How to Avoid Losing Your Domain

Recent headlines tell us that there are more and more hackers in countries around the world willing to take a shot at cyber crime. One way for cyber criminals to make money is to steal domain names. For anyone who has a valuable domain name stolen, the effects can be devastating. Domain owners need to understand how domains are stolen, and the steps they can take to protect their domain from theft or just plain old neglect!

In the same way that a boat or a car has a record of ownership, a domain name does too. When you register a domain, you reserve ownership over the domain for a certain period of time. Year after year, you extend your claim over the domain by renewing it before it reaches the end of its registration term.

Even though a domain name is not something tangible like a car or a boat, it can have far more importance to a company than anything that can be picked up and carried away by a thief. A single record of registration is used as the gateway to an online market of billions. The domain name is tied into print media, web site links, email addresses. It is embedded in the fabric that binds the real world to the online world.

You never hear of cases where the ownership of a boat changes hands without the owner realizing it. In today's highly automated world, most domain name registrars allow their customers to manage all their domain name registration records online, in real-time, automatically. This level of convenience allows domain names to be sold extremely cheaply. However, it also opens the door for thieves, and puts more of the responsibility for ensuring the security of domain names in the hands of the domain owner.

Suppose a criminal scopes your domain name and sees that it could hold some money making potential for them. The first thing they will do is investigate how to potentially get access to the account you use to manage your domain name registration record. The most common way this is done is to discover and hack into the email address used in the domain registration record. If a criminal knows the email address used to register your domain, their chances of getting control of your domain increase dramatically.

All registrars are required to show your contact records to the public. One important step you can take to protect your domain name is to use a service that hides your actual email address from the public. This service - available at most registrars - has different names such as 'whois protection', 'privacy guard', or 'whois proxy'. Basically it works by placing an intermediary company to replace your contact information and email address with theirs. The company is responsible for protecting your information and forwarding all contact requests to you. You still own the domain and manage the registrations of course. The small fee paid to hide your email address and protect your domain is a good deal. Not to mention the benefit of reduced spam and other solicitations.

Yet, the hacker might not be discouraged at this point. There are tools they may use to examine the history of changes to your domain records before you added privacy protection. So once your records are protected, the next thing to do is to modify your account information and registration record to use a new email address. The new email address should ideally be a newly created SMTP email account with a separate username and password. It is important to check this address regularly for new email! Most email software like Outlook or Thunderbird allows you to check multiple email boxes.

Once your email address is hidden and you have assigned a new email address to the contact information of your domain account you have taken a very meaningful first step to protecting your domains. The next most important thing to do is to get all your account details together and file them somewhere you will remember. Print out your ownership records (also called the 'WhoiIs' record) along with the print date. Write down the username and password of your account and include the name of the company you registered your domain with.

Keep in mind that a domain name can be registered for up to 10 years and it's likely that you won't need to change it for years at a time. In that time a domain name registrar may change ownership or even be forced out of business. If you need to make a small change to the domain such as changing web hosting providers, it makes the task so much easier if you have all your information easily accessible.

Over the years things change; you might change jobs, or your business might move for example. Your phone number could change. It is very important to take a moment to update your domain records with the new information. In the worst case scenario, failing to keep your domain ownership records updated can cause you to lose your domain! Who needs hackers when you can do it to yourself? When you change email addresses, update your records with the new address before the old address is disabled. The same thing applies when your company moves, or changes phone numbers.

Be aware that a domain name has an expiration date on it! The single most common reason that people loose control of their domain is that they failed to realize the domain name had expired! Make it at least a yearly task to check the expiration date on your domains. If it's your birthday, take a moment to check up on your domain. Keep an eye for renewal alerts in your email box. Check the billing information on your account as well. If your domain is set to renew automatically, it might fail if the billing info you have on your account is no longer valid. Even if you renew your domain to its maximum registration term, make it a paranoid obsession to check up on its expiration date.

Beware of disgruntled employees and contractors. Anyone who manages your information systems, or who is responsible for managing your registration records basically has the keys to your castle. Can you really put your trust in their hands? If you have a dispute with your web site designer or an employee, are your domains and accounts safe from their wrath?

As the domain owner, you may choose to delegate the management of your domains and websites to employees, assistants or service providers. In this case you might want to work with your registrar and ask that all changes made to your domain names are approved with you beforehand. This often involves setting up a separate contract or agreement that describes special procedures to be followed in the approval process. The extra steps involved will remove the convenient automation of domain management and will add costs and slow down the process of making changes. If a domain name has extreme importance to the operation of a company, then adding an approval process before allowing changes makes complete sense.

In summary, here is a list of the steps domain owners can take to keep their domains safe:

  • Use services like WhoisProtector to hide the contact information of your domain
  • Use a separate email address for the accounts you use to manage your domains
  • Retain information about your ownership records and account access details
  • Store that information in safe place
  • Make sure you as the owner are in full control of your domains
  • Keep your domain records and account and billing information up to date
  • Make sure your domains are renewed every year
  • Ask your registrar to consult with you before allowing changes