Networking

Lock it up: Consultants must manage clients' domains

Erik Eckel reviews how IT consultancies can recommend and justify maintaining domain registration for clients.

It's a call you don't want to receive from a client: "Our website is down and, oh, email isn't working either." A quick bit of research reveals Internet traffic is being routed improperly; something has happened to the DNS records. Strange. So you log in to the domain registration account and check it out. Oh wait, the client's domain isn't registered to your consultancy's accounts.

No big deal, right? Just call the client and obtain the domain account username and password. Except the individual who originally set up the website no longer works there, and no one knows that information. Two hours later, after a long call to the registrar's customer support staff, the account is reset, and you're finally able to log in. Only you discover the domain has expired and, subsequently, has been registered by a South American agent.

Learn from experience

I used to advocate that a consultancy should assist clients in tracking their own domains, but no more. Experience shows that clients left to manage their own domains don't --they forget. The person responsible leaves the company. Another person misplaces the information. Still another person disregards expiration notifications.

Chaos results

You can fight to win a domain name back, but email and web traffic are still going to suffer downtime in the interim, though. And then particularly troublesome clients will ask why you weren't managing their domain in the first place (even if they never brought it up or resisted your office's initial attempts to secure the domain).

Or, the client's Web developer, in making changes to the website or moving website hosts, may inadvertently change name servers or even delete MX records. The first thing your consultancy will hear is irate users who are unable to receive email and maybe blame your office for failing to "maintaining the email server."

Seize the opportunity; seize the domain

Consultants should review domain administration responsibilities when performing initial due diligence with a new client. The consultancy should explain its recommendation that the consultancy maintain control of the domain and provide examples of errors (expired domains, lost domain names, inadvertent DNS record changes, failed email routing, etc.) that commonly occur when clients manage domain registrations themselves.

While it's not a requirement that a client permit the consultancy to seize the domain and transfer domain administration responsibilities to the consultancy's control, consultancies should request that clients sign documentation acknowledging the consultancy is unable to secure domain renewal, protect against unintended DNS record changes, and implement MX record changes as required if the change is not made. With such documentation in place, if the previously mentioned telephone conversation were to occur, at least the consultancy can show it attempted to prevent the breakdown but the client declined.

About

Erik Eckel owns and operates two technology companies. As a managing partner with Louisville Geek, he works daily as an IT consultant to assist small businesses in overcoming technology challenges and maximizing IT investments. He is also president o...

13 comments
tbmay
tbmay

While I hate you made a similar mistake, I am glad to know I'm not the only one. Because of the ubiquitous nature of I.T., it's even more difficult to run a business with cheapskates as your primary customer. And we won't even talk about software pirates and deadbeats you have to make a point to avoid.

tbmay
tbmay

If you have a group of small business customers you can sustain a business on, treat them like kings. They clearly understand the value of I.T. to their business, and they understand the need to pay someone for it. I made a very common mistake. I provided grade A service for dirt cheap prices in an effort to get business. It didn't work. I configured servers, remotely provided help desk, etc etc...hours on end...at no charge because they couldn't, or wouldn't, understand setting up a vpn has nothing to do with the virus on their pc. I rebooted under a managed service offering, and the old customers are mostly not interested. I've been asked to help with free "transitions" and such, but they are basically on the hunt for the next cheap guy. I say all that to ask Erik, since he's been at this a while, why the heck would you make a point to keep up with this for customers with no SLA? It would seem to me to only confuse them, and support an expectation that you're looking out for them for free. Believe me I understand wanting to be helpful. You can be helpful right up till bankruptcy though.

patg
patg

We had been working with a consultant on a new web based business and allowed him control of our domain registrations. Unfortunately he was also changing router logins and passwords and would not record them or tell us what he had entered. For those and other reasons we cut all ties with him. He would not give us back control of our domain registrations and actually highjacked them. My take away is that no client should ever give complete control of their domain registration to a consultant. Technical access yes, but not administrative access. I do understand that many clients don't understand and that is much easier for you as a knowledable party to keep them out of trouble however it makes it way too easy for an unscrupulous consultant to take advantage. Just my 2 cents.

JohnMcGrew
JohnMcGrew

That the party responsible for domain registrations use a generic e-mail address like "webcontact@xyzcompany.com" as opposed to a personal address. This is so that when that person changes jobs or leaves the company, everything has to be changed. I don't know how many web sites are registered to people who haven't worked there for 10 years or more...

lfschauer
lfschauer

so are you just listed as the tech support contact and then set up the login/passwords?

JohnMcGrew
JohnMcGrew

By default, I manage the domains for most of my clients who are SMBs. But for those I do not directly manage, I do keep tabs on what is due and when because I'll be the first one who gets called when something stops working. I just build it into my management fees. Most of my clients are pleased to know I am watching their backs.

tbmay
tbmay

People kill me. That's just one thing I've gotten ranted to about by people who had no support agreement with me, but still expected me to make sure they had no hickups. Put a file server in a business 2 years prior, they let their domain expire, and somehow the first thing means the second thing was my fault. I'm not sure people are really that clueless, or they just need to rant and rave. Do other professions deal with these types of customers, or are we just the lucky ones?

Sterling chip Camden
Sterling chip Camden

I can see how you could market it as a billable service, but on the other hand it probably costs you more trouble if they don't do it.

JohnMcGrew
JohnMcGrew

Don't feel too bad. It took me years to learn that lesson too. Business you have to "buy" by doing for free or near-free isn't worth it. Once you ratchet your rates up to at least sustainable, most of these clients will be looking for the next "cheap guy". Clients must respect you by paying for your fair worth. Anything less is just allowing yourself to be exploited. This was the folly of the "dot com" era, where so many companies, flush with VC money were literally giving away their product in hopes of building what they thought was the holy grail of future profitability and guaranteed success; a customer base. But what is customer base made up of people who only want or expect a product for below-cost or free really worth?

JohnMcGrew
JohnMcGrew

Of course, how many stories have we read here about employees doing the exact same thing? There's little practical difference between being screwed by an employee or being screwed by a consultant. The big problem for many individuals and SMBs is that they don't have the knowledge or experience to fully understand this. They are completely dependent upon the consultant to take care of these issues. If that were not the case, they probably wouldn't need the consultant in the first place. You need to be able to trust your IT consultant like you'd trust your lawyer, banker, spouse, etc. Probably more so. He/she literally has your business at their fingertips. As a consultant, your reputation is your most valuable asset. I get most of my business by referral. I can't remember anyone ever asking about my certifications. It's reliability, efficiency and integrity they are interested in. Conversely, those seeking to hire consultants should be more careful in who they hire, for the above stated reasons.

Erik Eckel
Erik Eckel

Years of consulting have taught me I get blamed whether it's my fault or not. The ISP failed? That's my fault. The hard disk failed after seven years of service in 100-degree server room I repeatedly warned the client must be cooled? That's my fault. A client employee removed an external hard disk power cord and the backup subsequently failed? That's my fault. That's why we try to anticipate all failures that could be blamed on us and at least make sure we provide the client with a written warning regarding that dependency or suggest an action that can be taken to prevent a foreseeable failure.

Erik Eckel
Erik Eckel

Chip, We try to track the expirations for free. I build the tracking into every initial meeting we ever have with a client. Ultimately, it helps prevent unwanted fire drills that are stressful for everyone (both my office and the client). Hopefully clients agree to have my office manage their DNS and their Web site hosting, in which case we do charge for those services.

info
info

Even if it's something that you brought up with the client, and they declined the service due to time or expense, it's STILL your fault! ;)