What should I be watching out for when I register a domain name through a 3rd party such as a web design company or web hosting service?
If you've paid to register a domain name as part of a wider package of services, it's essential to make sure that YOU are in fact the owner of that domain name. A few cases have been reported of web hosting firms, for instance, registering domain names in their own name rather than in their clients' name, to essentially "trap" their client so that they are unable to change hosting service. One way to avoid this is to register your domain name independently of securing other web services, and to make sure you register it through a recognized Registrar.

What is the downside to having my hosting company or domain name registrar as the technical contact for my domain name?
Usually, there's no problem with having the aforementioned entities act as the technical contact for your domain. However, a nasty situation can arise if the Registrar you are using supports email authentication of domain name record changes, and also supports Tech contact denials.

To clarify: in some relatively rare cases, a Registrar may require email confirmation of a requested modification to a domain name record, such as a change of ownership or a change of DNS servers. In this rare case, the email confirmation that must be replied to affirmatively is sent to BOTH the primary contact for the domain (the Owner) and the technical contact for the domain. The problem arises if the technical contact "denies" the transaction by responding negatively to the email before you as the Owner have a chance to respond affirmatively. (For instance if a web hosting company is trying to prevent you leaving their service)

Now, it must be emphasized that the above case is RARE - but it does happen. To protect yourself from such problems, always make sure that YOU (or an entity you trust 100%) is listed as the Technical contact for the domain name - there is no valid reason why your web hosting provider or Registrar MUST be your technical contact, even though they may prefer to have things set up that way.

How do I protect my domain name record from unauthorized changes?
Make sure that you take advantage of ALL the security features your chosen registrar offers. If they have an email confirmation option, turn it on. If they have a password-protected control panel, make your password something unguessable even by a software program attack (in other words, don't use a dictionary word or a dictionary word plus a number).

I've heard that some registrars facilitate domain hijacking - what's the story?
No registrar actively colludes to encourage domain name hijacking (the practice of stealing a domain name by transferring its registration to a 3rd party). However, the way some registrars are set up makes it relatively easier to hijack a domain name through their interface.

For instance, some smaller registrars operate a negative confirmation scheme for transfers - in other words, a domain transfer will go ahead UNLESS it is opposed within a specified number of days. The only warning you'll get is an email from that registrar (that you've likely never heard of) asking you to take action if you DON'T want your domain name transferred. If you don't react to the email, or you just delete it, the transfer will go ahead.

Again, like all the other "dangers" discussed on this page, this kind of incident is rare - you should not be overly paranoid - but it always pays to be vigilant when it comes to your domain name registrations.

Why is it dangerous to use a free email address when registering a domain name?
There are several potential problems associated with using a free email address at the time you register your domain name. Firstly, the service may close down without warning (indeed, hundreds of free email services have closed in the last year due to the weak internet advertising market) - this will leave you stranded when it comes to making changes to the domain name or transferring it to another Registrar, since you will no longer be able to receive - and respond to - email confirmations. You'll also liable to not receive reminder emails telling you that your domain name is about to expire.

Secondly, as public services used by thousands or millions of people, free email services are generally more susceptible to being hacked. If a hacker were able to get into your email account, he/she could make changes to your domain name record without your knowledge or permission.

Finally, some free email services delete inactive accounts after a certain number of days or weeks. If you go on an extended vacation away from your email, or for some other reason forget to log in for a few months, you may find that your email address has been deleted and re-allocated to somebody else, giving them FULL control over your domain name!

How can monitor my domain names for unauthorized changes?
SnapNames offers a service where it will monitor up to 10 domain names every day and will email you if it detects changes to any of the domain name records it is monitoring. You can pay to extend this monitoring service beyond the initial free allocation of 10 names.

What can I do if I suspect somebody has altered my domain name record without my permission, or has hijacked my domain name?
First, make sure you get ALL the facts. Domain name hijackings are rare - most changes actually come about through other factors, such as neglect or human error.

Check that you are looking at the Whois record for the correct domain name (if you mistyped the name you're looking at somebody else's record!) and that the Whois record is up to date. (A good tool for checking Whois records is BetterWhois.com search).

Check also that your domain name is still within your initial contract period (you can confirm this by looking at your original registration confirmation - you did keep it, didn't you? - and checking the date at which the domain name was due to expire.) If your domain name has expired, then there has been NO SECURITY BREACH - it's normal that somebody else was able to register it, since you essentially relinquished control over the domain name by not paying the renewal fee.

Finally, if you have checked every way you can and still suspect a case of hijacking, report this issue immediately to your Registrar, stating all the facts you have been able to gather, the checks you have carried out to make sure that the problem is "real" and ask them to expedite the problem.

Where can I find more information about protecting my domain name?
If you haven't already read it, we strongly recommend you take a few minutes to read the Protecting a Domain Name guide right here on this site.

Back to the Domain Name FAQ