How to Check If a Domain Is About to Expire (Before It's a Problem)

Domain expiry is one of those failures that is entirely preventable but happens constantly. A company lets a domain lapse for a week, a squatter registers it immediately, and then there's a frantic legal process or a ransom payment to get it back — if it's recoverable at all. This happens to small businesses, large enterprises, and even well-known organizations. The problem isn't technical. It's organizational.

Understanding what WHOIS tells you, and putting in place a basic monitoring process, is all it takes to avoid this category of failure entirely.

What WHOIS is

WHOIS is a protocol for querying databases that store information about registered domain names, IP address blocks, and autonomous systems. When a domain is registered, the registrant's details (or at minimum the domain's status and dates) are stored in a registry database and made available for public query.

Modern WHOIS queries often go through RDAP (Registration Data Access Protocol), a newer JSON-based replacement for the older plain-text WHOIS protocol. RDAP provides the same information in a more structured format. Many tools, including ToolsKit's WHOIS lookup, use RDAP when available and fall back to WHOIS.

Reading a WHOIS record

A WHOIS record contains several important fields:

Registration date — When the domain was first registered. Older domains tend to have higher trust with search engines and are less likely to be flagged as newly registered by spam filters.

Expiry date — The most important field. This is when the registration ends. If not renewed, the domain enters a grace period (typically 30–45 days) during which the current registrant can still renew at normal price. After that comes a redemption period (another 30 days) where renewal is possible but expensive. After redemption, the domain is released for anyone to register.

Updated date — The last time the registration record was modified. Can indicate a recent renewal, a registrar transfer, or an update to contact information.

Registrar — The company that sold the domain registration. Not to be confused with the registry (the organization that manages the TLD, like Verisign for .com or DENIC for .de). The registrar is who you pay for renewal; the registry maintains the authoritative database.

Nameservers — Which DNS servers are authoritative for this domain. Useful for verifying that DNS is pointed where you expect, especially after a migration. If you need a refresher on what NS, A, MX, and other record types do, see DNS Records Explained.

Domain status — A set of flags indicating the domain's current state. Important statuses include:

• clientTransferProhibited — Standard protection preventing unauthorized transfer to another registrar. Normal for active domains.
• clientDeleteProhibited — Prevents deletion. Also normal for active domains.
• serverHold — DNS is suspended. The domain won't resolve. Can indicate non-payment or a legal hold.
• pendingDelete — Domain is in the deletion process and will be released to the public shortly.
• redemptionPeriod — Domain has expired, is in the redemption window. Renewal is still possible but costs extra.

Privacy and WHOIS data

GDPR and similar privacy regulations have significantly changed what WHOIS data is publicly available. Most .com, .net, and .org registrations now show redacted contact information — you'll see the registrar's proxy service details instead of the actual registrant's name and address. The domain status, dates, and nameserver information remain public.

For ccTLDs (country-code domains like .de, .uk, .fr), each registry has its own policy on what it discloses. Some show full registrant data; others show almost nothing.

Why domains expire unexpectedly

The most common cause: the registrant's email address changed and renewal reminder emails went to an inbox nobody monitors. The second most common: a former employee handled domain renewals and left the company. The third: auto-renewal was set up against a payment method that expired or was cancelled.

If you manage domains for an organization, these are the controls that actually help:

• Use a shared mailbox (like domains@yourcompany.com) for registrar correspondence — not an individual's work email.
• Enable auto-renewal on all domains you want to keep, and verify the payment method annually.
• Set calendar reminders 60 and 30 days before expiry for critical domains.
• Keep a spreadsheet or inventory of all domains, registrars, and expiry dates. Check it quarterly.

Checking competitor or third-party domains

WHOIS lookups are also useful for:

• Verifying a domain's age before trusting an unfamiliar site (very recently registered domains are a red flag for phishing)
• Checking which registrar a domain uses before initiating a transfer
• Confirming nameservers are pointed correctly after a DNS migration
• Investigating who registered a domain related to your brand