You go to work every day at the store you own, and one morning, your key to the door doesn’t work. You look in the window, and the display items have changed. A stranger is behind the counter. But when you call the police, they can’t do anything because the company papers now indicate that the store belongs to the stranger.

The above scenario isn’t likely to happen with a bricks-and-mortar store. Because of insecurities in the domain registration system, however, information highwaymen could take over your online business.

As with identity theft, domain thieves steal your identity — the identity used to register and configure your domain name. After that, your website, your email, your online business, and possibly your reputation are theirs.

Domain names at risk of theft

While theft is a risk with all domain names, domains most at risk are more valuable ones. Domains with dot com extensions have a higher resale value than domains with other extensions, and domains with high traffic or valuable keywords are also more likely to be targets.

The motive behind domain hijacking is usually monetary, but it may be personal. If anyone wants to attack you, stealing your domain name is one way to do it.

How domain theft happens

When domain hijackers steal your domain, they gain access to the domain’s Whois records. They can modify the domain’s nameservers so that the domain points to a different server. They can also transfer the domain to a different registrar.

Either way, site visitors will find themselves at the website of the domain hijacker instead of at your site. All domain email will go to or through the other server instead of to you. All you’ll have left is a website without public access because your domain isn’t pointing to it any more.

How can this happen?

Domain hijacking methods

Domain hijackers send forged faxes to the domain registrar, impersonating the registrants.
Domain hijackers hack into the accounts of free email addresses listed in Whois records and use those addresses to obtain domain account information.
Domain hijackers send out fraudulent email renewal notices, and registrants unknowingly transfer their domains to the thieves.

Registrar non-action

The gaining registrar (the registrar that the domain is transferred to) doesn’t obtain approval from the domain name registrant or administrative contact as required by ICANN Inter-Registrar Transfer Policy.
The losing registrar (that the domain is transferred from) doesn’t notify the registrant of the transfer during the five-day pending transfer period. During this period, the registrant can cancel or deny approval of the domain transfer — if the registrar notifies the registrant of it.

Registrant carelessness

The registrant forgets to update Whois details or to renew the account.
Someone with access to the registrant’s records steals the information.

Domain name disputes

If you discover that your domain has been hijacked, contact your registrar immediately. If your registrar is unable to resolve the situation, the ICANN (Internet Corporation for Assigned Names and Numbers) Transfer Dispute Resolution Policy (TDRP) applies.

By going the above arbitration route, you don’t have to argue your case in person. On the other hand, all you can get back in the process is your domain (and not necessarily that). For a lot more money, you can take your case to court, where you can seek compensation for damages in addition to the return of your domain. This process takes more time, however.

You may be able to proceed both ways - get your domain back via ICANN domain dispute resolution procedures and then go to court to collect damages. You can also appeal a domain arbitrator’s decision in court.

How to protect your domain name

Protecting a domain name is similar to protecting a bricks-and-mortar store from burglary. With a combination of precautions in place, thieves will find it difficult or impossible to gain access.

Your domain account information

List your name for the administrative contact, and use your full name.
Create a complex password with letters (both upper case and lower case) and numbers. Don’t use any real words or personal information in it. Make it long. Make it unique - don’t use the same password for anything else. Change it periodically.
Keep your domain login name, account number, and password in a place where only trusted people can access it.
Use a valid contact email address that doesn’t use the domain it’s for. Be sure that this email account also has a complex password. If you’re going to be offline for more than a few days, have someone else check the email for this account.
Don’t use a free email address such as a Hotmail or Yahoo address. Domain hijackers target domains with free email addresses in the Whois records. After they’ve cracked your email account password, the support you need to get your email account back will probably be slow, giving the hijackers plenty of time to take over your domain.
Update your Whois record whenever the information in it changes.

Your domain account features

Choose a domain registrar that sends registrants transfer pending notifications when a domain transfer is taking place.
Consider protecting your Whois details with a registrar that offers a private domain name record. With this feature, your registrar’s data appears with your Whois record rather than your data. The downside of using this feature is that your business may have less credibility because you’re hiding who you are.
Register your domain for a long time period, and set up calendar reminders to renew it before it expires.
Set up your domain to be renewed automatically if your registrar offers this feature.
Use the Registrar-lock mechanism if it’s available through your registrar. When a domain is locked, it cannot be modified or transferred unless the registrant unlocks it or follows the domain transfer process.

