How To Protect Yourself Against Domain Name Hijackers - InformationWeek
10:42 AM

How To Protect Yourself Against Domain Name Hijackers

Companies overlook the threat of getting their domain names stolen from under them. Here's how to protect yourself.

Once you’ve locked your domain name, routinely check the Whois service to make certain it remains locked, and that your domain name information has not been modified without your knowledge and consent. Then you need to choose a registrar wisely. If you value your domain name, then services are a more important differentiator than price.

Look for registrars who are willing to provide you with more than the minimum registration and transfer services. If you run your operation 24 x 7, do you need a registrar that offers 24 x 7 technical support? Does the registrar issue a transfer pending notification as its standard practice? (Registrars are not obligated to do so.) Is the registrar willing to notify you of registration record changes and transfer requests using contact methods in addition to (and in parallel with) standard email notices? Will the registrar allow you to specify the contact methods that must be used (e.g., any or all contacts in the registration record, including, email, telephone, messaging and paging services, fax, etc.)? Will the registrar implement additional authentication and authorization measures to safeguard against removing your transfer lock or changing your domain name configuration?

Such measures are sometimes maligned as inhibiting name transfers, but some name holders are perfectly happy with the service and relationship they have with their registrars and want that relationship protected.

Some of these services are likely to be offered by registrars as part of a basic service. New security services may also appear as registrars, registries and ICANN review and implement the recommendations of the SSAC Domain Name Hijacking report. Encourage registrars to offer domain name protection services. If name holders demonstrate a willingness to pay for registration and DNS configuration protection, registrars will be more likely to offer them.

A Collaborative Effort Needed
The PANIX and Hushmail incidents attracted international attention and prompted a lengthy investigation by ICANN's SSAC. After investigating other reported incidents, the SSAC produced a report , concluding that “domain name hijacking incidents are commonly the result of flaws in registration and related processes, failure to comply with the transfer policy, and poor administration of domain names by registrars, resellers, and registrants.”

Simply stated, if everyone involved in the name registration process were to try a bit harder, domain name hijacking would be much less a threat. As SSAC chairman Steve Crocker explained in a July, 2005 press release announcing the committee’s official report, “no single party to the registration process is wholly at fault for all hijacking incidents, and there is room for improvement in policies and processes across the board. Name holders have a responsibility to protect their domain names as they would any valuable asset.

2 of 2
Comment  | 
Print  | 
More Insights
Newest First  |  Oldest First  |  Threaded View
How Enterprises Are Attacking the IT Security Enterprise
How Enterprises Are Attacking the IT Security Enterprise
To learn more about what organizations are doing to tackle attacks and threats we surveyed a group of 300 IT and infosec professionals to find out what their biggest IT security challenges are and what they're doing to defend against today's threats. Download the report to see what they're saying.
Register for InformationWeek Newsletters
White Papers
Current Issue
IT Success = Storage & Data Center Performance
Balancing legacy infrastructure with emerging technologies requires laying a solid foundation that delivers flexibility, scalability, and efficiency. Learn what the most pressing issues are, how to incorporate advances like software-defined storage, and strategies for streamlining the data center.
Twitter Feed
InformationWeek Radio
Archived InformationWeek Radio
Join us for a roundup of the top stories on for the week of November 6, 2016. We'll be talking with the editors and correspondents who brought you the top stories of the week to get the "story behind the story."
Sponsored Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.
Flash Poll