Whether you are the king of domains and sitting on countless super valuable domains or someone just starting out who spent days scraping through dropping lists to buy a handful of domains you found that others may have overlooked, our portfolios are special to us. They are a part of who we are and the result of the hard work we have put into them. In many cases they represent years of hard work. Our domains are important and valuable in many ways and they deserve to be protected and safe. We work too hard to build up a domain portfolio to have it taken from us in one day. Even if you are not sitting on a one-letter .com domain, the pain is just as real if you lose your domain you use for your main email address or small business or some of the drops you were able to beat out the competition for.
We all want to think our domains are safe but I know it is in the back of everyone’s mind we wonder, have we done all we can to protect them? I want to share with you some of the best practices I have observed over the years in the hopes that it helps you to protect your domains in the future. I also really encourage you to share in the comments section anything I may have missed that you think would help others.
First let’s deal with some of the common mistakes I have seen that people don’t realize can hurt them until it is too late. You should only let people you have complete trust in have access to your domains. I am surprised by how many people let friends, employees, webmasters, etc register or manage their valuable domains or have access to their account login information. Do you let your Webmaster login to manage your website or DNS? I have seen too many issues where a person doesn’t have complete control over their domains and the other party takes the name or disappears for whatever reason taking the account access with them. Many times this is not malicious but the other party moves or leaves the industry and their old email doesn’t work and now you have no way to contact them to get the account data back.
It is also very important to note that the registrant contact on the Whois is very important. When putting the registrant contact information on your domain, a name like Domain Admin may seem great at the time but when push comes to shove and you want to prove ownership of the domain, try proving in court that your name is domain admin. This can be done if you put in a company name as well but, if you use a company name on the Whois use a real company name not something made up. Again when you need to prove ownership because you can’t access your account, or someone took your domain, it is much harder to get your domains back, (if at all) if you cannot prove you are/were the registrant by valid Whois records. Bottom line, always put Whois information that is tied to you and that you can prove if needed.
Now that you know the importance of having an account and domain Whois under your control, let’s consider the account itself. Many registrars offer 2 factor authentication for logging into the account. If your registrar does not, contact them and ask for it; if it does, I highly suggest enabling it immediately. This is extremely important as a security measure in today’s landscape. I also suggest you use an email address on your registrar account that is different than your public Whois email. It makes it that much harder to have someone trick you if you are using two different emails. If you know that your registrar should only be emailing you at the email that is not on the Whois, then you can be more suspicious of emails sent to the Whois address claiming to be about your account itself. Thieves typically mine the Whois database to try and send phishing emails. Knowing you wouldn’t get an email from your registrar at the Whois email address is a nice additional layer of security. There is also the ability to add privacy to your domain’s Whois. This has pros and cons that I will not weigh here, but it is an option.
I also strongly recommend using an email address from a provider that allows 2 factor authentication as your main email on your registrar account(s). This makes it even harder for someone to access your email to perform account resets that will allow them access to your registrar account(s). This is also a good tip for any email associated with things like your banking info.
Let’s say you get a suspicious email. How do you know it is not legitimate? There are some good rules to follow. First go to the website sending you the email directly vs. clicking any links contained in the email to be safe. If you are unsure of what to do once you login or have any questions about the email that was sent to you, then forward it as an attachment to the company that the email claims to be from and ask them if they sent it. Also feel free to call their support. Do whatever it takes to be safe by taking some extra steps.
Something else you can do is look at the full email header. This is normally hidden in most mail applications, but there is usually a way to view it ("Show original" option in Gmail). It will tell you the real sender and their IP address. Doing a quick search online will show you plenty of articles on how to identify a phishing email. When you discover an email you were sent was a phishing attempt, please help the company out by forwarding it to their abuse department so they can work on taking it down to prevent it from impacting others who are not as savvy as you.
OK so you know all this stuff and you got tricked anyway. I know it happens, we cannot always be on our guard and sometimes things will slip by. This is why the extra steps including 2 factor authentication are so important, but if someone manages to get to your domains and move them out, what should you do?
The first step is to contact your registrar, the one who you had your domains registered with. They will usually have steps in place to assist you with this. The next thing to do is to contact the authorities. A theft has occurred, so contact someone who has authority to deal with Internet crimes. In the United States, it is the FBI.
I would also think about what domains were stolen and how they were stolen, meaning if any of the domains stolen are ones you use for important emails, or if your email was compromised on your account, then you will need to think about what else is tied to those emails. If you have bank accounts tied to them, or other important accounts, the thief who now can access your emails is just a password reset away from draining those accounts.
Lastly, be vocal. Let others know about the domains and share it on forums or blogs or wherever you can. The more people who know about the domains being stolen, the better your chances are at finding some kind of resolution. The less options the thief has to sell the domain(s), the better. It is also important to protect others. For instance, if I do not know a domain I am buying is your stolen domain, I may pay a thief a lot of money for a domain, which may ultimately be returned to you as the rightful owner, and now I am out real money and the thief still has a profit. Sharing the information in as many places as possible helps protect others as well as yourself.
