The Commandments of Domain Name Ownership

The simple truth is that there are countless scammers, cybersquatters andother criminal types out there just waiting for anyone with a domain name tomake a mistake that will allow them to steal it from under their collectivenoses. I don’t want to get too wordy here at the risk of information overloadand shear boredom, so I’ll try to be as laconic as possible.

Throughout the many years I have been involved with the hosting business andothers I have witnessed some truly horrifying events involving domain names.Recently a customer of ours was duped out of 0 by a scam originating from asite with the fiendishly clever name of Domain Registry of Canada. While thisscam poses no real threat to losing one’s domain name, it is nonetheless anunderhanded trick taking advantage of busy people or those that are just notaware of such criminal activities. Please view thispage for more information. Pay particular attention to theprovided link to the PDF file showing the cleverly formatted renewal notice – awolf in sheep’s clothing. More information on Domain Name Slamming can beviewed at the Small Business of BC Blog.

While it’s true that domain names on their own are not anywhere near thedollar value they enjoyed in the late 1990’s or early 2000’s, their value isnot all credited to their name value alone. The branding and personal orcorporate identity your domain name provides are an invaluable asset to you andmust be protected!

Of course there are numerous methods that crooks employ to try andcompromise people’s or companies domain names, but as I alluded to above Iwanted to keep this article as short as possible. Suffice it to say, that ifyou follow the directives below, you can rest assured that your domain namewill remain exactly that – yours.

The Commandments of Protecting Your Domain Name(s) Always (I saidalways) Register Your Domain Name Yourself

You may completely trust your web developer, designer or anyone else thatyou’ve assigned to register your domain name but there is nothing certain aboutwhat tomorrow might bring. The annals of my IT career are laden with memoriesof hosting customers who experienced intolerable and sometimes expensivetribulations when there was a falling out with the person listed as the domainname owner. While most web developers or designers and maybe even your bestfriend are certainly as honest as Abe himself, there are some who are capableof doing some very underhanded things.

Don’t fall victim to misplacing your trust. Would you put your home or yourcar in someone else’s name? – probably not. Most domain registrars will allowyou to create limited access entry to your domain name’s control panelinterface. This is handy for changing DNS (Name Servers) or making otherrelated changes but does not allow any changes to domain ownnershipinformation.

Under any circumstances never let anyone other than you be listed as thedomain name owner or administrative contact. You must maintain absolute controlof your domain name – it’s that simple.

Corporate Domain Names Should Always be Registered in the name ofthe Company

The owner of the company or a trusted senior executive officer should be theonly person listed as administrative contact and the only individual allowed tomake ownership changes.

Futhermore any employee, whether senior executive or not, should sign alegal agreement that clearly species the terms and conditions under whichhe/she is allowed certain privileges within the domain’s administrative panel.Such an individual should have no rights to sell, trade, lease or do anythingthat may compromise the functioning of the website, its ownership or any othersimilar critical changes.

Make sure your Registrar only makes changes upon yourapproval

Be absolutely certain that any changes to your domain name’s information isemailed to you within 1-3 hours so that you are aware of it and can immediatelycancel any changes that you did not initiate or approve.

Use a Hard to Guess Password and always Encrypt yourData

I will not say too much about selecting difficult to guess or scan passwords– it’s painfully obvious isn’t it? The fact is that most domain name andwebsite compromises have their origin in hackers either guessing, scanning orobtaining your password and other private and critical information by breakinginto your personal computer or company network. So under this section there are3 critical things you need to do:

Choose a hard to guess password Use best-of-breed virus and malware scannerson your personal computer and your company network. Put a quality firewall androuter in front of all your computers. In our in-house systems we use a productnamed Kaspersky Lab which has really served us well. Now, just in case the badguys get past the lines of defence mentioned above you should encrypt all thecritical data stored on your computer(s). If they see encrypted data, they willmove on and seek another system to compromise – hackers don’t like difficultsituations. There is an encryption software product available from FlexCrypt. This site also offers some goodcontent (in simple terms)through a video and demos on the main page.Never Register a Domain using a Free Email Address

]]>

Free email addresses such as Hotmail will suspend and remove email addressesthat are not used on a regular basis. If you register your domain using a freeemail service and then abandon it, you could be putting yourself in a vulneraleposition. It would be easy for a domain name hijacker to register your emailaddress once it has been deleted by the free email service and then use it tocompromise your domain. Use your ISP’s email address to register your domainand once you have your domain services, such as email set up, then change it toan email that resolves to your own domain.

