DENIC is only responsible for the registration of domains directly under the Top Level Domain (TLD) .de. It is the domain holders who are responsible for the individual domains as well as for their contents and the services that are made available or processed through them. Moreover, domains are just a useful medium to spare human beings the necessity to remember the IP addresses of the Internet computers. Instead they only need a simple URL like [1] to reach DENIC's website. But domains are not the only means to make webpages accessible to the public or to send e-mails. Users get the required IP addresses only in combination with an Internet access. They are granted from Internet Service Providers (ISP). ISPs have number blocks assigned to them by the Regional Internet Registries (RIRs). So DENIC can never find out directly who is responsible for spam mails or hacker attacks. Neither is DENIC able to block such mails or attacks nor to take any further steps.

The following means are available to launch a spam search:

1.  If the source of trouble is a domain or subdomain under the Top Level Domain .de, you can use our whois query to find out the name of the domain holder and/or the administrative contact (admin-c).

Contact the domain holder and/or admin-c by letter, fax or e-mail and tell them about your concerns. To find out from their log files which individual is responsible and possibly to take further steps, the domain holder or admin-c needs full and precise information from you (mail header and/or exact time/time zone, domain, IP address, and so on).

2.  If the source is a domain or subdomain under another country code Top Level Domain (ccTLD), that is where you should go for your whois search. IANA can tell you which registries are responsible for all the world's ccTLDs.

3.  If the source is a domain or subdomain under a generic Top Level Domain (gTLD), such as .com or .info, you should use the Internic whois search to obtain information about the domain holder.

4.  If the source is an IP address (such as:, the first thing you must know is that the IP address space is currently being administered by five different organizations around the world. You can find out the name of the domain holder and/or administrative contact (admin-c) by making whois searches in the appropriate network:

  •   RIPE NCC (Europe): [2]
  •   ARIN (America): [3]
  •   APNIC (Asia): [4]
  •   LACNIC (Latin America and Caribbean): [5]
  •   AFRINIC (Africa and Indian Ocean): [6]

IANA's website includes a list of which IP blocks have been assigned to whom. In many cases that will already tell you which of the above-mentioned organizations you will need to contact. To give an example, addresses starting with 193, 194 or 195 belong to the zone administered by RIPE NCC. There are, however, other IP addresses, such as those starting with a number between 128 and 172 where it is unfortunately not so easy to establish their assignment, since they have been divided into part blocks and assigned to various RIRs.

You should next contact the IP network owner or admin-c and tell them what the problem is. To be able to find out from their log files the correct contact and to possibly take other steps, they need full and precise information from you (mail header and/or exact time/time zone, domain, IP address, and so on).

For reasons of data protection and/or legitimate other interests, it is initially left to the discretion of the particular provider or domain holder whether or not they disclose the precise contact data to you or whether they take corresponding measures directly themselves. If you have suffered any actual loss or damage, it might be advisable to seek professional legal guidance.