Internet Domain Name Slamming and Hijacking Alert

Your domain name is an extension of yourself, your business, and your organization.  Most of us don’t think about our domain names until there is a problem.  But domain name hijacking is a continuing problem on the web.  Your hijacked domain name can be expensive to recover and extremely damaging to your image and reputation.  In this guide we will go over some simple steps for keeping your domain name safe and what to do if you have lost control.

 

Quick Tips:

  • Make sure your domain name contact information is up to date.  Make sure your administrative contact email address is correct and kept current.
  • Don’t respond to phony “renewal notices” by email or regular mail.
  • Choose a reliable registrar.
  • Use the domain name “Locking” feature offered by many registrars.
  • Renew ahead of time.

 

 

Domain Name Slamming Scam

Recently some domain name registration companies have started sending phony “renew notices” to owners of domain names that are not registered through them.

 

Basically the scheme works like this:

  1. The whois database is raided and the domain contact information and renewal dates are compiled.
  2. A notice is sent out by mail or email to all contacts listed for the domain.
  3. You are instructed to visit a website which is made to appear as an approval site for all Internet domain name registration companies.  It is actually a site exclusively for transferring domain names to another registrar.
  4. You domain name is slammed unnecessarily to another registrar and you are stuck paying the higher renewal rates and premiums.

 

Many businesses and organizations don’t have a single person who handles the domain name.  The phony “bill” goes to different people, and no one remembers who their domain name is registered with so they pay the generic bill without knowing.

 

How to Prevent Your Domain Name from Becoming Slammed

  • Renew your domain name far in advance.  You can usually register your domain name 10 years in advance.
  • Use the domain name “Locking” feature.
  • Use a registrar that keeps the billing contact information out of the publicly available whois database.
  • Use a registrar that keeps separate contact information from the publicly available whois database.

 

Administrative Contact Email Address Outdated

Domain name hijackers are constantly scanning the whois database and checking email addresses of administrative contacts that are outdated.  They look for addresses that point to expired domains.  Then they register that domain, setup the email address to match the administrative contact, and authorize the transfer of the domain to the new registrar.

 

How to Protect Your Administrative Contact Email Address

  • Don’t use free email accounts that expire, like Hotmail for your administrative contact email address.
  • Make sure your domain name records are up to date by checking the whois database and contacting your registrar if there are any errors.
  • Make sure your email account has a secure password.

 

 

The “You Do It for Me” Problem

Domain name ownership can be very confusing for someone new and not familiar with the Internet.  Some might have someone else handle the setup and technical aspects of registering a domain name.  It might be an employee, partner, or web developer.  The domain name and the administrative contact information end up in their name instead of yours.  What happens when that person is no longer there, or refuses to help?  It may take a court order to get the domain back.

 

How to Prevent the “You Do It for Me” Problem

  • Make sure your domain name contact information is up to date by checking the whois database and contacting your registrar if it is outdated.
  • Avoid ISP’s who “bundle” your domain name registration into their hosting services.  You might find that they register your domain name in their name and might become difficult or unwilling to help you move to another provider.

 

 

Faxed Administrative Contact Change

This scam is a blatant hostile takeover of your domain name.  This is where someone sends a fraudulent fax to change the domain name registration information.  This type of scam is usually followed by a domain name transfer to another registrar, which complicates matters.

 

How to Prevent the Fax Administrative Contact Change

  • Know your registrar.  A domain name registration that saves you a dollar or two per year may not be worth it if a situation like this happens.

 

 

The “Registrar Takes It Away” Problem

Some registrars have clauses in their agreements that allow them to take domains away for various vague reasons.  Reasons like there was some kind of error, the domain name was previously stolen, or it wasn’t paid for in a timely manner.

 

How to Prevent the “Registrar Takes It Away” Problem

  • Know your registrar. A domain name registration that saves you a dollar or two per year may not be worth it if a situation like this happens.

 

What to Do If Your Domain Name Is Stolen

There are generally two courses of action if you cannot retain control of your registered domain name.  Both actions are complicated and generally require an attorney experienced in Internet domain names.

  • All registrars in the .biz, .com, .info, .name, .net, and .org top-level domains follow the Uniform Domain-Name Dispute-Resolution Policy (often referred to as the “UDRP”). Under the policy, most types of trademark-based domain name disputes must be resolved by agreement, court action, or arbitration before a registrar will cancel, suspend, or transfer a domain name. Disputes alleged to arise from abusive registrations of domain names (for example, cybersquatting) may be addressed by expedited administrative proceedings that the holder of trademark rights initiates by filing a complaint with an approved dispute-resolution service provider.
    More information can be found at the website for ICANN, an internationally organized, non-profit corporation that has responsibility for Internet space and domain names, at http://www.icann.org/udrp/udrp.htm
  • A court order is not often discussed by registrars, but in cases where the UDRP doesn’t apply a court order can be used to transfer a domain name.  Situations could include domain theft, ex-employees, or out of business hosting companies.