Tarun Gupta

How To Keep Your Domain Name Safe ?

Post By Tarun Gupta Post User Last Updated: Aug 28th, 2006 category Domain Name

In order to understand how to protect your domain name, you first have to focus on what constitutes domain name ownership: the ownership of a domain is determined by the information recorded in the central Whois database under the Registrant information section of a particular domain record.

While there have been well-documented incidents in the past of unscrupulous people making use of bugs in the Registrar system - or flat out hacking the Whois database to attempt to wrest control of a domain - there are a number of steps you can take to minimize the potential risk of losing your domain name.

Be sure to use a complex password if your registrar supports password protection

Many registrars these days offer various kinds of password protected interfaces for users to manipulate their domain (e.g. to change ownership or name server information). Obviously, this exposes you to the possibility that a determined hacker might guess your password and hence take control of your domain names.

To protect yourself, make sure that the password you have selected to protect your registrar user id is a complex one.

Good complex passwords have the following characteristics:

Minimum of 8 characters
Mixture of UPPER and lowercase letters
At least one digit, somewhere WITHIN the password (i.e. not at the beginning or end of the password)
No recognizable words i.e. "guusd32DF" is a good complex password. "fish4brains" is much less safe

Ensure you keep full control over your domain name

The registrant and the Admin contact generally can make changes to the ownership information for a domain name. Under certain circumstances, the Technical contact may also be able to act to make changes to this information (if the Admin contact does not respond to email questioning a requested change, for example)

Always make sure using a Whois tool that your name and details appear as the Registrant, Admin and Technical contacts. If your domain name registration or ISP appear in one of these positions, contact them and request them to change your domain name registration so that you are in exclusive control.

Make full use of any additional safeguards offered by your favorite registrar

Each registrar offers a slightly different array of services, so it's not possible to talk about specifics here. Make sure that you read up on all the safeguards your registrar has put in place to guard your domain name registration align="left"> For example, some registrars may allow you to "lock" a domain so that change requests sent in by email (a traditional way of requesting changes to a domain name record) are automatically refused. In such a case, the only way to make changes to a domain record is to log into the registrar's admin interface and unlock the name, and then make the requisite changes manually.

Make sure you read all email messages relating to any domains you own VERY carefully

While this practice may shock you, it's a fact that some registrars automatically authorize actions such as a domain name registration (in which ownership of a domain passes to a different person) unless the email message they send to confirm the transaction is acted upon within a specified number of hours or days.

In other words, a determined domain hijacker (a person out to steal control over one of your domain names) could use this kind of "loose" registrar to instigate the transfer of YOUR domain name. If you did nothing (e.g. didn't respond to the email the registrar sent you, or deleted it unread) the transaction would automatically go through and you would LOSE YOUR NAME.

Without setting out to make you feel too paranoid, this is also why it's generally not considered a good idea to make public any extended period of time (such as a holiday) in which you will be away from your computer. It may be very tempting to post on your favorite discussion group "Well, I'm not going to be logging in for the next 3 weeks since I'll be surfing in Hawaii - have fun, guys!" but you've just fed a potential domain hijacker all the information he needs to take control over your domain names while you're unable to respond to emails denying transfers or other modifications to your domain record.

Always REPORT any suspicious activity on your domain record immediately to your Registrar

If you receive a suspicious email relating to changes on your domain name, or you notice via Whois that something has changed on your domain's record (such as a registered email address) then alert your Registrar (the company through which you purchased the domain name) immediately!

Explain to them what has happened, and forward to them any documentation (such as an email, or information on what has changed in your Whois record) that can help them to track down and nip any problems in the bud.

Always keep an off-line (paper) copy of your Whois records

Each time you register a domain name, it's a good idea to print out a copy of the Whois record for that domain name, as well as any receipt or other information provided by your Registrar. If you file these printouts in date order in a large ringed binder, you'll not only have documentary evidence proving that you own(ed) a domain name, but you'll also be able to quickly see when domain name registration own are coming up for renewal.

Be sure to use a "secure" email address when registering a domain name

Since most domain operations, such as change of ownership, can be carried out via a series of email commands and emailed confirmations of these commands, it's vital that the email address you entered when you registered your domain be a secure one.

An example of a dangerous email address would be a free email account, such as Hotmail. Hotmail suspends user accounts after 30 days of inactivity, so conceivably somebody else could end up having the email address you used to own. Also, free email services have the nasty habit of shutting down without notice when their funding runs out, leaving you unable to block changes requested on your domain (see D) above for more information on this)

If you're going to use your "work" email address when registering a domain name, you need to consider whether you'll be working at the same company (and have the same address) by the time the domain comes up for renewal. If you leave your job and lose access to your email address, you've just lost control of your domain name!

Stay on top of your domain renewals

Most of the time, domain registrants lose control of their names through neglect or carelessness, rather than through malice on the part of a third party.

It is imperative that you renew your domain names within the timeframe specified by your registrar to avoid losing them.


A domain is only "yours" for as long as you keep paying to own it. If you stop paying for it and it expires, it will be deleted and made available to anyone to register - first come, first served! In most cases, once you lose control over your domain name in this way, the only way to get it back is to go cap-in-hand to its new owner and BUY IT BACK - often at significant cost.

To avoid this risk, keep track of the renewal date for your domain names, for instance by writing each domain name's expiry date in on your calendar. Be sure to renew your domain names several days - or preferably weeks - before they expire, since payments sent at the last minute may be delayed and arrive after your domain has already been released, and grabbed by somebody else.

Comments are closed.