Research Relay LLC -- Domain & WHOIS Privacy¶

Overview¶

This document covers domain privacy, DNS configuration, and SSL strategy for research-relay.com. The goal is to keep the owner's personal information out of public WHOIS records and to set up a secure, performant DNS infrastructure.

1. Current Domain Status: research-relay.com¶

Action Required¶

Check the current WHOIS privacy status of research-relay.com:

Visit https://lookup.icann.org/ and enter research-relay.com
Verify the following:
WHOIS privacy is enabled (registrant info is redacted)
Registrant email is not a personal email
Registrant phone is not a personal phone
Registrant address is not a home address
Nameservers are correctly configured

If any personal information is currently exposed in WHOIS, fix it immediately by: - Enabling WHOIS privacy at your current registrar - Updating registrant contact to business email once Zoho is set up - Or transferring to a registrar with automatic WHOIS privacy (see below)

2. Domain Registrar Comparison¶

All three recommended registrars include free WHOIS privacy. The question is which best fits the overall infrastructure.

Cloudflare Registrar¶

Aspect	Details
WHOIS Privacy	Free, automatic -- redacts all personal information
Pricing Model	At-cost (wholesale price, zero markup)
.com Renewal	~$10.11/year (wholesale, varies slightly)
DNS	Cloudflare DNS included (fastest public DNS)
SSL/TLS	Free Universal SSL certificate (auto-renew)
CDN	Free Cloudflare CDN included
DDoS Protection	Free DDoS mitigation included
DNSSEC	Free, one-click enable
Registrar Lock	Yes
Additional Security	WAF, bot management, Zero Trust (free tier available)
Limitations	Must use Cloudflare nameservers; no hosting included; UI is developer-oriented

Namecheap¶

Aspect	Details
WHOIS Privacy	Free (branded as "Withheld for Privacy")
Pricing Model	Competitive retail (first-year discounts common)
.com Renewal	~$14-16/year
DNS	Basic DNS included; PremiumDNS is a paid add-on
SSL/TLS	Sold separately (free options via Let's Encrypt)
CDN	Not included
DNSSEC	Supported
Additional Services	VPN, email hosting, SSL certificates as add-ons
Limitations	Upsells during checkout; renewal prices higher than initial registration

Porkbun¶

Aspect	Details
WHOIS Privacy	Free on all domains
Pricing Model	Flat-rate, no renewal price hikes
.com Renewal	~$11.06/year
DNS	Cloudflare-powered DNS included
SSL/TLS	Free SSL certificate included
CDN	Not included
DNSSEC	Supported
Additional Services	Email forwarding, URL forwarding included
Limitations	Smaller company; less ecosystem integration

Recommendation: Cloudflare Registrar¶

Transfer research-relay.com to Cloudflare Registrar. Reasons:

At-cost pricing -- cheapest long-term option for renewals
Automatic WHOIS privacy -- no configuration needed, complete redaction
Integrated DNS + CDN + SSL -- everything in one place, free
DDoS protection -- important for an e-commerce site
DNSSEC -- one-click enable for DNS security
Performance -- Cloudflare has the fastest authoritative DNS
Zoho Mail integration -- Cloudflare has specific MX record guides for Zoho

The main trade-off is that you must use Cloudflare's nameservers, but since Cloudflare DNS is the recommended DNS provider anyway, this is not a downside.

3. WHOIS Privacy: What It Hides and What It Does Not¶

What WHOIS Privacy Hides¶

When WHOIS privacy is enabled, the following registrant fields are redacted or replaced with the privacy service's information:

Field	Without Privacy	With Privacy (Cloudflare)
Registrant Name	Owner's real name	"REDACTED FOR PRIVACY"
Registrant Organization	Business name (if set)	"REDACTED FOR PRIVACY"
Registrant Street	Real address	"REDACTED FOR PRIVACY"
Registrant City	Real city	"REDACTED FOR PRIVACY"
Registrant State	Real state	Redacted
Registrant Postal Code	Real zip code	"REDACTED FOR PRIVACY"
Registrant Country	Real country	May still show country
Registrant Phone	Real phone	"REDACTED FOR PRIVACY"
Registrant Email	Real email	Proxy email or redacted
Admin Contact	(same as registrant)	Redacted
Tech Contact	(same as registrant)	Redacted