Other domain security measures

Set up a free Whois monitoring alert email service and add your domain to your monitoring list. You will receive email notifications whenever the expiration date, registrar, or status of a monitored domain changes. (Whois does not have data on all domain extensions.)
Make sure that someone checks your website every few days, preferably daily.

Lois S. is a Technical Executive Writer for http://www.websitesource.com and http://www.lowpricedomains.com with experience in the website hosting industry.

Share This

Understanding the process and options involved with registering an expiring domain can be a confusing task. How, Where, When?

This article will explain the basic steps to researching an expiring domain name, and the many different options (or should I say necessary steps to insure success).

The normal domain expiration process for .com .net

(domain deletion cycle):

Phase 1. Active Domain

A domain is registered for a time period of 1-10 years. During this time the domain owner has unrestricted use of the domain.

Phase 2. On-Hold

At the end of this time period, the registrant is required to pay a renewal fee to the registrar to continue to use the domain. If the domain is renewed go back to phase 1, if not the domain is placed in an onhold (on-hold) status for 1-45 days (each registrar has determines how long this period lasts). During this time, the registrant (owner of the domain) can still pay the renewal fee and continue to use his/her domain name. During this onhold period the domain resolves to the registrars website or does not resolve at all.

Phase 3. Redemption

After the 1-45 day onhold period, the domain then enters redemption status (RGP - Redemption grace period), which lasts for 30 days. During this time the registrant of the domain name has the option to pay a redemption penalty fee (redemption fees generally cost between $100-200 depending on the registrar) and renew the domain. If the domain owner renews the domain go back to phase 1. During this redemption period the domain resolves to the registrars website or does not resolve at all.

Phase 4. Pending Delete

After the domain completes the 30 day redemption period without being renewed, it then enters a 5 day pending delete period. During this the time the registrant no longer has the ability to renew the domain name. The domain will be released to the general public and be available for registration on the sixth day at 2pm eastern.

(This drop process does not hold true for exclusive backorders)

Domains are an ever changing industry. Over the last 2 years, many things have changed including many variations of the domain deletion process. The above mentioned process is the norm, but every day more and more registrars are starting to have exclusive drops.

An example of an exclusive drop: A domain is registered with Network Solutions. The registrant fails to renew the domain within 60 days of the expiration date. The domain is then auctioned off at snapnames.com (a domain
auction site).

Each registrar has their own time frame for exclusive drops. Current registrars that are participating in exclusive drops are: network solutions, godaddy, wild west domains, blue razor, bulk register, dotster, and enom. Domains registered at network solutions or bulk register must be backordered at snapnames. Domains registered at godaddy, wild west domains, or blue razor must be backordered at godaddy or a wild west reseller such as domainut.com. Domains registered at
dotster must be backordered at namewinner Domains registered at enom must be backordered at club drop (if at least on backorder is placed at the above services the domain will stay with the original registrar, if no backorder is placed, the domain will follow the normal drop process) A backorder is the process of signing up at a drop catching service and making a request to be the next owner of a domain. The prices at each drop catch service vary. Pool.com - Backorders start at $60. Pool uses a pay for performance business model. If pool does not catch the domain when it expires then you are not charged. If you are the only person that backordered a domain and pool catches it, you are awarded the domain for $60. If the expired domain was backordered by more than one person, the domain is then up for private auction. People that backordered the domain prior to Pool catching it are only allowed to bid in the auction. The auction lasts for 3 days. SnapNames.com - Backorders start at $60. Snapnames uses a pay for performance business model. If Snapnames does not catch the domain when it expires then you are not charged. If you are the only person that backordered a domain and snapnames catches it, you are awarded the domain for $60. If the expired domain was backordered by more than one person, the domain is then up for private auction. People that backordered the domain prior to snapnames catching it are only allowed to bid in the auction. The auction lasts for 3 days. Enom Club Drop - Backorder start price is optional$10 or $30. Enom uses a pay for performance business model. If enom does not catch the domain when it expires then you are not charged. If you are the only person that backordered a domain for $10 the domain then goes to public auction, but if you backordered it for $30 or more and enom catches it, you are awarded the domain. If the expired domain was backordered for $30 or more by more than one person, the domain is then up for private auction. The auction lasts for 3 days. Namewinner.com - Backorders start at $30. Namewinner uses a pay for performance business model. If namewinner does not catch the domain when it expires then you are not charged. If you are the only person that backordered a domain and namewinner catches it, you are awarded the domain for $30. If the expired domain was backordered by more than one person, the domain is then up for private auction. People that backordered the domain prior to namewinner catching it are only allowed to bid in the auction. The auction lasts for 3 days. Godaddy.com or any Wild West Domains Reseller - $18.95 first come first served (only one person can place a backorder on any one expiring domain, if or when the domain expires and godaddy catches it, the backorder holder is awarded the domain.) It is always best to fully research an expiring domain name. There is no sure fire way of knowing if a domain will receive traffic, or how much a domain is worth. But by checking to see how many sites link to a domain (linkpop), how many people searched for the domain in the previous month (overture with extension), how many people searched for the terms that make up the domain in the previous month (overture without the extension), what the google pr is (google page rank), and what the domain was use for in the past (wayback archive), you can get a rough idea of how much traffic you should expect.

