Posts Tagged ‘registrar’

Drastic changes to the domain security methodology

Posted by Acro in Business, Domains on April 23rd, 2010

Today’s domain security status is marked by several issues that affirm the system’s weaknesses – along with the observation that the underlying managing forces do not wish any such change to occur.

Very simple methods of domain security are being neglected or even avoided. Registrars should lock domains by default and make it harder to remove the lock. An experimental layer of domain locking at Registry level should be provisioned with less bureaucratic delay and more regard to the dozens of domains that are being hijacked daily. Very few make it to the news.

There are plenty of reasons why domain names should be treated like real estate titles and their ownership recorded, tracked and secured. It might sound revolutionary and extreme, however I believe that a Registrar should offer the option of a physical, bank-like vault that would give ultimate access to its owner in the event of an account change of ownership.

I exchanged a few emails with domainer and investor George Kirikos who has some interesting suggestions to make, and I quote:

It should be like a land registry, and we should *own* the domain completely (with no expiry), with perhaps an annual fee for the domain resolution aspect (i.e. if the domain name has nameservers, you pay a little each year; but, if you fail to pay that annual fee, you still own the name, it never expires, but it just fails to resolve).
Known for his energetic participation at ICANN discussions, George adds that there is too much at stake for Verisign and ICANN to proceed with such drastic changes. In addition, the Registrars themselves are at risk of losing ‘a piece of the pie’. A lot of expired domains end up being held hostage by the very keepers of domains, who monetize or resell them.

Despite the sheer numbers, it is clear that the end-users, owners, domainers and entrepreneurs involved in the domain industry are currently given a secondary role in ensuring the security of their own assets, property and livelihood.

It would probably take an extreme case that’d make it into the known political circles of Washington, in order for such a drastic change to occur. Until then, keep your domains locked and use only reputable registrars to keep them safe.

Follow me on twitter: http://twitter.com/acroplex

Post to Twitter

Tags: , , , , , , , , , ,
2 Comments

What? No lock on 32 LL.com domains?

Posted by Acro in Domains on April 21st, 2010

Nowadays it seems crazy not to lock your domains.

All registrars offer this feature as a default option; others offer extended locking mechanisms or even hardware locks via the use of a ‘fob device’.

Although a transfer out cannot be completed automatically without the use of an authentication code, there are unscrupulous individuals that would attempt to hijack valuable domains. Keeping them unlocked is like an open invitation.

It sounds insane but currently there are 32 LL.com domains that return an “OK” status which indicates they are unlocked. I thought it’d be interesting to list the registrars they belong to.

For security purposes, I won’t list the domains themselves; I’m also listing how many unlocked LL.com domains belong to each registrar.

5 TUCOWS INC.
3 ASCIO TECHNOLOGIES, INC.
3 DYNAMIC DOLPHIN, INC.
3 GROUP NBT PLC AKA NETNAMES
3 MELBOURNE IT, LTD. D/B/A INTERNET NAMES WORLDWIDE
2 1 & 1 INTERNET AG
2 CORE INTERNET COUNCIL OF REGISTRARS
2 NETWORK SOLUTIONS, LLC.
1 ADVANCED INTERNET TECHNOLOGIES, INC.
1 DSTR ACQUISITION PA I, LLC DBA DOMAINBANK.COM
1 EASYDNS TECHNOLOGIES, INC.
1 ENOM, INC.
1 GODADDY.COM, INC.
1 HICHINA ZHICHENG TECHNOLOGY LTD.
1 KEY-SYSTEMS GMBH
1 PSI-USA, INC. DBA DOMAIN ROBOT
1 WOOHO T&C CO., LTD. D/B/A RGNAMES.COM

Post to Twitter

Tags: , , , , ,
3 Comments