Is Your Domain Name Safe From Theft?
By Enrico Schaefer
Your domain name is registered somewhere out in cyberspace through an authorized domain name registrar. Do you know which one? Do you know who is listed as the registrant/owner of your domain names?
A domain name registrar is the organization or company responsible for providing domain name registration services to the public. A domain name registrar is either authorized by ICANN (the Internet Corporation for Assigned Names and Numbers, an organization dedicated to Internet governance) to provide registration services or is authorized by its respective government to register domain names within a specific ccTLD (country code Top Level Domain name extension). A registrar must also be authorized by the registry of a Top Level Domain to act as an agent of the registry to process domain name registrations, where the agent is not a reseller. The registrar is also responsible for creating and maintaining a WHOIS database for its customers. The number of registrars has exploded in recent years, with some being more reputable than others. Examples of domain registrars include GoDaddy, Network Solutions, Register.com.
God Helps Those Who Protect Their Domain Names: You know the sayings - an ounce of prevention - God helps those - a stitch in time. Nowhere are these sayings truer than in cyberspace. The internet is still akin to the Wild West. Lawlessness and chaos still abound. You would be shocked by the number of calls and emails everyday from established well-run companies who have lost control or ownership of their domain names. The cause of domain name problems is, more often than not, a failure of the company to protect its domain name from its own employees, third parties, vandals and scam artists.
Here are some tips that will help keep your domain secure from third parties, hackers, cybersquatters, pornosquatters, add-site squatters and other domain name leaches.
1. Control your domain registration information: You must be listed as the domain registrant with correct contact information in order to control your domain. Many companies hire web developers or internet service providers (ISPs) to secure its domain names and develop its websites. I can not state this more strongly. Never let third parties register your domain name without oversight and instruction. You must control information at the registrar level in order to control your domain name.
2. Control your domain account number, login name and password: The domain account password with the registrar is set by the domain owner at the time the account is created with the registrar. Keep your domain account number, login name and password secret at all times. If you forget your password, every registrar has a system to send your password to the listed email account. In fact, all changes to your domain registration account occur through the registrant email address. Hackers sometimes use their tools on registrar login screens to hack into your account and change your registrant information. Make sure your password contains both letters and numbers and both upper and lowercase characters. The registrar will not treat you as the domain name owner/registrant unless you are the email address who controls your username and password.
3. Control your employees: What happens when the IT person you hired leaves for another company? If that IT person’s email was provided at registration and you don’t control that email address, you may be in serious trouble. The same is true of business partners. When company founders have a falling out, domain disputes often occur. Also, be careful about using free email services such as email at msn.com or email at hotmail.com, which you do not use regularly. Many of these services will discontinue your account if you do not log in on a regular basis.
4. Lock your domain name: Every authorized domain registrar is required to allow you to “Lock” your domain name. Domain locking is critical because registrars who receive a transfer request from any third party will send you an email. If your domain is not locked, the failure to respond to the registrars email request for change is an automatic “approval” of the transfer. Locking your domain prevents this from occurring. You will know if your domain name is locked if you see the words “Registrar-locked” when you view your domain name at the registrar or Whois database level.
5. Regularly check your domain registrant information: Check the Whois database on a regular basis to ensure you are listed as the registrant with all the appropriate contact and email information. Whois information is listed through your registrar or through www.internic.net/whois.html
6. Beware of spam emails, which pretend to be your registrar: You will receive spam from companies pretending to be your registrar, or mail asking you to sign papers again purporting to be your registrar. You must be extremely careful when responding to any request for information or authority about your domain by mail or email. Ninety percent of what will likely come into your inbox is essentially fraud. If you are not absolutely certain that the email is from your registrar, you should not respond. Many people sign or respond to emails, which provide authority to give your domain name up to someone else.
7. Don’t forget to renew your domain registration: Some companies simply fail to renew their domain name registration when it expires. If the email for the contact person is bad, the company never gets notice that its domain name is expiring. Many cybersquatters, or worse yet pornosquatters, have already paid money for rights to the domain name if it expires. They want your domain because it already has built-in traffic that they can turn into money by replacing your web site with an advertisement or link site, or a pornography site.
8. Establish your domain name as a trademark: Most of the domain name laws are designed to ensure that the proper company has the right to its domain name. These domain laws are tied directly to your trademark rights in the words used for your domain name. Registering your company or domain name with the appropriate trademark office gives you tremendous leverage in protecting your domain name in cyberspace.
9. Call an attorney: If you do lose your domain name, contact an attorney who specializes in this area. There are laws and remedies available which might help you get your domain name back. Domain names are valuable property and should be protected no different than a company’s customer list or its trade secrets. Many companies rely on their domain names and web traffic for substantial revenue. While domain name law firms can help your company get its domain names back once lost, it is rarely without serious business interruption and the investment of significant resources. The best course is to protect your domain name on the front end. An ounce of prevention is truly worth a pound of cure.
Enrico Schaefer is the founding attorney of Traverse Legal, PLC, a law firm specializing in web law. You can find out more about protecting your domain name, UDRP arbitrations and anti-cybersquatting laws at Traverse Legal’s domain name theft and trademark blogs found at tcattorney.typepad.com/domainnamedispute.