This morning’s “Meet the Registrar” session demonstrated the importance of the registrar in domain asset management. We all know this, and have been aware, but have we been truly aware? As domains increase in value, they become more valuable than money, yet how many are “stored” at registrars where security is not exactly top priority?
There are several domains at auction tomorrow over a million dollars. Many in the high hundreds of thousands. A digital bit in a database, with a value so high. Obviously there is a burgeoning market for stolen domains. A domain gets stolen away and then moved around and then sold on the private market, where the new owner may eventually be informed that it was indeed ms-appropriated. How many of us have insurance for our domain assets? Right. So what happens in this case? Someone loses a lot of money.
And the registrar is the middle man carrying much of the burden of restoring peace, and yet how many of you know your registrar as well as your bank officer? If your registrar receives a request to transfer your domain away this coming Sunday morning at 4:21 am your time, will they call your cell phone to check with you, or simply let it go?
Every registrar says the same thing - never use a free email address. “I can hack an AOL email account in 10 minutes” said one of the registrar reps here, AT THE PODIUM. Wow. There are programs out there mining the WHOIS database of email addresses that are expired” - so those domains can be stolen away. Believe it. “If your email is expired for a week and you have a god domain name, they will take it away within just a week or two”. Make sure the email you use for WHOIS is not on the registered domain. That makes it much easier for the hijackers to steal the domain.
Moniker notes that their domains are always locked unless they are in transfer. Why else would anyone ever want a domain unlocked? Moniker allows you to make changes, updates, etc without ever “unlocking” the domain, and wonder why other registrars allow domains to be left in the “unlocked” state when they have not been put into transfer.
TRAFFIC is run by the World Association of Domain Name Developers, and the WADND board of advisors (made up of big-time domainers) has developed a set of criteria for registrars, presented as a WADND “Seal of Approval”. If they meet these strict requirements for domain asset management (which addresses all of the above, plus more to ensure domain registrants are well positioned to not only secure their domain assets but safely manage them), the registrar can show they have that Seal of Approval. So far, 4 registrars have received the Seal of Approval: Moniker, Fabulous, DirectNic, and TuCows. GoDaddy was here this morning, saying they meet the requirements but don’t have the seal of approval. Maybe that’s true, but it didn’t sound very convincing.
Some questions from the audience:
Q: Why isn’t privacy free? Good question. GoDaddy didn’t say anything, but Moniker says they charge a small fee to cover internal management and handling of requests through the toll free number. Another registrar noted that they bundle free privacy with 5 domain registrations at one time, for example.
Q; For bulk transfers, why can’t the registrar send EP codes in bulk? Moniker answered that they do indeed send EPP codes in bulk for bulk transfers. I can imagine this is a balance issue, considering security and convenience.
Q: Do you automatically park a newly registered domain and keep the profits? GoDaddy says they do, and you can always change the DNS if you want. Moniker stresses again that you should have a relationship with your registrar, and via that relationship you should be informed of your parking options and the best way to park is to put it into the parking service. Another registrar (I wish he would re-state his registrar… was it redneck?) says they give a new registrant 3 days to do something with the DNS, and then if it lies dead they park it themselves.
Q: Can you all comment on how some registrars seem to make it difficult to transfer domains away? Yahoo! was cited as an example of a registrar that seems to work hard to prevent domain owners from transferring domains away from Yahoo! Moniker notes that some registrars put 60 day hold if a change is made to the admin contact, suggesting it is for security reasons, but it’s a registrar-specific policy and not required. The sense I got when Moniker said this is that GoDaddy has this 60 day policy because it is more profitable for them to lock up a domain that is about to be transferred. That practically insures an extra year of registration at GoDaddy, and probably also keeps a lot of domains at GoDaddy.