So far the only registrar that manages to hide my account email from whois, is Dynadot. This includes
1. domains I transfer to them,
2. domains I buy at their marketplace,
3. domains that I push from another Dynadot account to mine,
4. domains I hand register,
5. domains I register through their api
In none of these cases the domain ended up using my account email in the whois. It correctly used my default whois email address. Unfortunately this is not the case with other registrars I used. My idea is very simple, if somebody doesn't know my account email they can not hack into it.
Registrars should really separate account email and whois email from the very beginning, the moment you open an account with them. They should ask you to enter an account email and to enter a default whois email. For lazy people they can add a checkbox that says "use the same". However I have never seen any registrar do that. I'm still waiting for that day to come. Until then I will just keep fighting with their stupid user menus to try to hide my account email from whois.
By the way, no, Godaddy preset profiles or namecheap user profiles does not hide your account email from whois in all the above cases. Even if you ignore #5 (api registrations) they still fail in some of the other 4.
A good registrar must not display my account email to the public in any of the above cases. Why are those people always so stupid who manage those registrar sites? It is obvious that accounts emails should not be displayed. It gives hackers a target to work on.
Right now there is a topic by somebody who has his email hacked and domains stolen.
http://www.namepros.com/legal-issue...main-senegal-com-please-help.html#post4098667
We see one of those topics every month.
