How to make your domain name bullet-proof from thieves and hackers

mole · Nov 30, 2003

Originally posted by Delete
avoid enom. they will take your domains with no questions asked if asked by verisign.

21. Follow guidelines 1-20, but not for stolen names :dead:

Domagon · Nov 30, 2003

Originally posted by mole
I'm in the process of compiling a how-to guide to Fort Knox the security of domain names from advanced hackers and thieves. Please contribute your best ideas.

Get a dedicated server or two, pony up about 10+K cash, plus about $100K bond, then click on over to ICANN and VeriSign (they run the .COM and .NET registries...oh you want .ORG too...then click over to pir.org as well), print out all the Registrar Application forms/information, follow instructions, pay money, and in weeks to a few months tops, you too can become an ICANN accredited registrar.

Passwords, Registrar-Locks, etc are ok, but not anywhere near as secure as one may think. One's domains are only as secure as their registrar. I've read numerous accounts of registrars releasing/altering domain names, even when on registrar-lock...how can they do that?...simple...who controls the "lock", the registrar of course!

Point is that registrars possesses domains, NOT registrants.

In addition, registrars have many additional rights that registrants would only dream about. For example, a registrar can register a domain and if they then decide don't want it, they can delete it within a certain period of time and it costs them nothing (their account is credited back). Fake Whois information...registrants can lose their domain in as little as two weeks at the whim of a registrar...but a registrar on the other-hand can put fake Whois in all their own domains...what's the penalty? Exactly, there isn't any...for the fox is guarding the hen house.

So in short, becoming an ICANN accredited registrar is the only way one can attain anything resembling "Fort Knox" security for their domains.

Ron

Monte · Dec 2, 2003

RealNames,

You can email me at [email protected]. I will be happy to assist you. I beleive your issue has been resolved by now, either way I would like to speak to you anyway.

Monte

Steen · Jan 25, 2004

Originally posted by valuenames

Get a dedicated server or two, pony up about 10+K cash, plus about $100K bond, then click on over to ICANN and VeriSign (they run the .COM and .NET registries...oh you want .ORG too...then click over to pir.org as well), print out all the Registrar Application forms/information, follow instructions, pay money, and in weeks to a few months tops, you too can become an ICANN accredited registrar.

Passwords, Registrar-Locks, etc are ok, but not anywhere near as secure as one may think. One's domains are only as secure as their registrar. I've read numerous accounts of registrars releasing/altering domain names, even when on registrar-lock...how can they do that?...simple...who controls the "lock", the registrar of course!

Point is that registrars possesses domains, NOT registrants.

In addition, registrars have many additional rights that registrants would only dream about. For example, a registrar can register a domain and if they then decide don't want it, they can delete it within a certain period of time and it costs them nothing (their account is credited back). Fake Whois information...registrants can lose their domain in as little as two weeks at the whim of a registrar...but a registrar on the other-hand can put fake Whois in all their own domains...what's the penalty? Exactly, there isn't any...for the fox is guarding the hen house.

So in short, becoming an ICANN accredited registrar is the only way one can attain anything resembling "Fort Knox" security for their domains.

Ron

1) It will cost more than $100k to become a registrar for com net and org

2) the registry posseses all names in the enom and at all times

3) After applying, ICANN wont approve you for at least 12 months, but most likely longer.

4) ICANN is the decider in fake whois, not the regisrar. ICANN sends the complaints to the registrar, who sends them to the registrant (section 3.7.8 of Registrar Accreditation Agreement).

Steen · Jan 25, 2004

BTW, all comment are very much appreciated (sp?) and taken note of.

THANKS! Especially Monte : )

Monte · Jan 27, 2004

Steen,

Thank you as well. This is such an important topic that we will be focusing on protecting domains from theft in our next Moniker.com DomainNewz letter. We will also have a nice peice from John Berryhill on defending your names through the UDRP process.

If anyone is interested in receiving this News Letter, email me at [email protected].