Skip to main content

Do You Have a Domain Name? Here’s What You Need to Know

Protecting domain name 1573x856 26mar18 en

Part IV – How to Protect Your Domain Name Against Domain Hijacking or Unauthorized Transfers

For many registrants, domain names (and the services connected to them, like websites and emails) are essential to their professional and personal lives. Whether used for online commerce, or simply to communicate with family and friends, domain names are valuable assets and should be managed with care.

Protect Yourself

Here are some best practices to help you prevent hijacking or unauthorized transfer of your domain name.

Register with an email address that is not connected to your domain name. When you register your domain name, you will be asked to provide contact information, including your email address. This information goes into the WHOIS record for your domain name, which might be viewed publicly. It is best to use an email address that is not associated with the domain name you are registering. For instance, if your domain name is example.com, a best practice is to use an address in WHOIS that is not user@example.com.

Here's why. if your domain name is hijacked by someone who has gained access to your account with the registrar, that person will likely alter the WHOIS information to remove you as the registered holder of the domain name. If you used an email address that is not associated with your domain name in WHOIS, you will be able to provide that email address as evidence to the registrar that you were the registered holder of the domain name before it was altered by unauthorized access to your account.

Create a strong, unique password. Protect your domain name from cybercriminals by creating a unique, strong password. Online services are compromised frequently, making user names and passwords available to criminals who may attempt to hijack your domain name using the information you provide for other accounts. Avoid this by creating a strong password that you use exclusively for your domain name account.

Do not share your password. You are responsible for the security of your domain name. You should never give anyone the login information to your online account. This includes web hosting providers or web designers as well as friends and colleagues. It is not recommended that you list website designers, hosting providers, or any other third parties as the registrant(s) of your domain name. If you choose to do so, seek legal advice as to contractual obligations that third parties should adhere to with regards to the administration of your domain.

Inquire about multistep authentication. Some registrars offer registrants the ability to implement a multistep authentication when accessing your account. This provides added protection by requiring a unique security code, in addition to your username and password, to access your online accounts. Refer to the terms of your registration agreement to see if multistep authentication is available.

Check the email account(s) associated with your domain frequently. Whatever email address or addresses you provide, you must be sure they are active accounts and that you check them regularly. You want to keep your contact information up to date to be sure you receive WHOIS Data Reminder Policy (WDRP) notifications, renewals, and other important notices from your registrar. This is particularly important for those who use a privacy or proxy service. If you use a privacy service, consider leaving your name as the registrant of record in the WHOIS. This can serve as another evidence to your registrar that you were the registered holder of the domain name.

Ask your registrar to put a transfer lock on your domain name. You can request that your registrar put a transfer lock on your domain name. Putting this lock on your domain name is not a fail-safe way to guard against unauthorized transfer or hijacking of your domain name, but it could be another layer of security. Each registrar has a different way of implementing the transfer lock. Some require two-factor authentication to remove the lock; some simply require authorization from the registrant. Check with your registrar about their policies regarding transfer lock and decide whether it is a service that's right for you.

Finally, be smart about your online behavior. Be cautious with the links you click in emails, with the attachments you open, and with the websites you visit. These are means that criminals can use to steal your username and password.

Also, read the following documents, published by ICANN's Security and Stability Advisory Committee:

My Domain Name Was Transferred Without My Authorization - What Do I Do?

Act immediately and contact your registrar. If you believe your domain name was transferred to a new registrar or registrant or if your account information was modified without your consent, immediately contact your registrar. Don't delay! The sooner you contact your registrar, the better. If you wait, your domain name may be transferred again and again, further complicating the process and making it harder to retrieve your domain.

