Peter’s Blog

INTRODUCTION

Recently I have been dealing with a domain theft. Trying to locate information and warning the original user. 1 thing this process has brought to light is the little people know about securing domain names.
The following is my thoughts on how to best secure your domain names. This is by no means a complete guide however if you think you can add too it please feel free in commenting and I will keep this post updated.

Importance Of Updated Whois

Some people are very concerned with privacy and as such put false information in their whois. This is dangerous on 2 counts.

1. Having incorrect whois information makes it hard/impossible for your registrar to contact you in the event of a problem.
2. It is against ICANN’s rules to have false information. If you are caught you could find your domain confiscated. You also run the risk of if you are subject to a WIPO they will be unable to contact you and you will most likely lose the hearing by default.

The proper way to handle your privacy is to use something called Whois privacy, almost all registrars offer this type of service. I would urge you to avoid using a whois privacy service not associated with your registrar as you are unlikely to receive any necessary correspondence. Some cctld’s offer this service free for private individuals at no extra cost (for example .co.uk offer this).

SECURING YOUR WHOIS

Regardless of whether you have whois privacy enabled on your domain or not I believe it to be a good practice to use an email address solely for whois information. This is the domain people will come to know as your whois email. If this is only used for whois and they hack it they cannot do much damage with it. On the other hand if they hack this email and it is the same email used for your registrar then they can simply use the forgot password feature of your registrar to get the password, the rest is easy.

Bottom line is make sure your whois information is 100% accurate and updated.

SECURING YOUR REGISTRAR

There are several things you can do to secure your registrar. The first consideration you have is which registrar to use. Make this decision wisely, some registrars handle security better than others. Check out what features these registrars offer to help with security, even if it is simply emailing you when changes are made. Ensure you have a way to contact the registrar in the event of a problem. There is no point having a contact number for your registrar if they either never answer or are closed a lot. Once you have settled on a registrar then when signing up with them ensure you do the following:-

• Supply valid information on sign up
• Use a different email than your whois email
• Choose a secure password, avoid words and ensure that the password contains uppercase, lowercase, numbers and if possible special characters
• Enable any security features the registrar offers
• Ensure registrar lock is enabled by default if possible

Some registrars also offer extra services to further secure your domains. These services can make it extremely hard to transfer a domain but if this is the registrar you are going to be with long term then all is fine why would it matter? That exact hindrance is too your benefit.

If during sign up the registrar asks for security questions step off of the beaten track. A lot of people use questions such as the following as security questions:-

• Place of birth
• Mothers maiden name
• Date of birth

If the person has your name and town it really is not difficult to find out these pieces of information using publicly accessible resources. If you can make up your own question make something very obscure up that no one else could ever no, not even your family or friends.

OTHER CONSIDERATIONS

Other best practices can include ensuring for example that you use software that can track your domains, ensure this software also contacts you in some way in the event of any changes to the whois of your domain. If you couple this with for example email notifications from your registrar you are ensuring that you have a fail safe. If 1 method fails you have a backup.

WHAT IF MY DOMAIN IS STOLEN

If you are unfortunate enough to find your domain is stolen you should first and foremost contact the registrar to stop any transfer. While this is happening ensure you change ALL of your passwords, this includes your email passwords and registrar passwords.

Also make a big stink about it, post on forums such as Namepros and DNForum, or of course any other trading forum or social network sites. The more people know about it the more people you can rely on to keep you updated and alert you of any changes.

Have I got anything wrong here? Have I forgotten anything? If so please do leave a message. Also if you have something to add please do. I will ensure this post is kept updated with more and better information.

If you wish to use this article on your own site please do as long as you credit this blog for that information. The more people who know how to secure their domains the better. Lets make as difficult as possible for the thieves, lets make their life a living hell.

Tags: Bottom Line, Cctld, Correspondence, Domain Names, Domains, Email Address, False Information, Hack Email, Hard Contact, Icann, linkedin, People Names, Privacy Service, Private Individuals, Regist, Risk, Securing Your Domain Name, security, theft, Whois Email, Whois Service, Wipo

This entry was posted on Monday, January 26th, 2009 at 1:06 am and is filed under General. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.