How to protect your domain name

Staying king of your domain

Keeping your domain name safe is a must. Fortunately, it doesn’t require a lot of time. The following six ways to protect your domain are simple to implement, and should top out your checklist of security policies and procedures.

1. Be wary of domain registration hijackers.

Domain registration hijackers bank on confusion. That’s why it’s imperative to know from whom you bought your web domain name and which company hosts your site. For example, many businesses register their websites with a company that is authorized to sell web domains — but that might not be the same company that hosts their websites or provisions a hosted server. This is where hijackers see their opportunity to steal web addresses.

Fraudulent domain name renewal

One way cyber criminals snatch web addresses is by redirecting domain name ownership. First, they send a bill to the owner of a website, stating that it’s time to renew the domain name. If the owner takes advantage of this “service,” the hijackers gain authorization to redirect ownership from the valid owner to the criminals, themselves.

Access to site info via the WHOIS database

Clever criminals query WHOIS to identify the name, address, and phone number of the owner of a website. Here are a few ways to steer clear of these folks:

  • Plug your domain name into WHOIS to see exactly what a potential criminal can access.
  • Before renewing any invoice for your domain name, check the WHOIS database to ensure that the company billing you is your registrar, and that your domain name is indeed up for renewal.
  • Never pay a bill for domain registry or renewal without first ensuring that the bill is legitimate. Many companies process incoming invoices automatically without cross-checking if the invoice is valid.

Typically, people reference WHOIS to determine if a web address is available and when it expires. By familiarizing yourself with WHOIS and how it’s used, you decrease the chances of falling victim to criminal activity.

2. Protect your privacy.

The WHOIS database and other such public-data repositories can also reveal personal information such as the home address of a business owner. Unfortunately, anyone, including domain hijackers, can access these details — unless you take extra precautions to protect your privacy such as using a private registration service.

Private Registration Service

Many domain name registrars offer domain privacy options that shields the real domain name owner from public view. The service allows site owners to use the registrar’s name, address, and phone number in the public registry instead of displaying personal info about the registered owner and administrator.

How does it work and how does that protect your domain name? The registrar creates a special code so that legitimate email correspondence can take place between the website owner/administrator and those who want to contact them. If a cyber criminal tries to use this address to contact the real administrator or owner, they will know immediately that the message is not coming from their authorized registrar because the email address will not be the recipient’s normal address.

For example, if criminals wanted to email a bill to John Smith — the site owner of DomainsByProxy.com — they wouldn’t have access to John’s real name and email address. Instead, correspondence would go to something like ProxiedDomain.com@DomainsByProxy.com.

3. Check the WHOIS database for errors.

Like any other database, the WHOIS database might have incorrect information. Periodically, visit the WHOIS database and make sure the information posted is accurate. If you have opted for your registrar’s private registration option, check with the company to see how private registrations will be listed.

If there is an error in the WHOIS database you can report it to the ICANN WHOIS Data Problem Reporting System. Also, send yourself an email using the registrar’s anonymized email address. If the email reaches you, all is good. If not, contact your registrar immediately.

4. Know when your domain name expires.

This might seem obvious, but not knowing when your domain name expires could cost you your domain name. Permanently. Check the seventh line of the WHOIS listing to know exactly when your domain name expires. Then, mark your calendar so you can renew in time.

If you do not renew your domain name before it expires, you might lose it forever. In fact, there are companies that automatically scan domain names and buy up expired names simply to sell them back to the original owner. If they get your address, they effectively can hold your domain name hostage, and charge whatever they want to sell it back to you.

5. Use a domain transfer lock.

A domain transfer or registry lock ensures no one can transfer your domain name to another registrar, either accidentally or deliberately. How does it work? At your request, a registrar can put a transfer lock in place so that any requests to transfer to another domain registrar get automatically rejected. Depending on your registrar’s options, this locks your domain name to that registrar and protects your name against domain hijackers. Normally, registrars allow you to transfer to another account if they also use the same company. But check with your registrar first for policy and procedure specifics.

6. Defend against cybersquatting.

Cybersquatting is the act of registering a domain name similar to an existing website or obtaining an unused domain name that might seem legit but is not. Cybersquatters try to trick customers into thinking they found a valid website or satirize a real website. For example, if your company’s domain name is DomainsByProxy.com, a cybersquatter might purchase DomainsByProxyy.com and hope a visitor misspells the URL. (Note the extra “y” in the second domain name.)

You might be able to fight a cybersquatter, and obtain the name, but not always. So play it safe by buying up all of your primary domain names for each country where you do business, and buying similar domain names, in addition to your primary domain name, with multiple top-level domains, such as .com, .net, .org, .co, .us and .biz.

Now put these tactics to good use and protect your domain name today.

Image by: Richard.Fisher via Compfight cc

Stephen Lawton
Stephen Lawton is an award-winning journalist who has covered the IT industry for more than 30 years. Based in the foothills of the Cascades outside Seattle, Stephen currently is a contributor to SC Magazine, Tom’s IT Pro and Tom’s Hardware and is the former chief editor of MicroTimes, SunWorld Online and Digital News & Review. Stephen also is the founder and CEO of AFAB Media Services, a marketing and content development consultancy that specializes in information security, data storage, cloud, mobile and big data. Connect with Stephen on LinkedIn.