As you may (or may not) know, I run a company called DNProtect. We protect domain names, offer a domain name protection service, but also recover stolen domain names.
Unfortunately recovering domain names takes up quite a bit of my time, as it’s a huge problem that no one talks about. People are literally waking up in the morning, their email doesn’t work, their website is down, and they quickly realize that their domain name has been stolen. DNAccess is currently the only company that currently offers a service to recover domain names.
Your Most Valuable Digital Asset
Your domain name is your most important asset. If you lose it, your website is down, email doesn’t work. And if you’re selling stuff online or you’re getting your leads that way, it can be a HUGE hit to your business. Your business STOPS instantly if you lose your domain name.
I am flabbergasted, to say the least, that people have less security on their domain name(s) than they do on their websites. They pay a domain registrar the least possible for domain registration services. And don’t pay attention to their domain name. But one mistake can literally take away your business overnight.
I see this happening over and over again, several times a day, because I personally help people recover their stolen domain names. It’s tough to see someone desperate to get their domain name back after it’s stolen, and I never want to see YOU in this situation. Frankly, I do not want to ever have to talk to you about your stolen domain name.
So, here’s some things that I have learned after recovering a LOT of stolen domain names for clients. These are things that are easy to do, and things that I wish my clients had done so they wouldn’t be hiring me to recover their stolen domain. Do these right now, today. And please share this with everyone you can, as I know that there are so many people out there that have no idea that stolen domain names are a big problem.
Here are 7 things you can do right now to protect your most valuable asset, your domain name.
Set up 2FA
1. Set up 2FA (two-factor authentication) whenever it’s offered to you by your domain registrar. If they don’t offer it, transfer your domain name to another registrar.
If you are going to use 2FA, consider adding a physical key to that process. You can get a Yubikey inexpensively and add that to the 2FA process. Hackers won’t have the physical Yubikey, so they cannot gain access to your account. Google offers Google Advanced Protection, so you may consider adding that if you use a Google Account for access to a Google Account (Google Domains). There are other domain name registrars, such as Epik.com, that recommend you use an app such as Authy or Authenticator to get a ‘code’ through the app when you log in. These apps support the use of a YubiKey, so I recommend setting up 2FA this way, especially with Epik.
Turn On Registry Lock
2. Turn on Registry Lock if it’s offered at your registrar. It is different than registrar lock. This basically makes it more difficult to make changes to the domain, especially name server changes. It’s just another level of protection, but can be turned off by the hacker. Some registrars have other names for this, some call it Executive Lock. Fabulous.com offers an option for them to call do something specific before making changes. For example, you can tell them to call you and ask for a certain code. Or you can have them email you at another email address before making any changes on the account.
Register Your Domain for 5 Years
3. Register the domain for at least 5 years in advance. If it’s stolen or transferred there will be no question as to whether or not it simply expired. I’ve run into this over and over again when recovering domains. We can easily rule out expiration since it was registered for a few years in advance (easy to see via whois history).
Do Not Rely on Auto Renew
4. Do NOT rely on “auto renewal”, as we constantly hear from people who lose their domains because auto renewal was turned on and their credit card was “supposed to be” charged. And it was not. (Credit card didn’t go through, etc.).
Never Use a Free Email Account
5. Never use a “free email” such as gmail, hotmail, outlook, etc. as the contact email on the domain. Those accounts routinely get hacked, compromised, etc..
Don’t Use the Same Email Address as the Domain
6. Make sure that you don’t ever use the same email address of the domain. For example, in the whois record of hartzer(.com), don’t use bill@hartzer(.com). If it’s a stolen domain, there will be issues recovering the domain. And you cannot gain access to the domain easily if the domain is using the same domain that has been stolen. If the domain is stolen you won’t have access to email on that domain. So you cannot easily communicate with your registrar or with me, who is trying to recover your domain name for you. And, you won’t get any notifications about the domain name’s changes or that it’s being transferred out to another registrar.
If you use another email address in your WHOIS record, as recommended, make sure you RENEW that domain name as well. If the domain with that email address expires, then the domain thief just has to get access to that domain name with that email and they can steal your other domain name, as well as any other domain names using that email address in the WHOIS record. That’s how AirBNB had Tilt.com stolen from them. They had an email address @customtilt.com in the WHOIS record, and someone bought customtilt.com and then stole tilt.com from AirBNB. So, don’t do that.
Turn Off WHOIS Privacy
7. Finally, consider NOT using whois privacy on domains you really care about. Use a UPS Store address if you have to. But don’t use whois privacy. When it comes down to recovering the domain, when you have to prove ownership, it’s a lot easier if you have not used whois privacy on the domain. Domain thieves will immediately turn on privacy when they gain access to the domain, then they will attempt to transfer the domain out.
There are other ways to make sure that you don’t get your domain name stolen and don’t have to use DNAccess to recover your stolen domain name. But I won’t reveal all of those since I don’t want to give any extra hints to hackers and domain name thieves on how to steal domain names. If you do the above things, you’re going to have a lot less risk than before. And, of course if you’re interested in protecting your domain name(s), check inquire about the DNAccess domain blocking services, as well as our domain name background check services.
Bonus Tips
Use a Domain Blocking Service
You can use a domain block service such as Nameblock or GlobalBlock to protect your company name, brand name, or other name (actually any set of characters) by blocking the domain name registration in the first place. Nameblock, for example, allows you to place a block and it will stop the registration of up to 500 different variations of that name from being registered.
Backorder Your Own Domain Names
You can use services such as Namejet.com, Dropcatch.com, and Catches.IO to place a backorder on your own domain names. It’s typically free to place a backorder on a domain name. If the domain name ever expires, and for some reason you don’t know the account login details or cannot get into the domain’s registrar account to renew the domain (that happens!), you’ll have an extra chance to get the domain name back. I recently experienced this, as I had backordered some domain names that I know are important either to me or, in fact, some of my friends. I had placed a backorder on a domain name over 5 years ago, an old friend’s agency name, and it was not renewed–I’ve been able to get ahold of it for him.
