This is somewhat off-topic to the technical description of how WHOIS lookups operate, but I'll share anyway.
A domain owner sets their WHOIS information at their domain name Registrar. A registrar is an entity that is accredited by ICANN to handle the registration and management of domain names. I believe the biggest registrar at this point is GoDaddy (yes, of those provocative Super Bowl ads), but other big ones you've probably heard of include Enom, Network Solutions, and Tucows.
A lot of times the registrars maintain Reseller relationships with various hosting companies, allowing them to sell domains through their own platform. IE, "create your $10/mo hosting account and get a free domain name!"
Registrars can transfer names back and forth between each other. In order to ensure the transfer is authorized, and that the true owner actually does want to move the name, the host-registrar will generate a secret token (called an auth code or EPP) that is sent to the rightful owner of the domain name. The recipient has to enter that EPP code on the receiving registrar in order to pass along the "handshake" that this is in fact an authorized transfer.
However, there's a major flaw in this design. That auth code is typically sent to the administrative email on file with the registrar — information that lives in the public WHOIS database! Now, why is that a problem?
A savvy attacker can generate a list valuable domain names, programmatically scrape all of the administrative emails from the WHOIS data, and then go check which of those emails are available. For instance, if I had set the admin email on my domain portfolio to "Peter@PetersPortfolio.com" but then let "PetersPortfolio.com" expire, anyone can go register that domain name and "hijack" my email. Doing so gives them control to initiate a transfer on my domain name, receive "my" EPP key to the email they control, and then fraudulently authorize the transfer at the receiving registrar.
So, my account at the registrar is never directly compromised, but there's a leakage in the authorization control that allows someone to steal the contents of my account, the domains themselves.
I haven't been actively in the domain world for a few years, so some of this might be a bit out of date or patched up at this point. Registrars also include "locks" which sometimes require an additional verification before they allow the transfer which can help mitigate the problem. But the fact remains that the public WHOIS info, especially on the admin email, can cause a lot of headaches.
Lastly, standard disclosure that I've never leveraged any of these techniques, that this write-up is purely for education purposes, that you shouldn't steal domain names or try to, etc.
For further actions, you may consider blocking this person and/or reporting abuse
We're a place where coders share, stay up-to-date and grow their careers.
This is somewhat off-topic to the technical description of how WHOIS lookups operate, but I'll share anyway.
A domain owner sets their WHOIS information at their domain name Registrar. A registrar is an entity that is accredited by ICANN to handle the registration and management of domain names. I believe the biggest registrar at this point is GoDaddy (yes, of those provocative Super Bowl ads), but other big ones you've probably heard of include Enom, Network Solutions, and Tucows.
A lot of times the registrars maintain Reseller relationships with various hosting companies, allowing them to sell domains through their own platform. IE, "create your $10/mo hosting account and get a free domain name!"
Registrars can transfer names back and forth between each other. In order to ensure the transfer is authorized, and that the true owner actually does want to move the name, the host-registrar will generate a secret token (called an auth code or EPP) that is sent to the rightful owner of the domain name. The recipient has to enter that EPP code on the receiving registrar in order to pass along the "handshake" that this is in fact an authorized transfer.
However, there's a major flaw in this design. That auth code is typically sent to the administrative email on file with the registrar — information that lives in the public WHOIS database! Now, why is that a problem?
A savvy attacker can generate a list valuable domain names, programmatically scrape all of the administrative emails from the WHOIS data, and then go check which of those emails are available. For instance, if I had set the admin email on my domain portfolio to "Peter@PetersPortfolio.com" but then let "PetersPortfolio.com" expire, anyone can go register that domain name and "hijack" my email. Doing so gives them control to initiate a transfer on my domain name, receive "my" EPP key to the email they control, and then fraudulently authorize the transfer at the receiving registrar.
So, my account at the registrar is never directly compromised, but there's a leakage in the authorization control that allows someone to steal the contents of my account, the domains themselves.
I haven't been actively in the domain world for a few years, so some of this might be a bit out of date or patched up at this point. Registrars also include "locks" which sometimes require an additional verification before they allow the transfer which can help mitigate the problem. But the fact remains that the public WHOIS info, especially on the admin email, can cause a lot of headaches.
Lastly, standard disclosure that I've never leveraged any of these techniques, that this write-up is purely for education purposes, that you shouldn't steal domain names or try to, etc.