If all else fails and you cannot retrieve your domain through normal channels, there are many competent attorneys in the field who can provide you with good counsel. I would encourage you to contact one you can trust who is familiar with domain law. This is usually expensive and time consuming, so put as much time in updating your security upfront as you can.
We all want to think our domains are safe but I know it is in the back of everyone’s mind we wonder, have we done all we can to protect them? I want to share with you some of the best practices I have observed over the years in the hopes that it helps you to protect your domains in the future. I also really encourage you to share in the comments section anything I may have missed that you think would help others.
First let’s deal with some of the common mistakes I have seen that people don’t realize can hurt them until it is too late. You should only let people you have complete trust in have access to your domains. I am surprised by how many people let friends, employees, webmasters, etc register or manage their valuable domains or have access to their account login information. Do you let your Webmaster login to manage your website or DNS? I have seen too many issues where a person doesn’t have complete control over their domains and the other party takes the name or disappears for whatever reason taking the account access with them. Many times this is not malicious but the other party moves or leaves the industry and their old email doesn’t work and now you have no way to contact them to get the account data back.
It is also very important to note that the registrant contact on the Whois is very important. When putting the registrant contact information on your domain, a name like Domain Admin may seem great at the time but when push comes to shove and you want to prove ownership of the domain, try proving in court that your name is domain admin. This can be done if you put in a company name as well but, if you use a company name on the Whois use a real company name not something made up. Again when you need to prove ownership because you can’t access your account, or someone took your domain, it is much harder to get your domains back, (if at all) if you cannot prove you are/were the registrant by valid Whois records. Bottom line, always put Whois information that is tied to you and that you can prove if needed.
Now that you know the importance of having an account and domain Whois under your control, let’s consider the account itself. Many registrars offer 2 factor authentication for logging into the account. If your registrar does not, contact them and ask for it; if it does, I highly suggest enabling it immediately. This is extremely important as a security measure in today’s landscape. I also suggest you use an email address on your registrar account that is different than your public Whois email. It makes it that much harder to have someone trick you if you are using two different emails. If you know that your registrar should only be emailing you at the email that is not on the Whois, then you can be more suspicious of emails sent to the Whois address claiming to be about your account itself. Thieves typically mine the Whois database to try and send phishing emails. Knowing you wouldn’t get an email from your registrar at the Whois email address is a nice additional layer of security. There is also the ability to add privacy to your domain’s Whois. This has pros and cons that I will not weigh here, but it is an option.
I also strongly recommend using an email address from a provider that allows 2 factor authentication as your main email on your registrar account(s). This makes it even harder for someone to access your email to perform account resets that will allow them access to your registrar account(s). This is also a good tip for any email associated with things like your banking info.
Let’s say you get a suspicious email. How do you know it is not legitimate? There are some good rules to follow. First go to the website sending you the email directly vs. clicking any links contained in the email to be safe. If you are unsure of what to do once you login or have any questions about the email that was sent to you, then forward it as an attachment to the company that the email claims to be from and ask them if they sent it. Also feel free to call their support. Do whatever it takes to be safe by taking some extra steps.
Something else you can do is look at the full email header. This is normally hidden in most mail applications, but there is usually a way to view it ("Show original" option in Gmail). It will tell you the real sender and their IP address. Doing a quick search online will show you plenty of articles on how to identify a phishing email. When you discover an email you were sent was a phishing attempt, please help the company out by forwarding it to their abuse department so they can work on taking it down to prevent it from impacting others who are not as savvy as you.
OK so you know all this stuff and you got tricked anyway. I know it happens, we cannot always be on our guard and sometimes things will slip by. This is why the extra steps including 2 factor authentication are so important, but if someone manages to get to your domains and move them out, what should you do?
The first step is to contact your registrar, the one who you had your domains registered with. They will usually have steps in place to assist you with this. The next thing to do is to contact the authorities. A theft has occurred, so contact someone who has authority to deal with Internet crimes. In the United States, it is the FBI.
I would also think about what domains were stolen and how they were stolen, meaning if any of the domains stolen are ones you use for important emails, or if your email was compromised on your account, then you will need to think about what else is tied to those emails. If you have bank accounts tied to them, or other important accounts, the thief who now can access your emails is just a password reset away from draining those accounts.
Lastly, be vocal. Let others know about the domains and share it on forums or blogs or wherever you can. The more people who know about the domains being stolen, the better your chances are at finding some kind of resolution. The less options the thief has to sell the domain(s), the better. It is also important to protect others. For instance, if I do not know a domain I am buying is your stolen domain, I may pay a thief a lot of money for a domain, which may ultimately be returned to you as the rightful owner, and now I am out real money and the thief still has a profit. Sharing the information in as many places as possible helps protect others as well as yourself.
If all else fails and you cannot retrieve your domain through normal channels, there are many competent attorneys in the field who can provide you with good counsel. I would encourage you to contact one you can trust who is familiar with domain law. This is usually expensive and time consuming, so put as much time in updating your security upfront as you can.