WHOIS Rate Limiting

WHOIS rate limiting is an anti-abuse measure implemented by [[registry-operator|registry operators]] and [[registrar|registrars]] that restricts the number of [[whois|WHOIS]] queries a single IP address or client can make within a given time window. Without rate limiting, automated scrapers can harvest bulk registrant contact data for spam campaigns or competitive intelligence — a practice that [[whois-privacy|privacy regulations]] like GDPR have also curtailed by restricting what data is returned. The [[rdap|RDAP]] protocol, which replaced WHOIS in many contexts, inherits rate-limiting support at the protocol level and allows finer-grained access control, including differentiated responses for authenticated vs. anonymous users. Verisign's WHOIS server for .com enforces a limit of roughly 1,000 queries per hour per IP.