What WHOIS Privacy Does NOT Hide¶

Even with full WHOIS privacy, the following remains visible:

Field	Always Visible
Domain Name	research-relay.com
Registrar	Cloudflare, Inc. (or whichever registrar)
Creation Date	When the domain was first registered
Expiration Date	When the domain registration expires
Updated Date	When WHOIS was last modified
Nameservers	The DNS servers used (e.g., Cloudflare NS)
Domain Status	Active, locked, etc.
DNSSEC Status	Whether DNSSEC is enabled

Since GDPR implementation, most registrars automatically redact personal data for EU-based registrants. For US-based registrants, WHOIS privacy must be explicitly enabled (though Cloudflare and Porkbun do it automatically for all registrants).

Important Caveats¶

Some TLDs do not support WHOIS privacy. Notably .us, .ca, and .in require public disclosure. The .com TLD fully supports WHOIS privacy.
Law enforcement and ICANN can still request real registrant data from the registrar. Privacy protection hides data from public view, not from legal processes.
Historical WHOIS data may exist. If the domain was previously registered without privacy, historical WHOIS records may be cached by third-party services (DomainTools, etc.). Check and ensure privacy has been on since registration or transfer.

4. DNS Provider: Cloudflare (Recommended)¶

Why Cloudflare for DNS¶

Benefit	Details
Speed	Fastest authoritative DNS globally (1.1.1.1 network)
Free tier	Full DNS management at no cost
DDoS protection	Automatic, included on all plans
DNSSEC	One-click enable, free
SSL/TLS	Free Universal SSL (auto-provisioned, auto-renewed)
CDN	Free global CDN for static assets
Page Rules	URL redirects, caching rules, security settings
Zoho Compatibility	Specific guide for Zoho Mail MX/SPF/DKIM records
Analytics	Free DNS and traffic analytics
API	Full API for automation

DNS Records Needed for Research Relay¶

Record Type	Name	Value	Purpose
MX	@	mx.zoho.com (priority 10)	Zoho Mail delivery
MX	@	mx2.zoho.com (priority 20)	Zoho Mail backup
TXT	@	v=spf1 include:zohomail.com -all	SPF for email auth
TXT	zmail._domainkey	(Zoho-provided DKIM key)	DKIM for email auth
A	@	(web hosting IP)	Website
CNAME	www	research-relay.com	WWW redirect
TXT	_dmarc	v=DMARC1; p=quarantine; ...	DMARC policy

Email Authentication (SPF + DKIM + DMARC)¶

All three records are critical for: - Preventing email spoofing of @research-relay.com addresses - Ensuring business emails land in inboxes (not spam folders) - Building domain reputation over time

Set DMARC to p=quarantine initially, then move to p=reject once email flow is confirmed working.

5. SSL/TLS Certificate Strategy¶

Recommendation: Cloudflare Universal SSL (Free)¶

If using Cloudflare as DNS/CDN proxy, the free Universal SSL covers: - research-relay.com - *.research-relay.com (wildcard subdomains) - Automatic issuance and renewal - Domain Validated (DV) certificate - TLS 1.2 and 1.3 support

Do You Need a Paid SSL?¶

No. For an e-commerce site, the free Cloudflare Universal SSL is sufficient: - DV certificates are the standard for e-commerce - EV (Extended Validation) certificates no longer show the green bar in modern browsers and provide no meaningful trust signal to customers - Payment processing happens on Stripe/processor's domain (their SSL covers it) - The padlock icon appears the same regardless of certificate type

SSL Configuration¶

Setting	Recommended Value
SSL Mode	Full (Strict)
Minimum TLS Version	TLS 1.2
Always Use HTTPS	Enabled
Automatic HTTPS Rewrites	Enabled
HSTS	Enable after confirming site works correctly

6. Defensive Domain Registration¶

Current Situation¶

research-relay.com -- Owned (primary domain)
researchrelay.com -- Taken but parked (not owned by us)

Should You Register Defensive Domains?¶

For a small, solo e-commerce business, the answer is selective and limited:

Worth Registering (If Available)¶

Domain	Priority	Reason	Est. Cost
research-relay.net	Medium	Common alternative TLD	~$10/year
research-relay.org	Low	Less likely to be confused	~$10/year
researchrelay.net	Low	Without hyphen, .net variant	~$10/year

Not Worth Registering¶

Domain	Reason
researchrelay.com	Already taken/parked -- cannot register
Typo variants	Too many possibilities; low ROI for a small business
.co, .io, .shop variants	Unlikely to cause confusion at this scale

Defensive Domain Strategy for Solo Operator¶

Check availability of research-relay.net and research-relay.org
If available and cheap (~$10-12/year each at Cloudflare), register them
Point them to research-relay.com with a 301 redirect via Cloudflare Page Rules
Do NOT invest more than $30-40/year total on defensive domains
Revisit if the brand grows and becomes a target for typosquatting

Monitor researchrelay.com¶

Since researchrelay.com is parked, it poses a low threat today. But monitor it: - Set a calendar reminder to check it every 6 months - If it becomes active with content that could confuse customers, consider a UDRP complaint (but this is expensive -- $1,500+ -- and only worth it if there is actual brand confusion or bad faith use)

7. Domain Security Checklist¶

At Registration / Transfer¶

WHOIS privacy enabled (automatic on Cloudflare)
Registrar lock enabled (prevents unauthorized transfers)
2FA enabled on registrar account
Registrant email set to business email (admin@research-relay.com)
Auto-renewal enabled

DNS Configuration¶

Ongoing Monitoring¶

Check WHOIS records quarterly to confirm privacy is maintained
Monitor SSL certificate expiry (auto-renewed by Cloudflare, but verify)
Review DNS records if email delivery issues arise
Check Cloudflare analytics for unusual traffic patterns
Verify registrar lock is still active

8. Domain Transfer Process (If Needed)¶

If research-relay.com is not already on Cloudflare, the transfer process:

Unlock domain at current registrar
Get authorization/EPP code from current registrar
Initiate transfer in Cloudflare dashboard (Registrar > Transfer)
Enter EPP code when prompted
Confirm transfer via email from current registrar
Wait 5-7 days for transfer to complete (ICANN-mandated waiting period)
Verify WHOIS privacy, registrar lock, and DNS after transfer

Pre-Transfer Checklist¶

Domain is at least 60 days old (ICANN transfer lock for new registrations)
Domain is not within 60 days of last transfer
Domain is unlocked at current registrar
Have EPP/authorization code ready
DNS records documented (in case they need to be re-created)
Email is working (do not transfer during email setup)

Post-Transfer Checklist¶

WHOIS privacy confirmed active
Registrar lock re-enabled
DNSSEC enabled
All DNS records verified (MX, SPF, DKIM, DMARC, A, CNAME)
SSL/TLS working correctly
Auto-renewal enabled
2FA enabled on Cloudflare account

9. Cost Summary¶

Item	Annual Cost
research-relay.com renewal	~$10/year
WHOIS privacy	Free (Cloudflare)
DNS hosting	Free (Cloudflare)
SSL certificate	Free (Cloudflare)
CDN	Free (Cloudflare)
DDoS protection	Free (Cloudflare)
Defensive domain (research-relay.net)	~$10/year (optional)
Total	~$10-20/year

Sources¶

Cloudflare Registrar: https://www.cloudflare.com/products/registrar/
Cloudflare Free SSL: https://www.cloudflare.com/application-services/products/ssl/
Cloudflare Domain Pricing: https://cfdomainpricing.com/
Porkbun vs Cloudflare: https://www.hostingseekers.com/blog/porkbun-vs-cloudflare-which-domain-registrar-is-better/
Porkbun vs Namecheap vs Cloudflare: https://www.oreateai.com/blog/porkbun-vs-namecheap-vs-cloudflare/
Zoho Mail Cloudflare DNS Setup: https://www.zoho.com/mail/help/adminconsole/cloudflare.html
Defensive Domain Strategy: https://bpp.msu.edu/magazine/domain-name-strategy-to-protect-brand-identity-september2020/
WHOIS Privacy Explained: https://whois.whoisxmlapi.com/blog/domain-name-protection-vs-privacy