Keeping your domain name secure — keeping it under your control, in other words — is an often overlooked aspect of business IT security. A hijacked domain, or a Website that is effectively shut down by having its domain name resolution turned off, can prove devastating to the bottom line of some businesses, and may even directly harm the credibility of your name or the name of the business. Take a few important pieces of advice for selecting a domain registrar for any Website you care about:
- Make sure you register your domain with a reputable domain registrar. Remember that popularity is not the same as reputability. For instance, while GoDaddy is easily one of the world's most popular domain registrars, largely because of price, it has also had its problems with customer relations. Make sure the registrar is inclined to check with the customer (you) whenever there's a potential problem before just taking action that could ultimately prove very costly and damaging to you, and that resolving the problem doesn't have to involve paying expensive ransoms to regain control of your domains. Some top domain registrars, well regarded by businesses that simply don't know any better than to take the word of magazine ads, have even been known to buy up domain names when people search for them so they can "force" potential registrants to register with them. It can be surprising when strong-arm tactics like this are employed by names we might have thought were too big to pull such shenanigans, but it wasn't that long ago that Network Solutions was caught domain squatting. Let the buyer beware.
- Never take the "free domain name" offer of a Webhost. I learned the hard way, years ago, that one should never use the same provider for both domain registration and domain hosting. A Webhost can make it slightly difficult to change domain registrars for a hosted domain sometimes, but even worse, a domain registrar can make it very difficult to change Webhosts. If the Webhost and domain registrar are the same entity, that entity now has a vested interest in preventing you from changing either one of those — and the influence it has over both registration and hosting can be used to try to lock you in, even when you find you have reason to change hosts or registrars.
- Check on privacy policies of registrars, both in terms of what they claim to provide for privacy protection and in terms of their actual demonstrated performance in that area. With what kinds of law enforcement requests do they comply? What about requests from private organizations such as corporations and corporate advocacy groups like the RIAA and BSA? In short, how do they deal with DMCA takedown notices, subpoenas, and so on? Considering there are times that such requests are improperly applied or inaccurately directed, they can often be fought in court without interruption of service, and it may otherwise simply be both ethically and legally inappropriate to comply with them, knowing how your registrar deals with such circumstances is important. Unfortunately, that kind of information is usually pretty hard to come by, so you'll have to make guesses and fill in the blanks a lot, but do your best to get both the registrar's official position on such matters and the general consensus among customers about how they deal with these situations.
- Do not use domain registrars' privacy services where your name doesn't appear on domain registrant information. The information about the registrant in domain registration records — which is what shows up when someone runs a `whois` query — is basically the primary record of who "owns" the domain name. The way you are provided with "privacy" by these services is by replacing your name with the registrar's name in the registrant information, which can make it pretty difficult to prove you're the domain's "owner" if there's ever a conflict. In short, this is a great way to lose control of your domain name with no recourse, and it is mostly only unscrupulous domain registrars that offer such services.
- Always read the fine print. The service agreement with your domain registrar is, among other things, a list of excuses for a registrar to both disclaim liability and screw over a customer at the first opportunity, sometimes by as simple a mechanism as imposing such onerous requirements for transferring to a new registrar that it is effectively impossible to switch providers if you decide customer service at the current registrar isn't good enough. While many registrars don't work that way, and with luck you'll never run afoul of one that does, it still pays to read the fine print in your service agreement before paying any money. The worst time to find out there's a clause that allows a registrar to claim ownership of your domain name at any time for any reason is after it has already happened. Another area where the fine print in the service agreement is important is in ensuring the registrar will do its best to keep your domain name from being hijacked by third parties. Make sure that your domain registrar both offers some reasonable protection against people who might be waiting for a chance to "steal" your domain name and doesn't make it difficult for you, yourself, to make changes to the domain when needed.
Take care with your domain registrar selection. The wrong choice can pose problems for your Website security that can be very difficult, if not impossible, to fix.
Chad Perrin is an IT consultant, developer, and freelance professional writer. He holds both Microsoft and CompTIA certifications and is a graduate of two IT industry trade schools.