|
Is Your Domain Name Really Safe?
Most of us are worried about how secure a site is when we make an online purchase, but website owners have a lot more to worry about than that. A lot more, starting with their Domain Name.
Earlier this year I did a search for TMSpromotions.com on Network Solutions. It came up available. I should have purchased it immediately, but didn't. A week or two later, after I'd consulted with my customer, I went to purchase it, and the Whois Search gave me some completely surprising information. The website had been owned since 2005. I thought, "I must have typed it in wrong. I can't believe I did that." So, there were two possibilities. Either Network Solutions gave me the wrong information, or I really did type it in wrong. I hadn't thought about it until recently.
Someone is Tasting my Domain Name and it's Yummy...
A few months ago I did a search on the name VoldisTimeCentre.com. This is a domain name that my client had given up a few years ago. I was checking to be sure it was still available, and of course, it was. I thought, "Who else on earth is going to buy a website with this exact name? Yes, there are guys named Voldi on the planet, but how many are fixing time pieces? How many would want the specific Canadian / UK spelling of Centre to boot? Besides, it's his business name!" It had been up for grabs since December 2005 and nobody had wanted in all this time.
Obviously I felt secure in knowing it was available, so I waited until
I met with my client to discuss his needs. A few weeks went by when I
returned to Network Solutions to purchase the name and, to my great
surprise, it was gone. No way!
Here's what happened. Some guy living on an island in the West Indies
had got hold of it. Some registrars will allow guys like him to grab a
handful of domain names that have recently been searched in their
database. If they put up a bit of money with VeriSign they can
apparently buy as many domains as they want. They can hold them for (I
think) as much as 30 days and return them for FREE. When these people
see an interest in a domain they register it and they park some stupid
link site on it. Before the 30 days are up they drop it, get the
refund, then immediately register it again if they think they can still
get an exorbitantly high fee for it. Why or how they have access to
'searched' domain names is beyond me.
Domain Name Hijacking
Amazingly enough, some big time companies have had their domain names
hijacked, like Panix.com, a New York full service internet provider.
This happens when some rotten apple changes the Whois contact info so
they can then change the DNS information. This can also happen when
your current website administrator leaves your company.
Speculators sell the Domain Name back to the original owners for
greatly inflated prices as they point the domain to a money making web
site, or link farm, hoping to capitalize on the domain's traffic. This
is one of the reasons that so many expired domain names now point to
pornographic web sites. Sites like ABCnews.com and PCworld.com have
been victim to porn sites hijacking their domain.
A domain hijacker can 'steal' a domain by submitting a fraudulent
registrar transfer request. They do this by tricking an unsophisticated
domain owner or registrar into giving them control of the name. It is a
s simple as sending a company like Network Solutions a letter on bogus
company letterhead requesting a change of passwords and contact
information. Once they have that, they have the control needed to
change to DNS info. They usually assume ownership of the domain and
start redirecting it to their own web sites. It's also quite common for
hijackers to ransom off domain names and redirect traffic to explicit
web sites (both for profit and shock value).
(DNS stands for Domain Name System. The DNS is
the system by which all Internet service addresses are created,
maintained, and used.)
At this point, legal options can be expensive and time consuming. Since
the domain has been transferred away from the domain owner's original
registrar, this registrar is often powerless in assisting. Domain
hijackers are aware of this and commonly transfer domains to countries
far away from the original owner - making legal recourse cost
prohibitive.
I suppose I'm still naive, but I can't believe these practices are
actually possible, much less done regularly. So, I've been doing my
research and it led me to this page on JustDropped.com - http://www.justdropped.com/next.cgi?file=subscription.nrml
I can say that it is a good strategy to buy a URL that's been given up
by a company when it has already been around long enough to have a
decent amount of traffic but buying domain names to resell is an
industry unto itself. I've come up with a few rules you need to follow
in order to keep your domain name safe from scummy tasters, hijackers
and whoever else is lurking in cyberspace.
4 Things You Can Do to Secure Your Domain Name
1. When you find a Domain Name you like available, buy it.
Buy it the minute you find it. If you snooze, you lose. If the info
provided is, for whatever reason, inaccurate, it should show up during
the purchase process. If the search you just did is also available to
others immediately, there is no reason to delay.
2. Never leave inaccurate contact information with your registrar.
Did you know that your name can be cancelled if your domain information
is not accurate and you fail to respond to a registrar's inquiries
within fifteen days? (Section 3.7.7.2 of ICANN's Registrar
Accreditation Agreement). This section hasn't been enforced in the
past, but as of October 2003, ICANN is requiring all registrars to
contact their customers on a yearly basis to verify domain information.
If your info has changed the wise thing to do is take the time to
update it. Why lose your domain over something as silly as that?
3. Don't let your Domain Name expire.
If the domain name owner does not renew the name of their site in time
it can be snatched up by a domain speculator. This is often caused by
failure to receive renewal notices because of out of date contact
information.
Most registrars no longer send out
renewal notices by snail mail. Everything is done online, by email,
these days. If your email address is out of date, you won't receive
renewal notices. This problem is compounded by your registrar's
inability to warn you that your domain is about to be deleted from
their system.
Once deleted, domains, good names
to obscure names, are commonly snatched up within seconds by
speculators running automated programs.
4. Place a registrar lock on your domain.
This will lock your domain record at the registry level and prevent it
from being transferred, modified or deleted by a third party. This
feature is very helpful in protecting your name against unauthorized
transfers and hijacking.
If your registrar does not offer
this feature, consider transferring your domains to one who does. Since
a 'registrar lock' can also make it more difficult for you to transfer
away from a registrar, you should look for a registrar that gives you
the ability to automatically unlock your domain names at any time
without having to call or e-mail them.
Look for next months newsletter as we explore the "7 Things you Need to Do to Protect Yourself and Your Website".
Hopefully, by then, I'll be able to tell you that I've got my
customer's domain back. By the way - please don't go doing any searches
on Voldi's website address. The guy who hijacked our site may think
he's got increased interest and will keep it, rather than give it up!
|