Once you have completely researched a domain, you should then decide if the domain is worth backordering at pool or snapname for $60, at enom or namewinner for $30, at godaddy or a wild west reseller for $18.95, or enom for $10. Remember to cover all your bases if an expiring domain is worth at least $60 to you, then backorder at all of the above services. If it is only worth $30, then backorder at any service that is $30 or cheaper (but remember someone else may backorder it at the $60 service, and then you have no chance at getting the expired domain, if you don’t have a backorder placed at that service.)

For more tutorials and information by Sidney Parfait, owner of the best domain resources on the web (StartName.com ParkingIncome.com and DropWatch.com)

Share This

It seems everyone is jumping into the “traffic domain name” game - either purchasing them for their own use or purchasing traffic from others who own these domains. For those that don’t know, a traffic domain is one that has either expired and still receiving traffic, or one that is being typed into the browser url location (type-in traffic) by users looking for a particular website. These are hot little properties but often abused as some register typos of an existing popular domain - such as Google for example. Yes, Virginia, there is a lot of traffic in those typos.

I own a number of expired & type-in traffic domains and have overall had good results. The worst one gets about 10-15 visitors a day but manages to earn anywhere from $5-$20 in revenue through a pay-per-lead program I use. Combined, all my traffic domains pump out a nice chunk of change without me even having to host them, look at them or even think about them.

On the other side of expired domain & type-in traffic is services which allow you to purchase traffic from domain names which they control and manage. Now you would think this sounds pretty good after what I reported about my own traffic domains, but the sad truth is that the majority of these services are complete scams.

Oh yes, they’ll deliver the “targeted” 5,000 or 10,000 “hits” you purchased, but the reality is that the actual traffic from their domains either doesn’t exist at all (generated by software to create an illusion of unique visitors) or comes from sources like auto-surf sites. And it’s not like you can really monitor & evaluate this traffic to know if it’s real or not, and you certainly have no way of knowing if it’s targeted or just junk hits. You’re basically putting all your trust in the site offering the service and since none offer any guarantee that the traffic will bring you sales, they’re off the hook.

Look at it this way - let’s say a service is offering 100,000 premium targeted visitors for the very low price of just $49.95. Think about it. If you had 100,000 targeted real visitors at your disposable, would you sell them off for essentially pocket change? Of course not. If you were selling a product for $29.95 and only 1% of those 100,000 visitors made a purchase - then that would be 1000 sales totalling $29,950. Can you really believe that they would let that amount of money slip through their fingers just so that they can do you a favour?

Do yourself a favour - If you’re thinking of purchasing traffic from one of these services, keep your money to invest in more reliable and proven options or learn about finding and registering expired domains (an article on this topic coming soon) and register them for yourself.

Carole Nickerson has been a web developer and internet marketer since 1998. Visit http://www.thenetter.com for more free articles, tips and software.

Share This