private registration service looks like this:

WHOIS information for:


Organisation Name…. Sarah Pin
Organisation Address. P O Box 99800
Organisation Address.
Organisation Address. EmeryVille
Organisation Address. 94662
Organisation Address. CA
Organisation Address. US

Admin Name……….. PrivateRegContact Admin
Admin Address…….. P O Box 99800
Admin Address……..
Admin Address…….. EmeryVille
Admin Address…….. 94662
Admin Address…….. CA
Admin Address…….. US
Admin Email……….
Admin Phone………. +1.5105952002
Admin Fax…………

Tech Name………… PrivateRegContact TECH
Tech Address……… P O Box 99800
Tech Address………
Tech Address……… EmeryVille
Tech Address……… 94662
Tech Address……… CA
Tech Address……… US
Tech Email………..
Tech Phone……….. +1.5105952002
Tech Fax………….

The process of transferring a domain from one registrar to another requires the following steps:

1) You unlock the domain on your present registrar.

2) You get your domain’s “authorization code”/”transfer secret”/whatever we’re calling it from your present registrar (in Yahoo’s case, it can be found on the domain control panel), and give it to the new registrar.

3) The new registrar checks your WHOIS info and sends an email to the address listed under “Admin Email.”

4) You go to a URL provided in the email to confirm the transfer.

4b) If you don’t click on the URL within seven days, the transfer is canceled. This appears to be the only way to cancel a pending transfer – if there’s a problem, you’ll have to wait seven days to try again.

You’ll notice that the admin email address in the information Yahoo provides is Now, on its page (screenshot) describing the private registration service, Yahoo says

* When you sign up, our partner Melbourne IT updates your registration listing with generic contact information that points to Melbourne IT’s offices.

* Whenever someone looks up your domain and tries to contact you, Melbourne IT receives the call, email, or letter and screens the information on your behalf.

* Melbourne IT forwards prescreened communications to you, so you can reply as you see fit.

Okay, now think about this for a second – as I obviously didn’t, once upon a time. That one, single email address appears in the WHOIS data of every single person who uses this service. And they’re saying they’re going to forward your stuff to you. How are they going to do that?

You can’t hack together a Perl script for this. Actual human beings would have to read every single email to figure out who they were for – something no one wants happening to their private correspondence, particularly someone signing up for a privacy service. This would take hundreds of actual human beings, working full-time.

So what they claim they’re doing makes no sense, particularly given that there is an extremely cheap, simple alternative – giving every domain an individual forwarding address. The only thing cheaper and simpler would be never to forward anything at all. Logically, what must be happening is that they never forward anything at all.

They don’t. When you email that address, you get an email back saying


You are attempting to contact a domain name that is protected by “My
Private Registration” service.

To ensure that your message is delivered to the administrative contact
you will need to complete the form at the following web site.

You will need to submit the following information:

* Your Name & email address

* Your Message to the registrant


“My Private Registration” Team.

MelbourneIT and Yahoo’s communications seem to have broken down somewhere. MelbourneIT is not even maintaining the pretense.

That address takes you to an email form (screenshot). Upon clicking the “send” button, one is taken to a blank, broken-looking page (screenshot). I transferred my domain before discovering this, but haven’t yet canceled my subscription to Yahoo, so they still have my contact information on record. Emails I send to myself using this form do not go through. (I’d be interested in data from other people.)

So. When you try to transfer your domain, the email the new registrar sends to goes into a black hole, making it impossible for you to conclude your transfer. Yahoo’s instructions (screenshot) for transferring a domain do not, as they should, mention this as a possible problem.

The only way to get a real email address into your WHOIS info, and thus transfer the domain, is to cancel the private registration service, making all your information public. Unless you choose to break the law (US law, anyway), and change some of your info to some made-up crap before canceling.

Even doing the latter, I’m not sure you could keep everything safe, as Yahoo doesn’t permit you to edit certain fields of your WHOIS data. When I first set up private registration on my domain, I found that my “Organization Name” field was still set to my real name. As I couldn’t edit the field, I had to file a support request to get them to change it.

Another option would seem to be to let the domain expire and then re-register it. However, expired domains tend to get bought up by scammers hoping to resell them to you at huge margins. If you want to continue using the domain, this isn’t a good idea.

It at least seems like it would be all right to let the domain expire if you decide you don’t want it anymore. However, according to this user of the service, Yahoo will, again, allow all your private information to get into the WHOIS database upon the expiration of your contract. This is particularly unsettling, as it seems logical that any remnant data left in the WHOIS database would be the last visible data, that is, the data. This switch to the private data strikes me as something that would take actual effort on Yahoo’s part to implement.

Generally, incompetence is a safer bet than malice in technology failures. However, in this case, every action a user might take that would take his/her money away from Yahoo ends up revealing his/her private information. It’s really hard to see this as anything other than blackmail.

