Monday, July 22nd, 2002
It’s easy to lose control of your Web domain name. Consider the Web portal Excite.
In 1999, someone used an e-mail trick to change the administrative record for the domain name Excite.com, which was maintained by a domain name registrar, Network Solutions (now part of VeriSign). They changed the record to make Jim Reardon, who had no relation to Excite or role in the stunt, the administrative contact. Reardon then had the power to redirect all Web traffic intended for Excite with a few mouse clicks.
Fortunately for Excite, Reardon is an honorable person. He immediately contacted Excite and helped to get the domain back in Excite’s hands.
Excite had been easy prey. When the Excite team registered its domain name, it didn’t use the heightened security features then offered by Network Solutions to prevent theft. All the prankster had to do was forge the source of an e-mail to Network Solutions so it appeared to emanate from Excite.
How domain names are stolen
You can lose a domain name by failure to renew it, by a mistake by the company that leased to you your domain name (the “registrar” in Webspeak) or by outright theft.
Most domain name losses occur because of user carelessness. You don’t buy domain names, you only rent them for a few years. If you don’t pay to renew when the time comes, they eventually are returned to the pool and become available for someone else to register. Opportunists use computer-monitoring tools to grab and resell (or worse) good domain names the instant they become available.
Careless domain name renters miss the opportunity to renew their registrations because they don’t respond to e-mail or “snail mail” warnings of imminent expiration (it can look like spam or junk mail). Sometimes they move or change e-mail accounts but never change their contact information and, thus, don’t get renewal notices.
Less frequently, someone looking to direct traffic to a porn or gambling site hijacks the domain. The fraudster might do this by exploiting weak security at a domain name registrar or by faking credentials in an e-mail or fax used to switch control of the domain.
How to protect yourself
While no measures guarantee safety, using these safeguards will help prevent unintentional loss:
- For your account with your domain name registrar, choose a random password, mixing cases of letters and using some numbers; change this password periodically.
- Choose a reputable registrar with good security on its records. VeriSign requires use of a user name and password to make changes. Register.com requires the same plus authentication from the e-mail address listed in the administrative record.
- Keep the contact information in your account current, and use an e-mail address that won’t change in that information, so you will receive notices.
- Never let someone else become the “administrative contact” for your domain name – that person has the power to change everything.
- Most major registrars offer automatic renewal of domain names for as long as your credit card remains valid; use it.
- Put your renewal dates on the calendar and set pre-expiration ticklers.
- Register crucial names for a long time; you can register for up to 10 years with most registrars.
- Snapnames.com offers a paid service that will attempt to reregister your domain name (or someone else’s) should it come available,plus a free service that notifies you of any change in the administrative record of a domain name.
- Keep a copy of your domain name registration and each change you make to its administrative record.
Fortunately, the governing body for the domain system, the Internet Corporation for Assigned Names and Numbers, soon may require all domain name registrars to deactivate expired domain names but not return them to the available-for-registration pool for 30 days. Having the Web site go dark and e-mail not work should tip off the user that the registration needs attention.
What if you get burned?
What can you do if you lose a valuable domain name? Contact your domain name registrar when
trouble first appears. If your domain name gets fenced to an innocent purchaser, it may be gone forever.
Harass your registrar ceaselessly. Persistence has paid off for other victims.
Suing your domain name registrar probably won’t work. Various legal theories have been tried against domain name registrars, and none has succeeded. These registrars insulate themselves from liability in their contracts.
You may be able to sue the person who took your name and recover it. You might not find the thief, since most thieves use fake contact information. Yet, such use of fake information may give you grounds to use a special arbitration process to take back the domain name, if the name corresponds to a trademark you own.
Yet, in the physical world, a burglar usually will move on from a house with locked doors, and alarm system and a big dog. The same strategy applies online, and online prevention is cheaper than feeding the dog.
By John B. Farmer
© 2002 Leading-Edge Law Group, PLC. All rights reserved.