Place a Register Lock on your Domain

Most registrars will allow you to lock your domain so that it can’t betransferred, changed or deleted by a third party. If your registrar does notinclude this service get one that does. Be sure that you have total lock/unlockcontrol features

Never forget to Renew Your Domain

On occasion our support department gets emails or phone calls from panickedwebsite owners – My site is down!! What’s going on!! Well, it’s not often thatour servers have issues, but they can and do and on some occasions websites canbecome inaccessible. Happens to Google© and happens to us.

When we get such support calls we are normally in a position to already knowthere are some temporary issues and we can quickly let the customer know thatwe’ll be back online real soon. What we can’t fix is a site that is downbecause the domain’s owner allowed it to expire. When this happens theregistrar will shut the site down and without a registered domain the subjectsite is inaccessible until the issue of domain renewal is fully resolved.

There are several steps you can take to prevent this happening to you:

Register your domain for 5 years or longer. Most domains cost only between-15 annually to register and often discounts are available for longerregistration terms. It might, for example, cost only about -60 to register adomain for 5 years. The longer term will take off some of the renewalpressures. Be sure to whitelist your domain registrar’s service email addressso you will not miss renewal reminders from them. You can do this through youremail software (Outlook, Thunderbird, etc) and as an added measure have it doneat the server level as well. If you are not sure of how to whitelist an emailaddress at the server level, simply call your hosting provider and they’llusually do this without charge. Keep renewal dates of all your domains postedon your computers calendar and use reminder alerts

If your domain does happen to expire regardless of the above precautions,all is not lost. Most Domain Name Registrars offer a graceperiod of 30-35 days during which you can recover your domain name withoutpenalty. Although ICANN recommends and suggests registrars allow for a 30 daygrace period, I do not believe that this is caste in stone either.

To be sure, check the posted Terms and Conditions (TOS) to see what theregistrars policy is with regards to expired domain name redemption periods. Ifit isn’t posted or is less than 30 days, look elsewhere. Also check into yourcurrent domain name (if you have a domain name already) registrar’s policy withregards to redemption periods; again, if one is not present or if it’s lessthan 30 days, look for another registrar.

Another few words of advice about this subject is to never do business witha registrar that does not post a clearly visible link to their Terms ofService. This link should be available to you via the website’s main contentsections or on the order page and available to you prior to submitting paymentdetails. Anything less than the latter is unacceptable and you should take yourbusiness elsewhere.

Never respond to Phishing Emails or Click on any Links withinthem

Have you ever received an email asking you to provide your bank accountinformation, your PayPal information or your domain name information or toclick on a link to update your personal data. These are aptly named “phishingemails” (yes, a play on fishing, as in hook, line and sinker)and usually lookvery official and can trick the unwary into getting scammed. For more onphishing scams visit The PhishTank itself.

As a general rule never click on any links within suspicious emails youreceive or open attachments. The only thing you’ll find on the other end isenormous problems you’re best to avoid. I highly recommend that you visit ThePhish Tank’s FAQ where you will find a volume of information aboutphishing.

Never accept Free Domain Name offers from Internet ServiceProviders

Many Internet Service Providers – hosting providers, online servicesproviders and the like – often offer a free top level domain name as amarketing ploy to entice site visitors to sign up for their services. Thesecould be legitimate offers but when you see “free” be sure to read the fineprint before you lay your credit card on the table.

For example, if you sign up for a hosting account and the site simply asksyou to insert your choosen domain name in a field within the online form, watchout because you may be handing over control of your domain name. The hostingprovider can simply register the domain in their own name, pay for it and thenallow you to use it. The catch? – since they basically gave it to you for freethey’ll post a proviso in their Terms of Service that clearly states they ownthe domain. They may also list circumstances of how you can get it back and/orwhy you can’t.

Some may do the right thing by letting you register the domain and thencrediting your account in some manner or another. A smarter way to add value toa service, but frankly to save -15, I would rather just leave it alone and notcomplicate my domain registration in any way at all. There are better ways toenhance services and more prolific services to enhance.

I sincerely hope that this article has helped you and I hope that you willtake action to not only protect your domain names, but to protect youridentity, your bank account and the information stored on your computer.

I am not one to live in a glass house and throw rocks. I’ve been on theInternet since Compuserve was one of only a few providers and access time costUS an hour. I’ve also been hit square between the eyes with many of the issuesI write about above. This is serious stuff, and while my friends and familyknow me as the old light-hearted joker, this article is not a joke in any waywhatsoever.

Please don’t wait until security issues cause you immense and oftenirreparable pain. Identities are stolen every day by dishonest Internethackers; computers are compromised every day by the same criminals; phishingscams catch thousands upon thousands of unaware Internet users every month.

Far too many Internet users wait until it’s too late; they only deal withsecurity after they have been compromised. Please don’t let it be you. Protectyourself as best you can – security is not a perfect science but if you make itdifficult on the scammers and bad guys out there, chances are they’ll leave youalone and move on to an easier target.