Other pages discussing Yahoo domains issues:

Two extremely detailed blog posts by the person mentioned above whose data ended up in the WHOIS database after cancellation: 1, 2

A message board thread.

(links below added August 13, 2008)

Placebo Effect >> Yahoo Private Registration holds your domain hostage

ingenesis design blog >> Yahoo Private Domain Registration Too Private? Oh, and Yahoo sucks. – Post by someone who was unable to use an SSL certificate with a domain using Yahoo private registration. Forums >> How to contact the owner of a private registered domain on Yahoo? – Post by someone who was told by Yahoo that they would not forward his communications to a domain owner. As discussed above, this runs counter to their stated policy.

(added April 6, 2009) – Transfer question…Awaiting Release From Losing Registrar – Another message board thread.

Also, the text of a support request I sent to Yahoo asking why my confirmation email hadn’t been forwarded. I never received a response.

Warning: count(): Parameter must be an array or an object that implements Countable in /home/public/wp-includes/class-wp-comment-query.php on line 405


I do too have exactly the same problem with Yahoo… Suddenly, Yahoo decided to increase its fees by the factor of four. I had about 30 domain names there. Besides, Yahoo has a very bad domain management service compared to

So, I decided to transfer them to the older company that I had registered dozens of domains… I encountered many problems in this transfer deal. I am very busy with my work, family and other activities…. Finally, after about six months, I was able to transfer about 18 of my domains to To my dismay, I learned that my transfer request failed for one. It took me while until I learned why, which let me to this very informative page… Interestingly, this one with private registration contract is going to expire in 27 days. Honestly, I do not want to pay Yahoo one extra penny.

I found Yahoo’s sudden four-fold increase in its fees to be outrageous, if not fraudulent. They lured me and many others with a low initial registration fees and then made the transfer difficult, especially for those who do not have time or know-how.


Yeah, I wouldn’t be surprised if there are lawsuits at some point – a guy here says he had several hundred domains on there when the hike went into effect. I’m not sure what form they should take, but there definitely need to be protections in place for this kind of thing. My feeling is that the privacy issues render this not only a consumer protection issue but a civil rights one. There are people who need anonymity for reasons of personal safety, and Yahoo is taking advantage of them.

(Incidentally, if you’re looking for a registrar that’ll both keep your information private and allow you to transfer to another service, NearlyFreeSpeech has worked for me so far – though you do have to host with them, or at least set up a landing page there, to get a domain.)

To avoid issues like this you need to gor for offshore private domain registry like [URL removed] etc.

Given the incredibly poor quality of that registrar’s documentation, it’s impossible to tell whether it’s actually any better than Yahoo in this regard. Where a company is located has no bearing on its honesty.

This is an important subject; if you want to give sloppy advice on it, do it someplace else.

I have had a similar experience trying to help a client transfer their domain away from MelbourneIT. The private email setup totally scuttled any attempt at transfer, as we were transferring 3 days before the name expired. We are now waiting until the name expires totally. Bit of a gamble, but there is a difference in price of more than A$50 per year.

A quality registrar I deal with for my domains: – – little bit more expensive, but great support and really good control panel. I don’t work for them; just with them. At the moment we manage 30+ domains with them, but they will soon be launching a complete API for domain registration, so we will then transfer our 100+ .com and other domains across to them as well. We host with Verio, and they use MelbourneIT as their registrar too. Luckily we only have a few private registrations with Verio; preferring instead to provide our own dummy contact details.

As far as I know, there is NO international body apart from ICANN [ ] who has the job of monitoring how these “outlaws” operate. The industry is still very young, with a real “Wild West” attitude among many of the businesses we deal with.

Good luck.

I wanted to transfer my website with Yaoo after one year, time ended 31 october last year. I did not manage to get in touch with Yahoo in time.I was billed for another year $119, still I did not manage to get in touch and after some time the charge was raised to $131. Eventually I got in touch with Yahoo in Nebraska on the phone (from Gothenburg Sweden) and after 30 min conversation I understood that Yahoo required me to pay the whole amount before they would transer my domain. Reluctantly I tried to pay by my VISA card but even that was not possible because the Yahoo program handling the payment rutine failed. My card is valid, there is money on the account and other payments have been made recently by the same card. Once again I tried to get help from the Yahoo support to have the obstacle fixed, the money received and the domain transferred. The only thing that I have received is a list of hypothetic questions and answers. The Yahoo is now blocking my domain and website, despite the fact I am willing to pay the amount they fraudulently require.

Any advice and help to get me out of Yahoo and have my domain transferred would be appriciated.

Anyone among you who has (1) motivation, (2) time, and (3) resides in the USA should contact several big law firms who deal with class actions against corporate fraud and may list my name as one of the main plaintiffs/witnesses against Yahoo. Peace. You do not need to have money to open a class action, since if a law firm find case meritorious and lucrative, then they will sign a contingency agreement with you and other members of the class action.