Trust the process. Act quickly to inform your registrar, but don't panic! There are specific rules that govern the transfer of domains that are designed to protect you. A registrar may only initiate a transfer if it has obtained a completed Form of Authorization (FOA) from either the registrant or the administrative contact for the domain. Ask your registrar to request a copy of the form used for authorizing the transfer. The registrar that the domain name was transferred to must be able to produce a copy of this documentation when it is requested. Failure to do so is grounds for reversal of a transfer in the event that a complaint is filed under the Transfer Dispute Resolution Policy. If you've contacted your registrar and they are unable or unwilling to assist you, submit an Unauthorized Transfer Complaint with ICANN. We will review your situation to see if we can assist you in recovering your domain.

More Information

Read More: Do You Have a Domain Name? Here's What You Need to Know: Part IPart IIPart III

FAQs for Registrants: Transferring Your Domain Name

About Domain Name Transfer to a Different Registrar

Transfer Complaint infographic [PDF, 124 KB]

EPP Status Codes | What Do They Mean, and Why Should I Know?

ICANN's Transfer Policy (effective as of 1 December 2016)


The "Do You Have a Domain Name? Here's What You Need to Know" educational series is part of ICANN's broader efforts to help you better understand the ICANN policies that affect you, your role in the Domain Name System (DNS), and the role of the ICANN organization, registries, and registrars in the DNS ecosystem.

Comments

    Kiritu Ndekere  13:24 UTC on 01 April 2018

    AM A YOUNG and NEW OWNER OF A DOMAIN, an YOU GUYS just saved an otherwise SINKING SHIP!!

    Chamira Lakmal Nanayakkara  22:16 UTC on 01 April 2018

    thanks a lot

    Mohammed Shafiq Mohiuddin  23:17 UTC on 25 May 2018

    Dear Sirs/ Madam, Please register with my I.P. address, update and transfer My new purchased Domain name for my Blog titled LOVE-IBADAH IN ISLAM The Domain Name is already purchased but I am not able to access my Blog with the new Domain name already purchased under ARTURE MsM name I am getting this message as below when I try to access the site with my new Domain Name This site can’t be reached The server IP address could not be found. Search Google for love iii ERR_NAME_NOT_RESOLVED If you can suggest to resolve the Problem, I shall be highly obliged. Thank you, With Best Wishes!

    Mahmudur Rahman  04:11 UTC on 20 June 2018

    Very quality and helpful information. I have learned very important knowledge to manage my domain.

    Eulalio Almonte Rubiera  18:38 UTC on 15 August 2018

    It will always be pleasant to have tools that allow us to perform our work free of jumps. My congratulations.

Domain Name System
Internationalized Domain Name ,IDN,"IDNs are domain names that include characters used in the local representation of languages that are not written with the twenty-six letters of the basic Latin alphabet ""a-z"". An IDN can contain Latin letters with diacritical marks, as required by many European languages, or may consist of characters from non-Latin scripts such as Arabic or Chinese. Many languages also use other types of digits than the European ""0-9"". The basic Latin alphabet together with the European-Arabic digits are, for the purpose of domain names, termed ""ASCII characters"" (ASCII = American Standard Code for Information Interchange). These are also included in the broader range of ""Unicode characters"" that provides the basis for IDNs. The ""hostname rule"" requires that all domain names of the type under consideration here are stored in the DNS using only the ASCII characters listed above, with the one further addition of the hyphen ""-"". The Unicode form of an IDN therefore requires special encoding before it is entered into the DNS. The following terminology is used when distinguishing between these forms: A domain name consists of a series of ""labels"" (separated by ""dots""). The ASCII form of an IDN label is termed an ""A-label"". All operations defined in the DNS protocol use A-labels exclusively. The Unicode form, which a user expects to be displayed, is termed a ""U-label"". The difference may be illustrated with the Hindi word for ""test"" — परीका — appearing here as a U-label would (in the Devanagari script). A special form of ""ASCII compatible encoding"" (abbreviated ACE) is applied to this to produce the corresponding A-label: xn--11b5bs1di. A domain name that only includes ASCII letters, digits, and hyphens is termed an ""LDH label"". Although the definitions of A-labels and LDH-labels overlap, a name consisting exclusively of LDH labels, such as""icann.org"" is not an IDN."