Learn how the domain registration system works and keep your domain from being neglected or stolen by:
Knowing the expiration date
Keeping contact information up to date
Enabling domain security features
Choosing a strong domain management password
Reading every email your registrar sends to you carefully
Consolidating multiple domains
Using a domain-name monitoring service
Planning ahead if you move your domain to another host
Setting up a third-party, backup DNS service
When comparing a web site to a car, as in Recipe 1.1, you should take into account one key distinction: cars depreciate in value the more you use them. But once you build a functioning web site at your domain—with growing traffic and name recognition—that domain becomes many times more valuable to you than the nominal fee you paid to register it. For that reason, you should treat your domain name as a valuable asset to your business or organization.
The process of choosing a registrar, name service, and hosting provider can be complicated considering all the overlapping options that a web site builder must sort out before making a decision. But the process of losing a domain name can be deceptively simple—with the emphasis on deceptive—and can happen right under the nose of the careless domain name owner.
Ownership of a domain name can be lost to the fraudulent actions of an aggressive domain name speculator, or simply for want of attention to detail. In most cases, a registered domain that is allowed to expire will be snapped up by a speculator within hours of it becoming available.
Learn from the mistakes of others, including me. A few years ago I was managing a Spanish-language web site for a client with a domain name listed with a registrar based in Spain. Ithought I had all my bases covered early in 2002, well in advance of the expiration date listed in the whois database: 12-01-2002. But by mid-January, the domain was no longer in my control. The expiration date I had assumed to be December 1, 2002, was actually formatted in the European date style of day first, then month, and year. After my registration expired on January 12, the domain was purchased by a speculator who wanted $5,000 to sell it back to my client, a price the client could not afford.
Here are some important techniques for domain management that can prevent the inadvertent loss of your domain name:
Put the date on your calendar and keep a print-out of your whois record—listing the administrative, billing, technical contacts, and expiration date—in your files. Use the buddy system: make sure at least one other person with an interest in protecting the domain knows the expiration date and whois record information. Choose a registration term that won't exceed the institutional memory of the domain name owners. Although many registrars offer domain-name periods of up to 10 years, I prefer to keep mine two or three years. That way, I get a chance every so often to review the value of the domain and even choose a new registrar if I want—and I was never very good at that "Where will you be in five years?" interview question either.
The whois listing should have your correct contact data and list the proper owner: either the administrative contact, billing contact, or both. Make sure that you give your registrar, as well as your hosting company, an email address that's not @yourdomainname.com in case there are problems with your domain name or account that make your email inoperable.
A new ICANN domain transfer policy went into effect in the second half of 2004 that cut the time between a transfer request and its taking place to as little as five days. Basically, it allows anyone to request a domain transfer and the registrar to authorize the transfer if the current owner does not object. When this policy went into effect, one pithy online forum poster quipped that it spelled the end of week-long, internet-free vacations for web builders everywhere. You can prevent this form of hijacking by enabling a registration lock on your domain. Only unlocked domains can fall victim to the new quick transfer procedure, and only the owner of the domain can unlock it. Other security features vary among registrars, so familiarize yourself with those that are available on your domain and use them to protect it.
Don't email this password to anyone. Most good registrars offer web-based tools for managing your domain, so you'll need to create a secure password for accessing your account. Choose one that contains at least eight characters, including both upper-and lowercase letters and one numeral. Don't base it on a real word, or any other bit of personal information that could be guessed by other means, such as your birthday, address, or phone number. If you need to give the password to a colleague or web designer, do not send it by email. Email can be intercepted and read by someone you can't trust en route to its intended recipient. When sharing sensitive passwords, deliver them in person, over the phone, or by fax, provided the receiving fax machine is in a trusted location. If you forget your password and your registrar emails it to you, log in and change the password immediately. Many registrars use a better method of resetting a forgotten password and requiring the domain owner to verify the change by logging in to their account. In either case, don't forget to make a note of your new password.
