Do not lose your …

Posted by: Andy  :  Category: Web Security

Do not lose your domain again

Is your domain really safe? There is a number of common mistakes which can lead to a permanent loss of your domains. The most common ways that domains are lost are:

1. Inadvertent domain expiration: The owner does not renew the name in time and it is snatched up by a domain speculator. This is often caused by failure to receive renewal notices because of out of date contact information.

2. Domain hijacking or theft: A domain hijacker effectively ‘steals’ the domain by submitting a fraudulent registrar transfer request and tricking an unsophisticated domain owner or registrar into giving them control of the name. More sophisticated hijackers can also hack your email address account and, in such way, take control of your account at registrar.

At this point, legal options can be expensive and time consuming. Since the domain has been transferred away from the domain owner’s original registrar, this registrar is often powerless in assisting. Domain hijackers are aware of this and commonly transfer domains to countries far away from the original owner – making legal recourse cost prohibitive.

3. Inaccurate contact information: your name can be cancelled if your domain information is not accurate and you fail to respond to a registrar’s inquiries within fifteen days!!! (Section of ICANN’s Registrar Accreditation Agreement). In the past, this section was seldom enforced, however as of October 2003, ICANN is requiring all registrars to contact their customers on a yearly basis to verify domain information.

Now let’s see how you can protect yourself from these common mistakes.

1. Keep track of your domain names’ expiration dates and keep your contact information up to date: remember that the most of inadvertent domain expirations and many fraudulent transfers are due to out of date contact information.

2. Be careful who is listed in your contact information. You or your organization should always be listed as the organization and administrative contact.

When registering corporate domain names, make sure that the company name is listed as the owner of the domain. Do not allow an outside web site designer or host to be listed as either the domain owner or administrative contact. If possible, the business owner or a senior executive should be listed as administrative contact since this person will be authorized to modify or change ownership of company domain names.

3. Be careful when using free e-mail addresses from services like Hotmail. Many free e-mail services will automatically suspend or delete your e-mail account if you do not log in frequently enough. Once your e-mail account is deleted, a domain hijacker can sign up for your same e-mail address and use it to give permission to transfer your domains away from you.

If possible, avoid using a free e-mail address on your domain records. If you are using a Hotmail account, you may want to consider paying to upgrade your account to exempt you from their 30 day inactivity policy.

As an additional security measure change often your email account and registrar account passwords to avoid hacking.

4. Place a registrar lock on your domain. This will lock your domain record at the registry level and prevent it from being transferred, modified or deleted by a third party. This feature is very helpful in protecting your name against unauthorized transfers and hijacking.

5. Do not reply (or click on any links) in any domain related e-mail correspondence you do not recognize. Also be careful not to reply to any ‘official looking’ renewal notices you receive in the mail from companies you do not recognize. Domain hijackers and unscrupulous registrars have been known to submit mass amounts of transfers hoping that a small percentage of confused registrants will accidentally confirm the transfers. When in doubt, contact your original registrar to verify any suspicious messages.

6. Add your registrar’s domain name to your spam filter’s approved sender list. If you (or your ISP) are using a spam blocking service, you run the risk of not receiving domain renewal notices from your registrar if they are incorrectly categorized. You can prevent this from occuring by adding your registrar to your list of ‘approved senders’. This will automatically bypass any filtering and ensure that all renewal notices make it straight to your inbox.

7. Consider renewing your domain name early and for a longer amount of time. If your domain name is critical to your business and is one you will want for years to come, consider renewing your domain registration in five year increments. This will avoid yearly registration hassles and prevent your domain from accidentally expiring.


Leave a Reply