Domain anti-theft best-practices

DDD

4/13/23, 11:44 PM

a big company is trying to find the best way to protect its domain.

What is the best practice to solve the following concerns:

The account at the registrar website (GoDaddy/NameCheap/etc.), let's call it from now on the owning account will probably use company's email (e.g. [email protected]). But this creates a circular dependency, because let's say that the domain was not renewed for some reason, the company's email might also not work (e.g. no access to the mailbox when resetting the password).
The employee owning the owning account's email, might decide to harm the company by transferring the domain to his account, or releasing it.

A solution I thought of, but don't know it exists: Does any registrar website (GoDaddy/NameCheap/etc.) support multi-email approval for harmful actions (let's say 3 predefined emails of the company will have to approve such suspicious actions)?

0 + 0

domain

Paul

4/13/23, 11:53 PM

Welcome to Server Fault! Your question appears to be broad, its answer would be primarily opinion based, and you are looking for a product recommendation. The StackExchange Q&A sites are intended for providing specific answers to specific problems. Please read [How do I ask a good question?](http://serverfault.com/help/how-to-ask) and consider revising your question, deleting your question or asking more than one question. And don't forget to take the [site tour](http://serverfault.com/tour).

Nikita Kipriyanov

4/14/23, 10:00 AM

https://en.wikipedia.org/wiki/Registrar-Lock

Score:3

Server

Mark Henderson

4/13/23, 11:58 PM

Some generic advice:

You will always get a renewal email sent long, long before the domain expires (usually months). Stop this from being a problem by using auto-renewal. Auto-renewals usually go through a month or so before the domain is due to expire so you have plenty of time to fix any billing issues if the payment fails.

Pay for the domain for the longest possible period. 10 years if you can. This can cause issues because in 10 years someone has to be around to know how to manage the domain and make sure it's renewed properly, because your billing information will have changed in the previous 10 years (I've never seen a credit card with a 10 year expiration date).

Domains cannot be transferred between registrars without a mandatory waiting period, and you should receive multiple notifications about the transfer giving you plenty of time to stop the transfer.

As for an insider threat: There is honestly not that much you can do about this apart from what you do for your other services. If you have a rogue internal employee, they can make sure they are in control of the mailbox that receives the notifications, and they can approve the transfers and then delete the evidence. You can find out after the fact, of course, but by then it's too late.

There are specialist registrars (e.g. https://www.markmonitor.com/ - not an endorsement) that deal with these sorts of issues so they certainly do exist.

0 + 0

joeqwerty

4/14/23, 12:06 AM

**the employee owning the owning account's email, might decide to harm the company by transferring the domain to his account, or releasing it.** - I'd add that no single employee should be in charge of nor in control of the email address that is used. Make it a distribution group or shared mailbox comprised of the appropriate individuals, including people in a management role.

Paul

4/14/23, 1:29 PM

Privilege separation in roles I think is appropriate (accountants are already used to this). For example, the role with access to initiate a domain transfer isn't one of the domain email contacts. IIRC, ICANN requires the code be sent to one or more of these addresses, thus the person initiating the transfer cannot complete the transfer. Then, there is the authorized agent issue. I don't think an employee acting without authorization can just start liquidating assets, as it's basically the same as theft, so the contract is not enforceable and the rightful owner can appeal to courts and ICANN.

Elon Musk

I sit in a Tesla and translated this thread with Ai:

EN: Domain anti-theft best-practices

TH: แนวทางปฏิบัติที่ดีที่สุดในการป้องกันการโจรกรรมโดเมน

RO: Cele mai bune practici antifurt de domeniu

RU: Лучшие практики защиты от кражи доменов

VI: Các phương pháp hay nhất về chống trộm tên miền

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.