Domain names can be a company’s most valuable asset, so losing ownership of a domain name for even 15 minutes can hurt a company dearly.
If the DNS is changed, you will likely know quickly because things like email, your website, and so on simply stop working as they did prior. Sometimes this can be related to your domain name expiring, due to an outdated credit card on file for auto-renew and domain renewal emails were missed for an example.
Sometimes you may lose ownership of a domain and not even know it until it’s too late, because thieves know that any changes to DNS will alert the owner. So they make a subtle change of registrant email or gain access from an old expired domain/email that controlled the account. If a thief gains access to your registrar account email, it can go undetected since any notification would be sent to the registrar account email.
What if your domain name was stolen? Think of all the things that your domain name is connected to. It’s normally a big deal. Since domain theft happens, as well as unwanted expiration, there are processes to prevent it and avert a potential disaster:
- Never use the same email address for your domain name registrar main account and the data displayed for WHOIS records. Use one email address on a different domain name for your account, a different email address and domain name for information in WHOIS records.
- Always use two-factor authentication. Not only for your domain name registrar account but also your email client. For example, you may want to use a Gmail account email for your WHOIS email data and then a domain name you control for your main registrar account. Access to each should require 2FA.
- Use WHOIS privacy at your domains registrar. This is a double layer. If a thief can’t even see an email address, there is little they can do besides start guessing or moving on to another target. If you did use the email address in the past, consider this security layer broken because there are services that store WHOIS history data.
- Password reset / User ID request. If you get a request from your domain name registrar and you didn't initiate it, ignore it and do not click anything in the email notification. One, it may be a spoofing attempt and secondly, somebody may be trying to access your account and this is a way to prevent it.
- Registry Lock. The ultimate defense. Registry Lock is done via your domain name registrar and the registry of your domain name. For example, Verisign is the registry for .com and .net domain names. There is an added cost to this security layer but well worth it for a vital asset. You get extended domain name renewal protection, plus any changes to even DNS require a process with more than one party involved. To note, registry lock is different than the standard registrar lock at a domain name registrar and not all domain registrars offer this upfront.
Domain name security is very important and many options are available to domain name owners, it’s just important that you use them!
Domains can be forgotten because you can renew a domain name for up to 10 years. A lot can change in 10 years, so it’s always good practice to log into your domain name registrar account monthly and just check your account, your email associated with it and the settings in regards to your domains. Verify that your credit card on file is valid and up to date.
Any key asset domain names like your main brand domain and any system-critical domain names should have registry lock on them. Registry lock is the highest protection from unwanted expiry, unwanted DNS changes, and unwanted account changes. Internal theft and external theft should be considered.