In order to understand how to protect your domain name, you first have to focus on what constitutes domain name ownership: the ownership of a domain name is determined by the information recorded in the central Whois database under the Registrant information section of a particular domain name record.

While there have been well-documented incidents in the past of unscrupulous people making use of bugs in the Registrar system - or flat out hacking the Whois database to attempt to wrest control of a domain name - there are a number of steps you can take to minimize the potential risk of losing your domain name.

A) Be sure to use a complex password if your registrar supports password protection

Many registrars these days offer various kinds of password protected interfaces for users to manipulate their domain name registrations (e.g. to change ownership or name server information). Obviously, this exposes you to the possibility that a determined hacker might guess your password and hence take control of your domain names.

To protect yourself, make sure that the password you have selected to protect your registrar user id is a complex one. Good complex passwords have the following characteristics:-

• Minimum of 8 characters

• Mixture of UPPER and lowercase letters

• At least one digit, somewhere WITHIN the password (i.e. not at the beginning or end of the password)

• No recognizable words i.e. "guusd32DF" is a good complex password. "fish4brains" is much less safe

B) Ensure you keep full control over your domain name

The registrant and the Admin contact generally can make changes to the ownership information for a domain name. Under certain circumstances, the Technical contact may also be able to act to make changes to this information (if the Admin contact does not respond to email questioning a requested change, for example)

Always make sure using a Whois tool that your name and details appear as the Registrant, Admin and Technical contacts. If your domain name registrar or ISP appear in one of these positions, contact them and request them to change your domain name registration so that you are in exclusive control.

C) Make full use of any additional safeguards offered by your favorite registrar

Each registrar offers a slightly different array of services, so it's not possible to talk about specifics here. Make sure that you read up on all the safeguards your registrar has put in place to guard your domain name registration.

For example, some registrars may allow you to "lock" a domain name registration so that change requests sent in by email (a traditional way of requesting changes to a domain name record) are automatically refused. In such a case, the only way to make changes to a domain name record is to log into the registrar's admin interface and unlock the name, then make the requisite changes manually.

D) Make sure you read all email messages relating to any domains you own VERY carefully

While this practice may shock you, it's a fact that some registrars automatically authorize actions such as a domain name transfer (in which ownership of a domain name passes to a different person) unless the email message they send to confirm the transaction is acted upon within a specified number of hours or days.

In other words, a determined domain name hijacker (a person out to steal control over one of your domain names) could use this kind of "loose" registrar to instigate the transfer of YOUR domain name. If you did nothing (e.g. didn't respond to the email the registrar sent you, or deleted it unread) the transaction would automatically go through and you would LOSE YOUR NAME.

Without setting out to make you feel too paranoid, this is also why it's generally not considered a good idea to make public any extended period of time (such as a holiday) in which you will be away from your computer. It may be very tempting to post on your favorite discussion group "Well, I'm not going to be logging in for the next 3 weeks since I'll be surfing in Hawaii - have fun, guys!" but you've just fed a potential domain name hijacker all the information he needs to take control over your domain names while you're unable to respond to emails denying transfers or other modifications to your domain name record.

E) Always REPORT any suspicious activity on your domain name record immediately to your Registrar

If you receive a suspicious email relating to changes on your domain name, or you notice via Whois that something has changed on your domain's record (such as a registered email address) then alert your Registrar (the company through which you purchased the domain name) immediately!

Explain to them what has happened, and forward to them any documentation (such as an email, or information on what has changed in your Whois record) that can help them to track down and nip any problems in the bud.

F) Always keep an off-line (paper) copy of your Whois records

Each time you register a domain name, it's a good idea to print out a copy of the Whois record for that domain name, as well as any receipt or other information provided by your Registrar. If you file these printouts in date order in a large ringed binder, you'll not only have documentary evidence proving that you own(ed) a domain name, but you'll also be able to quickly see when domain names you own are coming up for renewal.

G) Be sure to use a "secure" email address when registering a domain name

Since most domain name operations, such as change of ownership, can be carried out via a series of email commands and emailed confirmations of these commands, it's vital that the email address you entered when you registered your domain name be a secure one.

An example of a dangerous email address would be a free email account, such as Hotmail. Hotmail suspends user accounts after 30 days of inactivity, so conceivably somebody else could end up having the email address you used to own. Also, free email services have the nasty habit of shutting down without notice when their funding runs out, leaving you unable to block changes requested on your domain name (see D) above for more information on this)

If you're going to use your "work" email address when registering a domain name, you need to consider whether you'll be working at the same company (and have the same address) by the time the domain name comes up for renewal. If you leave your job and lose access to your email address, you've just lost control of your domain name!

In summary: In general, whoever controls the email address associated with a domain name Registrant controls that domain name. Make sure that you control that email address, and keep controlling it.

H) Make use of SnapNames' free "SnapShot" domain name monitoring service

While prevention is the best cure, finding out quickly about any potential hijacking attempt on your domain names comes a close second.

SnapNames offers a free SnapShot service that will monitor up to 10 domain names for you, and report back to you each week on changes to their registration details (if any). By setting up SnapShots on your most important names, you'll never be more than a few days away from being alerted to any attempt to hijack or otherwise change your domain name information - enabling you to bring your Registrar into the picture that much quicker. If you want to monitor the status of more than 10 names, SnapNames allows you to purchase additional "SnapShot subscriptions" that can be used to monitor the names you specify.

I) Stay on top of your domain name renewals

Most of the time, domain name registrants lose control of their names through neglect or carelessness, rather than through malice on the part of a third party.

It is imperative that you renew your domain names within the timeframe specified by your registrar to avoid losing them.

Remember: a domain name is only "yours" for as long as you keep paying to own it. If you stop paying for it and it expires, it will be deleted and made available to anyone to register - first come, first served! In most cases, once you lose control over your domain name in this way, the only way to get it back is to go cap-in-hand to its new owner and BUY IT BACK - often at significant cost.

To avoid this risk, keep track of the renewal date for your domain names, for instance by writing each domain name's expiry date in on your calendar. Be sure to renew your domain names several days - or preferably weeks - before they expire, since payments sent at the last minute may be delayed and arrive after your domain name has already been released, and grabbed by somebody else. 

Now that you know how to keep your domain name safe, we'll look at some of the administrative tasks connected to domain name ownership...

>NEXT>