If your web site address identifies a distinctive product or service that your business provides, then you might consider applying for trademark protection through the U.S. Patent and Trademark Office, and other national trademark offices as necessary. Trademark protection can be a potential weapon on your side, should a dispute over your domain name arise. Bear in mind, however, that the most insidious domain hijackers may re-register your domain in a country that does not have the same high regard for U.S. trademarks as you do. In that case, prepare for a long, costly—and usually fruitless—effort to reclaim your stolen domain. For more resources on handling domain disputes, refer to the organizations listed under "See Also" at the end of this section.
ICANN now requires registrars to contact domain name owners annually to verify contact information. Unscrupulous domain name speculators also will try to contact you with an email that appears to come from your registrar, in an attempt to trick you into providing information to them that they can use to hijack your domain. If you're unsure about any communication you get regarding your domain, call your registrar or report the fraudulent email to them immediately.
It's tempting to shop around for the best deal when registering a new domain name, but before you know it you've got nearly as many domain management accounts with various registrars as you have domains under your control. The potential to lose one or more of your domains is an order of magnitude greater in this situation. Find the registrar with the best balance of features, prices and management tools that meet your needs, and stick with that registrar. Move domains at other registrars over to your preferred registrar when they're up for renewal. The little bit of extra money you will spend will be worth it for peace of mind.
Often, the appearance of a hijacked domain can be more likely and more damaging than the hijacking itself. Take the case of a hypothetical nonprofit that registers only the dot-org (.org) variation of its name. A group with opposing views—or just a penchant for mischief—can set up a web site using the dot-com (.com) domain, leaving visitors who don't know any better confused about which site truly speaks for the organization.
SnapNames and NameProtect allow you to get alerts about potentially unwanted changes to domains you own and registration opportunities for domains you don't own, but want to own.
One of the services your web-hosting company will provide for you is DNS on its domain name servers. The DNS system functions as the address book of the world wide web, matching up the internet protocol (IP) numbers by which network traffic gets routed with alphabetical domain names that are easier for humans to remember. Just as previous residents at your home address may periodically get letters in your mailbox, the DNS system of web site addresses does not get updated instantaneously when you move your site and domain to a new web hosting service. That's because when you move your site, the domain name remains the same but the IP number associated with it changes, and propagation of the new IP number associated with your domain name to the thousands of DNS servers around the world takes anywhere from 24 to 72 hours.
When moving your site, follow these steps in order or risk your site disappearing from the web temporarily while information about your move spreads throughout the DNS system:
Set up your new hosting account.
Copy all your web site files to the new account when you have confirmation that the account is set up (usually within 24 hours).
Place a hidden tag of comment text that distinguishes it from the file on the old web server on your home page file saved on the new web server, like this:
<!-- new host -->
Preview how the site will look by connecting to it with your web browser using the IP number of the new web server or a preview URL provided by the hosting company (e.g., http://yourdomain.newhost.com ).
Notify your domain registrar that you want to change the DNS server information for your domain to those maintained by your new hosting company when you're satisfied that the site on the new host's servers looks and behaves like the site on the current host's servers. (They should give the IP numbers and/or host names of their DNS servers when you sign up.)
Usually you can update your DNS information via your registrar's web-based control panel for your account. At this point, the waiting period for the DNS change begins, so any changes you make to your site during this period must be made to files on both the old and new hosting account. I prefer to pull the trigger on DNS changes on a Friday, let the propagation occur over the weekend, and then check the site on Monday. Viewing source and finding the hidden tag confirms that the propagation is almost, if not entirely, done. By the middle of the week, you can cancel your old hosting account.
This allows you to respond to web site outages quickly. If your hosting provider's DNS server goes down, then your web site will be down, too. For a nominal fee, you can set up a backup DNS listing through a company such as Ultra DNS to avoid this situation.
SnapNames (http://www.snapnames.com/) and NameProtect (http://www.nameprotect.com/) provide alert services for careful domain owners and administrators. The World Intellectual Property Organization Arbitration and Mediation Center, online at http://arbiter.wipo.int/center/index.html, works to resolve international intellectual property disputes. Ultra DNS, at http://www.ultradns.com, provides backup DNS listings to avoid web site downtime if your primary DNS services becomes unavailable.